From john at spikefishsolutions.com Sun Apr 1 18:18:52 2018 From: john at spikefishsolutions.com (John Fleming) Date: Sun, 1 Apr 2018 14:18:52 -0400 Subject: [Openstack] [pike] general how to get off the ground questions Message-ID: Hi all, i've been playing around with Openstack for a while and have a few questions. Technically I have a lot and its getting in the way of watching Highlander 3 the apology. My end goal is do be able to spawn images based loosely on redhat/centos 5 and then coming up with a way to customize a base image, then deploy. This is all lab stuff, nothing production. I kind of got what i was looking using KVM and sawfish. What i didn't like was needed to do all the network plumbing. If someone can give me some pointers that would be great. Issues: How do i setup my initial VM. I can't expect virtio to be supported so i'll need e1000 and either a scsi or ide controller. I think i've seen that glance can do this, but I haven't tested yet. I'm not understanding if i need to do that every time i make a volume. Is that something i can do via Heat as well? How can i install via ISO? I've made a few attempts but failed. Just to start from scatch, would the idea be attach 2 volumes. 1 iso and 1 for storage device? I'm assuming i could also just export a qcow2 image again with iscsi or ide disk, I need to edit change interface names. I did this via sawfish by making custom udev rules. Basically sawfish the image then boot. I guess is sawfish support in there but I could just sawfish the raw image before booting worst case just not sure if this is the correct path forward or not. I also want to do other customizations to a given vm. Again did this via sawfish but for example i drop a /etc/rc.local.user which configures things at first boot, removes rc.local.user and then reboots. After this the VM is ready to go. My setup 1 controller / network / storage / node, r510 - 128gb ram, 12x2TB drives ( everything running on a raid 10 - md split into 2 devices OS and iScsi store)) , 2x 10gbe - iscsi 1 compute r620 - 256 gb ram, 4x 600MB drives, 2x 10gbe 1 deploy host small atom based host. I've been deploying with Kolla-Ansible if that was a question so everything is Docker images. From remo at italy1.com Sun Apr 1 19:26:30 2018 From: remo at italy1.com (remo at italy1.com) Date: Sun, 1 Apr 2018 12:26:30 -0700 Subject: [Openstack] [pike] general how to get off the ground questions In-Reply-To: References: Message-ID: Content-Type: multipart/alternative; boundary="=_677138d92acbbad5df2a74d8d5be6adb" --=_677138d92acbbad5df2a74d8d5be6adb Content-Transfer-Encoding: base64 Content-Type: text/plain; charset=utf-8 SSBqdXN0IHN0b3BwZWQgYXQgY2VudG9zIDUgDQpPcGVuU3RhY2sgZG9lcyBub3Qgd29yayBvbiB0 aGF0IHZlcnNpb24uIA0KDQrvo78gZGFsIG1pbyBpUGhvbmUgWCANCg0KPiBJbCBnaW9ybm8gMDEg YXByIDIwMTgsIGFsbGUgb3JlIDExOjE4LCBKb2huIEZsZW1pbmcgPGpvaG5Ac3Bpa2VmaXNoc29s dXRpb25zLmNvbT4gaGEgc2NyaXR0bzoNCj4gDQo+IEhpIGFsbCwgaSd2ZSBiZWVuIHBsYXlpbmcg YXJvdW5kIHdpdGggT3BlbnN0YWNrIGZvciBhIHdoaWxlIGFuZCBoYXZlIGENCj4gZmV3IHF1ZXN0 aW9ucy4gVGVjaG5pY2FsbHkgSSBoYXZlIGEgbG90IGFuZCBpdHMgZ2V0dGluZyBpbiB0aGUgd2F5 IG9mDQo+IHdhdGNoaW5nIEhpZ2hsYW5kZXIgMyB0aGUgYXBvbG9neS4NCj4gDQo+IE15IGVuZCBn b2FsIGlzIGRvIGJlIGFibGUgdG8gc3Bhd24gaW1hZ2VzIGJhc2VkIGxvb3NlbHkgb24NCj4gcmVk aGF0L2NlbnRvcyA1IGFuZCB0aGVuIGNvbWluZyB1cCB3aXRoIGEgd2F5IHRvIGN1c3RvbWl6ZSBh IGJhc2UNCj4gaW1hZ2UsIHRoZW4gZGVwbG95LiBUaGlzIGlzIGFsbCBsYWIgc3R1ZmYsIG5vdGhp bmcgcHJvZHVjdGlvbi4NCj4gDQo+IEkga2luZCBvZiBnb3Qgd2hhdCBpIHdhcyBsb29raW5nIHVz aW5nIEtWTSBhbmQgc2F3ZmlzaC4gV2hhdCBpIGRpZG4ndA0KPiBsaWtlIHdhcyBuZWVkZWQgdG8g ZG8gYWxsIHRoZSBuZXR3b3JrIHBsdW1iaW5nLiAgSWYgc29tZW9uZSBjYW4gZ2l2ZQ0KPiBtZSBz b21lIHBvaW50ZXJzIHRoYXQgd291bGQgYmUgZ3JlYXQuDQo+IA0KPiBJc3N1ZXM6DQo+IA0KPiBI b3cgZG8gaSBzZXR1cCBteSBpbml0aWFsIFZNLiBJIGNhbid0IGV4cGVjdCB2aXJ0aW8gdG8gYmUg c3VwcG9ydGVkIHNvDQo+IGknbGwgbmVlZCBlMTAwMCBhbmQgZWl0aGVyIGEgc2NzaSBvciBpZGUg Y29udHJvbGxlci4gSSB0aGluayBpJ3ZlIHNlZW4NCj4gdGhhdCBnbGFuY2UgY2FuIGRvIHRoaXMs IGJ1dCBJIGhhdmVuJ3QgdGVzdGVkIHlldC4gSSdtIG5vdA0KPiB1bmRlcnN0YW5kaW5nIGlmIGkg bmVlZCB0byBkbyB0aGF0IGV2ZXJ5IHRpbWUgaSBtYWtlIGEgdm9sdW1lLiBJcyB0aGF0DQo+IHNv bWV0aGluZyBpIGNhbiBkbyB2aWEgSGVhdCBhcyB3ZWxsPw0KPiANCj4gSG93IGNhbiBpIGluc3Rh bGwgdmlhIElTTz8gSSd2ZSBtYWRlIGEgZmV3IGF0dGVtcHRzIGJ1dCBmYWlsZWQuIEp1c3QNCj4g dG8gc3RhcnQgZnJvbSBzY2F0Y2gsIHdvdWxkIHRoZSBpZGVhIGJlIGF0dGFjaCAyIHZvbHVtZXMu IDEgaXNvIGFuZCAxDQo+IGZvciBzdG9yYWdlIGRldmljZT8gSSdtIGFzc3VtaW5nIGkgY291bGQg YWxzbyBqdXN0IGV4cG9ydCBhIHFjb3cyDQo+IGltYWdlIGFnYWluIHdpdGggaXNjc2kgb3IgaWRl IGRpc2ssDQo+IA0KPiBJIG5lZWQgdG8gZWRpdCBjaGFuZ2UgaW50ZXJmYWNlIG5hbWVzLiBJIGRp ZCB0aGlzIHZpYSBzYXdmaXNoIGJ5DQo+IG1ha2luZyBjdXN0b20gdWRldiBydWxlcy4gQmFzaWNh bGx5IHNhd2Zpc2ggdGhlIGltYWdlIHRoZW4gYm9vdC4gSQ0KPiBndWVzcyBpcyBzYXdmaXNoIHN1 cHBvcnQgaW4gdGhlcmUgYnV0IEkgY291bGQganVzdCBzYXdmaXNoIHRoZSByYXcNCj4gaW1hZ2Ug YmVmb3JlIGJvb3Rpbmcgd29yc3QgY2FzZSBqdXN0IG5vdCBzdXJlIGlmIHRoaXMgaXMgdGhlIGNv cnJlY3QNCj4gcGF0aCBmb3J3YXJkIG9yIG5vdC4NCj4gDQo+IEkgYWxzbyB3YW50IHRvIGRvIG90 aGVyIGN1c3RvbWl6YXRpb25zIHRvIGEgZ2l2ZW4gdm0uIEFnYWluIGRpZCB0aGlzDQo+IHZpYSBz YXdmaXNoIGJ1dCBmb3IgZXhhbXBsZSBpIGRyb3AgYSAvZXRjL3JjLmxvY2FsLnVzZXIgd2hpY2gN Cj4gY29uZmlndXJlcyB0aGluZ3MgYXQgZmlyc3QgYm9vdCwgcmVtb3ZlcyByYy5sb2NhbC51c2Vy IGFuZCB0aGVuDQo+IHJlYm9vdHMuIEFmdGVyIHRoaXMgdGhlIFZNIGlzIHJlYWR5IHRvIGdvLg0K PiANCj4gTXkgc2V0dXANCj4gMSBjb250cm9sbGVyIC8gbmV0d29yayAvIHN0b3JhZ2UgLyBub2Rl LA0KPiByNTEwIC0gMTI4Z2IgcmFtLCAxMngyVEIgZHJpdmVzICggZXZlcnl0aGluZyBydW5uaW5n IG9uIGEgcmFpZCAxMCAtIG1kDQo+IHNwbGl0IGludG8gMiBkZXZpY2VzIE9TIGFuZCBpU2NzaSBz dG9yZSkpICwgMnggMTBnYmUgLSBpc2NzaQ0KPiANCj4gMSBjb21wdXRlDQo+IHI2MjAgLSAyNTYg Z2IgcmFtLCA0eCA2MDBNQiBkcml2ZXMsIDJ4IDEwZ2JlDQo+IA0KPiAxIGRlcGxveSBob3N0DQo+ IHNtYWxsIGF0b20gYmFzZWQgaG9zdC4NCj4gDQo+IEkndmUgYmVlbiBkZXBsb3lpbmcgd2l0aCBL b2xsYS1BbnNpYmxlIGlmIHRoYXQgd2FzIGEgcXVlc3Rpb24gc28NCj4gZXZlcnl0aGluZyBpcyBE b2NrZXIgaW1hZ2VzLg0KPiANCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX18NCj4gTWFpbGluZyBsaXN0OiBodHRwOi8vbGlzdHMub3BlbnN0YWNrLm9yZy9j Z2ktYmluL21haWxtYW4vbGlzdGluZm8vb3BlbnN0YWNrDQo+IFBvc3QgdG8gICAgIDogb3BlbnN0 YWNrQGxpc3RzLm9wZW5zdGFjay5vcmcNCj4gVW5zdWJzY3JpYmUgOiBodHRwOi8vbGlzdHMub3Bl bnN0YWNrLm9yZy9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vb3BlbnN0YWNrDQo= --=_677138d92acbbad5df2a74d8d5be6adb-- From remo at italy1.com Sun Apr 1 19:26:30 2018 From: remo at italy1.com (remo at italy1.com) Date: Sun, 1 Apr 2018 12:26:30 -0700 Subject: [Openstack] [pike] general how to get off the ground questions In-Reply-To: References: Message-ID: Content-Type: multipart/alternative; boundary="=_677138d92acbbad5df2a74d8d5be6adb" --=_677138d92acbbad5df2a74d8d5be6adb Content-Transfer-Encoding: base64 Content-Type: text/plain; charset=utf-8 SSBqdXN0IHN0b3BwZWQgYXQgY2VudG9zIDUgDQpPcGVuU3RhY2sgZG9lcyBub3Qgd29yayBvbiB0 aGF0IHZlcnNpb24uIA0KDQrvo78gZGFsIG1pbyBpUGhvbmUgWCANCg0KPiBJbCBnaW9ybm8gMDEg YXByIDIwMTgsIGFsbGUgb3JlIDExOjE4LCBKb2huIEZsZW1pbmcgPGpvaG5Ac3Bpa2VmaXNoc29s dXRpb25zLmNvbT4gaGEgc2NyaXR0bzoNCj4gDQo+IEhpIGFsbCwgaSd2ZSBiZWVuIHBsYXlpbmcg YXJvdW5kIHdpdGggT3BlbnN0YWNrIGZvciBhIHdoaWxlIGFuZCBoYXZlIGENCj4gZmV3IHF1ZXN0 aW9ucy4gVGVjaG5pY2FsbHkgSSBoYXZlIGEgbG90IGFuZCBpdHMgZ2V0dGluZyBpbiB0aGUgd2F5 IG9mDQo+IHdhdGNoaW5nIEhpZ2hsYW5kZXIgMyB0aGUgYXBvbG9neS4NCj4gDQo+IE15IGVuZCBn b2FsIGlzIGRvIGJlIGFibGUgdG8gc3Bhd24gaW1hZ2VzIGJhc2VkIGxvb3NlbHkgb24NCj4gcmVk aGF0L2NlbnRvcyA1IGFuZCB0aGVuIGNvbWluZyB1cCB3aXRoIGEgd2F5IHRvIGN1c3RvbWl6ZSBh IGJhc2UNCj4gaW1hZ2UsIHRoZW4gZGVwbG95LiBUaGlzIGlzIGFsbCBsYWIgc3R1ZmYsIG5vdGhp bmcgcHJvZHVjdGlvbi4NCj4gDQo+IEkga2luZCBvZiBnb3Qgd2hhdCBpIHdhcyBsb29raW5nIHVz aW5nIEtWTSBhbmQgc2F3ZmlzaC4gV2hhdCBpIGRpZG4ndA0KPiBsaWtlIHdhcyBuZWVkZWQgdG8g ZG8gYWxsIHRoZSBuZXR3b3JrIHBsdW1iaW5nLiAgSWYgc29tZW9uZSBjYW4gZ2l2ZQ0KPiBtZSBz b21lIHBvaW50ZXJzIHRoYXQgd291bGQgYmUgZ3JlYXQuDQo+IA0KPiBJc3N1ZXM6DQo+IA0KPiBI b3cgZG8gaSBzZXR1cCBteSBpbml0aWFsIFZNLiBJIGNhbid0IGV4cGVjdCB2aXJ0aW8gdG8gYmUg c3VwcG9ydGVkIHNvDQo+IGknbGwgbmVlZCBlMTAwMCBhbmQgZWl0aGVyIGEgc2NzaSBvciBpZGUg Y29udHJvbGxlci4gSSB0aGluayBpJ3ZlIHNlZW4NCj4gdGhhdCBnbGFuY2UgY2FuIGRvIHRoaXMs IGJ1dCBJIGhhdmVuJ3QgdGVzdGVkIHlldC4gSSdtIG5vdA0KPiB1bmRlcnN0YW5kaW5nIGlmIGkg bmVlZCB0byBkbyB0aGF0IGV2ZXJ5IHRpbWUgaSBtYWtlIGEgdm9sdW1lLiBJcyB0aGF0DQo+IHNv bWV0aGluZyBpIGNhbiBkbyB2aWEgSGVhdCBhcyB3ZWxsPw0KPiANCj4gSG93IGNhbiBpIGluc3Rh bGwgdmlhIElTTz8gSSd2ZSBtYWRlIGEgZmV3IGF0dGVtcHRzIGJ1dCBmYWlsZWQuIEp1c3QNCj4g dG8gc3RhcnQgZnJvbSBzY2F0Y2gsIHdvdWxkIHRoZSBpZGVhIGJlIGF0dGFjaCAyIHZvbHVtZXMu IDEgaXNvIGFuZCAxDQo+IGZvciBzdG9yYWdlIGRldmljZT8gSSdtIGFzc3VtaW5nIGkgY291bGQg YWxzbyBqdXN0IGV4cG9ydCBhIHFjb3cyDQo+IGltYWdlIGFnYWluIHdpdGggaXNjc2kgb3IgaWRl IGRpc2ssDQo+IA0KPiBJIG5lZWQgdG8gZWRpdCBjaGFuZ2UgaW50ZXJmYWNlIG5hbWVzLiBJIGRp ZCB0aGlzIHZpYSBzYXdmaXNoIGJ5DQo+IG1ha2luZyBjdXN0b20gdWRldiBydWxlcy4gQmFzaWNh bGx5IHNhd2Zpc2ggdGhlIGltYWdlIHRoZW4gYm9vdC4gSQ0KPiBndWVzcyBpcyBzYXdmaXNoIHN1 cHBvcnQgaW4gdGhlcmUgYnV0IEkgY291bGQganVzdCBzYXdmaXNoIHRoZSByYXcNCj4gaW1hZ2Ug YmVmb3JlIGJvb3Rpbmcgd29yc3QgY2FzZSBqdXN0IG5vdCBzdXJlIGlmIHRoaXMgaXMgdGhlIGNv cnJlY3QNCj4gcGF0aCBmb3J3YXJkIG9yIG5vdC4NCj4gDQo+IEkgYWxzbyB3YW50IHRvIGRvIG90 aGVyIGN1c3RvbWl6YXRpb25zIHRvIGEgZ2l2ZW4gdm0uIEFnYWluIGRpZCB0aGlzDQo+IHZpYSBz YXdmaXNoIGJ1dCBmb3IgZXhhbXBsZSBpIGRyb3AgYSAvZXRjL3JjLmxvY2FsLnVzZXIgd2hpY2gN Cj4gY29uZmlndXJlcyB0aGluZ3MgYXQgZmlyc3QgYm9vdCwgcmVtb3ZlcyByYy5sb2NhbC51c2Vy IGFuZCB0aGVuDQo+IHJlYm9vdHMuIEFmdGVyIHRoaXMgdGhlIFZNIGlzIHJlYWR5IHRvIGdvLg0K PiANCj4gTXkgc2V0dXANCj4gMSBjb250cm9sbGVyIC8gbmV0d29yayAvIHN0b3JhZ2UgLyBub2Rl LA0KPiByNTEwIC0gMTI4Z2IgcmFtLCAxMngyVEIgZHJpdmVzICggZXZlcnl0aGluZyBydW5uaW5n IG9uIGEgcmFpZCAxMCAtIG1kDQo+IHNwbGl0IGludG8gMiBkZXZpY2VzIE9TIGFuZCBpU2NzaSBz dG9yZSkpICwgMnggMTBnYmUgLSBpc2NzaQ0KPiANCj4gMSBjb21wdXRlDQo+IHI2MjAgLSAyNTYg Z2IgcmFtLCA0eCA2MDBNQiBkcml2ZXMsIDJ4IDEwZ2JlDQo+IA0KPiAxIGRlcGxveSBob3N0DQo+ IHNtYWxsIGF0b20gYmFzZWQgaG9zdC4NCj4gDQo+IEkndmUgYmVlbiBkZXBsb3lpbmcgd2l0aCBL b2xsYS1BbnNpYmxlIGlmIHRoYXQgd2FzIGEgcXVlc3Rpb24gc28NCj4gZXZlcnl0aGluZyBpcyBE b2NrZXIgaW1hZ2VzLg0KPiANCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX18NCj4gTWFpbGluZyBsaXN0OiBodHRwOi8vbGlzdHMub3BlbnN0YWNrLm9yZy9j Z2ktYmluL21haWxtYW4vbGlzdGluZm8vb3BlbnN0YWNrDQo+IFBvc3QgdG8gICAgIDogb3BlbnN0 YWNrQGxpc3RzLm9wZW5zdGFjay5vcmcNCj4gVW5zdWJzY3JpYmUgOiBodHRwOi8vbGlzdHMub3Bl bnN0YWNrLm9yZy9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vb3BlbnN0YWNrDQo= --=_677138d92acbbad5df2a74d8d5be6adb-- From openstack at medberry.net Sun Apr 1 22:49:15 2018 From: openstack at medberry.net (David Medberry) Date: Sun, 1 Apr 2018 16:49:15 -0600 Subject: [Openstack] [pike] general how to get off the ground questions In-Reply-To: References: Message-ID: Generally recommended to start with a cloud-image and these are available for Centos and RHEL. You can then customize (either via cloud-init which would be the cloud-way or via making a new image from your existing customized instances.) RHEL https://access.redhat.com/downloads/content/69/ver=/rhel---7/7.4/x86_64/product-software look for the kvm guest image Centos: https://cloud.centos.org/centos/7/images/ I believe there is an ISO how to... lmgtfy: https://docs.openstack.org/image-guide/create-images-manually.html The kvm images listed above for RHEL and Centos provide the appropriate drivers "out of the box" for a virtual environment. Not sure why you think you need custom interface names. The interfaces produced by using the cloud images above should work fine. Cloud init will also help you with any initial customization. You can do this via vendordata if you want to do it "cloud wide" or you can do it via user data. Here's an introduction: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/End_User_Guide/user-data.html https://raymii.org/s/tutorials/Automating_Openstack_with_Cloud_init_run_a_script_on_VMs_first_boot.html So, worry LESS about image use and customization and focus on getting your cloud up and running. Here's a protip: Your first VM should just be a cirros instance. See here: https://docs.openstack.org/image-guide/obtain-images.html http://download.cirros-cloud.net/ Once you have a cirros working correctly (networking, etc), then go on to worrying about getting a working Centos or RHEL. Cirros IS ABSOLUTELY NOT for production work as there is a user login enabled by default (to aid in testing.) But once you have proven it out, you can begin creating your production images. OpenStack setup (even for a small environment) is not as easy as falling off a log... more like learning to walk. Once you can "walk" then you can "run" your instances of a more useful sort. -dave On Sun, Apr 1, 2018 at 12:18 PM, John Fleming wrote: > My end goal is do be able to spawn images based loosely on > redhat/centos 5 and then coming up with a way to customize a base > image, then deploy. This is all lab stuff, nothing production. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From john at spikefishsolutions.com Mon Apr 2 10:55:30 2018 From: john at spikefishsolutions.com (John Fleming) Date: Mon, 2 Apr 2018 06:55:30 -0400 Subject: [Openstack] [pike] general how to get off the ground questions In-Reply-To: References: Message-ID: <45EA93DE-EA6E-412A-BB32-3AFF8FB2BD53@spikefishsolutions.com> Thanks for the reply. I have cirrus working. In bound ssh key auth works fine. Outside connectivity via provider network works as well. Sorry for not making that clear. Still reading through the links. I’m sure this is going to be square peg in a round hole issue. A little back ground. These are Checkpoint firewall images. Basically I’m trying to support older releases. They do have a openstack qcow2 image but only for newest releases. I want interface names to match up with what the Mgmt server has defined. That’s why I was looking for custom interface names. I’m not looking for a miracle. I know there are going to be a lot of limitations. Maybe to the point where this isn’t really the correct tool for what I’m looking to do but I’m still going to take a stab at it to see where I end up. My goal is to have openstack handle vm management , storage and network plumbing. I don’t expect it to handle route injection but I do want to have the ability to create a lab stack so I can prime an environment and boot it up pay with it then trash it. Thanks all! From mark at openstack.org Mon Apr 2 21:55:00 2018 From: mark at openstack.org (Mark Collier) Date: Mon, 2 Apr 2018 16:55:00 -0500 Subject: [Openstack] Last chance Vancouver Summit Early Birds! Message-ID: <32721DA6-2332-40A2-B5D6-24B6B9B2D2CA@openstack.org> Hey Stackers, You’ve got TWO DAYS left to snag an early bird ticket, which is $699 for a full access, week-long pass. That’s four days of 300+ sessions and workshops on OpenStack, containers, edge, CI/CD and HPC/GPU/AI in Vancouver May 21-24th. The OpenStack Summit is my favorite place to meet and learn from smart, driven, funny people from all over the world. Will you join me in Vancouver May 21-24? OpenStack.org/summit has the details. Who else will you meet in Vancouver? - An OpenStack developer to discuss the future of the software? - A Kubernetes expert in one of more than 60 sessions about Kubernetes? - A Foundation member who can help you learn how to contribute code upstream at the Upstream Institute? - Other enterprises & service providers running OpenStack at scale like JPMorgan Chase, Progressive Insurance, Google, Target, Walmart, Yahoo!, China Mobile, AT&T, Verizon, China Railway, and Yahoo! Japan? - Your next employee… or employer? Key links: Register: openstack.org/summit (Early bird pricing ends April 4 at 11:59pm Pacific Time / April 5 6:59 UTC) Full Schedule: https://www.openstack.org/summit/vancouver-2018/summit-schedule/#day=2018-05-21 Hotel Discounts: https://www.openstack.org/summit/vancouver-2018/travel/ Sponsor: https://www.openstack.org/summit/vancouver-2018/sponsors/ Code of Conduct: https://www.openstack.org/summit/vancouver-2018/code-of-conduct/ See you at the Summit! Mark twitter.com/sparkycollier -------------- next part -------------- An HTML attachment was scrubbed... URL: From doka.ua at gmx.com Tue Apr 3 15:10:58 2018 From: doka.ua at gmx.com (Volodymyr Litovka) Date: Tue, 3 Apr 2018 18:10:58 +0300 Subject: [Openstack] [HEAT] order in attributes list Message-ID: <01756dfd-0383-d359-a3be-ecff07f1a977@gmx.com> Hi colleagues, I have the following HOT configuration of a port:   n1-wan:     type: OS::Neutron::Port     properties:       fixed_ips:         - { subnet: e-subnet1, ip_address: 51.x.x.x }         - { subnet: e-subnet2, ip_address: 25.x.x.x } when I try to extract these values in template using {get_attr}, then, regardless of fixed_ips' order in port definition (either "subnet1, subnet2" or "subnet2, subnet1"), the value of { get_attr: [n1-wan, fixed_ips] } always give the following result: output_value:    - ip_address: 25.x.x.x       subnet_id: ...    - ip_address: 51.x.x.x      subnet_id: ... and, thus, { get_attr: [n1-wan, fixed_ips, 1, ip_address ] } gives me 51.x.x.x value. So, the question is - how the list of fixed_ips is ordered? Is there way to know for sure index of entry I'm interested in? Thank you. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison From ehuels at gmail.com Tue Apr 3 21:39:33 2018 From: ehuels at gmail.com (Erik Huelsmann) Date: Tue, 3 Apr 2018 23:39:33 +0200 Subject: [Openstack] [neutron] Advice on replacing (non-openstack) existing IPv6 setup Message-ID: Hi, I'm seeking some advice on replacing a libvirt/manual setup with an openstack/VM based one. Most of the work has been done and seems to work, however, the existing setup has working IPv6 on the host as well as the guests -- something that I have failed to achieve so far with the OpenStack replacement. My situation is a single host with a /64 subnet assigned. The guests and the host have been assigned an IP from the available /64 subnet. All traffic from the host and the guests needs to be routed upstream through fe80::1. Everything works as long as I don't set up any IPv6 at all. But when I set up the external interface (enp4s0) with an IPv6 address (no matter which one), the linux bridge receives "File exists" errors from RTNETLINK. Can anyone point me to configuration examples or installation documentation for the case I'm trying to configure? (Note that I have looked at this page: https://docs.openstack.org/mitaka/networking-guide/config-ipv6.html but the fact that it talks a lot about prefix delegation makes it very confusing, tbh...) Thanks in advance for any advice you can provide! -- Bye, Erik. http://efficito.com -- Hosted accounting and ERP. Robust and Flexible. No vendor lock-in. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matheus.wagner at ufba.br Tue Apr 3 22:32:56 2018 From: matheus.wagner at ufba.br (Matheus Wagner) Date: Tue, 3 Apr 2018 19:32:56 -0300 Subject: [Openstack] [neutron] Integration SDN controller Message-ID: Hi colleagues, I want to do the Neutron integration (liberation version) with an SDN Ryu controller. But so far I have not found much that could help me how to do this. Anyone here already made this integration? Do you know how to proceed? Please help me :) -- ​Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From abogott at wikimedia.org Wed Apr 4 04:19:38 2018 From: abogott at wikimedia.org (Andrew Bogott) Date: Tue, 3 Apr 2018 23:19:38 -0500 Subject: [Openstack] API endpoint naming in Keystone Message-ID: <89fb5468-91d1-0d81-9c19-22438a48e1a2@gmail.com> I just now upgraded my test install (nova, keystone and glance) from Liberty to Mitaka.  Immediately after the upgrade, every compute query in the openstack client or Horizon started returned a 404. I resolved this problem by changing all of my nova endpoints in Keystone that looked like this:    http://labtestnet2001.codfw.wmnet:8774/v2/$(tenant_id)s so that they now look like this:    http://labtestnet2001.codfw.wmnet:8774/v2 I can't find any online documentation to support this change. Every how-to guide includes the $(tenant_id)s component of the endpoint for nova, although other services (e.g. glance) seem not to recommend it.  Can anyone help me understand what's going on here?  Are the docs just out of date, or do I have some subtle breakage in my install that this is revealing? Thanks! -Andrew From pshchelokovskyy at mirantis.com Wed Apr 4 08:46:30 2018 From: pshchelokovskyy at mirantis.com (Pavlo Shchelokovskyy) Date: Wed, 4 Apr 2018 11:46:30 +0300 Subject: [Openstack] [HEAT] order in attributes list In-Reply-To: <01756dfd-0383-d359-a3be-ecff07f1a977@gmx.com> References: <01756dfd-0383-d359-a3be-ecff07f1a977@gmx.com> Message-ID: Hi, AFAIU the get_attr function does not use the values you've passed to Heat in the resource definition, instead it fetches their actual values from Neutron (basically making a 'port show' API call), and Heat does nothing wrt to ordering afterwards. Btw AFAIR this is exactly why heat requires a separate network with single IPv4 subnet during tempest tests - the default network created by devstack at some point started to have both IPv4 and IPv6 subnets, and there's no way I know of to get specifically the IPv4 address using get_attr. OTOH may be some newer Heat template features like map filters, conditionals and yaql expressions could possibly be utilized for that.. need to investigate :-) Cheers, On Tue, Apr 3, 2018 at 6:10 PM, Volodymyr Litovka wrote: > Hi colleagues, > > I have the following HOT configuration of a port: > > n1-wan: > type: OS::Neutron::Port > properties: > fixed_ips: > - { subnet: e-subnet1, ip_address: 51.x.x.x } > - { subnet: e-subnet2, ip_address: 25.x.x.x } > > when I try to extract these values in template using {get_attr}, then, > regardless of fixed_ips' order in port definition (either "subnet1, > subnet2" or "subnet2, subnet1"), the value of { get_attr: [n1-wan, > fixed_ips] } always give the following result: > > output_value: > - ip_address: 25.x.x.x > subnet_id: ... > - ip_address: 51.x.x.x > subnet_id: ... > > and, thus, { get_attr: [n1-wan, fixed_ips, 1, ip_address ] } gives me > 51.x.x.x value. > > So, the question is - how the list of fixed_ips is ordered? Is there way > to know for sure index of entry I'm interested in? > > Thank you. > > -- > Volodymyr Litovka > "Vision without Execution is Hallucination." -- Thomas Edison > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac > k > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac > k > -- Dr. Pavlo Shchelokovskyy Senior Software Engineer Mirantis Inc www.mirantis.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark.kirkwood at catalyst.net.nz Wed Apr 4 09:12:58 2018 From: mark.kirkwood at catalyst.net.nz (Mark Kirkwood) Date: Wed, 4 Apr 2018 21:12:58 +1200 Subject: [Openstack] [Swift] Deciding on EC fragment config In-Reply-To: References: Message-ID: <00e69dcc-4428-a29f-5821-50574c0e5987@catalyst.net.nz> ...hearing crickets - come on guys, I know you have some thoughts about this :-) ! On 29/03/18 13:08, Mark Kirkwood wrote: > Hi, > > We are looking at implementing EC Policies with similar durability to 3x > replication. Now naively this corresponds to m=2 (using notation from > previous thread). However we could take the opportunity to 'do better' > and use m=3 or 4. I note that m=4 seems to be used in some of the Swift > documentation. I'd love to get some guidance about how to decide on the > 'right amount' of parity! > > Cheers > > Mark > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From alb.molina at gmail.com Wed Apr 4 15:23:20 2018 From: alb.molina at gmail.com (Alberto Molina Coballes) Date: Wed, 4 Apr 2018 17:23:20 +0200 Subject: [Openstack] API endpoint naming in Keystone In-Reply-To: <89fb5468-91d1-0d81-9c19-22438a48e1a2@gmail.com> References: <89fb5468-91d1-0d81-9c19-22438a48e1a2@gmail.com> Message-ID: Hi Andrew! AFAIK there's no difference between Liberty and Mitaka nova endpoints (we're using newton and $(tenant_id)s is still present in the nova endpoints and it's working properly). It seems to me that the difference you're showing was introduced in ocata, you can compare the official doc install for newton [1] and ocata [2]. Regards, Alberto [1] https://docs.openstack.org/newton/install-guide-ubuntu/nova-controller-install.html [2] https://docs.openstack.org/ocata/install-guide-ubuntu/nova-controller-install.html From me at not.mn Wed Apr 4 20:25:38 2018 From: me at not.mn (John Dickinson) Date: Wed, 04 Apr 2018 13:25:38 -0700 Subject: [Openstack] [Swift] Deciding on EC fragment config In-Reply-To: <00e69dcc-4428-a29f-5821-50574c0e5987@catalyst.net.nz> References: <00e69dcc-4428-a29f-5821-50574c0e5987@catalyst.net.nz> Message-ID: <55A51D1A-CE7C-4177-B6A3-B5EDA29E4A5A@not.mn> The answer always starts with "it depends...". Depends on your hardware, where it's physically located, the durability you need, the access patterns, etc There have been whole phd dissertations on the right way to calculate durability. Two parity segments isn't exactly equivalent to three replicas because in the EC case you've also got to figure out the chance of failure to get all of the necessary remaining segments to satisfy a read request[1]. In your case, using 3 or 4 parity bits will probably get you better durability and availability than a 3x replica system and still use less overall drive space[2]. My company's product has three "canned" EC policy settings to make it simpler for customers to choose. We've got 4+3, 8+4, and 15+4 settings, and we steer people to one of them based on how many servers are in their cluster. Note that there's nothing special about the m=4 examples in Swift's docs, at least in the sense of recommending 4 parity as better than 3 or 5 (or any other number). In your case, you'll want to take into account how many drives you can lose and how many servers you can lose. Suppose you have a 10+4 scheme and two servers and 12 drives in each server. You'll be able to lose 4 drives, yes, but if either server goes down, you'll not be able to access your data because each server will have 7 fragments (on seven disks). However, if you had 6 servers with 4 drives each, for the same total of 24 drives, you could lose four drives, like the other situation, but you could also lose up to two servers and still be able to read your data[3]. Another consideration is how much overhead you want to have. Increasing the data segments lowers the overhead used, but increasing the parity segments improves your durability and availability (up to the limits of your physical hardware failure domains). Finally, and probably most simply, you'll want to take into account the increased CPU and network cost for a particular EC scheme. A 3x replica write needs 3 network connections, and a read needs 1. For an EC policy, a write needs k+m connections, and a read needs k. If you're using something really large like an 18+3 scheme, you're looking at a 7x overhead in network requirements when compared to a 3x replica policy. The increased socket management and packet shuffling can add significant burden to your proxy servers[4]. Good news on the CPU though. The EC algorithms are old and well tuned, especially when using libraries like erasure or isa-l, and CPUs are really fast. Erasure code policies do not add significant overhead from the encode/decode steps. So, in summary, it's complicated, there's isn't a "right" answer, and it depends a lot on everything else about your cluster. But you've got this! You'll do great, and keep asking questions. I hope all this helps. --John [1] At a high level, it's fairly intuitive that a 2+2 scheme is very different than a 10+2 scheme, even though they both have 2 parity segments and can survive the loss of any two segments. [2] "probably", because it depends a lot on your specific situation. [3] The fragments are distributed across the servers, so 14 fragments across 6 servers means that some servers have 2 fragments and some have 3. If you're "lucky" the two files servers would each have 2 fragments, and you'd still be able to read your data. [4] Similarly, the EC reconstructor process needs to do much more work, when compared to replication, when it discovers a missing fragment. On 4 Apr 2018, at 2:12, Mark Kirkwood wrote: > ...hearing crickets - come on guys, I know you have some thoughts about this :-) ! > > > On 29/03/18 13:08, Mark Kirkwood wrote: >> Hi, >> >> We are looking at implementing EC Policies with similar durability to 3x >> replication. Now naively this corresponds to m=2 (using notation from >> previous thread). However we could take the opportunity to 'do better' >> and use m=3 or 4. I note that m=4 seems to be used in some of the Swift >> documentation. I'd love to get some guidance about how to decide on the >> 'right amount' of parity! >> >> Cheers >> >> Mark >> >> >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack at lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From mark.kirkwood at catalyst.net.nz Wed Apr 4 21:44:22 2018 From: mark.kirkwood at catalyst.net.nz (Mark Kirkwood) Date: Thu, 5 Apr 2018 09:44:22 +1200 Subject: [Openstack] [Swift] Deciding on EC fragment config In-Reply-To: <55A51D1A-CE7C-4177-B6A3-B5EDA29E4A5A@not.mn> References: <00e69dcc-4428-a29f-5821-50574c0e5987@catalyst.net.nz> <55A51D1A-CE7C-4177-B6A3-B5EDA29E4A5A@not.mn> Message-ID: <2bffeb15-6d82-1c8e-2a7b-d1a5e8eca2a7@catalyst.net.nz> Thanks John, I was leaning towards '2 is not quite enough' for parity, but wanted to get a 2nd opinion. The level of detail and discussion in your answer is very helpful, much appreciated! Mark On 05/04/18 08:25, John Dickinson wrote: > The answer always starts with "it depends...". Depends on your hardware, where it's physically located, the durability you need, the access patterns, etc > > There have been whole phd dissertations on the right way to calculate durability. Two parity segments isn't exactly equivalent to three replicas because in the EC case you've also got to figure out the chance of failure to get all of the necessary remaining segments to satisfy a read request[1]. > > In your case, using 3 or 4 parity bits will probably get you better durability and availability than a 3x replica system and still use less overall drive space[2]. My company's product has three "canned" EC policy settings to make it simpler for customers to choose. We've got 4+3, 8+4, and 15+4 settings, and we steer people to one of them based on how many servers are in their cluster. > > Note that there's nothing special about the m=4 examples in Swift's docs, at least in the sense of recommending 4 parity as better than 3 or 5 (or any other number). > > In your case, you'll want to take into account how many drives you can lose and how many servers you can lose. Suppose you have a 10+4 scheme and two servers and 12 drives in each server. You'll be able to lose 4 drives, yes, but if either server goes down, you'll not be able to access your data because each server will have 7 fragments (on seven disks). However, if you had 6 servers with 4 drives each, for the same total of 24 drives, you could lose four drives, like the other situation, but you could also lose up to two servers and still be able to read your data[3]. > > Another consideration is how much overhead you want to have. Increasing the data segments lowers the overhead used, but increasing the parity segments improves your durability and availability (up to the limits of your physical hardware failure domains). > > Finally, and probably most simply, you'll want to take into account the increased CPU and network cost for a particular EC scheme. A 3x replica write needs 3 network connections, and a read needs 1. For an EC policy, a write needs k+m connections, and a read needs k. If you're using something really large like an 18+3 scheme, you're looking at a 7x overhead in network requirements when compared to a 3x replica policy. The increased socket management and packet shuffling can add significant burden to your proxy servers[4]. Good news on the CPU though. The EC algorithms are old and well tuned, especially when using libraries like erasure or isa-l, and CPUs are really fast. Erasure code policies do not add significant overhead from the encode/decode steps. > > So, in summary, it's complicated, there's isn't a "right" answer, and it depends a lot on everything else about your cluster. But you've got this! You'll do great, and keep asking questions. > > I hope all this helps. > > From lzachery at cisco.com Thu Apr 5 15:35:00 2018 From: lzachery at cisco.com (Leon Zachery (lzachery)) Date: Thu, 5 Apr 2018 15:35:00 +0000 Subject: [Openstack] Openstack neutron with ASR1k In-Reply-To: References: <20180201192102.6tl6rtcuh2zzpji5@yuggoth.org> Message-ID: Hi: Just to return to the earlier part of this thread with respect to ASR1k plugin usage, here are a few additional pointers that may also be helpful: Cisco OpenStack plugin documentation: http://networking-cisco.readthedocs.io/en/latest/ (includes all Cisco plugins) Launchpad page for bug/issues on Cisco OpenStack plugins: https://launchpad.net/networking-cisco Cisco blog entry on OpenStack ASR plugin: https://blogs.cisco.com/cloud/openstack-asr1000-plugin-new-features OpenStack summit: Customer use cases: https://www.openstack.org/summit/barcelona-2016/summit-schedule/events/17273/cisco-openstack-and-the-cisco-next-generation-datacenter-customer-stories-from-bbva-kaztranscom-sap-sbsa Satish – feel free to reach out with any issues or questions. Thanks, Leon On 2/1/18, 2:58 PM, "Satish Patel" wrote: Interesting survey but if i am not wrong Fuel is end of life and they stopped development right? On Thu, Feb 1, 2018 at 2:21 PM, Jeremy Stanley wrote: > On 2018-02-01 19:15:51 +0400 (+0400), Fawaz Mohammed wrote: >> TripleO (Supported on CentOS and RHEL) and Juju (Supported on >> Ubuntu) [1] are the most used OpenStack deployment tools. > [...] > > Most used in what sense? That statistic seems to contradict the > results of the official OpenStack User Survey from April 2017 (page > 42) at least, which claims that more deployments used Ansible (45%), > Puppet (28%), Fuel (16%) and Chef (14%) than Juju (9%). TripleO > didn't even have enough responses on that question to rank. > > https://www.openstack.org/assets/survey/April2017SurveyReport.pdf > > -- > Jeremy Stanley > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From damon2 at gladbach.com Fri Apr 6 15:10:29 2018 From: damon2 at gladbach.com (Damon2) Date: Fri, 6 Apr 2018 11:10:29 -0400 Subject: [Openstack] pacemaker failing to install - opnfv Danube Fuel Message-ID: <000601d3cdb9$67101f30$35305d90$@gladbach.com> OPNFV - Danube 3.0 Fuel install error. I am getting this error during the openstack install process. I have installed OS using fuel many times, and never ran into this. It says pacemaker can't install without corosync, but it appears to be installed. Would anyone know why I'm seeing this error? Tried this with a single controller and a dual one, same result. Node is simple KVM, standard OVS VLAN config, with cinder as storage. This is the command the install script seems to be failing at: root at node-10:~# /usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold -o APT::Get::AllowUnauthenticated=1 install pacemaker Reading package lists... Building dependency tree... Reading state information... Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: pacemaker : Depends: corosync (>= 2.3.0) but it is not going to be installed E: Unable to correct problems, you have held broken packages. root at node-10:~# Coroysnc appears to be installed passed the required version. ||/ Name Version Architecture Description +++-=====================================-=======================-========== =============-============================================================== ================== ii corosync 2.3.5-3ubuntu2.1 amd64 cluster engine daemon and utilities root at node-10:~# Puppet log, which is basically the output of the failed command. 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) E: Unable to correct problems, you have held broken packages. 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) pacemaker : Depends: corosync (>= 2.3.0) but it is not going to be installed 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) The following packages have unmet dependencies: 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) The following information may help to resolve the situation: 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) or been moved out of Incoming. 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) distribution that some required packages have not yet been created 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) requested an impossible situation or if you are using the unstable 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) Some packages could not be installed. This may mean that you have 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) Reading state information... 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) Building dependency tree... 2018-04-06 14:42:07 ERR (/Stage[main]/Corosync/Package[pacemaker]/ensure) change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold -o APT::Get::AllowUnauthenticated=1 install pacemaker' returned 100: Reading package lists... -------------- next part -------------- An HTML attachment was scrubbed... URL: From abricus at yandex.ru Fri Apr 6 17:28:36 2018 From: abricus at yandex.ru (s serge) Date: Fri, 06 Apr 2018 20:28:36 +0300 Subject: [Openstack] private network issue ( kola-ansible pike/stable deployment ) Message-ID: <1423381523035716@web38g.yandex.ru> Hello, I'm evaluating an installation and everything from networking side was looking good until I tried to reach a VM host via private network from another VM via ssh. In short: 1. Spawn a VM 2. Associate a floating IP 3. Logon to VM via ssh on public network 4. Spawn another VM 5. Try to reach 1st VM via ssh private network IP - FAIL. 6. ICMP to 1st VM IP via private network works well. Looks pretty weird for me as according to logs everything looks fine, both VM got assigned a private IP and fetches metadata info. Some notes about setup: Separate interfaces for management, private(VXLAN) and external network. Dozen of similar servers. I'll continue to debug the issue, but appreciate any relevant feedback. Thanks, Regards, Serge. From abricus at yandex.ru Fri Apr 6 17:53:25 2018 From: abricus at yandex.ru (s serge) Date: Fri, 06 Apr 2018 20:53:25 +0300 Subject: [Openstack] private network issue ( kola-ansible pike/stable deployment ) In-Reply-To: <1423381523035716@web38g.yandex.ru> References: <1423381523035716@web38g.yandex.ru> Message-ID: <6554071523037205@web55g.yandex.ru> I'm sorry, some corrections, p.5 and p.6 should be: 5. From 1st VM try to reach the second VM(p.4) via ssh private network IP - FAIL. 6. ICMP from 1st VM to second(p.4) IP via private network works well. 06.04.2018, 20:42, "s serge" : > Hello, > > I'm evaluating an installation and everything from networking side was looking good > until I tried to reach a VM host via private network from another VM via ssh. > > In short: > 1. Spawn a VM > 2. Associate a floating IP > 3. Logon to VM via ssh on public network > 4. Spawn another VM > 5. Try to reach 1st VM via ssh private network IP - FAIL. > 6. ICMP to 1st VM IP via private network works well. > > Looks pretty weird for me as according to logs everything looks fine, > both VM got assigned a private IP and fetches metadata info. > > Some notes about setup: > Separate interfaces for management, private(VXLAN) and external network. > Dozen of similar servers. > > I'll continue to debug the issue, but appreciate any relevant feedback. > > Thanks, > Regards, > Serge. > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From haleyb.dev at gmail.com Fri Apr 6 17:56:57 2018 From: haleyb.dev at gmail.com (Brian Haley) Date: Fri, 6 Apr 2018 13:56:57 -0400 Subject: [Openstack] private network issue ( kola-ansible pike/stable deployment ) In-Reply-To: <1423381523035716@web38g.yandex.ru> References: <1423381523035716@web38g.yandex.ru> Message-ID: <385bc37e-870d-3440-4108-2d370a96c343@gmail.com> On 04/06/2018 01:28 PM, s serge wrote: > Hello, > > I'm evaluating an installation and everything from networking side was looking good > until I tried to reach a VM host via private network from another VM via ssh. > > In short: > 1. Spawn a VM > 2. Associate a floating IP > 3. Logon to VM via ssh on public network > 4. Spawn another VM > 5. Try to reach 1st VM via ssh private network IP - FAIL. > 6. ICMP to 1st VM IP via private network works well. > > Looks pretty weird for me as according to logs everything looks fine, > both VM got assigned a private IP and fetches metadata info. > > Some notes about setup: > Separate interfaces for management, private(VXLAN) and external network. > Dozen of similar servers. > > I'll continue to debug the issue, but appreciate any relevant feedback. I would check two things: 1. Security groups are allowing port 22 2. MTU is set correctly, should probably be 1450 if you're using VXLAN, which should have been set via the DHCP reply -Brian From berndbausch at gmail.com Sat Apr 7 00:07:11 2018 From: berndbausch at gmail.com (Bernd Bausch) Date: Sat, 7 Apr 2018 09:07:11 +0900 Subject: [Openstack] private network issue ( kola-ansible pike/stable deployment ) In-Reply-To: <385bc37e-870d-3440-4108-2d370a96c343@gmail.com> References: <1423381523035716@web38g.yandex.ru> <385bc37e-870d-3440-4108-2d370a96c343@gmail.com> Message-ID: So the situation is: * VM1 has a floating IP and can be reached via floating IP * VM1 can ping VM2 * VM2 can't ssh VM2 Useful additional information you may have gathered already: * Does the ssh client issue any error message, and which? * Is an sshd running on VM2? * If yes, any error in the sshd log? I.e., does VM2 receive anything at all, and how does it process what it receives * Any /outgoing /connectivity problems from VM2? Other things to do or check: * Use debug options when running the ssh client and sshd * packet tracing on both VMs * ssh to VM2's private IP from the DHCP server's namespace * When you ping VM2, are you sure it's really VM2 that responds? Perhaps something else has the same IP, or even MAC. You can check that by tracing ICMP on VM2. Bernd On 4/7/2018 2:56 AM, Brian Haley wrote: > On 04/06/2018 01:28 PM, s serge wrote: >> Hello, >> >> I'm evaluating an installation and everything from networking side >> was looking good >> until I tried to reach a VM host via private network from another VM >> via ssh. >> >> In short: >> 1. Spawn a VM >> 2. Associate a floating IP >> 3. Logon to VM via ssh on public network >> 4. Spawn another VM >> 5. Try to reach 1st VM via ssh private network IP - FAIL. >> 6. ICMP to 1st VM IP via private network works well. >> >> Looks pretty weird for me as according to logs everything looks fine, >> both VM got assigned a private IP and fetches metadata info. >> >> Some notes about setup: >> Separate interfaces for management, private(VXLAN) and external network. >> Dozen of similar servers. >> >> I'll continue to debug the issue, but appreciate any relevant feedback. > > I would check two things: > > 1. Security groups are allowing port 22 > 2. MTU is set correctly, should probably be 1450 if you're using > VXLAN, which should have been set via the DHCP reply > > -Brian > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to     : openstack at lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From abricus at yandex.ru Sun Apr 8 15:07:58 2018 From: abricus at yandex.ru (s serge) Date: Sun, 08 Apr 2018 18:07:58 +0300 Subject: [Openstack] private network issue ( kola-ansible pike/stable deployment ) In-Reply-To: <385bc37e-870d-3440-4108-2d370a96c343@gmail.com> References: <1423381523035716@web38g.yandex.ru> <385bc37e-870d-3440-4108-2d370a96c343@gmail.com> Message-ID: <8514031523200078@web11g.yandex.ru> Hello, Thanks, The problem was related to MTU. Actually, I have another installation which is configured to set 1450(1500 - 50 VxLAN header length) for guest VM interfaces. That setup runs in 'regular' network environments with 1500 MTU on host interfaces and use linuxbridge. There is a reson why I didn't looked at that at first thing for the current case: The hosts private network interfaces has set to MTU 9000 Open vSwitch is used to connect private(self service) network. OVS bridges have 1500 MTU ( kolla configured it in this way ) I've identified that 1480 MTU for guest VM fix ssh issue in my current case, but not sure I understand why ... 20 bytes is the shortest IP header size... So there are 2 another questions: 1. What's and why adding 20 bytes ? 2. I've not found a configuration settings in kolla-ansible which allows to configure bridges interfaces MTU - any ideas how to do that properly ? Thanks, Regards, Serge. 06.04.2018, 20:57, "Brian Haley" : > On 04/06/2018 01:28 PM, s serge wrote: >>  Hello, >> >>  I'm evaluating an installation and everything from networking side was looking good >>  until I tried to reach a VM host via private network from another VM via ssh. >> >>  In short: >>  1. Spawn a VM >>  2. Associate a floating IP >>  3. Logon to VM via ssh on public network >>  4. Spawn another VM >>  5. Try to reach 1st VM via ssh private network IP - FAIL. >>  6. ICMP to 1st VM IP via private network works well. >> >>  Looks pretty weird for me as according to logs everything looks fine, >>  both VM got assigned a private IP and fetches metadata info. >> >>  Some notes about setup: >>  Separate interfaces for management, private(VXLAN) and external network. >>  Dozen of similar servers. >> >>  I'll continue to debug the issue, but appreciate any relevant feedback. > > I would check two things: > > 1. Security groups are allowing port 22 > 2. MTU is set correctly, should probably be 1450 if you're using VXLAN, > which should have been set via the DHCP reply > > -Brian From abricus at yandex.ru Sun Apr 8 18:49:40 2018 From: abricus at yandex.ru (s serge) Date: Sun, 08 Apr 2018 21:49:40 +0300 Subject: [Openstack] linuxbridge or open vswitch choice Message-ID: <16154261523213380@web3j.yandex.ru> Hello, Could you please advice a technical decision how to made a choice between linuxbridge and Open vSwitch for an OpenStack deployment ? While Open vSwitch is more flexible and provides more features, it also involves additional level of complexity. However, are there OpenStack features which can only be utilised using Open vSwitch functionality or is it implemented in OpenStack just as an option to choose? According to https://www.ibm.com/support/knowledgecenter/en/linuxonibm/liaag/wkvm/wkvm_c_net_conbridge.htm, there is no significant difference in the terms of performance, but Open vSwitch implies more additional attendance to understand and debug network level. I would appreciate a feedback based on real operation and maintenance experience. Thanks, Regards, Serge. From slawek at kaplonski.pl Sun Apr 8 19:19:14 2018 From: slawek at kaplonski.pl (=?utf-8?B?U8WCYXdlayBLYXDFgm/FhHNraQ==?=) Date: Sun, 8 Apr 2018 21:19:14 +0200 Subject: [Openstack] linuxbridge or open vswitch choice In-Reply-To: <16154261523213380@web3j.yandex.ru> References: <16154261523213380@web3j.yandex.ru> Message-ID: <49933C85-AF6E-4313-93BA-BB49A98DAEF9@kaplonski.pl> Hi, There is couple of features not available for linuxbridge agent and available only for ovs. For example: firewall based on openflows or DVR. I think that things related to DPDK are also available for open vswitch. I have feeling that there is also more developers who cares about open vswitch agent than for linuxbridge but I might be wrong with that of course :) So personally today I would choose open vswitch probably :) > Wiadomość napisana przez s serge w dniu 08.04.2018, o godz. 20:49: > > Hello, > > Could you please advice a technical decision how to made a choice between linuxbridge and Open vSwitch for > an OpenStack deployment ? > > While Open vSwitch is more flexible and provides more features, it also involves additional level of complexity. > > However, are there OpenStack features which can only be utilised using Open vSwitch functionality or is it implemented > in OpenStack just as an option to choose? > > According to https://www.ibm.com/support/knowledgecenter/en/linuxonibm/liaag/wkvm/wkvm_c_net_conbridge.htm, > there is no significant difference in the terms of performance, but Open vSwitch implies more additional attendance to > understand and debug network level. > > I would appreciate a feedback based on real operation and maintenance experience. > > Thanks, > Regards, > Serge. > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack — Best regards Slawek Kaplonski slawek at kaplonski.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From tgeier at accertify.com Mon Apr 9 21:35:32 2018 From: tgeier at accertify.com (Timothy Geier) Date: Mon, 9 Apr 2018 21:35:32 +0000 Subject: [Openstack] linuxbridge or open vswitch choice In-Reply-To: <16154261523213380@web3j.yandex.ru> References: <16154261523213380@web3j.yandex.ru> Message-ID: <1523309731.2674.10.camel@accertify.com> On Sun, 2018-04-08 at 21:49 +0300, s serge wrote: > Hello, > > Could you please advice a technical decision how to made a choice > between linuxbridge and Open vSwitch for > an OpenStack deployment ? > > While Open vSwitch is more flexible and provides more features, it > also involves additional level of complexity. > > However, are there OpenStack features which can only be utilised > using Open vSwitch functionality or is it implemented > in OpenStack just as an option to choose? > > According to https://www.ibm.com/support/knowledgecenter/en/linuxonib > m/liaag/wkvm/wkvm_c_net_conbridge.htm, > there is no significant difference in the terms of performance, but > Open vSwitch implies more additional attendance to > understand and debug network level. > > I would appreciate a feedback based on real operation and maintenance > experience. In my experience, linuxbridge works very well and is a lot simpler to set up and configure in an environment where other software/hardware is handling the general network configuration (especially if you have experience with using network bridges on Linux KVM deployments). I would go with linuxbridge (especially in a straightfoward setup) unless the additional features of openvswitch are needed. > > Thanks, > Regards, > Serge. > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ope > nstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ope > nstack From martialmichel at datamachines.io Wed Apr 11 04:06:56 2018 From: martialmichel at datamachines.io (Martial Michel) Date: Wed, 11 Apr 2018 00:06:56 -0400 Subject: [Openstack] [Scientific] No Scientific SIG IRC meeting on 4/11 Message-ID: With apologies, we must skip this week's Scientific SIG meeting. Thank you -- Martial -------------- next part -------------- An HTML attachment was scrubbed... URL: From nhadie at gmail.com Thu Apr 12 02:21:59 2018 From: nhadie at gmail.com (ron ramos) Date: Thu, 12 Apr 2018 10:21:59 +0800 Subject: [Openstack] Openstack Log Errors monitoring Message-ID: Hi, May i know if anyone is using any tool to monitor ERROR on all openstack logs and send out alerts? Thank you. Regards, Ron -------------- next part -------------- An HTML attachment was scrubbed... URL: From bdiaz at whitestack.com Thu Apr 12 02:41:04 2018 From: bdiaz at whitestack.com (Benjamin Diaz) Date: Wed, 11 Apr 2018 23:41:04 -0300 Subject: [Openstack] Openstack Log Errors monitoring In-Reply-To: References: Message-ID: Hi Ron, If you are using the ELK stack for handling your logs, you have a couple of options, like Watcher or the logstash email plugin. They are discussed in this SO post: https://stackoverflow.com/a/35519256 Greetings, Benjamin On Wed, Apr 11, 2018 at 11:21 PM, ron ramos wrote: > Hi, > > May i know if anyone is using any tool to monitor ERROR on all openstack > logs and send out alerts? > Thank you. > > Regards, > Ron > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > -- *Benjamín Díaz* Cloud Computing Engineer bdiaz at whitestack.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From apar.subbu at gmail.com Thu Apr 12 05:43:05 2018 From: apar.subbu at gmail.com (APARNA SUBBURAM) Date: Thu, 12 Apr 2018 11:13:05 +0530 Subject: [Openstack] Query regarding customized DHCP server in openstack Message-ID: Hi, I am new user to openstack. I want to know whether an instance which is created in openstack can act as DHCP server for other instances created in that network. If so could you please provide with me how to setup that configurations. VM1 : Openwrt which is going to be my DHCP server. VM2 : Ubuntu which is going to be my DHCP client. VM2 should fetch ip from VM1. It should not get default DHCP ip from Openstack. Both the instances are up on openstack environment. Regards, Aparna Subburam -------------- next part -------------- An HTML attachment was scrubbed... URL: From nspmangalore at gmail.com Thu Apr 12 05:47:20 2018 From: nspmangalore at gmail.com (Shyam Prasad N) Date: Thu, 12 Apr 2018 11:17:20 +0530 Subject: [Openstack] Domain not found error Message-ID: Hi, I'm trying to install keystone for my swift cluster. I followed this document for install and configuration: https://docs.openstack.org/keystone/pike/install/ However, I'm getting this error for a command: # openstack user create --domain default --password-prompt swift The request you have made requires authentication. (HTTP 401) (Request-ID: req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) # tail /var/log/keystone/keystone.log 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET http://20.20.20.7:35357/v3/ 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - - [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST http://20.20.20.7:35357/v3/auth/tokens 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find domain: Default 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers Traceback (most recent call last): 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 185, in _lookup_domain 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers domain_name) 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 124, in wrapped 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers __ret_val = __f(*args, **kwargs) 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, in decorate 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers should_cache_fn) 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, in get_or_create 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers async_creator) as value: 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, in __enter__ 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return self._enter() 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in _enter 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers generated = self._enter_create(createdtime) 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, in _enter_create 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers created = self.creator() 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, in gen_value 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers created_value = creator() 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, in creator 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return fn(*arg, **kw) 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line 720, in get_domain_by_name 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers raise exception.DomainNotFound(domain_id=domain_name) 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers DomainNotFound: Could not find domain: Default 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization failed. The request you have made requires authentication. from 20.20.20.7 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - - [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 0.113822 Can someone please tell me what's going on? Thanks in advance for your replies. -- -Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: From eblock at nde.ag Thu Apr 12 06:40:20 2018 From: eblock at nde.ag (Eugen Block) Date: Thu, 12 Apr 2018 06:40:20 +0000 Subject: [Openstack] Domain not found error In-Reply-To: Message-ID: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> Hi, can you paste the credentials you're using? The config values (e.g. domain) are case sensitive, the ID of the default domain is usually "domain", its name is "Default". But if you're sourcing the credentials with ID "Default" this would go wrong, although I'm not sure if this would be the expected error message. Just a couple of weeks ago there was someone on ask.openstack.org who ignored case-sensitive options and failed to operate his cloud. Did the keystone-manage bootstrap command work? Regards Zitat von Shyam Prasad N : > Hi, > > I'm trying to install keystone for my swift cluster. > I followed this document for install and configuration: > https://docs.openstack.org/keystone/pike/install/ > > However, I'm getting this error for a command: > # openstack user create --domain default --password-prompt swift > The request you have made requires authentication. (HTTP 401) (Request-ID: > req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) > > # tail /var/log/keystone/keystone.log > 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi > [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET > http://20.20.20.7:35357/v3/ > 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server > [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - - > [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 > 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST > http://20.20.20.7:35357/v3/auth/tokens > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find domain: > Default > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers Traceback > (most recent call last): > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 185, > in _lookup_domain > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > domain_name) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 124, in > wrapped > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers __ret_val > = __f(*args, **kwargs) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, in > decorate > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > should_cache_fn) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, in > get_or_create > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > async_creator) as value: > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, in > __enter__ > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return > self._enter() > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in > _enter > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers generated > = self._enter_create(createdtime) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, in > _enter_create > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers created = > self.creator() > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, in > gen_value > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > created_value = creator() > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, in > creator > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return > fn(*arg, **kw) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line 720, in > get_domain_by_name > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers raise > exception.DomainNotFound(domain_id=domain_name) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > DomainNotFound: Could not find domain: Default > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization failed. > The request you have made requires authentication. from 20.20.20.7 > 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - - > [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 0.113822 > > Can someone please tell me what's going on? > Thanks in advance for your replies. > > -- > -Shyam -- Eugen Block voice : +49-40-559 51 75 NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 Postfach 61 03 15 D-22423 Hamburg e-mail : eblock at nde.ag Vorsitzende des Aufsichtsrates: Angelika Mozdzen Sitz und Registergericht: Hamburg, HRB 90934 Vorstand: Jens-U. Mozdzen USt-IdNr. DE 814 013 983 From nspmangalore at gmail.com Thu Apr 12 07:08:55 2018 From: nspmangalore at gmail.com (Shyam Prasad N) Date: Thu, 12 Apr 2018 12:38:55 +0530 Subject: [Openstack] Domain not found error In-Reply-To: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> Message-ID: Hi, Please read my replies inline below... On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block wrote: > Hi, > > can you paste the credentials you're using? > # cat admin-rc export OS_USERNAME=admin export OS_PASSWORD=abcdef export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://20.20.20.7:35357/v3 export OS_IDENTITY_API_VERSION=3 The config values (e.g. domain) are case sensitive, the ID of the default > domain is usually "domain", its name is "Default". But if you're sourcing > the credentials with ID "Default" this would go wrong, although I'm not > sure if this would be the expected error message. > > Just a couple of weeks ago there was someone on ask.openstack.org who > ignored case-sensitive options and failed to operate his cloud. > > Did the keystone-manage bootstrap command work? > Yes. It did not throw any errors. > > Regards > > > Zitat von Shyam Prasad N : > > > Hi, >> >> I'm trying to install keystone for my swift cluster. >> I followed this document for install and configuration: >> https://docs.openstack.org/keystone/pike/install/ >> >> However, I'm getting this error for a command: >> # openstack user create --domain default --password-prompt swift >> The request you have made requires authentication. (HTTP 401) (Request-ID: >> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >> >> # tail /var/log/keystone/keystone.log >> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >> http://20.20.20.7:35357/v3/ >> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - - >> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >> http://20.20.20.7:35357/v3/auth/tokens >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find >> domain: >> Default >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers Traceback >> (most recent call last): >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line >> 185, >> in _lookup_domain >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >> domain_name) >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 124, >> in >> wrapped >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >> __ret_val >> = __f(*args, **kwargs) >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, in >> decorate >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >> should_cache_fn) >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, in >> get_or_create >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >> async_creator) as value: >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, in >> __enter__ >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return >> self._enter() >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in >> _enter >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >> generated >> = self._enter_create(createdtime) >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, in >> _enter_create >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers created >> = >> self.creator() >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, in >> gen_value >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >> created_value = creator() >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, in >> creator >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return >> fn(*arg, **kw) >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line 720, >> in >> get_domain_by_name >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers raise >> exception.DomainNotFound(domain_id=domain_name) >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >> DomainNotFound: Could not find domain: Default >> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization >> failed. >> The request you have made requires authentication. from 20.20.20.7 >> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - - >> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 0.113822 >> >> Can someone please tell me what's going on? >> Thanks in advance for your replies. >> >> -- >> -Shyam >> > > > > -- > Eugen Block voice : +49-40-559 51 75 > NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 > Postfach 61 03 15 > D-22423 Hamburg e-mail : eblock at nde.ag > > Vorsitzende des Aufsichtsrates: Angelika Mozdzen > Sitz und Registergericht: Hamburg, HRB 90934 > Vorstand: Jens-U. Mozdzen > USt-IdNr. DE 814 013 983 > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac > k > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac > k > -- -Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: From eblock at nde.ag Thu Apr 12 07:18:46 2018 From: eblock at nde.ag (Eugen Block) Date: Thu, 12 Apr 2018 07:18:46 +0000 Subject: [Openstack] Domain not found error In-Reply-To: References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> Message-ID: <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> I believe there's something missing in Ocata and Pike docs. If you read Mitaka install guide [1] you'll find the first step to be creating the default domain before all other steps regarding projects and users. You should run openstack domain create --description "Default Domain" default and then the next steps should work, at least I hope so. Do you want to report this as a bug? I can also report it, I have already filed several reports. Regards [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone-users.html Zitat von Shyam Prasad N : > Hi, > > Please read my replies inline below... > > On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block wrote: > >> Hi, >> >> can you paste the credentials you're using? >> > # cat admin-rc > export OS_USERNAME=admin > export OS_PASSWORD=abcdef > export OS_PROJECT_NAME=admin > export OS_USER_DOMAIN_NAME=Default > export OS_PROJECT_DOMAIN_NAME=Default > export OS_AUTH_URL=http://20.20.20.7:35357/v3 > export OS_IDENTITY_API_VERSION=3 > > The config values (e.g. domain) are case sensitive, the ID of the default >> domain is usually "domain", its name is "Default". But if you're sourcing >> the credentials with ID "Default" this would go wrong, although I'm not >> sure if this would be the expected error message. >> >> Just a couple of weeks ago there was someone on ask.openstack.org who >> ignored case-sensitive options and failed to operate his cloud. >> >> Did the keystone-manage bootstrap command work? >> > Yes. It did not throw any errors. > >> >> Regards >> >> >> Zitat von Shyam Prasad N : >> >> >> Hi, >>> >>> I'm trying to install keystone for my swift cluster. >>> I followed this document for install and configuration: >>> https://docs.openstack.org/keystone/pike/install/ >>> >>> However, I'm getting this error for a command: >>> # openstack user create --domain default --password-prompt swift >>> The request you have made requires authentication. (HTTP 401) (Request-ID: >>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>> >>> # tail /var/log/keystone/keystone.log >>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>> http://20.20.20.7:35357/v3/ >>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - - >>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>> http://20.20.20.7:35357/v3/auth/tokens >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find >>> domain: >>> Default >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers Traceback >>> (most recent call last): >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line >>> 185, >>> in _lookup_domain >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>> domain_name) >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 124, >>> in >>> wrapped >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>> __ret_val >>> = __f(*args, **kwargs) >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, in >>> decorate >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>> should_cache_fn) >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, in >>> get_or_create >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>> async_creator) as value: >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, in >>> __enter__ >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return >>> self._enter() >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in >>> _enter >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>> generated >>> = self._enter_create(createdtime) >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, in >>> _enter_create >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers created >>> = >>> self.creator() >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, in >>> gen_value >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>> created_value = creator() >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, in >>> creator >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return >>> fn(*arg, **kw) >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line 720, >>> in >>> get_domain_by_name >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers raise >>> exception.DomainNotFound(domain_id=domain_name) >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>> DomainNotFound: Could not find domain: Default >>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization >>> failed. >>> The request you have made requires authentication. from 20.20.20.7 >>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - - >>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 0.113822 >>> >>> Can someone please tell me what's going on? >>> Thanks in advance for your replies. >>> >>> -- >>> -Shyam >>> >> >> >> >> -- >> Eugen Block voice : +49-40-559 51 75 >> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 >> Postfach 61 03 15 >> D-22423 Hamburg e-mail : eblock at nde.ag >> >> Vorsitzende des Aufsichtsrates: Angelika Mozdzen >> Sitz und Registergericht: Hamburg, HRB 90934 >> Vorstand: Jens-U. Mozdzen >> USt-IdNr. DE 814 013 983 >> >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac >> k >> Post to : openstack at lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac >> k >> > > > > -- > -Shyam -- Eugen Block voice : +49-40-559 51 75 NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 Postfach 61 03 15 D-22423 Hamburg e-mail : eblock at nde.ag Vorsitzende des Aufsichtsrates: Angelika Mozdzen Sitz und Registergericht: Hamburg, HRB 90934 Vorstand: Jens-U. Mozdzen USt-IdNr. DE 814 013 983 From slawek at kaplonski.pl Thu Apr 12 07:54:37 2018 From: slawek at kaplonski.pl (=?utf-8?B?U8WCYXdlayBLYXDFgm/FhHNraQ==?=) Date: Thu, 12 Apr 2018 09:54:37 +0200 Subject: [Openstack] Query regarding customized DHCP server in openstack In-Reply-To: References: Message-ID: > Wiadomość napisana przez APARNA SUBBURAM w dniu 12.04.2018, o godz. 07:43: > > Hi, > > I am new user to openstack. I want to know whether an instance which is created in openstack can act as DHCP server for other instances created in that network. If so could you please provide with me how to setup that configurations. > > VM1 : Openwrt which is going to be my DHCP server. > VM2 : Ubuntu which is going to be my DHCP client. > > VM2 should fetch ip from VM1. It should not get default DHCP ip from Openstack. > > Both the instances are up on openstack environment. > > Regards, > Aparna Subburam > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack — Best regards Slawek Kaplonski slawek at kaplonski.pl From eblock at nde.ag Thu Apr 12 08:27:30 2018 From: eblock at nde.ag (Eugen Block) Date: Thu, 12 Apr 2018 08:27:30 +0000 Subject: [Openstack] Domain not found error In-Reply-To: References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> Message-ID: <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> The missing command has been in Newton, Ocata and Pike release. They fixed it in Queens again. I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 Regards Zitat von Shyam Prasad N : > Thanks Eugen. It'll be great if you can do it. (I haven't yet gone through > the bug reporting documentation) > Please add me to the bug's CC list. That way if some info is needed from > me, I can provide it. > > Regards, > Shyam > > On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block wrote: > >> I believe there's something missing in Ocata and Pike docs. If you read >> Mitaka install guide [1] you'll find the first step to be creating the >> default domain before all other steps regarding projects and users. >> >> You should run >> >> openstack domain create --description "Default Domain" default >> >> and then the next steps should work, at least I hope so. >> >> Do you want to report this as a bug? I can also report it, I have already >> filed several reports. >> >> Regards >> >> >> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >> -users.html >> >> >> >> Zitat von Shyam Prasad N : >> >> Hi, >>> >>> Please read my replies inline below... >>> >>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block wrote: >>> >>> Hi, >>>> >>>> can you paste the credentials you're using? >>>> >>>> # cat admin-rc >>> export OS_USERNAME=admin >>> export OS_PASSWORD=abcdef >>> export OS_PROJECT_NAME=admin >>> export OS_USER_DOMAIN_NAME=Default >>> export OS_PROJECT_DOMAIN_NAME=Default >>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>> export OS_IDENTITY_API_VERSION=3 >>> >>> The config values (e.g. domain) are case sensitive, the ID of the default >>> >>>> domain is usually "domain", its name is "Default". But if you're sourcing >>>> the credentials with ID "Default" this would go wrong, although I'm not >>>> sure if this would be the expected error message. >>>> >>>> Just a couple of weeks ago there was someone on ask.openstack.org who >>>> ignored case-sensitive options and failed to operate his cloud. >>>> >>>> Did the keystone-manage bootstrap command work? >>>> >>>> Yes. It did not throw any errors. >>> >>> >>>> Regards >>>> >>>> >>>> Zitat von Shyam Prasad N : >>>> >>>> >>>> Hi, >>>> >>>>> >>>>> I'm trying to install keystone for my swift cluster. >>>>> I followed this document for install and configuration: >>>>> https://docs.openstack.org/keystone/pike/install/ >>>>> >>>>> However, I'm getting this error for a command: >>>>> # openstack user create --domain default --password-prompt swift >>>>> The request you have made requires authentication. (HTTP 401) >>>>> (Request-ID: >>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>> >>>>> # tail /var/log/keystone/keystone.log >>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>> http://20.20.20.7:35357/v3/ >>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - - >>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find >>>>> domain: >>>>> Default >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers Traceback >>>>> (most recent call last): >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line >>>>> 185, >>>>> in _lookup_domain >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>> domain_name) >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line >>>>> 124, >>>>> in >>>>> wrapped >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>> __ret_val >>>>> = __f(*args, **kwargs) >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, >>>>> in >>>>> decorate >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>> should_cache_fn) >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, >>>>> in >>>>> get_or_create >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>> async_creator) as value: >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, >>>>> in >>>>> __enter__ >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return >>>>> self._enter() >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in >>>>> _enter >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>> generated >>>>> = self._enter_create(createdtime) >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, >>>>> in >>>>> _enter_create >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>> created >>>>> = >>>>> self.creator() >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, >>>>> in >>>>> gen_value >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>> created_value = creator() >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, >>>>> in >>>>> creator >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return >>>>> fn(*arg, **kw) >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line 720, >>>>> in >>>>> get_domain_by_name >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers raise >>>>> exception.DomainNotFound(domain_id=domain_name) >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>> DomainNotFound: Could not find domain: Default >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization >>>>> failed. >>>>> The request you have made requires authentication. from 20.20.20.7 >>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - - >>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 0.113822 >>>>> >>>>> Can someone please tell me what's going on? >>>>> Thanks in advance for your replies. >>>>> >>>>> -- >>>>> -Shyam >>>>> >>>>> >>>> >>>> >>>> -- >>>> Eugen Block voice : +49-40-559 51 75 >>>> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 >>>> Postfach 61 03 15 >>>> D-22423 Hamburg e-mail : eblock at nde.ag >>>> >>>> Vorsitzende des Aufsichtsrates: Angelika Mozdzen >>>> Sitz und Registergericht: Hamburg, HRB 90934 >>>> Vorstand: Jens-U. Mozdzen >>>> USt-IdNr. DE 814 013 983 >>>> >>>> >>>> _______________________________________________ >>>> Mailing list: http://lists.openstack.org/cgi >>>> -bin/mailman/listinfo/openstac >>>> k >>>> Post to : openstack at lists.openstack.org >>>> Unsubscribe : http://lists.openstack.org/cgi >>>> -bin/mailman/listinfo/openstac >>>> k >>>> >>>> >>> >>> >>> -- >>> -Shyam >>> >> >> >> >> -- >> Eugen Block voice : +49-40-559 51 75 >> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 >> Postfach 61 03 15 >> D-22423 Hamburg e-mail : eblock at nde.ag >> >> Vorsitzende des Aufsichtsrates: Angelika Mozdzen >> Sitz und Registergericht: Hamburg, HRB 90934 >> Vorstand: Jens-U. Mozdzen >> USt-IdNr. DE 814 013 983 >> >> > > > -- > -Shyam -- Eugen Block voice : +49-40-559 51 75 NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 Postfach 61 03 15 D-22423 Hamburg e-mail : eblock at nde.ag Vorsitzende des Aufsichtsrates: Angelika Mozdzen Sitz und Registergericht: Hamburg, HRB 90934 Vorstand: Jens-U. Mozdzen USt-IdNr. DE 814 013 983 From slawek at kaplonski.pl Thu Apr 12 08:34:39 2018 From: slawek at kaplonski.pl (=?utf-8?B?U8WCYXdlayBLYXDFgm/FhHNraQ==?=) Date: Thu, 12 Apr 2018 10:34:39 +0200 Subject: [Openstack] Query regarding customized DHCP server in openstack In-Reply-To: References: Message-ID: Hi, Default Neutron with ML2 can’t use instance as DHCP server just like that. It has DHCP agent installed on some host and this agent configures DHCP for Neutron networks. Maybe with some different core plugin it is possible. I don’t know that. > Wiadomość napisana przez APARNA SUBBURAM w dniu 12.04.2018, o godz. 07:43: > > Hi, > > I am new user to openstack. I want to know whether an instance which is created in openstack can act as DHCP server for other instances created in that network. If so could you please provide with me how to setup that configurations. > > VM1 : Openwrt which is going to be my DHCP server. > VM2 : Ubuntu which is going to be my DHCP client. > > VM2 should fetch ip from VM1. It should not get default DHCP ip from Openstack. > > Both the instances are up on openstack environment. > > Regards, > Aparna Subburam > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack — Best regards Slawek Kaplonski slawek at kaplonski.pl From nspmangalore at gmail.com Thu Apr 12 08:55:46 2018 From: nspmangalore at gmail.com (Shyam Prasad N) Date: Thu, 12 Apr 2018 08:55:46 +0000 Subject: [Openstack] Domain not found error In-Reply-To: <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> Message-ID: Thanks Eugen :) On Thu, Apr 12, 2018, 13:57 Eugen Block wrote: > The missing command has been in Newton, Ocata and Pike release. They > fixed it in Queens again. > > I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 > > Regards > > > Zitat von Shyam Prasad N : > > > Thanks Eugen. It'll be great if you can do it. (I haven't yet gone > through > > the bug reporting documentation) > > Please add me to the bug's CC list. That way if some info is needed from > > me, I can provide it. > > > > Regards, > > Shyam > > > > On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block wrote: > > > >> I believe there's something missing in Ocata and Pike docs. If you read > >> Mitaka install guide [1] you'll find the first step to be creating the > >> default domain before all other steps regarding projects and users. > >> > >> You should run > >> > >> openstack domain create --description "Default Domain" default > >> > >> and then the next steps should work, at least I hope so. > >> > >> Do you want to report this as a bug? I can also report it, I have > already > >> filed several reports. > >> > >> Regards > >> > >> > >> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone > >> -users.html > >> > >> > >> > >> Zitat von Shyam Prasad N : > >> > >> Hi, > >>> > >>> Please read my replies inline below... > >>> > >>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block wrote: > >>> > >>> Hi, > >>>> > >>>> can you paste the credentials you're using? > >>>> > >>>> # cat admin-rc > >>> export OS_USERNAME=admin > >>> export OS_PASSWORD=abcdef > >>> export OS_PROJECT_NAME=admin > >>> export OS_USER_DOMAIN_NAME=Default > >>> export OS_PROJECT_DOMAIN_NAME=Default > >>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 > >>> export OS_IDENTITY_API_VERSION=3 > >>> > >>> The config values (e.g. domain) are case sensitive, the ID of the > default > >>> > >>>> domain is usually "domain", its name is "Default". But if you're > sourcing > >>>> the credentials with ID "Default" this would go wrong, although I'm > not > >>>> sure if this would be the expected error message. > >>>> > >>>> Just a couple of weeks ago there was someone on ask.openstack.org who > >>>> ignored case-sensitive options and failed to operate his cloud. > >>>> > >>>> Did the keystone-manage bootstrap command work? > >>>> > >>>> Yes. It did not throw any errors. > >>> > >>> > >>>> Regards > >>>> > >>>> > >>>> Zitat von Shyam Prasad N : > >>>> > >>>> > >>>> Hi, > >>>> > >>>>> > >>>>> I'm trying to install keystone for my swift cluster. > >>>>> I followed this document for install and configuration: > >>>>> https://docs.openstack.org/keystone/pike/install/ > >>>>> > >>>>> However, I'm getting this error for a command: > >>>>> # openstack user create --domain default --password-prompt swift > >>>>> The request you have made requires authentication. (HTTP 401) > >>>>> (Request-ID: > >>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) > >>>>> > >>>>> # tail /var/log/keystone/keystone.log > >>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi > >>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET > >>>>> http://20.20.20.7:35357/v3/ > >>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server > >>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - - > >>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 > >>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi > >>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST > >>>>> http://20.20.20.7:35357/v3/auth/tokens > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > >>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find > >>>>> domain: > >>>>> Default > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > Traceback > >>>>> (most recent call last): > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > >>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line > >>>>> 185, > >>>>> in _lookup_domain > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > >>>>> domain_name) > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > >>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line > >>>>> 124, > >>>>> in > >>>>> wrapped > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > >>>>> __ret_val > >>>>> = __f(*args, **kwargs) > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > >>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line > 1053, > >>>>> in > >>>>> decorate > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > >>>>> should_cache_fn) > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > >>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, > >>>>> in > >>>>> get_or_create > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > >>>>> async_creator) as value: > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > >>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, > >>>>> in > >>>>> __enter__ > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > return > >>>>> self._enter() > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > >>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, > in > >>>>> _enter > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > >>>>> generated > >>>>> = self._enter_create(createdtime) > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > >>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, > >>>>> in > >>>>> _enter_create > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > >>>>> created > >>>>> = > >>>>> self.creator() > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > >>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, > >>>>> in > >>>>> gen_value > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > >>>>> created_value = creator() > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > >>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line > 1049, > >>>>> in > >>>>> creator > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > return > >>>>> fn(*arg, **kw) > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File > >>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line > 720, > >>>>> in > >>>>> get_domain_by_name > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > raise > >>>>> exception.DomainNotFound(domain_id=domain_name) > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > >>>>> DomainNotFound: Could not find domain: Default > >>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > >>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi > >>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization > >>>>> failed. > >>>>> The request you have made requires authentication. from 20.20.20.7 > >>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server > >>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - - > >>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 > 0.113822 > >>>>> > >>>>> Can someone please tell me what's going on? > >>>>> Thanks in advance for your replies. > >>>>> > >>>>> -- > >>>>> -Shyam > >>>>> > >>>>> > >>>> > >>>> > >>>> -- > >>>> Eugen Block voice : +49-40-559 51 75 > >>>> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 > >>>> Postfach 61 03 15 > >>>> D-22423 Hamburg e-mail : eblock at nde.ag > >>>> > >>>> Vorsitzende des Aufsichtsrates: Angelika Mozdzen > >>>> Sitz und Registergericht: Hamburg, HRB 90934 > >>>> Vorstand: Jens-U. Mozdzen > >>>> USt-IdNr. DE 814 013 983 > >>>> > >>>> > >>>> _______________________________________________ > >>>> Mailing list: http://lists.openstack.org/cgi > >>>> -bin/mailman/listinfo/openstac > >>>> k > >>>> Post to : openstack at lists.openstack.org > >>>> Unsubscribe : http://lists.openstack.org/cgi > >>>> -bin/mailman/listinfo/openstac > >>>> k > >>>> > >>>> > >>> > >>> > >>> -- > >>> -Shyam > >>> > >> > >> > >> > >> -- > >> Eugen Block voice : +49-40-559 51 75 > >> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 > >> Postfach 61 03 15 > >> D-22423 Hamburg e-mail : eblock at nde.ag > >> > >> Vorsitzende des Aufsichtsrates: Angelika Mozdzen > >> Sitz und Registergericht: Hamburg, HRB 90934 > >> Vorstand: Jens-U. Mozdzen > >> USt-IdNr. DE 814 013 983 > >> > >> > > > > > > -- > > -Shyam > > > > -- > Eugen Block voice : +49-40-559 51 75 > NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 > Postfach 61 03 15 > D-22423 Hamburg e-mail : eblock at nde.ag > > Vorsitzende des Aufsichtsrates: Angelika Mozdzen > Sitz und Registergericht: Hamburg, HRB 90934 > Vorstand: Jens-U. Mozdzen > USt-IdNr. DE 814 013 983 > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From berndbausch at gmail.com Thu Apr 12 11:08:27 2018 From: berndbausch at gmail.com (Bernd Bausch) Date: Thu, 12 Apr 2018 20:08:27 +0900 Subject: [Openstack] Query regarding customized DHCP server in openstack In-Reply-To: References: Message-ID: <151f9926-b458-963c-c4ee-2834de6bc87c@gmail.com> You can remove the DHCP server from the subnet that the two VMs are connected to:     openstack subnet set --no-dhcp NAME_OF_SUBNET But I am not 100% that ARPs will be let through without additional tinkering. On 4/12/2018 5:34 PM, Sławek Kapłoński wrote: > Hi, > > Default Neutron with ML2 can’t use instance as DHCP server just like that. It has DHCP agent installed on some host and this agent configures DHCP for Neutron networks. > Maybe with some different core plugin it is possible. I don’t know that. > >> Wiadomość napisana przez APARNA SUBBURAM w dniu 12.04.2018, o godz. 07:43: >> >> Hi, >> >> I am new user to openstack. I want to know whether an instance which is created in openstack can act as DHCP server for other instances created in that network. If so could you please provide with me how to setup that configurations. >> >> VM1 : Openwrt which is going to be my DHCP server. >> VM2 : Ubuntu which is going to be my DHCP client. >> >> VM2 should fetch ip from VM1. It should not get default DHCP ip from Openstack. >> >> Both the instances are up on openstack environment. >> >> Regards, >> Aparna Subburam >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack at lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > — > Best regards > Slawek Kaplonski > slawek at kaplonski.pl > > > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From majopela at redhat.com Thu Apr 12 11:27:01 2018 From: majopela at redhat.com (Miguel Angel Ajo Pelayo) Date: Thu, 12 Apr 2018 11:27:01 +0000 Subject: [Openstack] Query regarding customized DHCP server in openstack In-Reply-To: References: Message-ID: I believe that if you disable port security on the specific virtual network, then you can have any VM serving DHCP requests, and otherwise the dhcp requests are filtered by the firewall driver. You will also have to disable DHCP on the subnet as Bernd Explained. On Thu, Apr 12, 2018 at 10:36 AM Sławek Kapłoński wrote: > Hi, > > Default Neutron with ML2 can’t use instance as DHCP server just like that. > It has DHCP agent installed on some host and this agent configures DHCP for > Neutron networks. > Maybe with some different core plugin it is possible. I don’t know that. > > > Wiadomość napisana przez APARNA SUBBURAM w dniu > 12.04.2018, o godz. 07:43: > > > > Hi, > > > > I am new user to openstack. I want to know whether an instance which is > created in openstack can act as DHCP server for other instances created in > that network. If so could you please provide with me how to setup that > configurations. > > > > VM1 : Openwrt which is going to be my DHCP server. > > VM2 : Ubuntu which is going to be my DHCP client. > > > > VM2 should fetch ip from VM1. It should not get default DHCP ip from > Openstack. > > > > Both the instances are up on openstack environment. > > > > Regards, > > Aparna Subburam > > > > _______________________________________________ > > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack at lists.openstack.org > > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > — > Best regards > Slawek Kaplonski > slawek at kaplonski.pl > > > > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > -------------- next part -------------- An HTML attachment was scrubbed... URL: From emccormick at cirrusseven.com Thu Apr 12 19:13:56 2018 From: emccormick at cirrusseven.com (Erik McCormick) Date: Thu, 12 Apr 2018 15:13:56 -0400 Subject: [Openstack] Help finding old (Mitaka) RDO RPMs Message-ID: Hi All, Does anyone happen to have an archive of the MItaka RDO repo lying around they'd be willing to share with a poor unfortunate soul? My clone of it has gone AWOL and I have moderately desperate need of it. Thanks! Cheers, Erik From amy at demarco.com Thu Apr 12 19:20:42 2018 From: amy at demarco.com (Amy Marrich) Date: Thu, 12 Apr 2018 14:20:42 -0500 Subject: [Openstack] [Openstack-operators] Help finding old (Mitaka) RDO RPMs In-Reply-To: References: Message-ID: Erik, Here's the Mitaka archive:) http://vault.centos.org/7.3.1611/cloud/x86_64/openstack-mitaka/ Amy (spotz) On Thu, Apr 12, 2018 at 2:13 PM, Erik McCormick wrote: > Hi All, > > Does anyone happen to have an archive of the MItaka RDO repo lying > around they'd be willing to share with a poor unfortunate soul? My > clone of it has gone AWOL and I have moderately desperate need of it. > > Thanks! > > Cheers, > Erik > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: From emccormick at cirrusseven.com Thu Apr 12 19:23:42 2018 From: emccormick at cirrusseven.com (Erik McCormick) Date: Thu, 12 Apr 2018 15:23:42 -0400 Subject: [Openstack] [Openstack-operators] Help finding old (Mitaka) RDO RPMs In-Reply-To: References: Message-ID: Thanks! You're my heroes :) On Thu, Apr 12, 2018 at 3:20 PM, Amy Marrich wrote: > Erik, > > Here's the Mitaka archive:) > > http://vault.centos.org/7.3.1611/cloud/x86_64/openstack-mitaka/ > > Amy (spotz) > > On Thu, Apr 12, 2018 at 2:13 PM, Erik McCormick > wrote: >> >> Hi All, >> >> Does anyone happen to have an archive of the MItaka RDO repo lying >> around they'd be willing to share with a poor unfortunate soul? My >> clone of it has gone AWOL and I have moderately desperate need of it. >> >> Thanks! >> >> Cheers, >> Erik >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > From apar.subbu at gmail.com Fri Apr 13 03:37:33 2018 From: apar.subbu at gmail.com (APARNA SUBBURAM) Date: Fri, 13 Apr 2018 09:07:33 +0530 Subject: [Openstack] Query regarding customized DHCP server in openstack In-Reply-To: References: Message-ID: Thanks to all the suggestions. Though i have tried with disabling port security too. It din't work out. Any other configurations are yet to do or is it that ML2 can’t use instance as DHCP server. Regards, Aparna Subburam On Thu, Apr 12, 2018 at 4:57 PM, Miguel Angel Ajo Pelayo < majopela at redhat.com> wrote: > I believe that if you disable port security on the specific virtual > network, then you can have any VM serving DHCP requests, and otherwise the > dhcp requests are filtered by the firewall driver. You will also have to > disable DHCP on the subnet as Bernd Explained. > > On Thu, Apr 12, 2018 at 10:36 AM Sławek Kapłoński > wrote: > >> Hi, >> >> Default Neutron with ML2 can’t use instance as DHCP server just like >> that. It has DHCP agent installed on some host and this agent configures >> DHCP for Neutron networks. >> Maybe with some different core plugin it is possible. I don’t know that. >> >> > Wiadomość napisana przez APARNA SUBBURAM w dniu >> 12.04.2018, o godz. 07:43: >> > >> > Hi, >> > >> > I am new user to openstack. I want to know whether an instance which is >> created in openstack can act as DHCP server for other instances created in >> that network. If so could you please provide with me how to setup that >> configurations. >> > >> > VM1 : Openwrt which is going to be my DHCP server. >> > VM2 : Ubuntu which is going to be my DHCP client. >> > >> > VM2 should fetch ip from VM1. It should not get default DHCP ip from >> Openstack. >> > >> > Both the instances are up on openstack environment. >> > >> > Regards, >> > Aparna Subburam >> > >> > _______________________________________________ >> > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ >> openstack >> > Post to : openstack at lists.openstack.org >> > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ >> openstack >> >> — >> Best regards >> Slawek Kaplonski >> slawek at kaplonski.pl >> >> >> >> >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ >> openstack >> Post to : openstack at lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ >> openstack >> > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From eblock at nde.ag Fri Apr 13 06:24:00 2018 From: eblock at nde.ag (Eugen Block) Date: Fri, 13 Apr 2018 06:24:00 +0000 Subject: [Openstack] Domain not found error In-Reply-To: <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> Message-ID: <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> Hi, the bug I reported is invalid because the keystone-bootstrap command is supposed to create the default domain. Since we created our cloud in Liberty release the default domain already existed in our environment. Well, I guess we're back to square one. ;-) Can you paste the output of control:~ # openstack domain list If the keystone bootstrap command worked, it should at least show the default domain. If it doesn't take a look into /var/log/keystone/keystone-manage.log and check for errors. If this doesn't reveal anything try running it again and check the logs again. Zitat von Eugen Block : > The missing command has been in Newton, Ocata and Pike release. They > fixed it in Queens again. > > I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 > > Regards > > > Zitat von Shyam Prasad N : > >> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone through >> the bug reporting documentation) >> Please add me to the bug's CC list. That way if some info is needed from >> me, I can provide it. >> >> Regards, >> Shyam >> >> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block wrote: >> >>> I believe there's something missing in Ocata and Pike docs. If you read >>> Mitaka install guide [1] you'll find the first step to be creating the >>> default domain before all other steps regarding projects and users. >>> >>> You should run >>> >>> openstack domain create --description "Default Domain" default >>> >>> and then the next steps should work, at least I hope so. >>> >>> Do you want to report this as a bug? I can also report it, I have already >>> filed several reports. >>> >>> Regards >>> >>> >>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>> -users.html >>> >>> >>> >>> Zitat von Shyam Prasad N : >>> >>> Hi, >>>> >>>> Please read my replies inline below... >>>> >>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block wrote: >>>> >>>> Hi, >>>>> >>>>> can you paste the credentials you're using? >>>>> >>>>> # cat admin-rc >>>> export OS_USERNAME=admin >>>> export OS_PASSWORD=abcdef >>>> export OS_PROJECT_NAME=admin >>>> export OS_USER_DOMAIN_NAME=Default >>>> export OS_PROJECT_DOMAIN_NAME=Default >>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>> export OS_IDENTITY_API_VERSION=3 >>>> >>>> The config values (e.g. domain) are case sensitive, the ID of the default >>>> >>>>> domain is usually "domain", its name is "Default". But if you're sourcing >>>>> the credentials with ID "Default" this would go wrong, although I'm not >>>>> sure if this would be the expected error message. >>>>> >>>>> Just a couple of weeks ago there was someone on ask.openstack.org who >>>>> ignored case-sensitive options and failed to operate his cloud. >>>>> >>>>> Did the keystone-manage bootstrap command work? >>>>> >>>>> Yes. It did not throw any errors. >>>> >>>> >>>>> Regards >>>>> >>>>> >>>>> Zitat von Shyam Prasad N : >>>>> >>>>> >>>>> Hi, >>>>> >>>>>> >>>>>> I'm trying to install keystone for my swift cluster. >>>>>> I followed this document for install and configuration: >>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>> >>>>>> However, I'm getting this error for a command: >>>>>> # openstack user create --domain default --password-prompt swift >>>>>> The request you have made requires authentication. (HTTP 401) >>>>>> (Request-ID: >>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>> >>>>>> # tail /var/log/keystone/keystone.log >>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>> http://20.20.20.7:35357/v3/ >>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - - >>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find >>>>>> domain: >>>>>> Default >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers Traceback >>>>>> (most recent call last): >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line >>>>>> 185, >>>>>> in _lookup_domain >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>> domain_name) >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line >>>>>> 124, >>>>>> in >>>>>> wrapped >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>> __ret_val >>>>>> = __f(*args, **kwargs) >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1053, >>>>>> in >>>>>> decorate >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>> should_cache_fn) >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 657, >>>>>> in >>>>>> get_or_create >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>> async_creator) as value: >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 158, >>>>>> in >>>>>> __enter__ >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return >>>>>> self._enter() >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 98, in >>>>>> _enter >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>> generated >>>>>> = self._enter_create(createdtime) >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line 149, >>>>>> in >>>>>> _enter_create >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>> created >>>>>> = >>>>>> self.creator() >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 625, >>>>>> in >>>>>> gen_value >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>> created_value = creator() >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line 1049, >>>>>> in >>>>>> creator >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers return >>>>>> fn(*arg, **kw) >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line 720, >>>>>> in >>>>>> get_domain_by_name >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers raise >>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>> DomainNotFound: Could not find domain: Default >>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization >>>>>> failed. >>>>>> The request you have made requires authentication. from 20.20.20.7 >>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - - >>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 0.113822 >>>>>> >>>>>> Can someone please tell me what's going on? >>>>>> Thanks in advance for your replies. >>>>>> >>>>>> -- >>>>>> -Shyam >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Eugen Block voice : +49-40-559 51 75 >>>>> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 >>>>> Postfach 61 03 15 >>>>> D-22423 Hamburg e-mail : eblock at nde.ag >>>>> >>>>> Vorsitzende des Aufsichtsrates: Angelika Mozdzen >>>>> Sitz und Registergericht: Hamburg, HRB 90934 >>>>> Vorstand: Jens-U. Mozdzen >>>>> USt-IdNr. DE 814 013 983 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Mailing list: http://lists.openstack.org/cgi >>>>> -bin/mailman/listinfo/openstac >>>>> k >>>>> Post to : openstack at lists.openstack.org >>>>> Unsubscribe : http://lists.openstack.org/cgi >>>>> -bin/mailman/listinfo/openstac >>>>> k >>>>> >>>>> >>>> >>>> >>>> -- >>>> -Shyam >>>> >>> >>> >>> >>> -- >>> Eugen Block voice : +49-40-559 51 75 >>> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 >>> Postfach 61 03 15 >>> D-22423 Hamburg e-mail : eblock at nde.ag >>> >>> Vorsitzende des Aufsichtsrates: Angelika Mozdzen >>> Sitz und Registergericht: Hamburg, HRB 90934 >>> Vorstand: Jens-U. Mozdzen >>> USt-IdNr. DE 814 013 983 >>> >>> >> >> >> -- >> -Shyam > > > > -- > Eugen Block voice : +49-40-559 51 75 > NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 > Postfach 61 03 15 > D-22423 Hamburg e-mail : eblock at nde.ag > > Vorsitzende des Aufsichtsrates: Angelika Mozdzen > Sitz und Registergericht: Hamburg, HRB 90934 > Vorstand: Jens-U. Mozdzen > USt-IdNr. DE 814 013 983 -- Eugen Block voice : +49-40-559 51 75 NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 Postfach 61 03 15 D-22423 Hamburg e-mail : eblock at nde.ag Vorsitzende des Aufsichtsrates: Angelika Mozdzen Sitz und Registergericht: Hamburg, HRB 90934 Vorstand: Jens-U. Mozdzen USt-IdNr. DE 814 013 983 From john.studarus at openstacksandiego.org Fri Apr 13 19:08:39 2018 From: john.studarus at openstacksandiego.org (John Studarus) Date: Fri, 13 Apr 2018 12:08:39 -0700 Subject: [Openstack] US Meetup next week - Chicago, New York, and NoVA Message-ID: <162c068d848.117b57ad0144094.897856949974105763@openstacksandiego.org> Didn't make it to the land down under for the OpenStack Summit last year? No worries, we're bringing Summit content to a city near you. Friends looking at you weird when you want to talk about OpenStack? Come join us, we understand. New to OpenStack and want to get your feet wet? Bring your laptop and we'll walk you through logging in and using an OpenStack cloud. Been around OpenStack and want to learn something new? Come hear about our experiences building a cloud on Arm (including fun with Terraform, Rally, and bare metal service providers). Chicago (Downtown) - Tuesday April 17 New York (Manhattan) - Wednesday April 18 DC/NoVA (Reston, VA) - Thursday April 19 Feel free to join us for the beginners OpenStack cloud storage workshop (5-6pm) or the OpenStack on Arm presentation (6pm). Tickets are FREE - but you do need to register for building security. Registration closes 48 hours before the meetup (building security requirements, sorry). https://www.eventbrite.com/e/openinfrastructure-three-armed-openstack-april-2018-new-york-reston-chicago-and-san-diego-tickets-44080014510 Thank you to our sponsors for providing venue space and cloud resources: Oracle Cloud - Enterprise Cloud Computing - https://cloud.oracle.com/home Packet Hosting - Bare Metal Servers and Cloud Hosting - https://www.packet.net/ Limestone Networks - Cloud Provider and Dedicated Server Hosting - https://www.limestonenetworks.com/ Interested in sponsoring these events or presenting? Drop me a note at john at openstacksandiego.org. John P.S. Join the local meetup near you to stay informed about local events: https://groups.openstack.org/ ---- John Studarus - OpenStack Ambassador - John at OpenStackSanDiego.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From manuel.sb at garvan.org.au Sun Apr 15 23:36:59 2018 From: manuel.sb at garvan.org.au (Manuel Sopena Ballesteros) Date: Sun, 15 Apr 2018 23:36:59 +0000 Subject: [Openstack] can't delete volume because host does not have free space Message-ID: <9D8A2486E35F0941A60430473E29F15B0173975E83@MXDB1.ad.garvan.unsw.edu.au> Dear Openstack community, I have an all-in-one opentack installation and the host ran out of space. I tried to delete a volume bit it failed, I guess because openstack needs to free space for operations... Because of this is did some cleaning by deleting log files but looks like it is not enough because I tried to delete the volume again and it failed. The problem now is that all the remaining free space has been taken by the "delete volume operation" and I can't clean anything else from the server... [root at openstack ~(keystone_admin)]# sudo du -sh /var/lib/cinder/cinder-volumes 7.7T /var/lib/cinder/cinder-volumes [root at openstack ~(keystone_admin)]# sudo du -sh /var/lib/glance/* 1.4T /var/lib/glance/images [root at openstack ~(keystone_admin)]# df -h Filesystem Size Used Avail Use% Mounted on /dev/md127 9.1T 9.1T 20K 100% / devtmpfs 252G 0 252G 0% /dev tmpfs 252G 4.0K 252G 1% /dev/shm tmpfs 252G 4.1G 248G 2% /run tmpfs 252G 0 252G 0% /sys/fs/cgroup /dev/sda1 1014M 178M 837M 18% /boot /dev/loop0 1.9G 6.1M 1.7G 1% /srv/node/swiftloopback tmpfs 51G 0 51G 0% /run/user/0 Is there anything else I can do? Thank you very much Manuel Sopena Ballesteros | Big data Engineer Garvan Institute of Medical Research The Kinghorn Cancer Centre, 370 Victoria Street, Darlinghurst, NSW 2010 T: + 61 (0)2 9355 5760 | F: +61 (0)2 9295 8507 | E: manuel.sb at garvan.org.au NOTICE Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nspmangalore at gmail.com Mon Apr 16 06:01:18 2018 From: nspmangalore at gmail.com (Shyam Prasad N) Date: Mon, 16 Apr 2018 11:31:18 +0530 Subject: [Openstack] Domain not found error In-Reply-To: <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> Message-ID: Hi, Sorry for the late reply. Was out for a while. # openstack domain list The request you have made requires authentication. (HTTP 401) (Request-ID: req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) # tail /var/log/keystone/keystone-manage.log # # keystone-manage bootstrap --bootstrap-password PASSWORD --bootstrap-admin-url http://20.20.20.8:5000/v3/ --bootstrap-internal-url http://20.20.20.8:5000/v3/ --bootstrap-public-url http://20.20.20.8:5000/v3/ --bootstrap-region-id RegionOne 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] Deprecated: Use of the identity driver config to automatically configure the same assignment driver has been deprecated, in the "O" release, the assignment driver will need to be expicitly configured if different than the default (SQL). 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default already exists, skipping creation. 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin already exists, skipping creation. 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already exists, skipping creation. 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, skipping creation. 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already has admin on admin. 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne exists, skipping creation. 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin endpoint as already created 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal endpoint as already created 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public endpoint as already created # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] Deprecated: Use of the identity driver config to automatically configure the same assignment driver has been deprecated, in the "O" release, the assignment driver will need to be expicitly configured if different than the default (SQL). 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default already exists, skipping creation. 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin already exists, skipping creation. 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already exists, skipping creation. 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, skipping creation. 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already has admin on admin. 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne exists, skipping creation. 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin endpoint as already created 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal endpoint as already created 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public endpoint as already created # On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block wrote: > Hi, > > the bug I reported is invalid because the keystone-bootstrap command is > supposed to create the default domain. Since we created our cloud in > Liberty release the default domain already existed in our environment. > Well, I guess we're back to square one. ;-) > > Can you paste the output of > > control:~ # openstack domain list > > If the keystone bootstrap command worked, it should at least show the > default domain. If it doesn't take a look into > /var/log/keystone/keystone-manage.log and check for errors. If this > doesn't reveal anything try running it again and check the logs again. > > > Zitat von Eugen Block : > > > The missing command has been in Newton, Ocata and Pike release. They fixed >> it in Queens again. >> >> I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 >> >> Regards >> >> >> Zitat von Shyam Prasad N : >> >> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone through >>> the bug reporting documentation) >>> Please add me to the bug's CC list. That way if some info is needed from >>> me, I can provide it. >>> >>> Regards, >>> Shyam >>> >>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block wrote: >>> >>> I believe there's something missing in Ocata and Pike docs. If you read >>>> Mitaka install guide [1] you'll find the first step to be creating the >>>> default domain before all other steps regarding projects and users. >>>> >>>> You should run >>>> >>>> openstack domain create --description "Default Domain" default >>>> >>>> and then the next steps should work, at least I hope so. >>>> >>>> Do you want to report this as a bug? I can also report it, I have >>>> already >>>> filed several reports. >>>> >>>> Regards >>>> >>>> >>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>> -users.html >>>> >>>> >>>> >>>> Zitat von Shyam Prasad N : >>>> >>>> Hi, >>>> >>>>> >>>>> Please read my replies inline below... >>>>> >>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block wrote: >>>>> >>>>> Hi, >>>>> >>>>>> >>>>>> can you paste the credentials you're using? >>>>>> >>>>>> # cat admin-rc >>>>>> >>>>> export OS_USERNAME=admin >>>>> export OS_PASSWORD=abcdef >>>>> export OS_PROJECT_NAME=admin >>>>> export OS_USER_DOMAIN_NAME=Default >>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>> export OS_IDENTITY_API_VERSION=3 >>>>> >>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>> default >>>>> >>>>> domain is usually "domain", its name is "Default". But if you're >>>>>> sourcing >>>>>> the credentials with ID "Default" this would go wrong, although I'm >>>>>> not >>>>>> sure if this would be the expected error message. >>>>>> >>>>>> Just a couple of weeks ago there was someone on ask.openstack.org who >>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>> >>>>>> Did the keystone-manage bootstrap command work? >>>>>> >>>>>> Yes. It did not throw any errors. >>>>>> >>>>> >>>>> >>>>> Regards >>>>>> >>>>>> >>>>>> Zitat von Shyam Prasad N : >>>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>> I followed this document for install and configuration: >>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>> >>>>>>> However, I'm getting this error for a command: >>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>> (Request-ID: >>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>> >>>>>>> # tail /var/log/keystone/keystone.log >>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>> http://20.20.20.7:35357/v3/ >>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - - >>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find >>>>>>> domain: >>>>>>> Default >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> Traceback >>>>>>> (most recent call last): >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", >>>>>>> line >>>>>>> 185, >>>>>>> in _lookup_domain >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> domain_name) >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line >>>>>>> 124, >>>>>>> in >>>>>>> wrapped >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> __ret_val >>>>>>> = __f(*args, **kwargs) >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>> 1053, >>>>>>> in >>>>>>> decorate >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> should_cache_fn) >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>> 657, >>>>>>> in >>>>>>> get_or_create >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> async_creator) as value: >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>> 158, >>>>>>> in >>>>>>> __enter__ >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> return >>>>>>> self._enter() >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>> 98, in >>>>>>> _enter >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> generated >>>>>>> = self._enter_create(createdtime) >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>> 149, >>>>>>> in >>>>>>> _enter_create >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> created >>>>>>> = >>>>>>> self.creator() >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>> 625, >>>>>>> in >>>>>>> gen_value >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> created_value = creator() >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>> 1049, >>>>>>> in >>>>>>> creator >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> return >>>>>>> fn(*arg, **kw) >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line >>>>>>> 720, >>>>>>> in >>>>>>> get_domain_by_name >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> raise >>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> DomainNotFound: Could not find domain: Default >>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization >>>>>>> failed. >>>>>>> The request you have made requires authentication. from 20.20.20.7 >>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - - >>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>> 0.113822 >>>>>>> >>>>>>> Can someone please tell me what's going on? >>>>>>> Thanks in advance for your replies. >>>>>>> >>>>>>> -- >>>>>>> -Shyam >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> Eugen Block voice : +49-40-559 51 75 >>>>>> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 >>>>>> Postfach 61 03 15 >>>>>> D-22423 Hamburg e-mail : eblock at nde.ag >>>>>> >>>>>> Vorsitzende des Aufsichtsrates: Angelika Mozdzen >>>>>> Sitz und Registergericht: Hamburg, HRB 90934 >>>>>> Vorstand: Jens-U. Mozdzen >>>>>> USt-IdNr. DE 814 013 983 >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Mailing list: http://lists.openstack.org/cgi >>>>>> -bin/mailman/listinfo/openstac >>>>>> k >>>>>> Post to : openstack at lists.openstack.org >>>>>> Unsubscribe : http://lists.openstack.org/cgi >>>>>> -bin/mailman/listinfo/openstac >>>>>> k >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> -Shyam >>>>> >>>>> >>>> >>>> >>>> -- >>>> Eugen Block voice : +49-40-559 51 75 >>>> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 >>>> Postfach 61 03 15 >>>> D-22423 Hamburg e-mail : eblock at nde.ag >>>> >>>> Vorsitzende des Aufsichtsrates: Angelika Mozdzen >>>> Sitz und Registergericht: Hamburg, HRB 90934 >>>> Vorstand: Jens-U. Mozdzen >>>> USt-IdNr. DE 814 013 983 >>>> >>>> >>>> >>> >>> -- >>> -Shyam >>> >> >> >> >> -- >> Eugen Block voice : +49-40-559 51 75 >> NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 >> Postfach 61 03 15 >> D-22423 Hamburg e-mail : eblock at nde.ag >> >> Vorsitzende des Aufsichtsrates: Angelika Mozdzen >> Sitz und Registergericht: Hamburg, HRB 90934 >> Vorstand: Jens-U. Mozdzen >> USt-IdNr. DE 814 013 983 >> > > > > -- > Eugen Block voice : +49-40-559 51 75 > NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 > Postfach 61 03 15 > D-22423 Hamburg e-mail : eblock at nde.ag > > Vorsitzende des Aufsichtsrates: Angelika Mozdzen > Sitz und Registergericht: Hamburg, HRB 90934 > Vorstand: Jens-U. Mozdzen > USt-IdNr. DE 814 013 983 > > -- -Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: From berndbausch at gmail.com Mon Apr 16 07:44:34 2018 From: berndbausch at gmail.com (Bernd Bausch) Date: Mon, 16 Apr 2018 16:44:34 +0900 Subject: [Openstack] can't delete volume because host does not have free space In-Reply-To: <9D8A2486E35F0941A60430473E29F15B0173975E83@MXDB1.ad.garvan.unsw.edu.au> References: <9D8A2486E35F0941A60430473E29F15B0173975E83@MXDB1.ad.garvan.unsw.edu.au> Message-ID: <4c85c62d-568d-564f-3095-99fbbe1b2945@gmail.com> The all-in-one installations that I know of use LVM as Cinder backend and a loop device as the LVM physical volume. If your installation is like that, run *lvs *to see what LVM volumes exist, correlate them with your Cinder volumes and delete the LVM volumes you don't need anymore. Of course, you could also delete some images to make room. On 4/16/2018 8:36 AM, Manuel Sopena Ballesteros wrote: > > Dear Openstack community, > >   > > I have an all-in-one opentack installation and the host ran out of space. > >   > > I tried to delete a volume bit it failed, I guess because openstack > needs to free space for operations… > >   > > Because of this is did some cleaning by deleting log files but looks > like it is not enough because I tried to delete the volume again and > it failed. > >   > > The problem now is that all the remaining free space has been taken by > the “delete volume operation” and I can’t clean anything else from the > server… > >   > > [root at openstack ~(keystone_admin)]# sudo du -sh > /var/lib/cinder/cinder-volumes > > 7.7T    /var/lib/cinder/cinder-volumes > >   > > [root at openstack ~(keystone_admin)]# sudo du -sh /var/lib/glance/* > > 1.4T    /var/lib/glance/images > >   > > [root at openstack ~(keystone_admin)]# df -h > > Filesystem      Size  Used Avail Use% Mounted on > > /dev/md127      9.1T  9.1T   20K 100% / > > devtmpfs        252G     0  252G   0% /dev > > tmpfs           252G  4.0K  252G   1% /dev/shm > > tmpfs           252G  4.1G  248G   2% /run > > tmpfs           252G     0  252G   0% /sys/fs/cgroup > > /dev/sda1      1014M  178M  837M  18% /boot > > /dev/loop0      1.9G  6.1M  1.7G   1% /srv/node/swiftloopback > > tmpfs            51G     0   51G   0% /run/user/0 > >   > > Is there anything else I can do? > >   > > Thank you very much > >   > > *Manuel Sopena Ballesteros *|* *Big data Engineer > *Garvan Institute of Medical Research * > The Kinghorn Cancer Centre,* *370 Victoria Street, Darlinghurst, NSW 2010 > *T:* + 61 (0)2 9355 5760 | *F:* +61 (0)2 9295 > 8507 | *E:* manuel.sb at garvan.org.au > >   > > NOTICE > Please consider the environment before printing this email. This > message and any attachments are intended for the addressee named and > may contain legally privileged/confidential/copyright information. If > you are not the intended recipient, you should not read, use, > disclose, copy or distribute this communication. If you have received > this message in error please notify us at once by return email and > then delete both messages. We accept no liability for the distribution > of viruses or similar in electronic communications. This notice should > not be removed. > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From eblock at nde.ag Mon Apr 16 09:27:52 2018 From: eblock at nde.ag (Eugen Block) Date: Mon, 16 Apr 2018 09:27:52 +0000 Subject: [Openstack] Domain not found error In-Reply-To: References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> Message-ID: <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> Hi, I found some differences between your bootstrap command and your admin-rc credentials: > export OS_AUTH_URL=http://20.20.20.7:35357/v3 > --bootstrap-admin-url http://20.20.20.8:5000/v3/ You use two different IPs for your controller node, this can't work. Another thing is, you usually have to create one admin endpoint (port 35357) and a public endpoint (port 5000), you use the public port for both endpoints. This could work, of course, although not recommended. But then you have to change your admin-rc credentials respectively. They should reflect the configuration you bootstrapped with keystone-manage. Change your admin-rc to point to the correct IP and the correct port, then retry the domain list command after sourcing the credentials. Zitat von Shyam Prasad N : > Hi, > > Sorry for the late reply. Was out for a while. > > # openstack domain list > The request you have made requires authentication. (HTTP 401) (Request-ID: > req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) > > # tail /var/log/keystone/keystone-manage.log > # > > # keystone-manage bootstrap --bootstrap-password PASSWORD > --bootstrap-admin-url http://20.20.20.8:5000/v3/ --bootstrap-internal-url > http://20.20.20.8:5000/v3/ --bootstrap-public-url http://20.20.20.8:5000/v3/ > --bootstrap-region-id RegionOne > 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] > Deprecated: Use of the identity driver config to automatically configure > the same assignment driver has been deprecated, in the "O" release, the > assignment driver will need to be expicitly configured if different than > the default (SQL). > 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default > already exists, skipping creation. > 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin already > exists, skipping creation. > 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already > exists, skipping creation. > 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, > skipping creation. > 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already has > admin on admin. > 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne > exists, skipping creation. > 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public > endpoint as already created > # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 18518 > WARNING keystone.assignment.core [-] Deprecated: Use of the identity driver > config to automatically configure the same assignment driver has been > deprecated, in the "O" release, the assignment driver will need to be > expicitly configured if different than the default (SQL). > 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default > already exists, skipping creation. > 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin already > exists, skipping creation. > 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already > exists, skipping creation. > 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, > skipping creation. > 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already has > admin on admin. > 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne > exists, skipping creation. > 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public > endpoint as already created > # > > > On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block wrote: > >> Hi, >> >> the bug I reported is invalid because the keystone-bootstrap command is >> supposed to create the default domain. Since we created our cloud in >> Liberty release the default domain already existed in our environment. >> Well, I guess we're back to square one. ;-) >> >> Can you paste the output of >> >> control:~ # openstack domain list >> >> If the keystone bootstrap command worked, it should at least show the >> default domain. If it doesn't take a look into >> /var/log/keystone/keystone-manage.log and check for errors. If this >> doesn't reveal anything try running it again and check the logs again. >> >> >> Zitat von Eugen Block : >> >> >> The missing command has been in Newton, Ocata and Pike release. They fixed >>> it in Queens again. >>> >>> I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 >>> >>> Regards >>> >>> >>> Zitat von Shyam Prasad N : >>> >>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone through >>>> the bug reporting documentation) >>>> Please add me to the bug's CC list. That way if some info is needed from >>>> me, I can provide it. >>>> >>>> Regards, >>>> Shyam >>>> >>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block wrote: >>>> >>>> I believe there's something missing in Ocata and Pike docs. If you read >>>>> Mitaka install guide [1] you'll find the first step to be creating the >>>>> default domain before all other steps regarding projects and users. >>>>> >>>>> You should run >>>>> >>>>> openstack domain create --description "Default Domain" default >>>>> >>>>> and then the next steps should work, at least I hope so. >>>>> >>>>> Do you want to report this as a bug? I can also report it, I have >>>>> already >>>>> filed several reports. >>>>> >>>>> Regards >>>>> >>>>> >>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>> -users.html >>>>> >>>>> >>>>> >>>>> Zitat von Shyam Prasad N : >>>>> >>>>> Hi, >>>>> >>>>>> >>>>>> Please read my replies inline below... >>>>>> >>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>>> >>>>>>> can you paste the credentials you're using? >>>>>>> >>>>>>> # cat admin-rc >>>>>>> >>>>>> export OS_USERNAME=admin >>>>>> export OS_PASSWORD=abcdef >>>>>> export OS_PROJECT_NAME=admin >>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>> >>>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>>> default >>>>>> >>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>> sourcing >>>>>>> the credentials with ID "Default" this would go wrong, although I'm >>>>>>> not >>>>>>> sure if this would be the expected error message. >>>>>>> >>>>>>> Just a couple of weeks ago there was someone on ask.openstack.org who >>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>> >>>>>>> Did the keystone-manage bootstrap command work? >>>>>>> >>>>>>> Yes. It did not throw any errors. >>>>>>> >>>>>> >>>>>> >>>>>> Regards >>>>>>> >>>>>>> >>>>>>> Zitat von Shyam Prasad N : >>>>>>> >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>> I followed this document for install and configuration: >>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>> >>>>>>>> However, I'm getting this error for a command: >>>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>> (Request-ID: >>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>> >>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - - >>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find >>>>>>>> domain: >>>>>>>> Default >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> Traceback >>>>>>>> (most recent call last): >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", >>>>>>>> line >>>>>>>> 185, >>>>>>>> in _lookup_domain >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> domain_name) >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line >>>>>>>> 124, >>>>>>>> in >>>>>>>> wrapped >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> __ret_val >>>>>>>> = __f(*args, **kwargs) >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>> 1053, >>>>>>>> in >>>>>>>> decorate >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> should_cache_fn) >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>> 657, >>>>>>>> in >>>>>>>> get_or_create >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> async_creator) as value: >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>> 158, >>>>>>>> in >>>>>>>> __enter__ >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> return >>>>>>>> self._enter() >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>> 98, in >>>>>>>> _enter >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> generated >>>>>>>> = self._enter_create(createdtime) >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>> 149, >>>>>>>> in >>>>>>>> _enter_create >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> created >>>>>>>> = >>>>>>>> self.creator() >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>> 625, >>>>>>>> in >>>>>>>> gen_value >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> created_value = creator() >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>> 1049, >>>>>>>> in >>>>>>>> creator >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> return >>>>>>>> fn(*arg, **kw) >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line >>>>>>>> 720, >>>>>>>> in >>>>>>>> get_domain_by_name >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> raise >>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization >>>>>>>> failed. >>>>>>>> The request you have made requires authentication. from 20.20.20.7 >>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - - >>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>> 0.113822 >>>>>>>> >>>>>>>> Can someone please tell me what's going on? >>>>>>>> Thanks in advance for your replies. >>>>>>>> From nspmangalore at gmail.com Mon Apr 16 09:44:54 2018 From: nspmangalore at gmail.com (Shyam Prasad N) Date: Mon, 16 Apr 2018 15:14:54 +0530 Subject: [Openstack] Domain not found error In-Reply-To: <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> Message-ID: Hi Eugen, Ignore the different IPs. I had tried keystone install on two different systems. The old admin-rc script was from the other node. As per the port numbers, I followed what was in the documentation: Bootstrap the Identity service: # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne Regards, Shyam On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block wrote: > Hi, > > I found some differences between your bootstrap command and your admin-rc > credentials: > > export OS_AUTH_URL=http://20.20.20.7:35357/v3 >> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >> > > You use two different IPs for your controller node, this can't work. > Another thing is, you usually have to create one admin endpoint (port > 35357) and a public endpoint (port 5000), you use the public port for both > endpoints. This could work, of course, although not recommended. But then > you have to change your admin-rc credentials respectively. They should > reflect the configuration you bootstrapped with keystone-manage. > > Change your admin-rc to point to the correct IP and the correct port, then > retry the domain list command after sourcing the credentials. > > > > Zitat von Shyam Prasad N : > > Hi, >> >> Sorry for the late reply. Was out for a while. >> >> # openstack domain list >> The request you have made requires authentication. (HTTP 401) (Request-ID: >> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) >> >> # tail /var/log/keystone/keystone-manage.log >> # >> >> # keystone-manage bootstrap --bootstrap-password PASSWORD >> --bootstrap-admin-url http://20.20.20.8:5000/v3/ --bootstrap-internal-url >> http://20.20.20.8:5000/v3/ --bootstrap-public-url >> http://20.20.20.8:5000/v3/ >> --bootstrap-region-id RegionOne >> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] >> Deprecated: Use of the identity driver config to automatically configure >> the same assignment driver has been deprecated, in the "O" release, the >> assignment driver will need to be expicitly configured if different than >> the default (SQL). >> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >> already exists, skipping creation. >> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >> already >> exists, skipping creation. >> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >> exists, skipping creation. >> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >> skipping creation. >> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >> has >> admin on admin. >> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >> exists, skipping creation. >> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >> endpoint as already created >> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 18518 >> WARNING keystone.assignment.core [-] Deprecated: Use of the identity >> driver >> config to automatically configure the same assignment driver has been >> deprecated, in the "O" release, the assignment driver will need to be >> expicitly configured if different than the default (SQL). >> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >> already exists, skipping creation. >> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >> already >> exists, skipping creation. >> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >> exists, skipping creation. >> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >> skipping creation. >> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >> has >> admin on admin. >> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >> exists, skipping creation. >> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >> endpoint as already created >> # >> >> >> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block wrote: >> >> Hi, >>> >>> the bug I reported is invalid because the keystone-bootstrap command is >>> supposed to create the default domain. Since we created our cloud in >>> Liberty release the default domain already existed in our environment. >>> Well, I guess we're back to square one. ;-) >>> >>> Can you paste the output of >>> >>> control:~ # openstack domain list >>> >>> If the keystone bootstrap command worked, it should at least show the >>> default domain. If it doesn't take a look into >>> /var/log/keystone/keystone-manage.log and check for errors. If this >>> doesn't reveal anything try running it again and check the logs again. >>> >>> >>> Zitat von Eugen Block : >>> >>> >>> The missing command has been in Newton, Ocata and Pike release. They >>> fixed >>> >>>> it in Queens again. >>>> >>>> I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 >>>> >>>> Regards >>>> >>>> >>>> Zitat von Shyam Prasad N : >>>> >>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone >>>> through >>>> >>>>> the bug reporting documentation) >>>>> Please add me to the bug's CC list. That way if some info is needed >>>>> from >>>>> me, I can provide it. >>>>> >>>>> Regards, >>>>> Shyam >>>>> >>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block wrote: >>>>> >>>>> I believe there's something missing in Ocata and Pike docs. If you read >>>>> >>>>>> Mitaka install guide [1] you'll find the first step to be creating the >>>>>> default domain before all other steps regarding projects and users. >>>>>> >>>>>> You should run >>>>>> >>>>>> openstack domain create --description "Default Domain" default >>>>>> >>>>>> and then the next steps should work, at least I hope so. >>>>>> >>>>>> Do you want to report this as a bug? I can also report it, I have >>>>>> already >>>>>> filed several reports. >>>>>> >>>>>> Regards >>>>>> >>>>>> >>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>>> -users.html >>>>>> >>>>>> >>>>>> >>>>>> Zitat von Shyam Prasad N : >>>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>>> Please read my replies inline below... >>>>>>> >>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>>> can you paste the credentials you're using? >>>>>>>> >>>>>>>> # cat admin-rc >>>>>>>> >>>>>>>> export OS_USERNAME=admin >>>>>>> export OS_PASSWORD=abcdef >>>>>>> export OS_PROJECT_NAME=admin >>>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>>> >>>>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>>>> default >>>>>>> >>>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>> >>>>>>>> sourcing >>>>>>>> the credentials with ID "Default" this would go wrong, although I'm >>>>>>>> not >>>>>>>> sure if this would be the expected error message. >>>>>>>> >>>>>>>> Just a couple of weeks ago there was someone on ask.openstack.org >>>>>>>> who >>>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>>> >>>>>>>> Did the keystone-manage bootstrap command work? >>>>>>>> >>>>>>>> Yes. It did not throw any errors. >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Zitat von Shyam Prasad N : >>>>>>>> >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>>> I followed this document for install and configuration: >>>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>>> >>>>>>>>> However, I'm getting this error for a command: >>>>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>>> (Request-ID: >>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>>> >>>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - >>>>>>>>> - >>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not >>>>>>>>> find >>>>>>>>> domain: >>>>>>>>> Default >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> Traceback >>>>>>>>> (most recent call last): >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", >>>>>>>>> line >>>>>>>>> 185, >>>>>>>>> in _lookup_domain >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> domain_name) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", >>>>>>>>> line >>>>>>>>> 124, >>>>>>>>> in >>>>>>>>> wrapped >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> __ret_val >>>>>>>>> = __f(*args, **kwargs) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 1053, >>>>>>>>> in >>>>>>>>> decorate >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> should_cache_fn) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 657, >>>>>>>>> in >>>>>>>>> get_or_create >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> async_creator) as value: >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>> 158, >>>>>>>>> in >>>>>>>>> __enter__ >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> return >>>>>>>>> self._enter() >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>> 98, in >>>>>>>>> _enter >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> generated >>>>>>>>> = self._enter_create(createdtime) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>> 149, >>>>>>>>> in >>>>>>>>> _enter_create >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> created >>>>>>>>> = >>>>>>>>> self.creator() >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 625, >>>>>>>>> in >>>>>>>>> gen_value >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> created_value = creator() >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 1049, >>>>>>>>> in >>>>>>>>> creator >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> return >>>>>>>>> fn(*arg, **kw) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line >>>>>>>>> 720, >>>>>>>>> in >>>>>>>>> get_domain_by_name >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> raise >>>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization >>>>>>>>> failed. >>>>>>>>> The request you have made requires authentication. from 20.20.20.7 >>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - >>>>>>>>> - >>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>>> 0.113822 >>>>>>>>> >>>>>>>>> Can someone please tell me what's going on? >>>>>>>>> Thanks in advance for your replies. >>>>>>>>> >>>>>>>>> > > -- -Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: From nspmangalore at gmail.com Mon Apr 16 09:46:25 2018 From: nspmangalore at gmail.com (Shyam Prasad N) Date: Mon, 16 Apr 2018 15:16:25 +0530 Subject: [Openstack] Domain not found error In-Reply-To: References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> Message-ID: Here is the documentation page I followed: https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N wrote: > Hi Eugen, > > Ignore the different IPs. I had tried keystone install on two different > systems. The old admin-rc script was from the other node. > > As per the port numbers, I followed what was in the documentation: > Bootstrap the Identity service: > # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ > --bootstrap-admin-url http://controller:5000/v3/ \ > --bootstrap-internal-url http://controller:5000/v3/ \ > --bootstrap-public-url http://controller:5000/v3/ \ > --bootstrap-region-id RegionOne > > Regards, > Shyam > > On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block wrote: > >> Hi, >> >> I found some differences between your bootstrap command and your admin-rc >> credentials: >> >> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>> >> >> You use two different IPs for your controller node, this can't work. >> Another thing is, you usually have to create one admin endpoint (port >> 35357) and a public endpoint (port 5000), you use the public port for both >> endpoints. This could work, of course, although not recommended. But then >> you have to change your admin-rc credentials respectively. They should >> reflect the configuration you bootstrapped with keystone-manage. >> >> Change your admin-rc to point to the correct IP and the correct port, >> then retry the domain list command after sourcing the credentials. >> >> >> >> Zitat von Shyam Prasad N : >> >> Hi, >>> >>> Sorry for the late reply. Was out for a while. >>> >>> # openstack domain list >>> The request you have made requires authentication. (HTTP 401) >>> (Request-ID: >>> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) >>> >>> # tail /var/log/keystone/keystone-manage.log >>> # >>> >>> # keystone-manage bootstrap --bootstrap-password PASSWORD >>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>> --bootstrap-internal-url >>> http://20.20.20.8:5000/v3/ --bootstrap-public-url >>> http://20.20.20.8:5000/v3/ >>> --bootstrap-region-id RegionOne >>> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] >>> Deprecated: Use of the identity driver config to automatically configure >>> the same assignment driver has been deprecated, in the "O" release, the >>> assignment driver will need to be expicitly configured if different than >>> the default (SQL). >>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>> already exists, skipping creation. >>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>> already >>> exists, skipping creation. >>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>> exists, skipping creation. >>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >>> skipping creation. >>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>> has >>> admin on admin. >>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>> exists, skipping creation. >>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>> endpoint as already created >>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>> endpoint as already created >>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>> endpoint as already created >>> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 >>> 18518 >>> WARNING keystone.assignment.core [-] Deprecated: Use of the identity >>> driver >>> config to automatically configure the same assignment driver has been >>> deprecated, in the "O" release, the assignment driver will need to be >>> expicitly configured if different than the default (SQL). >>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>> already exists, skipping creation. >>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>> already >>> exists, skipping creation. >>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>> exists, skipping creation. >>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >>> skipping creation. >>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>> has >>> admin on admin. >>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>> exists, skipping creation. >>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>> endpoint as already created >>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>> endpoint as already created >>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>> endpoint as already created >>> # >>> >>> >>> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block wrote: >>> >>> Hi, >>>> >>>> the bug I reported is invalid because the keystone-bootstrap command is >>>> supposed to create the default domain. Since we created our cloud in >>>> Liberty release the default domain already existed in our environment. >>>> Well, I guess we're back to square one. ;-) >>>> >>>> Can you paste the output of >>>> >>>> control:~ # openstack domain list >>>> >>>> If the keystone bootstrap command worked, it should at least show the >>>> default domain. If it doesn't take a look into >>>> /var/log/keystone/keystone-manage.log and check for errors. If this >>>> doesn't reveal anything try running it again and check the logs again. >>>> >>>> >>>> Zitat von Eugen Block : >>>> >>>> >>>> The missing command has been in Newton, Ocata and Pike release. They >>>> fixed >>>> >>>>> it in Queens again. >>>>> >>>>> I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 >>>>> >>>>> Regards >>>>> >>>>> >>>>> Zitat von Shyam Prasad N : >>>>> >>>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone >>>>> through >>>>> >>>>>> the bug reporting documentation) >>>>>> Please add me to the bug's CC list. That way if some info is needed >>>>>> from >>>>>> me, I can provide it. >>>>>> >>>>>> Regards, >>>>>> Shyam >>>>>> >>>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block wrote: >>>>>> >>>>>> I believe there's something missing in Ocata and Pike docs. If you >>>>>> read >>>>>> >>>>>>> Mitaka install guide [1] you'll find the first step to be creating >>>>>>> the >>>>>>> default domain before all other steps regarding projects and users. >>>>>>> >>>>>>> You should run >>>>>>> >>>>>>> openstack domain create --description "Default Domain" default >>>>>>> >>>>>>> and then the next steps should work, at least I hope so. >>>>>>> >>>>>>> Do you want to report this as a bug? I can also report it, I have >>>>>>> already >>>>>>> filed several reports. >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> >>>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>>>> -users.html >>>>>>> >>>>>>> >>>>>>> >>>>>>> Zitat von Shyam Prasad N : >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>>> Please read my replies inline below... >>>>>>>> >>>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>>> can you paste the credentials you're using? >>>>>>>>> >>>>>>>>> # cat admin-rc >>>>>>>>> >>>>>>>>> export OS_USERNAME=admin >>>>>>>> export OS_PASSWORD=abcdef >>>>>>>> export OS_PROJECT_NAME=admin >>>>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>>>> >>>>>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>>>>> default >>>>>>>> >>>>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>>> >>>>>>>>> sourcing >>>>>>>>> the credentials with ID "Default" this would go wrong, although I'm >>>>>>>>> not >>>>>>>>> sure if this would be the expected error message. >>>>>>>>> >>>>>>>>> Just a couple of weeks ago there was someone on ask.openstack.org >>>>>>>>> who >>>>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>>>> >>>>>>>>> Did the keystone-manage bootstrap command work? >>>>>>>>> >>>>>>>>> Yes. It did not throw any errors. >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Zitat von Shyam Prasad N : >>>>>>>>> >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> >>>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>>>> I followed this document for install and configuration: >>>>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>>>> >>>>>>>>>> However, I'm getting this error for a command: >>>>>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>>>> (Request-ID: >>>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>>>> >>>>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 >>>>>>>>>> - - >>>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not >>>>>>>>>> find >>>>>>>>>> domain: >>>>>>>>>> Default >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> Traceback >>>>>>>>>> (most recent call last): >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", >>>>>>>>>> line >>>>>>>>>> 185, >>>>>>>>>> in _lookup_domain >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> domain_name) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", >>>>>>>>>> line >>>>>>>>>> 124, >>>>>>>>>> in >>>>>>>>>> wrapped >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> __ret_val >>>>>>>>>> = __f(*args, **kwargs) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>> 1053, >>>>>>>>>> in >>>>>>>>>> decorate >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> should_cache_fn) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>> 657, >>>>>>>>>> in >>>>>>>>>> get_or_create >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> async_creator) as value: >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>>> 158, >>>>>>>>>> in >>>>>>>>>> __enter__ >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> return >>>>>>>>>> self._enter() >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>>> 98, in >>>>>>>>>> _enter >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> generated >>>>>>>>>> = self._enter_create(createdtime) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>>> 149, >>>>>>>>>> in >>>>>>>>>> _enter_create >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> created >>>>>>>>>> = >>>>>>>>>> self.creator() >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>> 625, >>>>>>>>>> in >>>>>>>>>> gen_value >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> created_value = creator() >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>> 1049, >>>>>>>>>> in >>>>>>>>>> creator >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> return >>>>>>>>>> fn(*arg, **kw) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", >>>>>>>>>> line >>>>>>>>>> 720, >>>>>>>>>> in >>>>>>>>>> get_domain_by_name >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> raise >>>>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] >>>>>>>>>> Authorization >>>>>>>>>> failed. >>>>>>>>>> The request you have made requires authentication. from 20.20.20.7 >>>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 >>>>>>>>>> - - >>>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>>>> 0.113822 >>>>>>>>>> >>>>>>>>>> Can someone please tell me what's going on? >>>>>>>>>> Thanks in advance for your replies. >>>>>>>>>> >>>>>>>>>> >> >> > > > -- > -Shyam > -- -Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: From eblock at nde.ag Mon Apr 16 09:54:45 2018 From: eblock at nde.ag (Eugen Block) Date: Mon, 16 Apr 2018 09:54:45 +0000 Subject: [Openstack] Domain not found error In-Reply-To: References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> Message-ID: <20180416095445.Horde.y5NDH9TsT9PSk-VLPxlFiia@webmail.nde.ag> Your first email pionted to the pike install guide which mentions admin-url port 35357. > I'm trying to install keystone for my swift cluster. > I followed this document for install and configuration: > https://docs.openstack.org/keystone/pike/install/ So now you're trying to install queens release? You should stay consistent and use only one guide to follow, although it seems like the ubuntu guide is wrong at this point. The other guides for Q (RedHat and SUSE) point to the admin-url port 35357, not port 5000. And the ubuntu guide for Pike release also points to 35357 again, so this is probably a bug. You should fix this prior to any further steps. Zitat von Shyam Prasad N : > Here is the documentation page I followed: > https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html > > On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N > wrote: > >> Hi Eugen, >> >> Ignore the different IPs. I had tried keystone install on two different >> systems. The old admin-rc script was from the other node. >> >> As per the port numbers, I followed what was in the documentation: >> Bootstrap the Identity service: >> # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ >> --bootstrap-admin-url http://controller:5000/v3/ \ >> --bootstrap-internal-url http://controller:5000/v3/ \ >> --bootstrap-public-url http://controller:5000/v3/ \ >> --bootstrap-region-id RegionOne >> >> Regards, >> Shyam >> >> On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block wrote: >> >>> Hi, >>> >>> I found some differences between your bootstrap command and your admin-rc >>> credentials: >>> >>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>>> >>> >>> You use two different IPs for your controller node, this can't work. >>> Another thing is, you usually have to create one admin endpoint (port >>> 35357) and a public endpoint (port 5000), you use the public port for both >>> endpoints. This could work, of course, although not recommended. But then >>> you have to change your admin-rc credentials respectively. They should >>> reflect the configuration you bootstrapped with keystone-manage. >>> >>> Change your admin-rc to point to the correct IP and the correct port, >>> then retry the domain list command after sourcing the credentials. >>> >>> >>> >>> Zitat von Shyam Prasad N : >>> >>> Hi, >>>> >>>> Sorry for the late reply. Was out for a while. >>>> >>>> # openstack domain list >>>> The request you have made requires authentication. (HTTP 401) >>>> (Request-ID: >>>> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) >>>> >>>> # tail /var/log/keystone/keystone-manage.log >>>> # >>>> >>>> # keystone-manage bootstrap --bootstrap-password PASSWORD >>>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>>> --bootstrap-internal-url >>>> http://20.20.20.8:5000/v3/ --bootstrap-public-url >>>> http://20.20.20.8:5000/v3/ >>>> --bootstrap-region-id RegionOne >>>> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] >>>> Deprecated: Use of the identity driver config to automatically configure >>>> the same assignment driver has been deprecated, in the "O" release, the >>>> assignment driver will need to be expicitly configured if different than >>>> the default (SQL). >>>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>>> already exists, skipping creation. >>>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>>> already >>>> exists, skipping creation. >>>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>>> exists, skipping creation. >>>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >>>> skipping creation. >>>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>>> has >>>> admin on admin. >>>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>>> exists, skipping creation. >>>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>>> endpoint as already created >>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>>> endpoint as already created >>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>>> endpoint as already created >>>> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 >>>> 18518 >>>> WARNING keystone.assignment.core [-] Deprecated: Use of the identity >>>> driver >>>> config to automatically configure the same assignment driver has been >>>> deprecated, in the "O" release, the assignment driver will need to be >>>> expicitly configured if different than the default (SQL). >>>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>>> already exists, skipping creation. >>>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>>> already >>>> exists, skipping creation. >>>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>>> exists, skipping creation. >>>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >>>> skipping creation. >>>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>>> has >>>> admin on admin. >>>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>>> exists, skipping creation. >>>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>>> endpoint as already created >>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>>> endpoint as already created >>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>>> endpoint as already created >>>> # >>>> >>>> >>>> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block wrote: >>>> >>>> Hi, >>>>> >>>>> the bug I reported is invalid because the keystone-bootstrap command is >>>>> supposed to create the default domain. Since we created our cloud in >>>>> Liberty release the default domain already existed in our environment. >>>>> Well, I guess we're back to square one. ;-) >>>>> >>>>> Can you paste the output of >>>>> >>>>> control:~ # openstack domain list >>>>> >>>>> If the keystone bootstrap command worked, it should at least show the >>>>> default domain. If it doesn't take a look into >>>>> /var/log/keystone/keystone-manage.log and check for errors. If this >>>>> doesn't reveal anything try running it again and check the logs again. >>>>> >>>>> >>>>> Zitat von Eugen Block : >>>>> >>>>> >>>>> The missing command has been in Newton, Ocata and Pike release. They >>>>> fixed >>>>> >>>>>> it in Queens again. >>>>>> >>>>>> I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 >>>>>> >>>>>> Regards >>>>>> >>>>>> >>>>>> Zitat von Shyam Prasad N : >>>>>> >>>>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone >>>>>> through >>>>>> >>>>>>> the bug reporting documentation) >>>>>>> Please add me to the bug's CC list. That way if some info is needed >>>>>>> from >>>>>>> me, I can provide it. >>>>>>> >>>>>>> Regards, >>>>>>> Shyam >>>>>>> >>>>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block wrote: >>>>>>> >>>>>>> I believe there's something missing in Ocata and Pike docs. If you >>>>>>> read >>>>>>> >>>>>>>> Mitaka install guide [1] you'll find the first step to be creating >>>>>>>> the >>>>>>>> default domain before all other steps regarding projects and users. >>>>>>>> >>>>>>>> You should run >>>>>>>> >>>>>>>> openstack domain create --description "Default Domain" default >>>>>>>> >>>>>>>> and then the next steps should work, at least I hope so. >>>>>>>> >>>>>>>> Do you want to report this as a bug? I can also report it, I have >>>>>>>> already >>>>>>>> filed several reports. >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> >>>>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>>>>> -users.html >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Zitat von Shyam Prasad N : >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>>> Please read my replies inline below... >>>>>>>>> >>>>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> >>>>>>>>>> can you paste the credentials you're using? >>>>>>>>>> >>>>>>>>>> # cat admin-rc >>>>>>>>>> >>>>>>>>>> export OS_USERNAME=admin >>>>>>>>> export OS_PASSWORD=abcdef >>>>>>>>> export OS_PROJECT_NAME=admin >>>>>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>>>>> >>>>>>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>>>>>> default >>>>>>>>> >>>>>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>>>> >>>>>>>>>> sourcing >>>>>>>>>> the credentials with ID "Default" this would go wrong, although I'm >>>>>>>>>> not >>>>>>>>>> sure if this would be the expected error message. >>>>>>>>>> >>>>>>>>>> Just a couple of weeks ago there was someone on ask.openstack.org >>>>>>>>>> who >>>>>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>>>>> >>>>>>>>>> Did the keystone-manage bootstrap command work? >>>>>>>>>> >>>>>>>>>> Yes. It did not throw any errors. >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Zitat von Shyam Prasad N : >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>>>>> I followed this document for install and configuration: >>>>>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>>>>> >>>>>>>>>>> However, I'm getting this error for a command: >>>>>>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>>>>> (Request-ID: >>>>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>>>>> >>>>>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 >>>>>>>>>>> - - >>>>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not >>>>>>>>>>> find >>>>>>>>>>> domain: >>>>>>>>>>> Default >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> Traceback >>>>>>>>>>> (most recent call last): >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> File >>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", >>>>>>>>>>> line >>>>>>>>>>> 185, >>>>>>>>>>> in _lookup_domain >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> domain_name) >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> File >>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", >>>>>>>>>>> line >>>>>>>>>>> 124, >>>>>>>>>>> in >>>>>>>>>>> wrapped >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> __ret_val >>>>>>>>>>> = __f(*args, **kwargs) >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> File >>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>>> 1053, >>>>>>>>>>> in >>>>>>>>>>> decorate >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> should_cache_fn) >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> File >>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>>> 657, >>>>>>>>>>> in >>>>>>>>>>> get_or_create >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> async_creator) as value: >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> File >>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>>>> 158, >>>>>>>>>>> in >>>>>>>>>>> __enter__ >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> return >>>>>>>>>>> self._enter() >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> File >>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>>>> 98, in >>>>>>>>>>> _enter >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> generated >>>>>>>>>>> = self._enter_create(createdtime) >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> File >>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>>>> 149, >>>>>>>>>>> in >>>>>>>>>>> _enter_create >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> created >>>>>>>>>>> = >>>>>>>>>>> self.creator() >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> File >>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>>> 625, >>>>>>>>>>> in >>>>>>>>>>> gen_value >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> created_value = creator() >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> File >>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>>> 1049, >>>>>>>>>>> in >>>>>>>>>>> creator >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> return >>>>>>>>>>> fn(*arg, **kw) >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> File >>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", >>>>>>>>>>> line >>>>>>>>>>> 720, >>>>>>>>>>> in >>>>>>>>>>> get_domain_by_name >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> raise >>>>>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] >>>>>>>>>>> Authorization >>>>>>>>>>> failed. >>>>>>>>>>> The request you have made requires authentication. from 20.20.20.7 >>>>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 >>>>>>>>>>> - - >>>>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>>>>> 0.113822 >>>>>>>>>>> >>>>>>>>>>> Can someone please tell me what's going on? >>>>>>>>>>> Thanks in advance for your replies. >>>>>>>>>>> >>>>>>>>>>> >>> >>> >> >> >> -- >> -Shyam >> > > > > -- > -Shyam From Remo at italy1.com Mon Apr 16 10:05:05 2018 From: Remo at italy1.com (Remo Mattei) Date: Mon, 16 Apr 2018 12:05:05 +0200 Subject: [Openstack] Domain not found error In-Reply-To: <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> Message-ID: Does openstack endpoint list work? > On Apr 16, 2018, at 11:27 AM, Eugen Block wrote: > > Hi, > > I found some differences between your bootstrap command and your admin-rc credentials: > >> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >> --bootstrap-admin-url http://20.20.20.8:5000/v3/ > > You use two different IPs for your controller node, this can't work. Another thing is, you usually have to create one admin endpoint (port 35357) and a public endpoint (port 5000), you use the public port for both endpoints. This could work, of course, although not recommended. But then you have to change your admin-rc credentials respectively. They should reflect the configuration you bootstrapped with keystone-manage. > > Change your admin-rc to point to the correct IP and the correct port, then retry the domain list command after sourcing the credentials. > > > Zitat von Shyam Prasad N >: > >> Hi, >> >> Sorry for the late reply. Was out for a while. >> >> # openstack domain list >> The request you have made requires authentication. (HTTP 401) (Request-ID: >> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) >> >> # tail /var/log/keystone/keystone-manage.log >> # >> >> # keystone-manage bootstrap --bootstrap-password PASSWORD >> --bootstrap-admin-url http://20.20.20.8:5000/v3/ --bootstrap-internal-url >> http://20.20.20.8:5000/v3/ --bootstrap-public-url http://20.20.20.8:5000/v3/ >> --bootstrap-region-id RegionOne >> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] >> Deprecated: Use of the identity driver config to automatically configure >> the same assignment driver has been deprecated, in the "O" release, the >> assignment driver will need to be expicitly configured if different than >> the default (SQL). >> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >> already exists, skipping creation. >> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin already >> exists, skipping creation. >> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >> exists, skipping creation. >> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >> skipping creation. >> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already has >> admin on admin. >> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >> exists, skipping creation. >> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >> endpoint as already created >> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 18518 >> WARNING keystone.assignment.core [-] Deprecated: Use of the identity driver >> config to automatically configure the same assignment driver has been >> deprecated, in the "O" release, the assignment driver will need to be >> expicitly configured if different than the default (SQL). >> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >> already exists, skipping creation. >> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin already >> exists, skipping creation. >> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >> exists, skipping creation. >> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >> skipping creation. >> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already has >> admin on admin. >> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >> exists, skipping creation. >> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >> endpoint as already created >> # >> >> >> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block > wrote: >> >>> Hi, >>> >>> the bug I reported is invalid because the keystone-bootstrap command is >>> supposed to create the default domain. Since we created our cloud in >>> Liberty release the default domain already existed in our environment. >>> Well, I guess we're back to square one. ;-) >>> >>> Can you paste the output of >>> >>> control:~ # openstack domain list >>> >>> If the keystone bootstrap command worked, it should at least show the >>> default domain. If it doesn't take a look into >>> /var/log/keystone/keystone-manage.log and check for errors. If this >>> doesn't reveal anything try running it again and check the logs again. >>> >>> >>> Zitat von Eugen Block >: >>> >>> >>> The missing command has been in Newton, Ocata and Pike release. They fixed >>>> it in Queens again. >>>> >>>> I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 >>>> >>>> Regards >>>> >>>> >>>> Zitat von Shyam Prasad N >: >>>> >>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone through >>>>> the bug reporting documentation) >>>>> Please add me to the bug's CC list. That way if some info is needed from >>>>> me, I can provide it. >>>>> >>>>> Regards, >>>>> Shyam >>>>> >>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block > wrote: >>>>> >>>>> I believe there's something missing in Ocata and Pike docs. If you read >>>>>> Mitaka install guide [1] you'll find the first step to be creating the >>>>>> default domain before all other steps regarding projects and users. >>>>>> >>>>>> You should run >>>>>> >>>>>> openstack domain create --description "Default Domain" default >>>>>> >>>>>> and then the next steps should work, at least I hope so. >>>>>> >>>>>> Do you want to report this as a bug? I can also report it, I have >>>>>> already >>>>>> filed several reports. >>>>>> >>>>>> Regards >>>>>> >>>>>> >>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>>> -users.html >>>>>> >>>>>> >>>>>> >>>>>> Zitat von Shyam Prasad N >: >>>>>> >>>>>> Hi, >>>>>> >>>>>>> >>>>>>> Please read my replies inline below... >>>>>>> >>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block > wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>>> >>>>>>>> can you paste the credentials you're using? >>>>>>>> >>>>>>>> # cat admin-rc >>>>>>>> >>>>>>> export OS_USERNAME=admin >>>>>>> export OS_PASSWORD=abcdef >>>>>>> export OS_PROJECT_NAME=admin >>>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>>> >>>>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>>>> default >>>>>>> >>>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>>> sourcing >>>>>>>> the credentials with ID "Default" this would go wrong, although I'm >>>>>>>> not >>>>>>>> sure if this would be the expected error message. >>>>>>>> >>>>>>>> Just a couple of weeks ago there was someone on ask.openstack.org who >>>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>>> >>>>>>>> Did the keystone-manage bootstrap command work? >>>>>>>> >>>>>>>> Yes. It did not throw any errors. >>>>>>>> >>>>>>> >>>>>>> >>>>>>> Regards >>>>>>>> >>>>>>>> >>>>>>>> Zitat von Shyam Prasad N >: >>>>>>>> >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>>> I followed this document for install and configuration: >>>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>>> >>>>>>>>> However, I'm getting this error for a command: >>>>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>>> (Request-ID: >>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>>> >>>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - - >>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find >>>>>>>>> domain: >>>>>>>>> Default >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> Traceback >>>>>>>>> (most recent call last): >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", >>>>>>>>> line >>>>>>>>> 185, >>>>>>>>> in _lookup_domain >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> domain_name) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line >>>>>>>>> 124, >>>>>>>>> in >>>>>>>>> wrapped >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> __ret_val >>>>>>>>> = __f(*args, **kwargs) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 1053, >>>>>>>>> in >>>>>>>>> decorate >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> should_cache_fn) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 657, >>>>>>>>> in >>>>>>>>> get_or_create >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> async_creator) as value: >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>> 158, >>>>>>>>> in >>>>>>>>> __enter__ >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> return >>>>>>>>> self._enter() >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>> 98, in >>>>>>>>> _enter >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> generated >>>>>>>>> = self._enter_create(createdtime) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>> 149, >>>>>>>>> in >>>>>>>>> _enter_create >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> created >>>>>>>>> = >>>>>>>>> self.creator() >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 625, >>>>>>>>> in >>>>>>>>> gen_value >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> created_value = creator() >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 1049, >>>>>>>>> in >>>>>>>>> creator >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> return >>>>>>>>> fn(*arg, **kw) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File >>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line >>>>>>>>> 720, >>>>>>>>> in >>>>>>>>> get_domain_by_name >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> raise >>>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization >>>>>>>>> failed. >>>>>>>>> The request you have made requires authentication. from 20.20.20.7 >>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - - >>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>>> 0.113822 >>>>>>>>> >>>>>>>>> Can someone please tell me what's going on? >>>>>>>>> Thanks in advance for your replies. >>>>>>>>> > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: From nspmangalore at gmail.com Mon Apr 16 11:16:27 2018 From: nspmangalore at gmail.com (Shyam Prasad N) Date: Mon, 16 Apr 2018 16:46:27 +0530 Subject: [Openstack] Domain not found error In-Reply-To: <20180416095445.Horde.y5NDH9TsT9PSk-VLPxlFiia@webmail.nde.ag> References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> <20180416095445.Horde.y5NDH9TsT9PSk-VLPxlFiia@webmail.nde.ag> Message-ID: Hi Eugen, I tried pike initially. When that didn't work, I thought I'll use the documentation for queens. Is there a way to undo the keystone config and start over again? I want to start afresh. On Mon, Apr 16, 2018 at 3:24 PM, Eugen Block wrote: > Your first email pionted to the pike install guide which mentions > admin-url port 35357. > > I'm trying to install keystone for my swift cluster. >> I followed this document for install and configuration: >> https://docs.openstack.org/keystone/pike/install/ >> > > So now you're trying to install queens release? You should stay consistent > and use only one guide to follow, although it seems like the ubuntu guide > is wrong at this point. The other guides for Q (RedHat and SUSE) point to > the admin-url port 35357, not port 5000. And the ubuntu guide for Pike > release also points to 35357 again, so this is probably a bug. > > You should fix this prior to any further steps. > > > > Zitat von Shyam Prasad N : > > Here is the documentation page I followed: >> https://docs.openstack.org/keystone/queens/install/keystone- >> install-ubuntu.html >> >> On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N >> wrote: >> >> Hi Eugen, >>> >>> Ignore the different IPs. I had tried keystone install on two different >>> systems. The old admin-rc script was from the other node. >>> >>> As per the port numbers, I followed what was in the documentation: >>> Bootstrap the Identity service: >>> # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ >>> --bootstrap-admin-url http://controller:5000/v3/ \ >>> --bootstrap-internal-url http://controller:5000/v3/ \ >>> --bootstrap-public-url http://controller:5000/v3/ \ >>> --bootstrap-region-id RegionOne >>> >>> Regards, >>> Shyam >>> >>> On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block wrote: >>> >>> Hi, >>>> >>>> I found some differences between your bootstrap command and your >>>> admin-rc >>>> credentials: >>>> >>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>> >>>>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>>>> >>>>> >>>> You use two different IPs for your controller node, this can't work. >>>> Another thing is, you usually have to create one admin endpoint (port >>>> 35357) and a public endpoint (port 5000), you use the public port for >>>> both >>>> endpoints. This could work, of course, although not recommended. But >>>> then >>>> you have to change your admin-rc credentials respectively. They should >>>> reflect the configuration you bootstrapped with keystone-manage. >>>> >>>> Change your admin-rc to point to the correct IP and the correct port, >>>> then retry the domain list command after sourcing the credentials. >>>> >>>> >>>> >>>> Zitat von Shyam Prasad N : >>>> >>>> Hi, >>>> >>>>> >>>>> Sorry for the late reply. Was out for a while. >>>>> >>>>> # openstack domain list >>>>> The request you have made requires authentication. (HTTP 401) >>>>> (Request-ID: >>>>> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) >>>>> >>>>> # tail /var/log/keystone/keystone-manage.log >>>>> # >>>>> >>>>> # keystone-manage bootstrap --bootstrap-password PASSWORD >>>>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>>>> --bootstrap-internal-url >>>>> http://20.20.20.8:5000/v3/ --bootstrap-public-url >>>>> http://20.20.20.8:5000/v3/ >>>>> --bootstrap-region-id RegionOne >>>>> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] >>>>> Deprecated: Use of the identity driver config to automatically >>>>> configure >>>>> the same assignment driver has been deprecated, in the "O" release, the >>>>> assignment driver will need to be expicitly configured if different >>>>> than >>>>> the default (SQL). >>>>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>>>> already exists, skipping creation. >>>>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>>>> already >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>> already >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin >>>>> exists, >>>>> skipping creation. >>>>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>> already >>>>> has >>>>> admin on admin. >>>>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>>>> endpoint as already created >>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>>>> endpoint as already created >>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>>>> endpoint as already created >>>>> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 >>>>> 18518 >>>>> WARNING keystone.assignment.core [-] Deprecated: Use of the identity >>>>> driver >>>>> config to automatically configure the same assignment driver has been >>>>> deprecated, in the "O" release, the assignment driver will need to be >>>>> expicitly configured if different than the default (SQL). >>>>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>>>> already exists, skipping creation. >>>>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>>>> already >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>> already >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin >>>>> exists, >>>>> skipping creation. >>>>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>> already >>>>> has >>>>> admin on admin. >>>>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>>>> endpoint as already created >>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>>>> endpoint as already created >>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>>>> endpoint as already created >>>>> # >>>>> >>>>> >>>>> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block wrote: >>>>> >>>>> Hi, >>>>> >>>>>> >>>>>> the bug I reported is invalid because the keystone-bootstrap command >>>>>> is >>>>>> supposed to create the default domain. Since we created our cloud in >>>>>> Liberty release the default domain already existed in our environment. >>>>>> Well, I guess we're back to square one. ;-) >>>>>> >>>>>> Can you paste the output of >>>>>> >>>>>> control:~ # openstack domain list >>>>>> >>>>>> If the keystone bootstrap command worked, it should at least show the >>>>>> default domain. If it doesn't take a look into >>>>>> /var/log/keystone/keystone-manage.log and check for errors. If this >>>>>> doesn't reveal anything try running it again and check the logs again. >>>>>> >>>>>> >>>>>> Zitat von Eugen Block : >>>>>> >>>>>> >>>>>> The missing command has been in Newton, Ocata and Pike release. They >>>>>> fixed >>>>>> >>>>>> it in Queens again. >>>>>>> >>>>>>> I filed a bug report: https://bugs.launchpad.net/key >>>>>>> stone/+bug/1763297 >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> >>>>>>> Zitat von Shyam Prasad N : >>>>>>> >>>>>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone >>>>>>> through >>>>>>> >>>>>>> the bug reporting documentation) >>>>>>>> Please add me to the bug's CC list. That way if some info is needed >>>>>>>> from >>>>>>>> me, I can provide it. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Shyam >>>>>>>> >>>>>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block >>>>>>>> wrote: >>>>>>>> >>>>>>>> I believe there's something missing in Ocata and Pike docs. If you >>>>>>>> read >>>>>>>> >>>>>>>> Mitaka install guide [1] you'll find the first step to be creating >>>>>>>>> the >>>>>>>>> default domain before all other steps regarding projects and users. >>>>>>>>> >>>>>>>>> You should run >>>>>>>>> >>>>>>>>> openstack domain create --description "Default Domain" default >>>>>>>>> >>>>>>>>> and then the next steps should work, at least I hope so. >>>>>>>>> >>>>>>>>> Do you want to report this as a bug? I can also report it, I have >>>>>>>>> already >>>>>>>>> filed several reports. >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> >>>>>>>>> >>>>>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>>>>>> -users.html >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Zitat von Shyam Prasad N : >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> >>>>>>>>> Please read my replies inline below... >>>>>>>>>> >>>>>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> can you paste the credentials you're using? >>>>>>>>>>> >>>>>>>>>>> # cat admin-rc >>>>>>>>>>> >>>>>>>>>>> export OS_USERNAME=admin >>>>>>>>>>> >>>>>>>>>> export OS_PASSWORD=abcdef >>>>>>>>>> export OS_PROJECT_NAME=admin >>>>>>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>>>>>> >>>>>>>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>>>>>>> default >>>>>>>>>> >>>>>>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>>>>> >>>>>>>>>> sourcing >>>>>>>>>>> the credentials with ID "Default" this would go wrong, although >>>>>>>>>>> I'm >>>>>>>>>>> not >>>>>>>>>>> sure if this would be the expected error message. >>>>>>>>>>> >>>>>>>>>>> Just a couple of weeks ago there was someone on >>>>>>>>>>> ask.openstack.org >>>>>>>>>>> who >>>>>>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>>>>>> >>>>>>>>>>> Did the keystone-manage bootstrap command work? >>>>>>>>>>> >>>>>>>>>>> Yes. It did not throw any errors. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> Regards >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Zitat von Shyam Prasad N : >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>>>>> >>>>>>>>>>>> I followed this document for install and configuration: >>>>>>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>>>>>> >>>>>>>>>>>> However, I'm getting this error for a command: >>>>>>>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>>>>>> (Request-ID: >>>>>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>>>>>> >>>>>>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 >>>>>>>>>>>> - - >>>>>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not >>>>>>>>>>>> find >>>>>>>>>>>> domain: >>>>>>>>>>>> Default >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> Traceback >>>>>>>>>>>> (most recent call last): >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers. >>>>>>>>>>>> py", >>>>>>>>>>>> line >>>>>>>>>>>> 185, >>>>>>>>>>>> in _lookup_domain >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> domain_name) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", >>>>>>>>>>>> line >>>>>>>>>>>> 124, >>>>>>>>>>>> in >>>>>>>>>>>> wrapped >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> __ret_val >>>>>>>>>>>> = __f(*args, **kwargs) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>> line >>>>>>>>>>>> 1053, >>>>>>>>>>>> in >>>>>>>>>>>> decorate >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> should_cache_fn) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>> line >>>>>>>>>>>> 657, >>>>>>>>>>>> in >>>>>>>>>>>> get_or_create >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> async_creator) as value: >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>> line >>>>>>>>>>>> 158, >>>>>>>>>>>> in >>>>>>>>>>>> __enter__ >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> return >>>>>>>>>>>> self._enter() >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>> line >>>>>>>>>>>> 98, in >>>>>>>>>>>> _enter >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> generated >>>>>>>>>>>> = self._enter_create(createdtime) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>> line >>>>>>>>>>>> 149, >>>>>>>>>>>> in >>>>>>>>>>>> _enter_create >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> created >>>>>>>>>>>> = >>>>>>>>>>>> self.creator() >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>> line >>>>>>>>>>>> 625, >>>>>>>>>>>> in >>>>>>>>>>>> gen_value >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> created_value = creator() >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>> line >>>>>>>>>>>> 1049, >>>>>>>>>>>> in >>>>>>>>>>>> creator >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> return >>>>>>>>>>>> fn(*arg, **kw) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", >>>>>>>>>>>> line >>>>>>>>>>>> 720, >>>>>>>>>>>> in >>>>>>>>>>>> get_domain_by_name >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> raise >>>>>>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] >>>>>>>>>>>> Authorization >>>>>>>>>>>> failed. >>>>>>>>>>>> The request you have made requires authentication. from >>>>>>>>>>>> 20.20.20.7 >>>>>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 >>>>>>>>>>>> - - >>>>>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>>>>>> 0.113822 >>>>>>>>>>>> >>>>>>>>>>>> Can someone please tell me what's going on? >>>>>>>>>>>> Thanks in advance for your replies. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>> >>>> >>> >>> -- >>> -Shyam >>> >>> >> >> >> -- >> -Shyam >> > > > > -- -Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: From Remo at italy1.com Mon Apr 16 11:28:38 2018 From: Remo at italy1.com (Remo Mattei) Date: Mon, 16 Apr 2018 13:28:38 +0200 Subject: [Openstack] Domain not found error In-Reply-To: References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> <20180416095445.Horde.y5NDH9TsT9PSk-VLPxlFiia@webmail.nde.ag> Message-ID: Start from fresh! I would suggest to check into RDO, PackStack or Tripleo. My 2 cents. Remo > On Apr 16, 2018, at 1:16 PM, Shyam Prasad N wrote: > > Hi Eugen, > I tried pike initially. When that didn't work, I thought I'll use the documentation for queens. > Is there a way to undo the keystone config and start over again? I want to start afresh. > > On Mon, Apr 16, 2018 at 3:24 PM, Eugen Block > wrote: > Your first email pionted to the pike install guide which mentions admin-url port 35357. > > I'm trying to install keystone for my swift cluster. > I followed this document for install and configuration: > https://docs.openstack.org/keystone/pike/install/ > > So now you're trying to install queens release? You should stay consistent and use only one guide to follow, although it seems like the ubuntu guide is wrong at this point. The other guides for Q (RedHat and SUSE) point to the admin-url port 35357, not port 5000. And the ubuntu guide for Pike release also points to 35357 again, so this is probably a bug. > > You should fix this prior to any further steps. > > > > Zitat von Shyam Prasad N >: > > Here is the documentation page I followed: > https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html > > On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N > > wrote: > > Hi Eugen, > > Ignore the different IPs. I had tried keystone install on two different > systems. The old admin-rc script was from the other node. > > As per the port numbers, I followed what was in the documentation: > Bootstrap the Identity service: > # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ > --bootstrap-admin-url http://controller:5000/v3/ \ > --bootstrap-internal-url http://controller:5000/v3/ \ > --bootstrap-public-url http://controller:5000/v3/ \ > --bootstrap-region-id RegionOne > > Regards, > Shyam > > On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block > wrote: > > Hi, > > I found some differences between your bootstrap command and your admin-rc > credentials: > > export OS_AUTH_URL=http://20.20.20.7:35357/v3 > --bootstrap-admin-url http://20.20.20.8:5000/v3/ > > > You use two different IPs for your controller node, this can't work. > Another thing is, you usually have to create one admin endpoint (port > 35357) and a public endpoint (port 5000), you use the public port for both > endpoints. This could work, of course, although not recommended. But then > you have to change your admin-rc credentials respectively. They should > reflect the configuration you bootstrapped with keystone-manage. > > Change your admin-rc to point to the correct IP and the correct port, > then retry the domain list command after sourcing the credentials. > > > > Zitat von Shyam Prasad N >: > > Hi, > > Sorry for the late reply. Was out for a while. > > # openstack domain list > The request you have made requires authentication. (HTTP 401) > (Request-ID: > req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) > > # tail /var/log/keystone/keystone-manage.log > # > > # keystone-manage bootstrap --bootstrap-password PASSWORD > --bootstrap-admin-url http://20.20.20.8:5000/v3/ > --bootstrap-internal-url > http://20.20.20.8:5000/v3/ --bootstrap-public-url > http://20.20.20.8:5000/v3/ > --bootstrap-region-id RegionOne > 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] > Deprecated: Use of the identity driver config to automatically configure > the same assignment driver has been deprecated, in the "O" release, the > assignment driver will need to be expicitly configured if different than > the default (SQL). > 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default > already exists, skipping creation. > 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin > already > exists, skipping creation. > 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already > exists, skipping creation. > 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, > skipping creation. > 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already > has > admin on admin. > 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne > exists, skipping creation. > 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public > endpoint as already created > # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 > 18518 > WARNING keystone.assignment.core [-] Deprecated: Use of the identity > driver > config to automatically configure the same assignment driver has been > deprecated, in the "O" release, the assignment driver will need to be > expicitly configured if different than the default (SQL). > 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default > already exists, skipping creation. > 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin > already > exists, skipping creation. > 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already > exists, skipping creation. > 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, > skipping creation. > 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already > has > admin on admin. > 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne > exists, skipping creation. > 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public > endpoint as already created > # > > > On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block > wrote: > > Hi, > > the bug I reported is invalid because the keystone-bootstrap command is > supposed to create the default domain. Since we created our cloud in > Liberty release the default domain already existed in our environment. > Well, I guess we're back to square one. ;-) > > Can you paste the output of > > control:~ # openstack domain list > > If the keystone bootstrap command worked, it should at least show the > default domain. If it doesn't take a look into > /var/log/keystone/keystone-manage.log and check for errors. If this > doesn't reveal anything try running it again and check the logs again. > > > Zitat von Eugen Block >: > > > The missing command has been in Newton, Ocata and Pike release. They > fixed > > it in Queens again. > > I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 > > Regards > > > Zitat von Shyam Prasad N >: > > Thanks Eugen. It'll be great if you can do it. (I haven't yet gone > through > > the bug reporting documentation) > Please add me to the bug's CC list. That way if some info is needed > from > me, I can provide it. > > Regards, > Shyam > > On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block > wrote: > > I believe there's something missing in Ocata and Pike docs. If you > read > > Mitaka install guide [1] you'll find the first step to be creating > the > default domain before all other steps regarding projects and users. > > You should run > > openstack domain create --description "Default Domain" default > > and then the next steps should work, at least I hope so. > > Do you want to report this as a bug? I can also report it, I have > already > filed several reports. > > Regards > > > [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone > -users.html > > > > Zitat von Shyam Prasad N >: > > Hi, > > > Please read my replies inline below... > > On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block > > wrote: > > Hi, > > > can you paste the credentials you're using? > > # cat admin-rc > > export OS_USERNAME=admin > export OS_PASSWORD=abcdef > export OS_PROJECT_NAME=admin > export OS_USER_DOMAIN_NAME=Default > export OS_PROJECT_DOMAIN_NAME=Default > export OS_AUTH_URL=http://20.20.20.7:35357/v3 > export OS_IDENTITY_API_VERSION=3 > > The config values (e.g. domain) are case sensitive, the ID of the > default > > domain is usually "domain", its name is "Default". But if you're > > sourcing > the credentials with ID "Default" this would go wrong, although I'm > not > sure if this would be the expected error message. > > Just a couple of weeks ago there was someone on ask.openstack.org > who > ignored case-sensitive options and failed to operate his cloud. > > Did the keystone-manage bootstrap command work? > > Yes. It did not throw any errors. > > > > Regards > > > > Zitat von Shyam Prasad N >: > > > Hi, > > > I'm trying to install keystone for my swift cluster. > I followed this document for install and configuration: > https://docs.openstack.org/keystone/pike/install/ > > However, I'm getting this error for a command: > # openstack user create --domain default --password-prompt swift > The request you have made requires authentication. (HTTP 401) > (Request-ID: > req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) > > # tail /var/log/keystone/keystone.log > 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi > [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET > http://20.20.20.7:35357/v3/ > 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server > [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 > - - > [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 > 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST > http://20.20.20.7:35357/v3/auth/tokens > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not > find > domain: > Default > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > Traceback > (most recent call last): > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", > line > 185, > in _lookup_domain > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > domain_name) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", > line > 124, > in > wrapped > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > __ret_val > = __f(*args, **kwargs) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line > 1053, > in > decorate > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > should_cache_fn) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line > 657, > in > get_or_create > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > async_creator) as value: > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line > 158, > in > __enter__ > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > return > self._enter() > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line > 98, in > _enter > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > generated > = self._enter_create(createdtime) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line > 149, > in > _enter_create > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > created > = > self.creator() > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line > 625, > in > gen_value > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > created_value = creator() > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line > 1049, > in > creator > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > return > fn(*arg, **kw) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", > line > 720, > in > get_domain_by_name > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > raise > exception.DomainNotFound(domain_id=domain_name) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > DomainNotFound: Could not find domain: Default > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] > Authorization > failed. > The request you have made requires authentication. from 20.20.20.7 > 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 > - - > [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 > 0.113822 > > Can someone please tell me what's going on? > Thanks in advance for your replies. > > > > > > > -- > -Shyam > > > > > -- > -Shyam > > > > > > > -- > -Shyam > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: From eblock at nde.ag Mon Apr 16 12:30:47 2018 From: eblock at nde.ag (Eugen Block) Date: Mon, 16 Apr 2018 12:30:47 +0000 Subject: [Openstack] Domain not found error In-Reply-To: References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> <20180416095445.Horde.y5NDH9TsT9PSk-VLPxlFiia@webmail.nde.ag> Message-ID: <20180416123047.Horde.vjOTfwLW3yOPUEg5KIR4mik@webmail.nde.ag> > Is there a way to undo the keystone config and start over again? I want to > start afresh. The easiest way is probably to drop the keystone database and recreate it, then do the bootstrapping again. I believe this should suffice since keystone is essential to all other services, so you wouldn't do too much damage. Another way would be to login to your database and change the respective values, but since I don't know what exactly the bootstrap command does I would not recommend this option. Zitat von Shyam Prasad N : > Hi Eugen, > I tried pike initially. When that didn't work, I thought I'll use the > documentation for queens. > Is there a way to undo the keystone config and start over again? I want to > start afresh. > > On Mon, Apr 16, 2018 at 3:24 PM, Eugen Block wrote: > >> Your first email pionted to the pike install guide which mentions >> admin-url port 35357. >> >> I'm trying to install keystone for my swift cluster. >>> I followed this document for install and configuration: >>> https://docs.openstack.org/keystone/pike/install/ >>> >> >> So now you're trying to install queens release? You should stay consistent >> and use only one guide to follow, although it seems like the ubuntu guide >> is wrong at this point. The other guides for Q (RedHat and SUSE) point to >> the admin-url port 35357, not port 5000. And the ubuntu guide for Pike >> release also points to 35357 again, so this is probably a bug. >> >> You should fix this prior to any further steps. >> >> >> >> Zitat von Shyam Prasad N : >> >> Here is the documentation page I followed: >>> https://docs.openstack.org/keystone/queens/install/keystone- >>> install-ubuntu.html >>> >>> On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N >>> wrote: >>> >>> Hi Eugen, >>>> >>>> Ignore the different IPs. I had tried keystone install on two different >>>> systems. The old admin-rc script was from the other node. >>>> >>>> As per the port numbers, I followed what was in the documentation: >>>> Bootstrap the Identity service: >>>> # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ >>>> --bootstrap-admin-url http://controller:5000/v3/ \ >>>> --bootstrap-internal-url http://controller:5000/v3/ \ >>>> --bootstrap-public-url http://controller:5000/v3/ \ >>>> --bootstrap-region-id RegionOne >>>> >>>> Regards, >>>> Shyam >>>> >>>> On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block wrote: >>>> >>>> Hi, >>>>> >>>>> I found some differences between your bootstrap command and your >>>>> admin-rc >>>>> credentials: >>>>> >>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>> >>>>>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>>>>> >>>>>> >>>>> You use two different IPs for your controller node, this can't work. >>>>> Another thing is, you usually have to create one admin endpoint (port >>>>> 35357) and a public endpoint (port 5000), you use the public port for >>>>> both >>>>> endpoints. This could work, of course, although not recommended. But >>>>> then >>>>> you have to change your admin-rc credentials respectively. They should >>>>> reflect the configuration you bootstrapped with keystone-manage. >>>>> >>>>> Change your admin-rc to point to the correct IP and the correct port, >>>>> then retry the domain list command after sourcing the credentials. >>>>> >>>>> >>>>> >>>>> Zitat von Shyam Prasad N : >>>>> >>>>> Hi, >>>>> >>>>>> >>>>>> Sorry for the late reply. Was out for a while. >>>>>> >>>>>> # openstack domain list >>>>>> The request you have made requires authentication. (HTTP 401) >>>>>> (Request-ID: >>>>>> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) >>>>>> >>>>>> # tail /var/log/keystone/keystone-manage.log >>>>>> # >>>>>> >>>>>> # keystone-manage bootstrap --bootstrap-password PASSWORD >>>>>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>>>>> --bootstrap-internal-url >>>>>> http://20.20.20.8:5000/v3/ --bootstrap-public-url >>>>>> http://20.20.20.8:5000/v3/ >>>>>> --bootstrap-region-id RegionOne >>>>>> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] >>>>>> Deprecated: Use of the identity driver config to automatically >>>>>> configure >>>>>> the same assignment driver has been deprecated, in the "O" release, the >>>>>> assignment driver will need to be expicitly configured if different >>>>>> than >>>>>> the default (SQL). >>>>>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>>>>> already exists, skipping creation. >>>>>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>>>>> already >>>>>> exists, skipping creation. >>>>>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>>> already >>>>>> exists, skipping creation. >>>>>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin >>>>>> exists, >>>>>> skipping creation. >>>>>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>>> already >>>>>> has >>>>>> admin on admin. >>>>>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>>>>> exists, skipping creation. >>>>>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>>>>> endpoint as already created >>>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>>>>> endpoint as already created >>>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>>>>> endpoint as already created >>>>>> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 >>>>>> 18518 >>>>>> WARNING keystone.assignment.core [-] Deprecated: Use of the identity >>>>>> driver >>>>>> config to automatically configure the same assignment driver has been >>>>>> deprecated, in the "O" release, the assignment driver will need to be >>>>>> expicitly configured if different than the default (SQL). >>>>>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>>>>> already exists, skipping creation. >>>>>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>>>>> already >>>>>> exists, skipping creation. >>>>>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>>> already >>>>>> exists, skipping creation. >>>>>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin >>>>>> exists, >>>>>> skipping creation. >>>>>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>>> already >>>>>> has >>>>>> admin on admin. >>>>>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>>>>> exists, skipping creation. >>>>>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>>>>> endpoint as already created >>>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>>>>> endpoint as already created >>>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>>>>> endpoint as already created >>>>>> # >>>>>> >>>>>> >>>>>> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>>> >>>>>>> the bug I reported is invalid because the keystone-bootstrap command >>>>>>> is >>>>>>> supposed to create the default domain. Since we created our cloud in >>>>>>> Liberty release the default domain already existed in our environment. >>>>>>> Well, I guess we're back to square one. ;-) >>>>>>> >>>>>>> Can you paste the output of >>>>>>> >>>>>>> control:~ # openstack domain list >>>>>>> >>>>>>> If the keystone bootstrap command worked, it should at least show the >>>>>>> default domain. If it doesn't take a look into >>>>>>> /var/log/keystone/keystone-manage.log and check for errors. If this >>>>>>> doesn't reveal anything try running it again and check the logs again. >>>>>>> >>>>>>> >>>>>>> Zitat von Eugen Block : >>>>>>> >>>>>>> >>>>>>> The missing command has been in Newton, Ocata and Pike release. They >>>>>>> fixed >>>>>>> >>>>>>> it in Queens again. >>>>>>>> >>>>>>>> I filed a bug report: https://bugs.launchpad.net/key >>>>>>>> stone/+bug/1763297 >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> >>>>>>>> Zitat von Shyam Prasad N : >>>>>>>> >>>>>>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone >>>>>>>> through >>>>>>>> >>>>>>>> the bug reporting documentation) >>>>>>>>> Please add me to the bug's CC list. That way if some info is needed >>>>>>>>> from >>>>>>>>> me, I can provide it. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Shyam >>>>>>>>> >>>>>>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> I believe there's something missing in Ocata and Pike docs. If you >>>>>>>>> read >>>>>>>>> >>>>>>>>> Mitaka install guide [1] you'll find the first step to be creating >>>>>>>>>> the >>>>>>>>>> default domain before all other steps regarding projects and users. >>>>>>>>>> >>>>>>>>>> You should run >>>>>>>>>> >>>>>>>>>> openstack domain create --description "Default Domain" default >>>>>>>>>> >>>>>>>>>> and then the next steps should work, at least I hope so. >>>>>>>>>> >>>>>>>>>> Do you want to report this as a bug? I can also report it, I have >>>>>>>>>> already >>>>>>>>>> filed several reports. >>>>>>>>>> >>>>>>>>>> Regards >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>>>>>>> -users.html >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Zitat von Shyam Prasad N : >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Please read my replies inline below... >>>>>>>>>>> >>>>>>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> can you paste the credentials you're using? >>>>>>>>>>>> >>>>>>>>>>>> # cat admin-rc >>>>>>>>>>>> >>>>>>>>>>>> export OS_USERNAME=admin >>>>>>>>>>>> >>>>>>>>>>> export OS_PASSWORD=abcdef >>>>>>>>>>> export OS_PROJECT_NAME=admin >>>>>>>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>>>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>>>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>>>>>>> >>>>>>>>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>>>>>>>> default >>>>>>>>>>> >>>>>>>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>>>>>> >>>>>>>>>>> sourcing >>>>>>>>>>>> the credentials with ID "Default" this would go wrong, although >>>>>>>>>>>> I'm >>>>>>>>>>>> not >>>>>>>>>>>> sure if this would be the expected error message. >>>>>>>>>>>> >>>>>>>>>>>> Just a couple of weeks ago there was someone on >>>>>>>>>>>> ask.openstack.org >>>>>>>>>>>> who >>>>>>>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>>>>>>> >>>>>>>>>>>> Did the keystone-manage bootstrap command work? >>>>>>>>>>>> >>>>>>>>>>>> Yes. It did not throw any errors. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> Regards >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Zitat von Shyam Prasad N : >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>>>>>> >>>>>>>>>>>>> I followed this document for install and configuration: >>>>>>>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>>>>>>> >>>>>>>>>>>>> However, I'm getting this error for a command: >>>>>>>>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>>>>>>> (Request-ID: >>>>>>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>>>>>>> >>>>>>>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 >>>>>>>>>>>>> - - >>>>>>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not >>>>>>>>>>>>> find >>>>>>>>>>>>> domain: >>>>>>>>>>>>> Default >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> Traceback >>>>>>>>>>>>> (most recent call last): >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> File >>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers. >>>>>>>>>>>>> py", >>>>>>>>>>>>> line >>>>>>>>>>>>> 185, >>>>>>>>>>>>> in _lookup_domain >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> domain_name) >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> File >>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", >>>>>>>>>>>>> line >>>>>>>>>>>>> 124, >>>>>>>>>>>>> in >>>>>>>>>>>>> wrapped >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> __ret_val >>>>>>>>>>>>> = __f(*args, **kwargs) >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> File >>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>>> line >>>>>>>>>>>>> 1053, >>>>>>>>>>>>> in >>>>>>>>>>>>> decorate >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> should_cache_fn) >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> File >>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>>> line >>>>>>>>>>>>> 657, >>>>>>>>>>>>> in >>>>>>>>>>>>> get_or_create >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> async_creator) as value: >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> File >>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>>> line >>>>>>>>>>>>> 158, >>>>>>>>>>>>> in >>>>>>>>>>>>> __enter__ >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> return >>>>>>>>>>>>> self._enter() >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> File >>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>>> line >>>>>>>>>>>>> 98, in >>>>>>>>>>>>> _enter >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> generated >>>>>>>>>>>>> = self._enter_create(createdtime) >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> File >>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>>> line >>>>>>>>>>>>> 149, >>>>>>>>>>>>> in >>>>>>>>>>>>> _enter_create >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> created >>>>>>>>>>>>> = >>>>>>>>>>>>> self.creator() >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> File >>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>>> line >>>>>>>>>>>>> 625, >>>>>>>>>>>>> in >>>>>>>>>>>>> gen_value >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> created_value = creator() >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> File >>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>>> line >>>>>>>>>>>>> 1049, >>>>>>>>>>>>> in >>>>>>>>>>>>> creator >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> return >>>>>>>>>>>>> fn(*arg, **kw) >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> File >>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", >>>>>>>>>>>>> line >>>>>>>>>>>>> 720, >>>>>>>>>>>>> in >>>>>>>>>>>>> get_domain_by_name >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> raise >>>>>>>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] >>>>>>>>>>>>> Authorization >>>>>>>>>>>>> failed. >>>>>>>>>>>>> The request you have made requires authentication. from >>>>>>>>>>>>> 20.20.20.7 >>>>>>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 >>>>>>>>>>>>> - - >>>>>>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>>>>>>> 0.113822 >>>>>>>>>>>>> >>>>>>>>>>>>> Can someone please tell me what's going on? >>>>>>>>>>>>> Thanks in advance for your replies. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>> >>>>> >>>> >>>> -- >>>> -Shyam >>>> >>>> >>> >>> >>> -- >>> -Shyam >>> >> >> >> >> > > > -- > -Shyam From witold.bedyk at est.fujitsu.com Mon Apr 16 13:35:33 2018 From: witold.bedyk at est.fujitsu.com (Bedyk, Witold) Date: Mon, 16 Apr 2018 13:35:33 +0000 Subject: [Openstack] Openstack Log Errors monitoring Message-ID: <3747f45c1ac34c539ecaf40296512818@R01UKEXCASM126.r01.fujitsu.local> Hi Ron, Monasca (logging part based on ELK) offers alerting on logs. Basic idea is presented in this presentation [1] starting from slide 28. Cheers Witek [1] file:///C:/Users/bedyk/Desktop/Austin%202016/Monasca_Logging_OpenStack_Summit_Austin.pdf > May i know if anyone is using any tool to monitor ERROR on all openstack > logs and send out alerts? From doka.ua at gmx.com Tue Apr 17 12:38:03 2018 From: doka.ua at gmx.com (Volodymyr Litovka) Date: Tue, 17 Apr 2018 15:38:03 +0300 Subject: [Openstack] which SDK to use? Message-ID: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> Hi colleagues, I need to write client app (Python v3) to work with Openstack. At the moment, I need to work with Keystone (of course), Heat, Nova and Cinder. Support for other modules may be required later. Keeping in mind direct API calls, I, nevertheless, prefer to use SDK and there are two choices: 1) Openstack SDK (https://docs.openstack.org/openstacksdk/latest ) 2) Openstack Clients (https://wiki.openstack.org/wiki/OpenStackClients ) The question is which one to use in terms of support Openstack APIs, development longevity and consistency with Openstack development? Thank you. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison From fungi at yuggoth.org Tue Apr 17 13:13:23 2018 From: fungi at yuggoth.org (Jeremy Stanley) Date: Tue, 17 Apr 2018 13:13:23 +0000 Subject: [Openstack] which SDK to use? In-Reply-To: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> Message-ID: <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> On 2018-04-17 15:38:03 +0300 (+0300), Volodymyr Litovka wrote: [...] > 1) Openstack SDK (https://docs.openstack.org/openstacksdk/latest ) > 2) Openstack Clients (https://wiki.openstack.org/wiki/OpenStackClients ) > > The question is which one to use in terms of support Openstack APIs, > development longevity and consistency with Openstack development? [...] The unified OpenStackSDK is intended as a general, flexible yet consistent programming interface for consumers of a variety of OpenStack services and environments, and this is where most of the innovation you seem to be asking about is happening so is probably a much better choice. The various "client libraries" (e.g. python-novaclient, python-cinderclient, et cetera) can also be used to that end, but are mostly for service-to-service communication these days, aren't extremely consistent with each other, and tend to eventually drop support for older OpenStack APIs so if you're going to be interacting with a variety of different OpenStack deployments built on different releases you may need multiple versions of the client libraries (depending on what it is you're trying to do). -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: From chris.friesen at windriver.com Tue Apr 17 16:23:48 2018 From: chris.friesen at windriver.com (Chris Friesen) Date: Tue, 17 Apr 2018 10:23:48 -0600 Subject: [Openstack] which SDK to use? In-Reply-To: <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> Message-ID: <5AD61F94.3030509@windriver.com> On 04/17/2018 07:13 AM, Jeremy Stanley wrote: > The various "client libraries" (e.g. python-novaclient, > python-cinderclient, et cetera) can also be used to that end, but > are mostly for service-to-service communication these days, aren't > extremely consistent with each other, and tend to eventually drop > support for older OpenStack APIs so if you're going to be > interacting with a variety of different OpenStack deployments built > on different releases you may need multiple versions of the client > libraries (depending on what it is you're trying to do). The above is all good information. I'd like to add that if you need bleeding-edge functionality in nova it will often be implemented first in python-novaclient. Chris From doka.ua at gmx.com Tue Apr 17 20:24:36 2018 From: doka.ua at gmx.com (Volodymyr Litovka) Date: Tue, 17 Apr 2018 23:24:36 +0300 Subject: [Openstack] which SDK to use? In-Reply-To: <5AD61F94.3030509@windriver.com> References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> <5AD61F94.3030509@windriver.com> Message-ID: Hi Chris and colleagues, based on your experience, can you specify an average delay between new OS release / new feature introduction and appearance of corresponding support in Unified Openstack SDK if you were experiencing such issues? Thanks. On 4/17/18 7:23 PM, Chris Friesen wrote: > On 04/17/2018 07:13 AM, Jeremy Stanley wrote: > >> The various "client libraries" (e.g. python-novaclient, >> python-cinderclient, et cetera) can also be used to that end, but >> are mostly for service-to-service communication these days, aren't >> extremely consistent with each other, and tend to eventually drop >> support for older OpenStack APIs so if you're going to be >> interacting with a variety of different OpenStack deployments built >> on different releases you may need multiple versions of the client >> libraries (depending on what it is you're trying to do). > > The above is all good information. > > I'd like to add that if you need bleeding-edge functionality in nova > it will often be implemented first in python-novaclient. > > Chris > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to     : openstack at lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison From nspmangalore at gmail.com Wed Apr 18 05:37:03 2018 From: nspmangalore at gmail.com (Shyam Prasad N) Date: Wed, 18 Apr 2018 11:07:03 +0530 Subject: [Openstack] Domain not found error In-Reply-To: <20180416123047.Horde.vjOTfwLW3yOPUEg5KIR4mik@webmail.nde.ag> References: <20180412064020.Horde.4dPn1JcsDDGn68zf_2sgYDL@webmail.nde.ag> <20180412071846.Horde.bFbTvvQ56LUOC-Zfb1wTNJJ@webmail.nde.ag> <20180412082730.Horde.nVvbHo0rKz7wNmVuyI_MTtQ@webmail.nde.ag> <20180413062400.Horde.65yTSYZ-jI34lpxeL05Wi6b@webmail.nde.ag> <20180416092752.Horde.duQ58kj2IJxthPwz-lzofh-@webmail.nde.ag> <20180416095445.Horde.y5NDH9TsT9PSk-VLPxlFiia@webmail.nde.ag> <20180416123047.Horde.vjOTfwLW3yOPUEg5KIR4mik@webmail.nde.ag> Message-ID: Hi all, Just to close on this... I was able to get the setup completed once I followed the correct Install guide version (I was thinking that my version is Pike, but it turns out that it should be Mitaka). Thanks for the help, and sorry for the trouble. Regards, Shyam On Mon, Apr 16, 2018 at 6:00 PM, Eugen Block wrote: > Is there a way to undo the keystone config and start over again? I want to >> start afresh. >> > > The easiest way is probably to drop the keystone database and recreate it, > then do the bootstrapping again. I believe this should suffice since > keystone is essential to all other services, so you wouldn't do too much > damage. > Another way would be to login to your database and change the respective > values, but since I don't know what exactly the bootstrap command does I > would not recommend this option. > > > > Zitat von Shyam Prasad N : > > Hi Eugen, >> I tried pike initially. When that didn't work, I thought I'll use the >> documentation for queens. >> Is there a way to undo the keystone config and start over again? I want to >> start afresh. >> >> On Mon, Apr 16, 2018 at 3:24 PM, Eugen Block wrote: >> >> Your first email pionted to the pike install guide which mentions >>> admin-url port 35357. >>> >>> I'm trying to install keystone for my swift cluster. >>> >>>> I followed this document for install and configuration: >>>> https://docs.openstack.org/keystone/pike/install/ >>>> >>>> >>> So now you're trying to install queens release? You should stay >>> consistent >>> and use only one guide to follow, although it seems like the ubuntu guide >>> is wrong at this point. The other guides for Q (RedHat and SUSE) point to >>> the admin-url port 35357, not port 5000. And the ubuntu guide for Pike >>> release also points to 35357 again, so this is probably a bug. >>> >>> You should fix this prior to any further steps. >>> >>> >>> >>> Zitat von Shyam Prasad N : >>> >>> Here is the documentation page I followed: >>> >>>> https://docs.openstack.org/keystone/queens/install/keystone- >>>> install-ubuntu.html >>>> >>>> On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N >>> > >>>> wrote: >>>> >>>> Hi Eugen, >>>> >>>>> >>>>> Ignore the different IPs. I had tried keystone install on two different >>>>> systems. The old admin-rc script was from the other node. >>>>> >>>>> As per the port numbers, I followed what was in the documentation: >>>>> Bootstrap the Identity service: >>>>> # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ >>>>> --bootstrap-admin-url http://controller:5000/v3/ \ >>>>> --bootstrap-internal-url http://controller:5000/v3/ \ >>>>> --bootstrap-public-url http://controller:5000/v3/ \ >>>>> --bootstrap-region-id RegionOne >>>>> >>>>> Regards, >>>>> Shyam >>>>> >>>>> On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block wrote: >>>>> >>>>> Hi, >>>>> >>>>>> >>>>>> I found some differences between your bootstrap command and your >>>>>> admin-rc >>>>>> credentials: >>>>>> >>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>> >>>>>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>>>>>> >>>>>>> >>>>>>> You use two different IPs for your controller node, this can't work. >>>>>> Another thing is, you usually have to create one admin endpoint (port >>>>>> 35357) and a public endpoint (port 5000), you use the public port for >>>>>> both >>>>>> endpoints. This could work, of course, although not recommended. But >>>>>> then >>>>>> you have to change your admin-rc credentials respectively. They should >>>>>> reflect the configuration you bootstrapped with keystone-manage. >>>>>> >>>>>> Change your admin-rc to point to the correct IP and the correct port, >>>>>> then retry the domain list command after sourcing the credentials. >>>>>> >>>>>> >>>>>> >>>>>> Zitat von Shyam Prasad N : >>>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>>> Sorry for the late reply. Was out for a while. >>>>>>> >>>>>>> # openstack domain list >>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>> (Request-ID: >>>>>>> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) >>>>>>> >>>>>>> # tail /var/log/keystone/keystone-manage.log >>>>>>> # >>>>>>> >>>>>>> # keystone-manage bootstrap --bootstrap-password PASSWORD >>>>>>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>>>>>> --bootstrap-internal-url >>>>>>> http://20.20.20.8:5000/v3/ --bootstrap-public-url >>>>>>> http://20.20.20.8:5000/v3/ >>>>>>> --bootstrap-region-id RegionOne >>>>>>> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] >>>>>>> Deprecated: Use of the identity driver config to automatically >>>>>>> configure >>>>>>> the same assignment driver has been deprecated, in the "O" release, >>>>>>> the >>>>>>> assignment driver will need to be expicitly configured if different >>>>>>> than >>>>>>> the default (SQL). >>>>>>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain >>>>>>> default >>>>>>> already exists, skipping creation. >>>>>>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>>>>>> already >>>>>>> exists, skipping creation. >>>>>>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>>>> already >>>>>>> exists, skipping creation. >>>>>>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin >>>>>>> exists, >>>>>>> skipping creation. >>>>>>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>>>> already >>>>>>> has >>>>>>> admin on admin. >>>>>>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region >>>>>>> RegionOne >>>>>>> exists, skipping creation. >>>>>>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>>>>>> endpoint as already created >>>>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping >>>>>>> internal >>>>>>> endpoint as already created >>>>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>>>>>> endpoint as already created >>>>>>> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 >>>>>>> 18518 >>>>>>> WARNING keystone.assignment.core [-] Deprecated: Use of the identity >>>>>>> driver >>>>>>> config to automatically configure the same assignment driver has been >>>>>>> deprecated, in the "O" release, the assignment driver will need to be >>>>>>> expicitly configured if different than the default (SQL). >>>>>>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain >>>>>>> default >>>>>>> already exists, skipping creation. >>>>>>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>>>>>> already >>>>>>> exists, skipping creation. >>>>>>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>>>> already >>>>>>> exists, skipping creation. >>>>>>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin >>>>>>> exists, >>>>>>> skipping creation. >>>>>>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>>>> already >>>>>>> has >>>>>>> admin on admin. >>>>>>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region >>>>>>> RegionOne >>>>>>> exists, skipping creation. >>>>>>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>>>>>> endpoint as already created >>>>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping >>>>>>> internal >>>>>>> endpoint as already created >>>>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>>>>>> endpoint as already created >>>>>>> # >>>>>>> >>>>>>> >>>>>>> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>>> the bug I reported is invalid because the keystone-bootstrap command >>>>>>>> is >>>>>>>> supposed to create the default domain. Since we created our cloud in >>>>>>>> Liberty release the default domain already existed in our >>>>>>>> environment. >>>>>>>> Well, I guess we're back to square one. ;-) >>>>>>>> >>>>>>>> Can you paste the output of >>>>>>>> >>>>>>>> control:~ # openstack domain list >>>>>>>> >>>>>>>> If the keystone bootstrap command worked, it should at least show >>>>>>>> the >>>>>>>> default domain. If it doesn't take a look into >>>>>>>> /var/log/keystone/keystone-manage.log and check for errors. If this >>>>>>>> doesn't reveal anything try running it again and check the logs >>>>>>>> again. >>>>>>>> >>>>>>>> >>>>>>>> Zitat von Eugen Block : >>>>>>>> >>>>>>>> >>>>>>>> The missing command has been in Newton, Ocata and Pike release. They >>>>>>>> fixed >>>>>>>> >>>>>>>> it in Queens again. >>>>>>>> >>>>>>>>> >>>>>>>>> I filed a bug report: https://bugs.launchpad.net/key >>>>>>>>> stone/+bug/1763297 >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> >>>>>>>>> >>>>>>>>> Zitat von Shyam Prasad N : >>>>>>>>> >>>>>>>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone >>>>>>>>> through >>>>>>>>> >>>>>>>>> the bug reporting documentation) >>>>>>>>> >>>>>>>>>> Please add me to the bug's CC list. That way if some info is >>>>>>>>>> needed >>>>>>>>>> from >>>>>>>>>> me, I can provide it. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Shyam >>>>>>>>>> >>>>>>>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> I believe there's something missing in Ocata and Pike docs. If you >>>>>>>>>> read >>>>>>>>>> >>>>>>>>>> Mitaka install guide [1] you'll find the first step to be creating >>>>>>>>>> >>>>>>>>>>> the >>>>>>>>>>> default domain before all other steps regarding projects and >>>>>>>>>>> users. >>>>>>>>>>> >>>>>>>>>>> You should run >>>>>>>>>>> >>>>>>>>>>> openstack domain create --description "Default Domain" default >>>>>>>>>>> >>>>>>>>>>> and then the next steps should work, at least I hope so. >>>>>>>>>>> >>>>>>>>>>> Do you want to report this as a bug? I can also report it, I have >>>>>>>>>>> already >>>>>>>>>>> filed several reports. >>>>>>>>>>> >>>>>>>>>>> Regards >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>>>>>>>> -users.html >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Zitat von Shyam Prasad N : >>>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Please read my replies inline below... >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> can you paste the credentials you're using? >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> # cat admin-rc >>>>>>>>>>>>> >>>>>>>>>>>>> export OS_USERNAME=admin >>>>>>>>>>>>> >>>>>>>>>>>>> export OS_PASSWORD=abcdef >>>>>>>>>>>> export OS_PROJECT_NAME=admin >>>>>>>>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>>>>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>>>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>>>>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>>>>>>>> >>>>>>>>>>>> The config values (e.g. domain) are case sensitive, the ID of >>>>>>>>>>>> the >>>>>>>>>>>> default >>>>>>>>>>>> >>>>>>>>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>>>>>>> >>>>>>>>>>>> sourcing >>>>>>>>>>>> >>>>>>>>>>>>> the credentials with ID "Default" this would go wrong, although >>>>>>>>>>>>> I'm >>>>>>>>>>>>> not >>>>>>>>>>>>> sure if this would be the expected error message. >>>>>>>>>>>>> >>>>>>>>>>>>> Just a couple of weeks ago there was someone on >>>>>>>>>>>>> ask.openstack.org >>>>>>>>>>>>> who >>>>>>>>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>>>>>>>> >>>>>>>>>>>>> Did the keystone-manage bootstrap command work? >>>>>>>>>>>>> >>>>>>>>>>>>> Yes. It did not throw any errors. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Regards >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Zitat von Shyam Prasad N : >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>>>>>>> >>>>>>>>>>>>> I followed this document for install and configuration: >>>>>>>>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>>>>>>>> >>>>>>>>>>>>>> However, I'm getting this error for a command: >>>>>>>>>>>>>> # openstack user create --domain default --password-prompt >>>>>>>>>>>>>> swift >>>>>>>>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>>>>>>>> (Request-ID: >>>>>>>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>>>>>>>> >>>>>>>>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] >>>>>>>>>>>>>> 20.20.20.7 >>>>>>>>>>>>>> - - >>>>>>>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could >>>>>>>>>>>>>> not >>>>>>>>>>>>>> find >>>>>>>>>>>>>> domain: >>>>>>>>>>>>>> Default >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> Traceback >>>>>>>>>>>>>> (most recent call last): >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> File >>>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers. >>>>>>>>>>>>>> py", >>>>>>>>>>>>>> line >>>>>>>>>>>>>> 185, >>>>>>>>>>>>>> in _lookup_domain >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> domain_name) >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> File >>>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager. >>>>>>>>>>>>>> py", >>>>>>>>>>>>>> line >>>>>>>>>>>>>> 124, >>>>>>>>>>>>>> in >>>>>>>>>>>>>> wrapped >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> __ret_val >>>>>>>>>>>>>> = __f(*args, **kwargs) >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> File >>>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>>>> line >>>>>>>>>>>>>> 1053, >>>>>>>>>>>>>> in >>>>>>>>>>>>>> decorate >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> should_cache_fn) >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> File >>>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>>>> line >>>>>>>>>>>>>> 657, >>>>>>>>>>>>>> in >>>>>>>>>>>>>> get_or_create >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> async_creator) as value: >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> File >>>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>>>> line >>>>>>>>>>>>>> 158, >>>>>>>>>>>>>> in >>>>>>>>>>>>>> __enter__ >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> return >>>>>>>>>>>>>> self._enter() >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> File >>>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>>>> line >>>>>>>>>>>>>> 98, in >>>>>>>>>>>>>> _enter >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> generated >>>>>>>>>>>>>> = self._enter_create(createdtime) >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> File >>>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>>>> line >>>>>>>>>>>>>> 149, >>>>>>>>>>>>>> in >>>>>>>>>>>>>> _enter_create >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> created >>>>>>>>>>>>>> = >>>>>>>>>>>>>> self.creator() >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> File >>>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>>>> line >>>>>>>>>>>>>> 625, >>>>>>>>>>>>>> in >>>>>>>>>>>>>> gen_value >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> created_value = creator() >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> File >>>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>>>> line >>>>>>>>>>>>>> 1049, >>>>>>>>>>>>>> in >>>>>>>>>>>>>> creator >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> return >>>>>>>>>>>>>> fn(*arg, **kw) >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> File >>>>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", >>>>>>>>>>>>>> line >>>>>>>>>>>>>> 720, >>>>>>>>>>>>>> in >>>>>>>>>>>>>> get_domain_by_name >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> raise >>>>>>>>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] >>>>>>>>>>>>>> Authorization >>>>>>>>>>>>>> failed. >>>>>>>>>>>>>> The request you have made requires authentication. from >>>>>>>>>>>>>> 20.20.20.7 >>>>>>>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] >>>>>>>>>>>>>> 20.20.20.7 >>>>>>>>>>>>>> - - >>>>>>>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>>>>>>>> 0.113822 >>>>>>>>>>>>>> >>>>>>>>>>>>>> Can someone please tell me what's going on? >>>>>>>>>>>>>> Thanks in advance for your replies. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>> >>>>>> >>>>> -- >>>>> -Shyam >>>>> >>>>> >>>>> >>>> >>>> -- >>>> -Shyam >>>> >>>> >>> >>> >>> >>> >> >> -- >> -Shyam >> > > > > -- -Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: From nspmangalore at gmail.com Wed Apr 18 05:41:20 2018 From: nspmangalore at gmail.com (Shyam Prasad N) Date: Wed, 18 Apr 2018 11:11:20 +0530 Subject: [Openstack] Swift3 configuration... Message-ID: Hi, I'm trying to setup an s3 API frontend for my swift cluster using this guide: https://docs.openstack.org/mitaka/config-reference/object-storage/configure-s3.html But I'm unable to figure out how to configure the access_key_id and secret_access_key. The page says I should pick up from aws console. So does this mean that I cannot have this configuration without the internet connectivity? Please clarify the architecture design involved here. As always, thanks for your responses. -- -Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris.friesen at windriver.com Wed Apr 18 15:05:53 2018 From: chris.friesen at windriver.com (Chris Friesen) Date: Wed, 18 Apr 2018 09:05:53 -0600 Subject: [Openstack] which SDK to use? In-Reply-To: References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> <5AD61F94.3030509@windriver.com> Message-ID: <5AD75ED1.5030006@windriver.com> I should preface this with the fact that I don't use OpenStack SDK, so you may want to check with the project developers. One example is that a bit over a year ago nova added a microversion to include the flavor information directly in the server information rather than returning a link to a flavor (that may have been modified or deleted in the meantime). To my knowledge, the Openstack SDK does not yet support this functionality. Chris On 04/17/2018 02:24 PM, Volodymyr Litovka wrote: > Hi Chris and colleagues, > > based on your experience, can you specify an average delay between new OS > release / new feature introduction and appearance of corresponding support in > Unified Openstack SDK if you were experiencing such issues? > > Thanks. > > On 4/17/18 7:23 PM, Chris Friesen wrote: >> On 04/17/2018 07:13 AM, Jeremy Stanley wrote: >> >>> The various "client libraries" (e.g. python-novaclient, >>> python-cinderclient, et cetera) can also be used to that end, but >>> are mostly for service-to-service communication these days, aren't >>> extremely consistent with each other, and tend to eventually drop >>> support for older OpenStack APIs so if you're going to be >>> interacting with a variety of different OpenStack deployments built >>> on different releases you may need multiple versions of the client >>> libraries (depending on what it is you're trying to do). >> >> The above is all good information. >> >> I'd like to add that if you need bleeding-edge functionality in nova it will >> often be implemented first in python-novaclient. >> >> Chris >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack at lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > From ianyrchoi at gmail.com Wed Apr 18 15:40:13 2018 From: ianyrchoi at gmail.com (Ian Y. Choi) Date: Thu, 19 Apr 2018 00:40:13 +0900 Subject: [Openstack] OpenInfra Days Korea 2018 is looking for Sponsors and Speakers Message-ID: <156dc01f-f620-590e-557c-63eb7bed05e5@gmail.com> Dear OpenStack Community Members, OpenStack Korea User Group is excited to announce that there will be OpenInfra Days Korea 2018 in Seoul, Korea, for two days (June 29th - 30th). Our theme this year is "Open Infrastructure: OpenStack, Containers, and Cloud Native Computing". Open infrastructure is evolving with more open source communities and technologies including cloud computing and containers. Following this year's theme, Korea community would like to use "OpenInfra Days Korea 2018" name to bring open source communities in Korea together to collaborate and ultimately build a wide open source ecosystem together. This is the fifth event from the first OpenStack Days Korea event in 2014. Each of four previous events had a huge success and attracted lots of interest among IT expert, engineers, developers and Executives. The OpenInfra (and previous OpenStack) Days Korea is certainly one of the biggest Open Source Technology event in Korea. The event will be held at Hall E, Coex for both two days. There will be keynote session & technical presentations on the first day. On the second day, hands-on-lab sessions and deep dive sessions including Upstream Institute Korea are planned for participants to experience technologies in details. In order to successfully execute this event, we will need your help on both sponsoring and participating the event. https://openinfradays.kr/index_en.html In the above event webpage, you will find link for both “Sponsorship” and “Call for Speakers”. Please kindly review and consider it, and get back to us. If you have any question, you can contact one of organizers in OpenInfra Days Korea 2018 event stated at the end of this email. In addition, if you are interested in speaking at the event, please fill the form at “Call for Speakers” link. Thank you very much in advance, and we look forward to working with you. Best Regards, OpenStack User Group Leader – Ian Y. Choi (ianyrchoi at gmail.com) Program Chair – Jaesuk Ahn (bluejay.ahn at gmail.com) Event Organizing Chair – Jungwon Ku (jwon.ku at gmail.com) From ianyrchoi at gmail.com Wed Apr 18 15:47:54 2018 From: ianyrchoi at gmail.com (Ian Y. Choi) Date: Thu, 19 Apr 2018 00:47:54 +0900 Subject: [Openstack] [openstack-community] Cloudkitty as billing system In-Reply-To: References: Message-ID: <5ec4927f-6553-3d36-298f-b8b82741abcf@gmail.com> Community mailing list is used to discuss strategies for user groups, ambassadors, and so on. I am forwarding to OpenStack mailing list whose readers might help you. With many thanks, /Ian samane akhlaghinia wrote on 4/18/2018 12:15 PM: > Dear Sirs/Madams, > hello > > I'm an openstack beginner in XaaS Cloud Computing . I > want to use Cloudkitty as billing system and have an issue about this. > is there a way to calculate cpu_util & memory usage (that they are > dynamic) via cloudkitty? and if no, is it possible in the future? > > best regards > samane akhlaghinia > > > _______________________________________________ > Community mailing list > Community at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/community From dev.faz at gmail.com Wed Apr 18 17:32:07 2018 From: dev.faz at gmail.com (Fabian Zimmermann) Date: Wed, 18 Apr 2018 19:32:07 +0200 Subject: [Openstack] [openstack][pike][cinder] cinder-volume agent is marked down during image upload Message-ID: Hi, we just evaluating the upgrade to pike and running into an issue with cinder-volume agent We see cinder-volume-Agent being marked DOWN if we request an volume-upload to glance and the upload runs longer than heartbeat-timeout. As soon as curl starts to upload the image, there are no further heartbeat-updates in the database. steps to reproduce: 1. create a big Volume (f.e. 100G) 2. fill the volume with data to avoid too fast upload 3. tell cinder to upload the volume as image 4. watch cinder-volume-agent being marked as DOWN, because no heartbeat-update is done during upload. Is anybody experiencing the same issue? Thanks a lot, Fabian From thiago at redhat.com Wed Apr 18 18:25:31 2018 From: thiago at redhat.com (Thiago da Silva) Date: Wed, 18 Apr 2018 14:25:31 -0400 Subject: [Openstack] Swift3 configuration... In-Reply-To: References: Message-ID: Hello, On Wed, Apr 18, 2018 at 1:41 AM, Shyam Prasad N wrote: > Hi, > > I'm trying to setup an s3 API frontend for my swift cluster using this > guide: > https://docs.openstack.org/mitaka/config-reference/ > object-storage/configure-s3.html > > But I'm unable to figure out how to configure the access_key_id and > secret_access_key. The page says I should pick up from aws console. So does > this mean that I cannot have this configuration without the internet > connectivity? > You do not need to be using your AWS credentials when configuring Swift3, which credentials to use really depends on what Identity system you are using. For tempauth/swauth, the access_key becomes 'tenant:user' and secret_key is the password. For keystone, you need to first create ec2 credentials and then use those[0]. Thiago [0] - https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/ec2-credentials.html > Please clarify the architecture design involved here. > As always, thanks for your responses. > > -- > -Shyam > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From allenyuchishing at gmail.com Wed Apr 18 23:46:45 2018 From: allenyuchishing at gmail.com (Allen Yu) Date: Thu, 19 Apr 2018 00:46:45 +0100 Subject: [Openstack] [nova] KVM internal error. Suberror: 3 Message-ID: Hi, I have been tracing the source of a nasty bug that happens on my Openstack Liberty cluster recently, but in vain. Basically when I start a new instance, Openstack would report it as "Paused" immediately. When I login to the compute node and check the qemu logs, I saw KVM internal error. Suberror: 3. /var/log/libvirt/qemu/instance.log 2018-04-18 22:51:49.503+0000: starting up LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -name instance-000000fc -S -machine pc-i440fx-trusty,accel=kvm,usb=off -cpu SandyBridge,+invpcid,+erms,+bmi2,+smep,+avx2,+bmi1,+fsgsbase,+abm,+pdpe1gb,+rdrand,+f16c,+osxsave,+movbe,+dca,+pcid,+pdcm,+xtpr,+fma,+tm2,+est,+smx,+vmx,+ds_cpl,+monitor,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme -m 245000 -realtime mlock=off -smp 46,sockets=46,cores=1,threads=1 -uuid d6bec617-7977-4fd6-a6ad-cd9757735fdc -smbios type=1,manufacturer=OpenStack Foundation,product=OpenStack Nova,version=12.0.5,serial=d8eca30f-2e73-4dfb-9270-244084458637,uuid=d6bec617-7977-4fd6-a6ad-cd9757735fdc,family=Virtual Machine -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/instance-000000fc.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/nova/instances/d6bec617-7977-4fd6-a6ad-cd9757735fdc/disk,if=none,id=drive-virtio-disk0,format=qcow2,cache=none -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -drive file=/var/lib/nova/instances/d6bec617-7977-4fd6-a6ad-cd9757735fdc/disk.swap,if=none,id=drive-virtio-disk1,format=qcow2,cache=none -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,id=virtio-disk1 -netdev tap,fd=25,id=hostnet0,vhost=on,vhostfd=26 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=fa:16:3e:42:9d:6f,bus=pci.0,addr=0x3 -chardev file,id=charserial0,path=/var/lib/nova/instances/d6bec617-7977-4fd6-a6ad-cd9757735fdc/console.log -device isa-serial,chardev=charserial0,id=serial0 -chardev pty,id=charserial1 -device isa-serial,chardev=charserial1,id=serial1 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -k en-us -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -msg timestamp=on Domain id=6 is tainted: high-privileges char device redirected to /dev/pts/7 (label charserial1) KVM internal error. Suberror: 3 extra data[0]: 800000ef extra data[1]: 31 RAX=0000000000000000 RBX=ffff883a8fee5fd8 RCX=00000000ffffffff RDX=0000000000000000 RSI=0000000000000001 RDI=ffffffff81dd9e48 RBP=ffff883a8fee5ec8 RSP=ffff883a8fee5ec8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=ffffffff81cdbe60 R13=000000000000000a R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8103cf6b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff883b20340000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 ffff883b203512c0 00002087 00008b00 DPL=0 TSS64-busy GDT= ffff883b20344000 0000007f IDT= ffffffff81dd6000 00000fff CR0=8005003b CR2=00000000ffffffff CR3=0000000001c05000 CR4=001406e0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 Code=66 90 fb 5d c3 0f 1f 40 00 55 48 89 e5 66 66 66 66 90 fb f4 <5d> c3 0f 1f 00 55 48 89 e5 66 66 66 66 90 f4 5d c3 0f 1f 40 00 55 48 89 e5 66 66 66 66 90 Next I enabled kernel tracing according to the instructions on https://www.linux-kvm.org/page/Tracing. I noted a lot of page faults and IO errors. Here shows an excerpt: qemu-system-x86-4848 [021] 561909.361044: kvm_update_master_clock: masterclock 0 hostclock tsc offsetmatched 0 qemu-system-x86-4848 [021] 561909.361148: kvm_fpu: load qemu-system-x86-4848 [021] 561909.361151: kvm_entry: vcpu 0 qemu-system-x86-4848 [021] 561909.361155: kvm_exit: reason EPT_VIOLATION rip 0xfff0 info 184 0 qemu-system-x86-4848 [021] 561909.361157: kvm_page_fault: address fffffff0 error_code 184 qemu-system-x86-4848 [021] 561909.361167: kvm_entry: vcpu 0 qemu-system-x86-4848 [021] 561909.361168: kvm_exit: reason EPT_VIOLATION rip 0xe05b info 184 0 qemu-system-x86-4848 [021] 561909.361168: kvm_page_fault: address fe05b error_code 184 qemu-system-x86-4848 [021] 561909.361171: kvm_entry: vcpu 0 qemu-system-x86-4848 [021] 561909.361172: kvm_exit: reason EPT_VIOLATION rip 0xe05b info 181 0 qemu-system-x86-4848 [021] 561909.361172: kvm_page_fault: address f6574 error_code 181 The full tracing report is also available at https://www.dropbox.com/s/hmee8sr0zcruqyh/trace-cmd.report.gz?dl=0 Other system info: OS: Ubuntu 14.04.5 Kernel: 3.13.0-123-generic QEMU: version 2.0.0 (Debian 2.0.0+dfsg-2ubuntu1.40) CPU: 2 x Intel(R) Xeon(R) CPU E5-2670 v3 @ 2.30GHz VT-d enabled Motherboard: X10DRT-PT Intel C610 chipset BIOS: American Megatrends Inc. version: 1.0c date: 04/10/2015 RAM: 16 x 16GB Samsung M393A2G40DB0-CPB Any comments or hints would be greatly appreciated. Thank you very much! Best regards, Allen -------------- next part -------------- An HTML attachment was scrubbed... URL: From joshua.hesketh at gmail.com Thu Apr 19 02:24:48 2018 From: joshua.hesketh at gmail.com (Joshua Hesketh) Date: Thu, 19 Apr 2018 12:24:48 +1000 Subject: [Openstack] which SDK to use? In-Reply-To: <5AD75ED1.5030006@windriver.com> References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> <5AD61F94.3030509@windriver.com> <5AD75ED1.5030006@windriver.com> Message-ID: There is also nothing stopping you from using both. For example, you could use the OpenStack SDK for most things but if you hit an edge case where you need something specific you can then import the particular client lib. Cheers, Josh On Thu, Apr 19, 2018 at 1:05 AM, Chris Friesen wrote: > I should preface this with the fact that I don't use OpenStack SDK, so you > may want to check with the project developers. > > One example is that a bit over a year ago nova added a microversion to > include the flavor information directly in the server information rather > than returning a link to a flavor (that may have been modified or deleted > in the meantime). > > To my knowledge, the Openstack SDK does not yet support this functionality. > > Chris > > > > On 04/17/2018 02:24 PM, Volodymyr Litovka wrote: > >> Hi Chris and colleagues, >> >> based on your experience, can you specify an average delay between new OS >> release / new feature introduction and appearance of corresponding >> support in >> Unified Openstack SDK if you were experiencing such issues? >> >> Thanks. >> >> On 4/17/18 7:23 PM, Chris Friesen wrote: >> >>> On 04/17/2018 07:13 AM, Jeremy Stanley wrote: >>> >>> The various "client libraries" (e.g. python-novaclient, >>>> python-cinderclient, et cetera) can also be used to that end, but >>>> are mostly for service-to-service communication these days, aren't >>>> extremely consistent with each other, and tend to eventually drop >>>> support for older OpenStack APIs so if you're going to be >>>> interacting with a variety of different OpenStack deployments built >>>> on different releases you may need multiple versions of the client >>>> libraries (depending on what it is you're trying to do). >>>> >>> >>> The above is all good information. >>> >>> I'd like to add that if you need bleeding-edge functionality in nova it >>> will >>> often be implemented first in python-novaclient. >>> >>> Chris >>> >>> _______________________________________________ >>> Mailing list: http://lists.openstack.org/cgi >>> -bin/mailman/listinfo/openstack >>> Post to : openstack at lists.openstack.org >>> Unsubscribe : http://lists.openstack.org/cgi >>> -bin/mailman/listinfo/openstack >>> >> >> > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac > k > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac > k > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Cory at Hawkless.id.au Thu Apr 19 04:15:33 2018 From: Cory at Hawkless.id.au (Cory Hawkless) Date: Thu, 19 Apr 2018 04:15:33 +0000 Subject: [Openstack] Glance image definition using V2 API Message-ID: <18C7C076CE65A443BC1DEC057949DEFE6F1939E0@CorysCloudVPS.Oblivion.local> Looking for some help with defining glance images. I'm running a new Queens installation and do not have the V1 API enabled in Glance. So the Glance V1 API has been deprecated for some time now (I believe) and best I can tell there is no support in the V2 API for defining an existing image into glance. I.E, I have some volumes in my Ceph pool that I'd like to expose to Glance, but the old method of using "glance image-create --disk-format raw --id $IMAGE_ID --location rbd://$CLUSTER_ID/$POOL/$IMAGE_ID/snap" no longer works because this is a V1 command with the V2 API having no support for the --location flag. I'm primarily dealing with large(ish) windows images around 100GB mark, so exporting them to a file then importing them using the --file command is very sub optimal. Without an outright database hack, is there any way to define an existing Ceph based volume to be used by Glance? If there is not a way to do this then can I safely enable the V1 API in Queens? How long until V1 support is removed and I'm back to square 1 Thanks in advance Cory From Remo at Italy1.com Thu Apr 19 07:29:52 2018 From: Remo at Italy1.com (Remo Mattei) Date: Thu, 19 Apr 2018 09:29:52 +0200 Subject: [Openstack] Glance image definition using V2 API In-Reply-To: <18C7C076CE65A443BC1DEC057949DEFE6F1939E0@CorysCloudVPS.Oblivion.local> References: <18C7C076CE65A443BC1DEC057949DEFE6F1939E0@CorysCloudVPS.Oblivion.local> Message-ID: Did you look at the Openstack commas api options? I am traveling now but I could check it later. Inviato da iPhone > Il giorno 19 apr 2018, alle ore 06:15, Cory Hawkless ha scritto: > > Looking for some help with defining glance images. I'm running a new Queens installation and do not have the V1 API enabled in Glance. > > So the Glance V1 API has been deprecated for some time now (I believe) and best I can tell there is no support in the V2 API for defining an existing image into glance. > I.E, I have some volumes in my Ceph pool that I'd like to expose to Glance, but the old method of using "glance image-create --disk-format raw --id $IMAGE_ID --location rbd://$CLUSTER_ID/$POOL/$IMAGE_ID/snap" no longer works because this is a V1 command with the V2 API having no support for the --location flag. > > I'm primarily dealing with large(ish) windows images around 100GB mark, so exporting them to a file then importing them using the --file command is very sub optimal. > > Without an outright database hack, is there any way to define an existing Ceph based volume to be used by Glance? > If there is not a way to do this then can I safely enable the V1 API in Queens? How long until V1 support is removed and I'm back to square 1 > > Thanks in advance > Cory > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From fungi at yuggoth.org Thu Apr 19 13:01:56 2018 From: fungi at yuggoth.org (Jeremy Stanley) Date: Thu, 19 Apr 2018 13:01:56 +0000 Subject: [Openstack] which SDK to use? In-Reply-To: References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> <5AD61F94.3030509@windriver.com> <5AD75ED1.5030006@windriver.com> Message-ID: <20180419130156.lp4chv7mv3rofudn@yuggoth.org> On 2018-04-19 12:24:48 +1000 (+1000), Joshua Hesketh wrote: > There is also nothing stopping you from using both. For example, > you could use the OpenStack SDK for most things but if you hit an > edge case where you need something specific you can then import > the particular client lib. [...] Or, for that matter, leverage OpenStackSDK's ability to pass arbitrary calls to individual service APIs when you need something not exposed by the porcelain layer. -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: From chris.friesen at windriver.com Thu Apr 19 13:46:33 2018 From: chris.friesen at windriver.com (Chris Friesen) Date: Thu, 19 Apr 2018 07:46:33 -0600 Subject: [Openstack] which SDK to use? In-Reply-To: <20180419130156.lp4chv7mv3rofudn@yuggoth.org> References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> <5AD61F94.3030509@windriver.com> <5AD75ED1.5030006@windriver.com> <20180419130156.lp4chv7mv3rofudn@yuggoth.org> Message-ID: <5AD89DB9.1040101@windriver.com> On 04/19/2018 07:01 AM, Jeremy Stanley wrote: > On 2018-04-19 12:24:48 +1000 (+1000), Joshua Hesketh wrote: >> There is also nothing stopping you from using both. For example, >> you could use the OpenStack SDK for most things but if you hit an >> edge case where you need something specific you can then import >> the particular client lib. > [...] > > Or, for that matter, leverage OpenStackSDK's ability to pass > arbitrary calls to individual service APIs when you need something > not exposed by the porcelain layer. Is that documented somewhere? I spent some time looking at https://docs.openstack.org/openstacksdk/latest/ and didn't see anything that looked like that. Thanks, Chris From Cory at Hawkless.id.au Fri Apr 20 00:04:03 2018 From: Cory at Hawkless.id.au (Cory Hawkless) Date: Fri, 20 Apr 2018 00:04:03 +0000 Subject: [Openstack] Glance image definition using V2 API In-Reply-To: References: <18C7C076CE65A443BC1DEC057949DEFE6F1939E0@CorysCloudVPS.Oblivion.local> Message-ID: <18C7C076CE65A443BC1DEC057949DEFE6F19471F@CorysCloudVPS.Oblivion.local> Are you referring to https://developer.openstack.org/api-ref/image/v2/#create-an-image ? There seems to be no support for specifying a location in the API V2 create-image call (POST /v2/images) Perhaps the location attribute could be updated after creation using the update-image call (PATCH /v2/images) but I couldn't find a definitive answer on that -----Original Message----- From: Remo Mattei [mailto:Remo at Italy1.com] Sent: Thursday, 19 April 2018 5:00 PM To: Cory Hawkless Cc: openstack at lists.openstack.org Subject: Re: [Openstack] Glance image definition using V2 API Did you look at the Openstack commas api options? I am traveling now but I could check it later. Inviato da iPhone > Il giorno 19 apr 2018, alle ore 06:15, Cory Hawkless ha scritto: > > Looking for some help with defining glance images. I'm running a new Queens installation and do not have the V1 API enabled in Glance. > > So the Glance V1 API has been deprecated for some time now (I believe) and best I can tell there is no support in the V2 API for defining an existing image into glance. > I.E, I have some volumes in my Ceph pool that I'd like to expose to Glance, but the old method of using "glance image-create --disk-format raw --id $IMAGE_ID --location rbd://$CLUSTER_ID/$POOL/$IMAGE_ID/snap" no longer works because this is a V1 command with the V2 API having no support for the --location flag. > > I'm primarily dealing with large(ish) windows images around 100GB mark, so exporting them to a file then importing them using the --file command is very sub optimal. > > Without an outright database hack, is there any way to define an existing Ceph based volume to be used by Glance? > If there is not a way to do this then can I safely enable the V1 API in Queens? How long until V1 support is removed and I'm back to square 1 > > Thanks in advance > Cory > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From adriant at catalyst.net.nz Fri Apr 20 03:19:07 2018 From: adriant at catalyst.net.nz (Adrian Turjak) Date: Fri, 20 Apr 2018 15:19:07 +1200 Subject: [Openstack] which SDK to use? In-Reply-To: <5AD89DB9.1040101@windriver.com> References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> <5AD61F94.3030509@windriver.com> <5AD75ED1.5030006@windriver.com> <20180419130156.lp4chv7mv3rofudn@yuggoth.org> <5AD89DB9.1040101@windriver.com> Message-ID: As someone who used to use all the standalone clients, I'm leaning very heavily these days to using only the SDK and think we should encourage most projects to treat the SDK as their first point of implementation rather than all the wildly different python clients. So if you are new to OpenStack, the the SDK is the best and most consistent option right now for interacting with OpenStack from python. Sadly though the docs are lacking, but the docs for the other libraries aren't that much better anyway half the time. On 20/04/18 01:46, Chris Friesen wrote: > On 04/19/2018 07:01 AM, Jeremy Stanley wrote: >> On 2018-04-19 12:24:48 +1000 (+1000), Joshua Hesketh wrote: >>> There is also nothing stopping you from using both. For example, >>> you could use the OpenStack SDK for most things but if you hit an >>> edge case where you need something specific you can then import >>> the particular client lib. >> [...] >> >> Or, for that matter, leverage OpenStackSDK's ability to pass >> arbitrary calls to individual service APIs when you need something >> not exposed by the porcelain layer. > > Is that documented somewhere?  I spent some time looking at > https://docs.openstack.org/openstacksdk/latest/ and didn't see > anything that looked like that. > Not that I believe, but basically it amounts to that on any service proxy object you can call .get .post etc. So if the SDK doesn't yet support a given feature, you can still use the feature yourself, but you need to do some raw requests work, which honestly isn't that bad. servers = list(conn.compute.servers()) vs servers_resp = conn.compute.get("/servers") The direct calls on the proxy object use your current session (auth and scope) against the endpoint specific to that service, and just return the raw  request itself when called directly. This works even for Swift where the url has to include details about your account. It's surprisingly elegant. Ideally when people use the SDK like this they should also submit a patch to fill in the missing functionality. Adding to the SDK isn't that bad and the codebase is much better than it used to be. > Thanks, > Chris > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to     : openstack at lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From chris.friesen at windriver.com Fri Apr 20 07:28:33 2018 From: chris.friesen at windriver.com (Chris Friesen) Date: Fri, 20 Apr 2018 01:28:33 -0600 Subject: [Openstack] which SDK to use? In-Reply-To: References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> <5AD61F94.3030509@windriver.com> <5AD75ED1.5030006@windriver.com> <20180419130156.lp4chv7mv3rofudn@yuggoth.org> <5AD89DB9.1040101@windriver.com> Message-ID: <5AD996A1.2030406@windriver.com> On 04/19/2018 09:19 PM, Adrian Turjak wrote: > On 20/04/18 01:46, Chris Friesen wrote: >> On 04/19/2018 07:01 AM, Jeremy Stanley wrote: >>> Or, for that matter, leverage OpenStackSDK's ability to pass >>> arbitrary calls to individual service APIs when you need something >>> not exposed by the porcelain layer. >> >> Is that documented somewhere? I spent some time looking at >> https://docs.openstack.org/openstacksdk/latest/ and didn't see >> anything that looked like that. >> > Not that I believe, but basically it amounts to that on any service > proxy object you can call .get .post etc. So if the SDK doesn't yet > support a given feature, you can still use the feature yourself, but you > need to do some raw requests work, which honestly isn't that bad. > > servers = list(conn.compute.servers()) > vs > servers_resp = conn.compute.get("/servers") I think the second statement above is not quite right. >>> from openstack import connection >>> conn = connection.Connection(auth_url=....) >>> [flavor.name for flavor in conn.compute.flavors()] [u'small', u'medium'] >>> conn.compute.get("/servers") Traceback (most recent call last): File "", line 1, in AttributeError: 'Proxy' object has no attribute 'get' Chris From adriant at catalyst.net.nz Fri Apr 20 07:48:48 2018 From: adriant at catalyst.net.nz (Adrian Turjak) Date: Fri, 20 Apr 2018 19:48:48 +1200 Subject: [Openstack] which SDK to use? In-Reply-To: <5AD996A1.2030406@windriver.com> Message-ID: <25dfdbac-e6f0-4d21-a59e-86961e67521d@email.android.com> An HTML attachment was scrubbed... URL: From tdecacqu at redhat.com Fri Apr 20 14:47:55 2018 From: tdecacqu at redhat.com (Tristan Cacqueray) Date: Fri, 20 Apr 2018 14:47:55 +0000 Subject: [Openstack] [OSSA-2018-001] Raw underlying encrypted volume access (CVE-2017-18191) Message-ID: <1524234738.lb44mdx399.tristanC@fedora> ===================================================== OSSA-2018-001: Raw underlying encrypted volume access ===================================================== :Date: April 20, 2018 :CVE: CVE-2017-18191 Affects ~~~~~~~ - Nova: >=15.0.0 <=15.1.0, >=16.0.0 <=16.1.1 Description ~~~~~~~~~~~ Lee Yarwood (Red Hat) reported a vulnerability in Nova encrypted volumes handling. By detaching and reattaching an encrypted volume an attacker may access the underlying raw volume and corrupt the LUKS header resuling in a denial of service attack on the compute host. All Nova setups supporting encrypted volumes are affected. Patches ~~~~~~~ - https://review.openstack.org/561604 (Ocata) - https://review.openstack.org/543569 (Pike) - https://review.openstack.org/460243 (Queens) Credits ~~~~~~~ - Lee Yarwood from Red Hat (CVE-2017-18191) References ~~~~~~~~~~ - https://launchpad.net/bugs/1739593 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191 Notes ~~~~~ - Pike and Ocata patches disable encrypted volume swapping, this feature is now only supported in Nova version >= 17.0.0. -- Tristan Cacqueray OpenStack Vulnerability Management Team -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From chris.friesen at windriver.com Fri Apr 20 15:59:18 2018 From: chris.friesen at windriver.com (Chris Friesen) Date: Fri, 20 Apr 2018 09:59:18 -0600 Subject: [Openstack] which SDK to use? In-Reply-To: <25dfdbac-e6f0-4d21-a59e-86961e67521d@email.android.com> References: <25dfdbac-e6f0-4d21-a59e-86961e67521d@email.android.com> Message-ID: <5ADA0E56.8070702@windriver.com> On 04/20/2018 01:48 AM, Adrian Turjak wrote: > What version of the SDK are you using? Originally I just used what was installed in my devstack VM, which seems to be 0.9.17. Upgrading to 0.12.0 allowed it to work. Thanks, Chris From amy at demarco.com Fri Apr 20 17:31:20 2018 From: amy at demarco.com (Amy Marrich) Date: Fri, 20 Apr 2018 12:31:20 -0500 Subject: [Openstack] =?utf-8?q?OpenStack_Summit_Vancouver_Speed_Mentoring_?= =?utf-8?q?Workshop=E2=80=94Call_for_Mentors?= Message-ID: *Calling All OpenStack Mentors!We’re quickly nearing the Vancouver Summit, and gearing up for another successful Speed Mentoring workshop! This workshop, now a mainstay at OpenStack Summits, is designed to provide guidance to newcomers so that they can dive in and actively engage, participate and contribute to our community. And we couldn’t do this without you—our fearless mentors!Speed Mentoring Workshop & LunchMonday, May 21, 12:15 – 1:30 pmVancouver Convention Centre West, Level 2, Room 215-216https://bit.ly/2HCGjMo Who should sign up?Are you excited about OpenStack and interested in sharing your career, community or technical advice and expertise with others? Contributed (code and non-code contributions welcome) to the OpenStack community for at least one year? Any mentor of any gender with a technical or non-technical background is encouraged to join us. Share your insights, inspire those new to our community, grab lunch, and pick up special mentor gifts!How does it work?Simply sign up here , and fill in a short survey about your areas of interests and expertise. Your answers will be used to produce fun, customized baseball cards that you can use to introduce yourself to the mentees. You will be provided with mentees’ areas of interest and questions in advance to help you prepare, and we’ll meet as a team ahead of time to go over logistics and answer any questions you may have. On the day of the event, plan to arrive ~ 15 minutes before the session. During the session, you will meet with small groups of mentees in 15-minute intervals and answer their questions about how to grow in the community.It’s a fast-paced event and a great way to meet new people, introduce them to the Summit and welcome them to the OpenStack community.Be sure to sign up today !* *Thanks,* *Amy (spotz)* -------------- next part -------------- An HTML attachment was scrubbed... URL: From Remo at italy1.com Fri Apr 20 17:59:38 2018 From: Remo at italy1.com (Remo Mattei) Date: Fri, 20 Apr 2018 19:59:38 +0200 Subject: [Openstack] Glance image definition using V2 API In-Reply-To: <18C7C076CE65A443BC1DEC057949DEFE6F19471F@CorysCloudVPS.Oblivion.local> References: <18C7C076CE65A443BC1DEC057949DEFE6F1939E0@CorysCloudVPS.Oblivion.local> <18C7C076CE65A443BC1DEC057949DEFE6F19471F@CorysCloudVPS.Oblivion.local> Message-ID: <257C1C93-0D10-4C8C-AA7F-547F7F39B30E@italy1.com> Here is a script I use on the fly.. for i in $(ls -l *.img |awk -F " " '{print $9}'); do openstack image create --disk-format qcow2 --container-format bare --public --file $i $i; done > On Apr 20, 2018, at 02:04, Cory Hawkless wrote: > > Are you referring to https://developer.openstack.org/api-ref/image/v2/#create-an-image ? > There seems to be no support for specifying a location in the API V2 create-image call (POST /v2/images) > Perhaps the location attribute could be updated after creation using the update-image call (PATCH /v2/images) but I couldn't find a definitive answer on that > > > -----Original Message----- > From: Remo Mattei [mailto:Remo at Italy1.com] > Sent: Thursday, 19 April 2018 5:00 PM > To: Cory Hawkless > Cc: openstack at lists.openstack.org > Subject: Re: [Openstack] Glance image definition using V2 API > > Did you look at the Openstack commas api options? I am traveling now but I could check it later. > > Inviato da iPhone > >> Il giorno 19 apr 2018, alle ore 06:15, Cory Hawkless ha scritto: >> >> Looking for some help with defining glance images. I'm running a new Queens installation and do not have the V1 API enabled in Glance. >> >> So the Glance V1 API has been deprecated for some time now (I believe) and best I can tell there is no support in the V2 API for defining an existing image into glance. >> I.E, I have some volumes in my Ceph pool that I'd like to expose to Glance, but the old method of using "glance image-create --disk-format raw --id $IMAGE_ID --location rbd://$CLUSTER_ID/$POOL/$IMAGE_ID/snap" no longer works because this is a V1 command with the V2 API having no support for the --location flag. >> >> I'm primarily dealing with large(ish) windows images around 100GB mark, so exporting them to a file then importing them using the --file command is very sub optimal. >> >> Without an outright database hack, is there any way to define an existing Ceph based volume to be used by Glance? >> If there is not a way to do this then can I safely enable the V1 API in Queens? How long until V1 support is removed and I'm back to square 1 >> >> Thanks in advance >> Cory >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack at lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From torin.woltjer at granddial.com Fri Apr 20 19:36:14 2018 From: torin.woltjer at granddial.com (Torin Woltjer) Date: Fri, 20 Apr 2018 19:36:14 GMT Subject: [Openstack] Nova VNC console broken Message-ID: <9369c11900954ffb90ab3938234e1e2e@granddial.com> After setting up HA for my openstack cluster, the nova console no longer works. Nothing of note appears in any of the logs at /var/log/nova on the controller or the compute node running the instance. I get a single line that looks relevant output to /var/log/apache2/errors.log on the controller node: [Fri Apr 20 15:14:07.666495 2018] [wsgi:error] [pid 25807:tid 139801204832000] WARNING horizon.exceptions Recoverable error: No available console found. Trying to run the command "openstack console url show" with a verbosity of 2 outputs the following: http://paste.openstack.org/show/719660/ Does anybody know the solution to this or of any way that I can further troubleshoot the issue? Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From emccormick at cirrusseven.com Fri Apr 20 21:32:34 2018 From: emccormick at cirrusseven.com (Erik McCormick) Date: Fri, 20 Apr 2018 21:32:34 +0000 Subject: [Openstack] Nova VNC console broken In-Reply-To: <9369c11900954ffb90ab3938234e1e2e@granddial.com> References: <9369c11900954ffb90ab3938234e1e2e@granddial.com> Message-ID: Could you describe your HA set up a little bit? I assume your controllers are behind a load balancer. Did you alter the novnc URL to point to the virtual ip? -Erik On Apr 20, 2018 3:43 PM, "Torin Woltjer" wrote: After setting up HA for my openstack cluster, the nova console no longer works. Nothing of note appears in any of the logs at /var/log/nova on the controller or the compute node running the instance. I get a single line that looks relevant output to /var/log/apache2/errors.log on the controller node: [Fri Apr 20 15:14:07.666495 2018] [wsgi:error] [pid 25807:tid 139801204832000] WARNING horizon.exceptions Recoverable error: No available console found. Trying to run the command "openstack console url show" with a verbosity of 2 outputs the following: http://paste.openstack.org/show/719660/ Does anybody know the solution to this or of any way that I can further troubleshoot the issue? Thanks, _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: From berndbausch at gmail.com Fri Apr 20 23:14:07 2018 From: berndbausch at gmail.com (Bernd Bausch) Date: Sat, 21 Apr 2018 08:14:07 +0900 Subject: [Openstack] Nova VNC console broken In-Reply-To: <9369c11900954ffb90ab3938234e1e2e@granddial.com> References: <9369c11900954ffb90ab3938234e1e2e@granddial.com> Message-ID: According to the command output that you posted, the first API that fails is this: GET http://controller:8774/v2.1/servers/zktubntu It's the equivalent of openstack server show zktubntu. I wonder if you run console url show as the owner of that instance, or as admin. As admin, you can't find an instance by its name (except if the instance is owned by admin). What happens if you issue the server show command? What happens if you issue console url show with the instance ID instead of its name? In any case, it would be useful to check the Nova logs to understand why this API fails. On 4/21/2018 4:36 AM, Torin Woltjer wrote: > After setting up HA for my openstack cluster, the nova console no longer works. Nothing of note appears in any of the logs at /var/log/nova on the controller or the compute node running the instance. I get a single line that looks relevant output to /var/log/apache2/errors.log on the controller node: > > [Fri Apr 20 15:14:07.666495 2018] [wsgi:error] [pid 25807:tid 139801204832000] WARNING horizon.exceptions Recoverable error: No available console found. > > Trying to run the command "openstack console url show" with a verbosity of 2 outputs the following: > http://paste.openstack.org/show/719660/ > > Does anybody know the solution to this or of any way that I can further troubleshoot the issue? > > Thanks, > > > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From doka.ua at gmx.com Sat Apr 21 13:37:34 2018 From: doka.ua at gmx.com (Volodymyr Litovka) Date: Sat, 21 Apr 2018 16:37:34 +0300 Subject: [Openstack] which SDK to use? In-Reply-To: References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> <5AD61F94.3030509@windriver.com> <5AD75ED1.5030006@windriver.com> <20180419130156.lp4chv7mv3rofudn@yuggoth.org> <5AD89DB9.1040101@windriver.com> Message-ID: Hi Adrian, at the moment, "wildly different" python clients provide more, than Unified SDK. Not sure about all clients, but what I found and what finally turned me to client libraries is inability to to do actions on stack (e.g. suspend/resume) using Unified SDK (neither doc not source code contain any mentions on this, while python-heatclient describes this and can it to do). It's far from bleeding edge - it's huge gap in feature consistency. On 4/20/18 6:19 AM, Adrian Turjak wrote: > As someone who used to use all the standalone clients, I'm leaning very > heavily these days to using only the SDK and think we should encourage > most projects to treat the SDK as their first point of implementation > rather than all the wildly different python clients. > > So if you are new to OpenStack, the the SDK is the best and most > consistent option right now for interacting with OpenStack from python. > Sadly though the docs are lacking, but the docs for the other libraries > aren't that much better anyway half the time. > > > On 20/04/18 01:46, Chris Friesen wrote: >> On 04/19/2018 07:01 AM, Jeremy Stanley wrote: >>> On 2018-04-19 12:24:48 +1000 (+1000), Joshua Hesketh wrote: >>>> There is also nothing stopping you from using both. For example, >>>> you could use the OpenStack SDK for most things but if you hit an >>>> edge case where you need something specific you can then import >>>> the particular client lib. >>> [...] >>> >>> Or, for that matter, leverage OpenStackSDK's ability to pass >>> arbitrary calls to individual service APIs when you need something >>> not exposed by the porcelain layer. >> Is that documented somewhere?  I spent some time looking at >> https://docs.openstack.org/openstacksdk/latest/ and didn't see >> anything that looked like that. >> > Not that I believe, but basically it amounts to that on any service > proxy object you can call .get .post etc. So if the SDK doesn't yet > support a given feature, you can still use the feature yourself, but you > need to do some raw requests work, which honestly isn't that bad. > > servers = list(conn.compute.servers()) > vs > servers_resp = conn.compute.get("/servers") > > The direct calls on the proxy object use your current session (auth and > scope) against the endpoint specific to that service, and just return > the raw  request itself when called directly. This works even for Swift > where the url has to include details about your account. It's > surprisingly elegant. > > Ideally when people use the SDK like this they should also submit a > patch to fill in the missing functionality. Adding to the SDK isn't that > bad and the codebase is much better than it used to be. > >> Thanks, >> Chris >> >> _______________________________________________ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to     : openstack at lists.openstack.org >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison From dev.faz at gmail.com Sun Apr 22 04:57:33 2018 From: dev.faz at gmail.com (Fabian Zimmermann) Date: Sun, 22 Apr 2018 06:57:33 +0200 Subject: [Openstack] Glance image definition using V2 API In-Reply-To: <18C7C076CE65A443BC1DEC057949DEFE6F1939E0@CorysCloudVPS.Oblivion.local> References: <18C7C076CE65A443BC1DEC057949DEFE6F1939E0@CorysCloudVPS.Oblivion.local> Message-ID: Hi, just create an empty image (Without file or location param), then use add-location to set your locations. Fabian Zimmermann Am 19. April 2018 06:15:33 MESZ schrieb Cory Hawkless : >Looking for some help with defining glance images. I'm running a new >Queens installation and do not have the V1 API enabled in Glance. > >So the Glance V1 API has been deprecated for some time now (I believe) >and best I can tell there is no support in the V2 API for defining an >existing image into glance. >I.E, I have some volumes in my Ceph pool that I'd like to expose to >Glance, but the old method of using "glance image-create --disk-format >raw --id $IMAGE_ID --location rbd://$CLUSTER_ID/$POOL/$IMAGE_ID/snap" >no longer works because this is a V1 command with the V2 API having no >support for the --location flag. > >I'm primarily dealing with large(ish) windows images around 100GB mark, >so exporting them to a file then importing them using the --file >command is very sub optimal. > >Without an outright database hack, is there any way to define an >existing Ceph based volume to be used by Glance? >If there is not a way to do this then can I safely enable the V1 API in >Queens? How long until V1 support is removed and I'm back to square 1 > >Thanks in advance >Cory > >_______________________________________________ >Mailing list: >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >Post to : openstack at lists.openstack.org >Unsubscribe : >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: From haibin.huang at intel.com Mon Apr 23 01:08:15 2018 From: haibin.huang at intel.com (Huang, Haibin) Date: Mon, 23 Apr 2018 01:08:15 +0000 Subject: [Openstack] about cloud-init question Message-ID: <26F9979367EE7A488DB1ED79369D372039C0121D@SHSMSX104.ccr.corp.intel.com> Hi All, I have a problem about cloud-init. I want to both transfer files and execute script. So I give below script to user-data when I create instance. #cloud-config write_files: - encoding: b64 content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== owner: root:root path: /root/hhb.gz permissions: '0644' #!/bin/bash mkdir -p /home/ubuntu/config but, I can't get /root/hhb.gz and /home/Ubuntu/config. If I separate transfer files and execute script. It is ok. Any idea? Below is my debug info ubuntu at onap-hhb7:~$ sudo cloud-init --version sudo: unable to resolve host onap-hhb7 cloud-init 0.7.5 security-groupsubuntu at onap-hhb7:~$ curl http://169.254.169.254/2009-04-04/user-data #cloud-config write_files: - encoding: b64 content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== owner: root:root path: /root/hhb.gz permissions: '0644' #!/bin/bash mkdir -p /home/ubuntu/config ubuntu at onap-hhb7:~$ sudo ls /root/ -a . .. .bashrc .profile .ssh ubuntu at onap-hhb7:/var/lib/cloud/instance$ ls boot-finished datasource obj.pkl sem user-data.txt.i vendor-data.txt.i cloud-config.txt handlers scripts user-data.txt vendor-data.txt ubuntu at onap-hhb7:/var/lib/cloud/instance$ sudo cat user-data.txt sudo: unable to resolve host onap-hhb7 #cloud-config write_files: - encoding: b64 content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== owner: root:root path: /root/hhb.gz permissions: '0644' #!/bin/bash mkdir -p /home/ubuntu/config ------------------------------------------------------------------------------------------------------------------------------- Huang.haibin 11628530 86+18106533356 -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev.faz at gmail.com Mon Apr 23 04:14:03 2018 From: dev.faz at gmail.com (Fabian Zimmermann) Date: Mon, 23 Apr 2018 06:14:03 +0200 Subject: [Openstack] about cloud-init question In-Reply-To: <26F9979367EE7A488DB1ED79369D372039C0121D@SHSMSX104.ccr.corp.intel.com> References: <26F9979367EE7A488DB1ED79369D372039C0121D@SHSMSX104.ccr.corp.intel.com> Message-ID: <48B8F40E-4F70-4469-8554-6177D346EF22@gmail.com> Hi, I dont think its possible to switch the interpreter during the run. I would suggest to take a look into your cloud-init.log maybe its telling you why it is not doing what you want. Fabian Zimmermann Am 23. April 2018 03:08:15 MESZ schrieb "Huang, Haibin" : >Hi All, > >I have a problem about cloud-init. >I want to both transfer files and execute script. So I give below >script to user-data when I create instance. >#cloud-config >write_files: >- encoding: b64 > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > owner: root:root > path: /root/hhb.gz > permissions: '0644' > >#!/bin/bash >mkdir -p /home/ubuntu/config > >but, I can't get /root/hhb.gz and /home/Ubuntu/config. >If I separate transfer files and execute script. It is ok. >Any idea? > >Below is my debug info > >ubuntu at onap-hhb7:~$ sudo cloud-init --version > >sudo: unable to resolve host onap-hhb7 > >cloud-init 0.7.5 > > > >security-groupsubuntu at onap-hhb7:~$ curl >http://169.254.169.254/2009-04-04/user-data > >#cloud-config > >write_files: > >- encoding: b64 > > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > > owner: root:root > > path: /root/hhb.gz > > permissions: '0644' > > > >#!/bin/bash > >mkdir -p /home/ubuntu/config > > > >ubuntu at onap-hhb7:~$ sudo ls /root/ -a > >. .. .bashrc .profile .ssh > > > >ubuntu at onap-hhb7:/var/lib/cloud/instance$ ls > >boot-finished datasource obj.pkl sem user-data.txt.i >vendor-data.txt.i > >cloud-config.txt handlers scripts user-data.txt vendor-data.txt > >ubuntu at onap-hhb7:/var/lib/cloud/instance$ sudo cat user-data.txt > >sudo: unable to resolve host onap-hhb7 > >#cloud-config > >write_files: > >- encoding: b64 > > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > > owner: root:root > > path: /root/hhb.gz > > permissions: '0644' > > > >#!/bin/bash > >mkdir -p /home/ubuntu/config > > > >------------------------------------------------------------------------------------------------------------------------------- >Huang.haibin >11628530 >86+18106533356 -------------- next part -------------- An HTML attachment was scrubbed... URL: From haibin.huang at intel.com Mon Apr 23 06:52:51 2018 From: haibin.huang at intel.com (Huang, Haibin) Date: Mon, 23 Apr 2018 06:52:51 +0000 Subject: [Openstack] about cloud-init question In-Reply-To: <48B8F40E-4F70-4469-8554-6177D346EF22@gmail.com> References: <26F9979367EE7A488DB1ED79369D372039C0121D@SHSMSX104.ccr.corp.intel.com> <48B8F40E-4F70-4469-8554-6177D346EF22@gmail.com> Message-ID: <26F9979367EE7A488DB1ED79369D372039C013AF@SHSMSX104.ccr.corp.intel.com> Hi Fabian, I have export cloud-init.log as attachment. I can’t find the reason. Can you help me to see it. Thank you! From: Fabian Zimmermann [mailto:dev.faz at gmail.com] Sent: Monday, April 23, 2018 12:14 PM To: Huang, Haibin ; openstack at lists.openstack.org Subject: Re: [Openstack] about cloud-init question Hi, I dont think its possible to switch the interpreter during the run. I would suggest to take a look into your cloud-init.log maybe its telling you why it is not doing what you want. Fabian Zimmermann Am 23. April 2018 03:08:15 MESZ schrieb "Huang, Haibin" >: Hi All, I have a problem about cloud-init. I want to both transfer files and execute script. So I give below script to user-data when I create instance. #cloud-config write_files: - encoding: b64 content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== owner: root:root path: /root/hhb.gz permissions: '0644' #!/bin/bash mkdir -p /home/ubuntu/config but, I can’t get /root/hhb.gz and /home/Ubuntu/config. If I separate transfer files and execute script. It is ok. Any idea? Below is my debug info ubuntu at onap-hhb7:~$ sudo cloud-init --version sudo: unable to resolve host onap-hhb7 cloud-init 0.7.5 security-groupsubuntu at onap-hhb7:~$ curl http://169.254.169.254/2009-04-04/user-data #cloud-config write_files: - encoding: b64 content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== owner: root:root path: /root/hhb.gz permissions: '0644' #!/bin/bash mkdir -p /home/ubuntu/config ubuntu at onap-hhb7:~$ sudo ls /root/ -a . .. .bashrc .profile .ssh ubuntu at onap-hhb7:/var/lib/cloud/instance$ ls boot-finished datasource obj.pkl sem user-data.txt.i vendor-data.txt.i cloud-config.txt handlers scripts user-data.txt vendor-data.txt ubuntu at onap-hhb7:/var/lib/cloud/instance$ sudo cat user-data.txt sudo: unable to resolve host onap-hhb7 #cloud-config write_files: - encoding: b64 content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== owner: root:root path: /root/hhb.gz permissions: '0644' #!/bin/bash mkdir -p /home/ubuntu/config ------------------------------------------------------------------------------------------------------------------------------- Huang.haibin 11628530 86+18106533356 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: cloud-init.log Type: application/octet-stream Size: 143123 bytes Desc: cloud-init.log URL: From eblock at nde.ag Mon Apr 23 06:57:32 2018 From: eblock at nde.ag (Eugen Block) Date: Mon, 23 Apr 2018 06:57:32 +0000 Subject: [Openstack] about cloud-init question In-Reply-To: <26F9979367EE7A488DB1ED79369D372039C0121D@SHSMSX104.ccr.corp.intel.com> Message-ID: <20180423065732.Horde.J4JDDFXEw5_OM6PLYRdL7wt@webmail.nde.ag> Hi, we use this piece of script to pass salt data to instances and execute the respective commands to start the salt-minion: ---cut here--- #cloud-config write_files: # Minion Konfiguration - content: | master: id: [...] owner: root:root path: /etc/salt/minion.d/init.conf permissions: '0644' # Minion Private-Key - content: | -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY----- owner: root:root path: /etc/salt/pki/minion/minion.pem permissions: '0400' [...] # Enabled und Startet den Minion runcmd: - rm -f /etc/machine-id - systemd-machine-id-setup - [ systemctl, enable, salt-minion.service ] - [ systemctl, start, --no-block, salt-minion.service ] - [ systemctl, daemon-reload ] ---cut here--- This both writes the desired files and also executes required commands. We use this on openSUSE machines, I'm not sure if this differs in your environment, but worth a shot, I guess. Regards, Eugen Zitat von "Huang, Haibin" : > Hi All, > > I have a problem about cloud-init. > I want to both transfer files and execute script. So I give below > script to user-data when I create instance. > #cloud-config > write_files: > - encoding: b64 > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > owner: root:root > path: /root/hhb.gz > permissions: '0644' > > #!/bin/bash > mkdir -p /home/ubuntu/config > > but, I can't get /root/hhb.gz and /home/Ubuntu/config. > If I separate transfer files and execute script. It is ok. > Any idea? > > Below is my debug info > > ubuntu at onap-hhb7:~$ sudo cloud-init --version > > sudo: unable to resolve host onap-hhb7 > > cloud-init 0.7.5 > > > > security-groupsubuntu at onap-hhb7:~$ curl > http://169.254.169.254/2009-04-04/user-data > > #cloud-config > > write_files: > > - encoding: b64 > > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > > owner: root:root > > path: /root/hhb.gz > > permissions: '0644' > > > > #!/bin/bash > > mkdir -p /home/ubuntu/config > > > > ubuntu at onap-hhb7:~$ sudo ls /root/ -a > > . .. .bashrc .profile .ssh > > > > ubuntu at onap-hhb7:/var/lib/cloud/instance$ ls > > boot-finished datasource obj.pkl sem > user-data.txt.i vendor-data.txt.i > > cloud-config.txt handlers scripts user-data.txt vendor-data.txt > > ubuntu at onap-hhb7:/var/lib/cloud/instance$ sudo cat user-data.txt > > sudo: unable to resolve host onap-hhb7 > > #cloud-config > > write_files: > > - encoding: b64 > > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > > owner: root:root > > path: /root/hhb.gz > > permissions: '0644' > > > > #!/bin/bash > > mkdir -p /home/ubuntu/config > > > > ------------------------------------------------------------------------------------------------------------------------------- > Huang.haibin > 11628530 > 86+18106533356 From haibin.huang at intel.com Mon Apr 23 07:13:47 2018 From: haibin.huang at intel.com (Huang, Haibin) Date: Mon, 23 Apr 2018 07:13:47 +0000 Subject: [Openstack] about cloud-init question In-Reply-To: <20180423065732.Horde.J4JDDFXEw5_OM6PLYRdL7wt@webmail.nde.ag> References: <26F9979367EE7A488DB1ED79369D372039C0121D@SHSMSX104.ccr.corp.intel.com> <20180423065732.Horde.J4JDDFXEw5_OM6PLYRdL7wt@webmail.nde.ag> Message-ID: <26F9979367EE7A488DB1ED79369D372039C01404@SHSMSX104.ccr.corp.intel.com> I suspect my cloud-init version is too lower. Can you share me your cloud-init version? Thank you! > -----Original Message----- > From: Eugen Block [mailto:eblock at nde.ag] > Sent: Monday, April 23, 2018 2:58 PM > To: openstack at lists.openstack.org > Subject: Re: [Openstack] about cloud-init question > > Hi, > > we use this piece of script to pass salt data to instances and execute the > respective commands to start the salt-minion: > > ---cut here--- > #cloud-config > write_files: > # Minion Konfiguration > - content: | > master: > id: > [...] > owner: root:root > path: /etc/salt/minion.d/init.conf > permissions: '0644' > > # Minion Private-Key > - content: | > -----BEGIN RSA PRIVATE KEY----- > [...] > -----END RSA PRIVATE KEY----- > owner: root:root > path: /etc/salt/pki/minion/minion.pem > permissions: '0400' > > [...] > > # Enabled und Startet den Minion > runcmd: > - rm -f /etc/machine-id > - systemd-machine-id-setup > - [ systemctl, enable, salt-minion.service ] > - [ systemctl, start, --no-block, salt-minion.service ] > - [ systemctl, daemon-reload ] > ---cut here--- > > This both writes the desired files and also executes required commands. We use > this on openSUSE machines, I'm not sure if this differs in your environment, but > worth a shot, I guess. > > Regards, > Eugen > > > Zitat von "Huang, Haibin" : > > > Hi All, > > > > I have a problem about cloud-init. > > I want to both transfer files and execute script. So I give below > > script to user-data when I create instance. > > #cloud-config > > write_files: > > - encoding: b64 > > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > > owner: root:root > > path: /root/hhb.gz > > permissions: '0644' > > > > #!/bin/bash > > mkdir -p /home/ubuntu/config > > > > but, I can't get /root/hhb.gz and /home/Ubuntu/config. > > If I separate transfer files and execute script. It is ok. > > Any idea? > > > > Below is my debug info > > > > ubuntu at onap-hhb7:~$ sudo cloud-init --version > > > > sudo: unable to resolve host onap-hhb7 > > > > cloud-init 0.7.5 > > > > > > > > security-groupsubuntu at onap-hhb7:~$ curl > > http://169.254.169.254/2009-04-04/user-data > > > > #cloud-config > > > > write_files: > > > > - encoding: b64 > > > > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > > > > owner: root:root > > > > path: /root/hhb.gz > > > > permissions: '0644' > > > > > > > > #!/bin/bash > > > > mkdir -p /home/ubuntu/config > > > > > > > > ubuntu at onap-hhb7:~$ sudo ls /root/ -a > > > > . .. .bashrc .profile .ssh > > > > > > > > ubuntu at onap-hhb7:/var/lib/cloud/instance$ ls > > > > boot-finished datasource obj.pkl sem > > user-data.txt.i vendor-data.txt.i > > > > cloud-config.txt handlers scripts user-data.txt vendor-data.txt > > > > ubuntu at onap-hhb7:/var/lib/cloud/instance$ sudo cat user-data.txt > > > > sudo: unable to resolve host onap-hhb7 > > > > #cloud-config > > > > write_files: > > > > - encoding: b64 > > > > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > > > > owner: root:root > > > > path: /root/hhb.gz > > > > permissions: '0644' > > > > > > > > #!/bin/bash > > > > mkdir -p /home/ubuntu/config > > > > > > > > ---------------------------------------------------------------------- > > --------------------------------------------------------- > > Huang.haibin > > 11628530 > > 86+18106533356 > > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From eblock at nde.ag Mon Apr 23 07:18:25 2018 From: eblock at nde.ag (Eugen Block) Date: Mon, 23 Apr 2018 07:18:25 +0000 Subject: [Openstack] about cloud-init question In-Reply-To: <26F9979367EE7A488DB1ED79369D372039C01404@SHSMSX104.ccr.corp.intel.com> References: <26F9979367EE7A488DB1ED79369D372039C0121D@SHSMSX104.ccr.corp.intel.com> <20180423065732.Horde.J4JDDFXEw5_OM6PLYRdL7wt@webmail.nde.ag> <26F9979367EE7A488DB1ED79369D372039C01404@SHSMSX104.ccr.corp.intel.com> Message-ID: <20180423071825.Horde.Kpaa2Wd2nuO_xAxRuL0E4s1@webmail.nde.ag> Currently, we use host:~ # cloud-init --version cloud-init 0.7.8 Zitat von "Huang, Haibin" : > I suspect my cloud-init version is too lower. Can you share me your > cloud-init version? > Thank you! > >> -----Original Message----- >> From: Eugen Block [mailto:eblock at nde.ag] >> Sent: Monday, April 23, 2018 2:58 PM >> To: openstack at lists.openstack.org >> Subject: Re: [Openstack] about cloud-init question >> >> Hi, >> >> we use this piece of script to pass salt data to instances and execute the >> respective commands to start the salt-minion: >> >> ---cut here--- >> #cloud-config >> write_files: >> # Minion Konfiguration >> - content: | >> master: >> id: >> [...] >> owner: root:root >> path: /etc/salt/minion.d/init.conf >> permissions: '0644' >> >> # Minion Private-Key >> - content: | >> -----BEGIN RSA PRIVATE KEY----- >> [...] >> -----END RSA PRIVATE KEY----- >> owner: root:root >> path: /etc/salt/pki/minion/minion.pem >> permissions: '0400' >> >> [...] >> >> # Enabled und Startet den Minion >> runcmd: >> - rm -f /etc/machine-id >> - systemd-machine-id-setup >> - [ systemctl, enable, salt-minion.service ] >> - [ systemctl, start, --no-block, salt-minion.service ] >> - [ systemctl, daemon-reload ] >> ---cut here--- >> >> This both writes the desired files and also executes required >> commands. We use >> this on openSUSE machines, I'm not sure if this differs in your >> environment, but >> worth a shot, I guess. >> >> Regards, >> Eugen >> >> >> Zitat von "Huang, Haibin" : >> >> > Hi All, >> > >> > I have a problem about cloud-init. >> > I want to both transfer files and execute script. So I give below >> > script to user-data when I create instance. >> > #cloud-config >> > write_files: >> > - encoding: b64 >> > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== >> > owner: root:root >> > path: /root/hhb.gz >> > permissions: '0644' >> > >> > #!/bin/bash >> > mkdir -p /home/ubuntu/config >> > >> > but, I can't get /root/hhb.gz and /home/Ubuntu/config. >> > If I separate transfer files and execute script. It is ok. >> > Any idea? >> > >> > Below is my debug info >> > >> > ubuntu at onap-hhb7:~$ sudo cloud-init --version >> > >> > sudo: unable to resolve host onap-hhb7 >> > >> > cloud-init 0.7.5 >> > >> > >> > >> > security-groupsubuntu at onap-hhb7:~$ curl >> > http://169.254.169.254/2009-04-04/user-data >> > >> > #cloud-config >> > >> > write_files: >> > >> > - encoding: b64 >> > >> > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== >> > >> > owner: root:root >> > >> > path: /root/hhb.gz >> > >> > permissions: '0644' >> > >> > >> > >> > #!/bin/bash >> > >> > mkdir -p /home/ubuntu/config >> > >> > >> > >> > ubuntu at onap-hhb7:~$ sudo ls /root/ -a >> > >> > . .. .bashrc .profile .ssh >> > >> > >> > >> > ubuntu at onap-hhb7:/var/lib/cloud/instance$ ls >> > >> > boot-finished datasource obj.pkl sem >> > user-data.txt.i vendor-data.txt.i >> > >> > cloud-config.txt handlers scripts user-data.txt vendor-data.txt >> > >> > ubuntu at onap-hhb7:/var/lib/cloud/instance$ sudo cat user-data.txt >> > >> > sudo: unable to resolve host onap-hhb7 >> > >> > #cloud-config >> > >> > write_files: >> > >> > - encoding: b64 >> > >> > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== >> > >> > owner: root:root >> > >> > path: /root/hhb.gz >> > >> > permissions: '0644' >> > >> > >> > >> > #!/bin/bash >> > >> > mkdir -p /home/ubuntu/config >> > >> > >> > >> > ---------------------------------------------------------------------- >> > --------------------------------------------------------- >> > Huang.haibin >> > 11628530 >> > 86+18106533356 >> >> >> >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack at lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From haibin.huang at intel.com Mon Apr 23 08:11:00 2018 From: haibin.huang at intel.com (Huang, Haibin) Date: Mon, 23 Apr 2018 08:11:00 +0000 Subject: [Openstack] about cloud-init question In-Reply-To: <20180423065732.Horde.J4JDDFXEw5_OM6PLYRdL7wt@webmail.nde.ag> References: <26F9979367EE7A488DB1ED79369D372039C0121D@SHSMSX104.ccr.corp.intel.com> <20180423065732.Horde.J4JDDFXEw5_OM6PLYRdL7wt@webmail.nde.ag> Message-ID: <26F9979367EE7A488DB1ED79369D372039C0143E@SHSMSX104.ccr.corp.intel.com> Hi I use below config can create both /root/hhb.gz and /home/Ubuntu/config. Thank you very much! #cloud-config write_files: - encoding: b64 content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== owner: root:root path: /root/hhb.gz permissions: '0644' runcmd: - mkdir -p /home/ubuntu/config mkdir -p /home/ubuntu/config/hhb > -----Original Message----- > From: Eugen Block [mailto:eblock at nde.ag] > Sent: Monday, April 23, 2018 2:58 PM > To: openstack at lists.openstack.org > Subject: Re: [Openstack] about cloud-init question > > Hi, > > we use this piece of script to pass salt data to instances and execute the > respective commands to start the salt-minion: > > ---cut here--- > #cloud-config > write_files: > # Minion Konfiguration > - content: | > master: > id: > [...] > owner: root:root > path: /etc/salt/minion.d/init.conf > permissions: '0644' > > # Minion Private-Key > - content: | > -----BEGIN RSA PRIVATE KEY----- > [...] > -----END RSA PRIVATE KEY----- > owner: root:root > path: /etc/salt/pki/minion/minion.pem > permissions: '0400' > > [...] > > # Enabled und Startet den Minion > runcmd: > - rm -f /etc/machine-id > - systemd-machine-id-setup > - [ systemctl, enable, salt-minion.service ] > - [ systemctl, start, --no-block, salt-minion.service ] > - [ systemctl, daemon-reload ] > ---cut here--- > > This both writes the desired files and also executes required commands. We use > this on openSUSE machines, I'm not sure if this differs in your environment, but > worth a shot, I guess. > > Regards, > Eugen > > > Zitat von "Huang, Haibin" : > > > Hi All, > > > > I have a problem about cloud-init. > > I want to both transfer files and execute script. So I give below > > script to user-data when I create instance. > > #cloud-config > > write_files: > > - encoding: b64 > > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > > owner: root:root > > path: /root/hhb.gz > > permissions: '0644' > > > > #!/bin/bash > > mkdir -p /home/ubuntu/config > > > > but, I can't get /root/hhb.gz and /home/Ubuntu/config. > > If I separate transfer files and execute script. It is ok. > > Any idea? > > > > Below is my debug info > > > > ubuntu at onap-hhb7:~$ sudo cloud-init --version > > > > sudo: unable to resolve host onap-hhb7 > > > > cloud-init 0.7.5 > > > > > > > > security-groupsubuntu at onap-hhb7:~$ curl > > http://169.254.169.254/2009-04-04/user-data > > > > #cloud-config > > > > write_files: > > > > - encoding: b64 > > > > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > > > > owner: root:root > > > > path: /root/hhb.gz > > > > permissions: '0644' > > > > > > > > #!/bin/bash > > > > mkdir -p /home/ubuntu/config > > > > > > > > ubuntu at onap-hhb7:~$ sudo ls /root/ -a > > > > . .. .bashrc .profile .ssh > > > > > > > > ubuntu at onap-hhb7:/var/lib/cloud/instance$ ls > > > > boot-finished datasource obj.pkl sem > > user-data.txt.i vendor-data.txt.i > > > > cloud-config.txt handlers scripts user-data.txt vendor-data.txt > > > > ubuntu at onap-hhb7:/var/lib/cloud/instance$ sudo cat user-data.txt > > > > sudo: unable to resolve host onap-hhb7 > > > > #cloud-config > > > > write_files: > > > > - encoding: b64 > > > > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > > > > owner: root:root > > > > path: /root/hhb.gz > > > > permissions: '0644' > > > > > > > > #!/bin/bash > > > > mkdir -p /home/ubuntu/config > > > > > > > > ---------------------------------------------------------------------- > > --------------------------------------------------------- > > Huang.haibin > > 11628530 > > 86+18106533356 > > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From doka.ua at gmx.com Mon Apr 23 08:59:23 2018 From: doka.ua at gmx.com (Volodymyr Litovka) Date: Mon, 23 Apr 2018 11:59:23 +0300 Subject: [Openstack] volume state (in-use/available) vs real work Message-ID: Hi colleagues, in order to change (increase) boot disk's size "on the fly", I can do the following sequense of commands without stopping VM: : openstack volume set --state available : openstack volume set --state in-use --size 32 and, if properly configured, disk will be automatically resized by cloud-init during next reboot. Is it dangerous to change volume state to "available" while VM is actively working? Which side-effects I can face while doing this? Thank you. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison From eblock at nde.ag Mon Apr 23 09:45:50 2018 From: eblock at nde.ag (Eugen Block) Date: Mon, 23 Apr 2018 09:45:50 +0000 Subject: [Openstack] about cloud-init question In-Reply-To: <26F9979367EE7A488DB1ED79369D372039C0143E@SHSMSX104.ccr.corp.intel.com> References: <26F9979367EE7A488DB1ED79369D372039C0121D@SHSMSX104.ccr.corp.intel.com> <20180423065732.Horde.J4JDDFXEw5_OM6PLYRdL7wt@webmail.nde.ag> <26F9979367EE7A488DB1ED79369D372039C0143E@SHSMSX104.ccr.corp.intel.com> Message-ID: <20180423094550.Horde.4RfPmgaV8qRSyoP3dFYZgn-@webmail.nde.ag> I'm glad I could help! Zitat von "Huang, Haibin" : > Hi > I use below config can create both /root/hhb.gz and /home/Ubuntu/config. > Thank you very much! > > #cloud-config > write_files: > - encoding: b64 > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== > owner: root:root > path: /root/hhb.gz > permissions: '0644' > > runcmd: > - mkdir -p /home/ubuntu/config > mkdir -p /home/ubuntu/config/hhb > >> -----Original Message----- >> From: Eugen Block [mailto:eblock at nde.ag] >> Sent: Monday, April 23, 2018 2:58 PM >> To: openstack at lists.openstack.org >> Subject: Re: [Openstack] about cloud-init question >> >> Hi, >> >> we use this piece of script to pass salt data to instances and execute the >> respective commands to start the salt-minion: >> >> ---cut here--- >> #cloud-config >> write_files: >> # Minion Konfiguration >> - content: | >> master: >> id: >> [...] >> owner: root:root >> path: /etc/salt/minion.d/init.conf >> permissions: '0644' >> >> # Minion Private-Key >> - content: | >> -----BEGIN RSA PRIVATE KEY----- >> [...] >> -----END RSA PRIVATE KEY----- >> owner: root:root >> path: /etc/salt/pki/minion/minion.pem >> permissions: '0400' >> >> [...] >> >> # Enabled und Startet den Minion >> runcmd: >> - rm -f /etc/machine-id >> - systemd-machine-id-setup >> - [ systemctl, enable, salt-minion.service ] >> - [ systemctl, start, --no-block, salt-minion.service ] >> - [ systemctl, daemon-reload ] >> ---cut here--- >> >> This both writes the desired files and also executes required >> commands. We use >> this on openSUSE machines, I'm not sure if this differs in your >> environment, but >> worth a shot, I guess. >> >> Regards, >> Eugen >> >> >> Zitat von "Huang, Haibin" : >> >> > Hi All, >> > >> > I have a problem about cloud-init. >> > I want to both transfer files and execute script. So I give below >> > script to user-data when I create instance. >> > #cloud-config >> > write_files: >> > - encoding: b64 >> > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== >> > owner: root:root >> > path: /root/hhb.gz >> > permissions: '0644' >> > >> > #!/bin/bash >> > mkdir -p /home/ubuntu/config >> > >> > but, I can't get /root/hhb.gz and /home/Ubuntu/config. >> > If I separate transfer files and execute script. It is ok. >> > Any idea? >> > >> > Below is my debug info >> > >> > ubuntu at onap-hhb7:~$ sudo cloud-init --version >> > >> > sudo: unable to resolve host onap-hhb7 >> > >> > cloud-init 0.7.5 >> > >> > >> > >> > security-groupsubuntu at onap-hhb7:~$ curl >> > http://169.254.169.254/2009-04-04/user-data >> > >> > #cloud-config >> > >> > write_files: >> > >> > - encoding: b64 >> > >> > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== >> > >> > owner: root:root >> > >> > path: /root/hhb.gz >> > >> > permissions: '0644' >> > >> > >> > >> > #!/bin/bash >> > >> > mkdir -p /home/ubuntu/config >> > >> > >> > >> > ubuntu at onap-hhb7:~$ sudo ls /root/ -a >> > >> > . .. .bashrc .profile .ssh >> > >> > >> > >> > ubuntu at onap-hhb7:/var/lib/cloud/instance$ ls >> > >> > boot-finished datasource obj.pkl sem >> > user-data.txt.i vendor-data.txt.i >> > >> > cloud-config.txt handlers scripts user-data.txt vendor-data.txt >> > >> > ubuntu at onap-hhb7:/var/lib/cloud/instance$ sudo cat user-data.txt >> > >> > sudo: unable to resolve host onap-hhb7 >> > >> > #cloud-config >> > >> > write_files: >> > >> > - encoding: b64 >> > >> > content: H4sICMxh2VoAA2hoYgCzKE5JK07hAgDCo1pOBwAAAA== >> > >> > owner: root:root >> > >> > path: /root/hhb.gz >> > >> > permissions: '0644' >> > >> > >> > >> > #!/bin/bash >> > >> > mkdir -p /home/ubuntu/config >> > >> > >> > >> > ---------------------------------------------------------------------- >> > --------------------------------------------------------- >> > Huang.haibin >> > 11628530 >> > 86+18106533356 >> >> >> >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack at lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From adriant at catalyst.net.nz Mon Apr 23 10:45:22 2018 From: adriant at catalyst.net.nz (Adrian Turjak) Date: Mon, 23 Apr 2018 22:45:22 +1200 Subject: [Openstack] which SDK to use? In-Reply-To: References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> <5AD61F94.3030509@windriver.com> <5AD75ED1.5030006@windriver.com> <20180419130156.lp4chv7mv3rofudn@yuggoth.org> <5AD89DB9.1040101@windriver.com> Message-ID: <2de3fc00-4708-29dd-7851-1bb7b4b27242@catalyst.net.nz> I don't disagree that the SDK lacks feature parity, which is oddly enough one of the main reasons I'm actually using it, to find those missing features, document them, maybe fix them, or if I can't fix them annoy the right people who can. With the SDK there is at least always a way to get around the lack of feature parity now by using the direct calls to the proxy object. I don't think that's a good solution, but it's a way to start using it and then start contributing back the actual implementations of those features. I've been bitten and annoyed too many times by how different and inconsistent the various other clients are, and while some of them have some great code and features, the fact that they work very differently to the others just drives me mad. Or even in the case of the neutronclient, there is 'neutronclient.client' and 'neutronclient.neutron.client'. The former is the more supported and documented one it seems (although the code terrifies me... it's a 2500 line single file), while the latter appears to be an unfinished client that was meant to be more in line with the other service clients but I think is lacking features and docs. I've never dug enough into that to find out what's going on there. Then we have the odd thing where most of the client list commands return lists of objects, while some (I'm looking at you glance), returns a generator. While I prefer returning lists, the SDK is at least always consistent in that it returns generators for ALL list commands, and ultimately you can always wrap those calls in a list() and it's the same result. And don't get me started on the swiftclient. :P The SDK isn't perfect, but it can and will get better, and it's better than the alternative, which is mostly a weird kind of inconsistent madness. We can't make all those clients work the same, that would break backwards compatibility and it would take too much effort. We can though have a unified consistent SDK that will hopefully in future be the point of first implementation for features rather than their own clients. First, we need to get people using the SDK and seeing the benefit of it, and that takes time, and people helping implement those missing features. On 22/04/18 01:37, Volodymyr Litovka wrote: > Hi Adrian, > > at the moment, "wildly different" python clients provide more, than > Unified SDK. Not sure about all clients, but what I found and what > finally turned me to client libraries is inability to to do actions on > stack (e.g. suspend/resume) using Unified SDK (neither doc not source > code contain any mentions on this, while python-heatclient describes > this and can it to do). It's far from bleeding edge - it's huge gap in > feature consistency. There seems to be a fairly old patch that started adding this but was rejected due to missing tests: https://review.openstack.org/#/c/190551/ I can't find anything more recent, but I didn't look too hard. While not ideal you can call _action directly yourself on a stack object, but it isn't particularly elegant: https://github.com/openstack/openstacksdk/blob/master/openstack/orchestration/v1/stack.py#L90 stack = conn.orchestration.get_stack(stack_id) resp = stack._action(conn.orchestration, {'suspend': ''}) I know that doesn't really help that much, but it's the best I can recommend right now. :( > > On 4/20/18 6:19 AM, Adrian Turjak wrote: >> As someone who used to use all the standalone clients, I'm leaning very >> heavily these days to using only the SDK and think we should encourage >> most projects to treat the SDK as their first point of implementation >> rather than all the wildly different python clients. >> >> So if you are new to OpenStack, the the SDK is the best and most >> consistent option right now for interacting with OpenStack from python. >> Sadly though the docs are lacking, but the docs for the other libraries >> aren't that much better anyway half the time. >> >> >> On 20/04/18 01:46, Chris Friesen wrote: >>> On 04/19/2018 07:01 AM, Jeremy Stanley wrote: >>>> On 2018-04-19 12:24:48 +1000 (+1000), Joshua Hesketh wrote: >>>>> There is also nothing stopping you from using both. For example, >>>>> you could use the OpenStack SDK for most things but if you hit an >>>>> edge case where you need something specific you can then import >>>>> the particular client lib. >>>> [...] >>>> >>>> Or, for that matter, leverage OpenStackSDK's ability to pass >>>> arbitrary calls to individual service APIs when you need something >>>> not exposed by the porcelain layer. >>> Is that documented somewhere?  I spent some time looking at >>> https://docs.openstack.org/openstacksdk/latest/ and didn't see >>> anything that looked like that. >>> >> Not that I believe, but basically it amounts to that on any service >> proxy object you can call .get .post etc. So if the SDK doesn't yet >> support a given feature, you can still use the feature yourself, but you >> need to do some raw requests work, which honestly isn't that bad. >> >> servers = list(conn.compute.servers()) >> vs >> servers_resp = conn.compute.get("/servers") >> >> The direct calls on the proxy object use your current session (auth and >> scope) against the endpoint specific to that service, and just return >> the raw  request itself when called directly. This works even for Swift >> where the url has to include details about your account. It's >> surprisingly elegant. >> >> Ideally when people use the SDK like this they should also submit a >> patch to fill in the missing functionality. Adding to the SDK isn't that >> bad and the codebase is much better than it used to be. >> >>> Thanks, >>> Chris >>> >>> _______________________________________________ >>> Mailing list: >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> Post to     : openstack at lists.openstack.org >>> Unsubscribe : >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> _______________________________________________ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to     : openstack at lists.openstack.org >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > From doka.ua at gmx.com Mon Apr 23 11:13:48 2018 From: doka.ua at gmx.com (Volodymyr Litovka) Date: Mon, 23 Apr 2018 14:13:48 +0300 Subject: [Openstack] which SDK to use? In-Reply-To: <2de3fc00-4708-29dd-7851-1bb7b4b27242@catalyst.net.nz> References: <01785213-b96f-6a0a-e8fb-03dcfa25e70b@gmx.com> <20180417131323.6mf2kwrctwmjgoyo@yuggoth.org> <5AD61F94.3030509@windriver.com> <5AD75ED1.5030006@windriver.com> <20180419130156.lp4chv7mv3rofudn@yuggoth.org> <5AD89DB9.1040101@windriver.com> <2de3fc00-4708-29dd-7851-1bb7b4b27242@catalyst.net.nz> Message-ID: <10220d02-f74c-b61b-2337-b933f451184f@gmx.com> Hi Adrian, > Then we have the odd thing where most of the client list commands return > lists of objects, while some (I'm looking at you glance), returns a > generator. After short period of use, I completely agree with this and other your statements re client libraries. Thanks for pointing on ways to do actions on stack using SDK client. I'll think again about Unified SDK - if it's more unified than clients, some annoyings are acceptable :) -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison From zinoubamab at gmail.com Mon Apr 23 16:55:16 2018 From: zinoubamab at gmail.com (Douaa) Date: Mon, 23 Apr 2018 18:55:16 +0200 Subject: [Openstack] help Message-ID: Hello I'm trying to use openstack (VIM) on openbaton for that i create to VMs one for OpenStack and the second for Opnebaton. i have installed packstack on CentOS and Openbaton on ubuntu 16.04. Now i'm trying to create VIM Openstack on openbaton but i have erreur there is any plugins or configuration i have to do it before creating VIM Openstack ? Thanks for helping -------------- next part -------------- An HTML attachment was scrubbed... URL: From mrhillsman at gmail.com Mon Apr 23 19:27:52 2018 From: mrhillsman at gmail.com (Melvin Hillsman) Date: Mon, 23 Apr 2018 14:27:52 -0500 Subject: [Openstack] help In-Reply-To: References: Message-ID: Douaa can you provide details on the error you are getting? Also I am adding the Operators ML as some more practitioners may be able to see it from there. On Mon, Apr 23, 2018 at 11:55 AM, Douaa wrote: > Hello > I'm trying to use openstack (VIM) on openbaton for that i create to VMs > one for OpenStack and the second for Opnebaton. > i have installed packstack on CentOS and Openbaton on ubuntu 16.04. Now > i'm trying to create VIM Openstack on openbaton but i have erreur there is > any plugins or configuration i have to do it before creating VIM Openstack ? > Thanks for helping > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > -- Kind regards, Melvin Hillsman mrhillsman at gmail.com mobile: (832) 264-2646 -------------- next part -------------- An HTML attachment was scrubbed... URL: From lhinds at redhat.com Tue Apr 24 13:10:01 2018 From: lhinds at redhat.com (Luke Hinds) Date: Tue, 24 Apr 2018 14:10:01 +0100 Subject: [Openstack] [OSSN-0083] Keystone policy rule "identity:get_identity_providers" was ignored Message-ID: Keystone policy rule "identity:get_identity_providers" was ignored --- ### Summary ### A policy rule in Keystone did not behave as intended leading to a less secure configuration than would be expected. ### Affected Services / Software ### OpenStack Identity Service (Keystone) versions through Mitaka, as well as Newton (<= 10.0.3), and Ocata (<= 11.0.3). ### Discussion ### Deployments were unaffected by this problem if the default rule was changed or the "get_identity_providers" rule was manually changed to be "get_identity_provider" (singular) in keystone's `policy.json`. A spelling mistake in the default policy configuration caused these rules to be ignored. As a result operators that attempted to restrict this API were unlikely to actually enforce it. ### Recommended Actions ### Update Keystone to a minimum version of 12.0.0.0b3. Additionally, this fix has been backported to Ocata (11.0.3) and Newton (10.0.3). Fix any lingering rules: `identity:get_identity_providers` should be changed to `identity:get_identity_provider`. ### Contacts / References ### Author: Nick Tait This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0083 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1703369 Mailing List : [Security] tag on openstack-dev at lists.openstack.org OpenStack Security Project : https://launchpad.net/~openstack-ossg -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x3C202614.asc Type: application/pgp-keys Size: 1680 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From marcioprado at marcioprado.eti.br Tue Apr 24 21:58:27 2018 From: marcioprado at marcioprado.eti.br (Marcio Prado) Date: Tue, 24 Apr 2018 18:58:27 -0300 Subject: [Openstack] Ocata update for Pike on Ubuntu Message-ID: <015ef7e760a2915ec4f0c9febdce750b@marcioprado.eti.br> Has anyone upgraded OpenStack Ocata to Pike using Ubuntu 16.04? Can you share the experiences please? Thank you. -- Marcio Prado Analista de TI - Infraestrutura e Redes Fone: (35) 9.9821-3561 www.marcioprado.eti.br From dev.faz at gmail.com Wed Apr 25 06:59:27 2018 From: dev.faz at gmail.com (Fabian Zimmermann) Date: Wed, 25 Apr 2018 08:59:27 +0200 Subject: [Openstack] Ocata update for Pike on Ubuntu In-Reply-To: <015ef7e760a2915ec4f0c9febdce750b@marcioprado.eti.br> References: <015ef7e760a2915ec4f0c9febdce750b@marcioprado.eti.br> Message-ID: Hi, Am 24.04.2018 um 23:58 schrieb Marcio Prado: > Has anyone upgraded OpenStack Ocata to Pike using Ubuntu 16.04? we are currently evaluating/simulating the upgrade > Can you share the experiences please? well, until now we found https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/1766189 but thats not really an upgrade issue, it is a pike issue. Fabian From marcioprado at marcioprado.eti.br Wed Apr 25 11:30:27 2018 From: marcioprado at marcioprado.eti.br (Marcio Prado) Date: Wed, 25 Apr 2018 08:30:27 -0300 Subject: [Openstack] Ocata update for Pike on Ubuntu In-Reply-To: References: <015ef7e760a2915ec4f0c9febdce750b@marcioprado.eti.br> Message-ID: <7cb770bcd1b717155e08011e1c52725a@marcioprado.eti.br> I understood Fabian. Thank you very much for your attention. I'm also simulating the update ... Unsuccessfully. News I share here. Em 25-04-2018 03:59, Fabian Zimmermann escreveu: > Hi, > > Am 24.04.2018 um 23:58 schrieb Marcio Prado: >> Has anyone upgraded OpenStack Ocata to Pike using Ubuntu 16.04? > > we are currently evaluating/simulating the upgrade > >> Can you share the experiences please? > > well, until now we found > > https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/1766189 > > but thats not really an upgrade issue, it is a pike issue. > > Fabian -- Marcio Prado Analista de TI - Infraestrutura e Redes Fone: (35) 9.9821-3561 www.marcioprado.eti.br From dev.faz at gmail.com Wed Apr 25 11:58:33 2018 From: dev.faz at gmail.com (Fabian Zimmermann) Date: Wed, 25 Apr 2018 13:58:33 +0200 Subject: [Openstack] Ocata update for Pike on Ubuntu In-Reply-To: <7cb770bcd1b717155e08011e1c52725a@marcioprado.eti.br> References: <015ef7e760a2915ec4f0c9febdce750b@marcioprado.eti.br> <7cb770bcd1b717155e08011e1c52725a@marcioprado.eti.br> Message-ID: <67a3c0c5-7338-33fb-b6ed-9bc725cdbe25@gmail.com> Hi, Am 25.04.2018 um 13:30 schrieb Marcio Prado: > I'm also simulating the update ... Unsuccessfully. What issues are you running into? Fabian From marcioprado at marcioprado.eti.br Wed Apr 25 13:05:54 2018 From: marcioprado at marcioprado.eti.br (Marcio Prado) Date: Wed, 25 Apr 2018 10:05:54 -0300 Subject: [Openstack] Ocata update for Pike on Ubuntu In-Reply-To: <67a3c0c5-7338-33fb-b6ed-9bc725cdbe25@gmail.com> References: <015ef7e760a2915ec4f0c9febdce750b@marcioprado.eti.br> <7cb770bcd1b717155e08011e1c52725a@marcioprado.eti.br> <67a3c0c5-7338-33fb-b6ed-9bc725cdbe25@gmail.com> Message-ID: I performed the following steps: 1) REMOVE THE OCATA REPOSITORY add-apt-repository --remove cloud-archive:ocata 2) ADD THE PIKE REPOSITORY add-apt-repository cloud-archive:pike 3) UPDATE OPENSTACK apt-get update apt-get upgrade reboot apt-get update apt-get upgrade 4) IF I DO NOT UPDATE THE OPENSTACK PACKAGES apt-get install ALL LIST PACKAGES 5) UPDATE BD keystone-manage token_flush keystone-manage db_sync glance-manage db_sync cinder-manage db sync nova-manage db sync nova-manage api_db sync neutron-db-manage upgrade heads nova-manage db online_data_migrations cinder-manage db online_data_migrations The mistake is in Keystone. I have not had time to debug yet ... [authz_core:error] client denied by server configuration: /usr/bin/kestone-wsgi-public Em 25-04-2018 08:58, Fabian Zimmermann escreveu: > Hi, > > Am 25.04.2018 um 13:30 schrieb Marcio Prado: >> I'm also simulating the update ... Unsuccessfully. > > What issues are you running into? > > Fabian -- Marcio Prado Analista de TI - Infraestrutura e Redes Fone: (35) 9.9821-3561 www.marcioprado.eti.br -------------- next part -------------- A non-text attachment was scrubbed... Name: ErrorKeystone.png Type: image/png Size: 52320 bytes Desc: not available URL: From dev.faz at gmail.com Wed Apr 25 13:50:51 2018 From: dev.faz at gmail.com (Fabian Zimmermann) Date: Wed, 25 Apr 2018 15:50:51 +0200 Subject: [Openstack] Ocata update for Pike on Ubuntu In-Reply-To: References: <015ef7e760a2915ec4f0c9febdce750b@marcioprado.eti.br> <7cb770bcd1b717155e08011e1c52725a@marcioprado.eti.br> <67a3c0c5-7338-33fb-b6ed-9bc725cdbe25@gmail.com> Message-ID: Hi, Am 25.04.2018 um 15:05 schrieb Marcio Prado: > The mistake is in Keystone. I have not had time to debug yet ... > > [authz_core:error] client denied by server configuration: > /usr/bin/kestone-wsgi-public first thought, sounds like apache-config is blocking the access. Check your apache(2)/sites-enabled/ Fabian From Cory at Hawkless.id.au Thu Apr 26 04:17:34 2018 From: Cory at Hawkless.id.au (Cory Hawkless) Date: Thu, 26 Apr 2018 04:17:34 +0000 Subject: [Openstack] Glance image definition using V2 API In-Reply-To: References: <18C7C076CE65A443BC1DEC057949DEFE6F1939E0@CorysCloudVPS.Oblivion.local> Message-ID: <18C7C076CE65A443BC1DEC057949DEFE6F19AB5B@CorysCloudVPS.Oblivion.local> Yep, spot on Fabian, thanks for the pointer For future reference, the current process to create an image in Glance using a pre-existing volume in Ceph is as follows Step1 – Create the empty image glance image-create --container-format=bare --disk-format=raw --min-ram 2048 --name="Windows Server test" +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | None | | container_format | bare | | created_at | 2018-04-26T04:08:37Z | | disk_format | raw | | id | 763a2ca2-e8f8-4bf9-974f-98d7020e200b | | locations | [] | | min_disk | 0 | | min_ram | 0 | | name | Windows Server test | | owner | 40c2b46fb47c4ee7ac076b259c4e0814 | | protected | False | | size | None | | status | queued | | tags | [] | | updated_at | 2018-04-26T04:08:37Z | | virtual_size | None | | visibility | shared | +------------------+--------------------------------------+ Step 2 – Update the ‘location’ attribute glance location-add --url "rbd://b42a82f3-f493-49f4-98e0-2d355bbe8ee3/saspool/image-Windows2016v1/snap" 763a2ca2-e8f8-4bf9-974f-98d7020e200b You’ll obviously need to ensure you have a protected snapshow of your image like so :~# rbd snap create saspool/image-Windows2016v1 at snap :~# rbd snap protect saspool/image-Windows2016v1 at snap :~# rbd snap ls saspool/image-Windows2016v1 SNAPID NAME SIZE TIMESTAMP 18 snap 150 GB Thu Apr 26 13:24:30 2018 You’ll also need to ensure that show_multiple_locations = true is set in glance-api.conf From: Fabian Zimmermann [mailto:dev.faz at gmail.com] Sent: Sunday, 22 April 2018 2:28 PM To: Cory Hawkless ; openstack at lists.openstack.org Subject: Re: [Openstack] Glance image definition using V2 API Hi, just create an empty image (Without file or location param), then use add-location to set your locations. Fabian Zimmermann Am 19. April 2018 06:15:33 MESZ schrieb Cory Hawkless : Looking for some help with defining glance images. I'm running a new Queens installation and do not have the V1 API enabled in Glance. So the Glance V1 API has been deprecated for some time now (I believe) and best I can tell there is no support in the V2 API for defining an existing image into glance. I.E, I have some volumes in my Ceph pool that I'd like to expose to Glance, but the old method of using "glance image-create --disk-format raw --id $IMAGE_ID --location rbd://$CLUSTER_ID/$POOL/$IMAGE_ID/snap" no longer works because this is a V1 command with the V2 API having no support for the --location flag. I'm primarily dealing with large(ish) windows images around 100GB mark, so exporting them to a file then importing them using the --file command is very sub optimal. Without an outright database hack, is there any way to define an existing Ceph based volume to be used by Glance? If there is not a way to do this then can I safely enable the V1 API in Queens? How long until V1 support is removed and I'm back to square 1 Thanks in advance Cory ________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: From apar.subbu at gmail.com Thu Apr 26 07:15:03 2018 From: apar.subbu at gmail.com (APARNA SUBBURAM) Date: Thu, 26 Apr 2018 12:45:03 +0530 Subject: [Openstack] Query regarding Openstack Tacker Message-ID: Hi Team , I have few queries related to tacker. I have found some enhancements on the go under the tacker section of NSD. Enhancements proposed: NSD in Ocata can be used for creating multiple (related) VNFs in one shot using a single TOSCA template. This is a first (big) step into NSD, few follow-on enhancements like: 1) Creating VLs / neutron networks using NSD (to support inter-VNF private VL) 2) VNFFGD support in NSD. Are these enhancements been done already or is it in proposed state? Reference link: https://docs.openstack.org/tacker/queens/user/nsd_usage_guide.html And also those limitations which are given in VNFFG as mentioned in below link: https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html Are these limitations also been implemented or not in latest Queens Release Regards, Aparna Subburam -------------- next part -------------- An HTML attachment was scrubbed... URL: From n.vivekanandan at ericsson.com Thu Apr 26 10:36:12 2018 From: n.vivekanandan at ericsson.com (N Vivekanandan) Date: Thu, 26 Apr 2018 10:36:12 +0000 Subject: [Openstack] [Nova] Nova Instance Launches failing on stable/pike Message-ID: Hi Nova Team, With the latest cloned Pike repo (devstack based setup), nova instance launches always fail with the following error: >From Nova Conductor Logs [u'Traceback (most recent call last):\n', u' File "/opt/stack/nova/nova/compute/manager.py", line 1855, in _do_build_and_run_instance\n filter_properties)\n', u' File "/opt/stack/nova/nova/compute/manager.py", line 2094, in _build_and_run_instance\n instance_uuid=instance.uuid, reason=six.text_type(e))\n', u"RescheduledException: Build of instance ebff9064-f7c2-402a-8ae9-95d78aee8c24 was re-scheduled: operation failed: domain 'instance-00000001' already exists with uuid 98bc86be-104d-416f-b608-ed4dbb99a674\n"] In the 'nova show ' output says like: File \"/usr/local/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py\", line 398, in _create_session | | | self._start() | | | File \"/usr/local/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py\", line 484, in _start | | | engine_args, maker_args) | | | File \"/usr/local/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py\", line 506, in _setup_for_connection | | | \"No sql_connection parameter is established\") However, nova-manage --debug api_db sync works correctly. We have not configured CELLSV2 inside local.conf and so are using the default configurations. We see a bug filed under Nova here: https://bugs.launchpad.net/devstack/+bug/1734510 but the bug has been in 'Undecided' for a while now. Is there a workaround for this problem? -- Thakns, Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcioprado at marcioprado.eti.br Thu Apr 26 11:17:08 2018 From: marcioprado at marcioprado.eti.br (Marcio Prado) Date: Thu, 26 Apr 2018 08:17:08 -0300 Subject: [Openstack] Ocata update for Pike on Ubuntu In-Reply-To: References: <015ef7e760a2915ec4f0c9febdce750b@marcioprado.eti.br> <7cb770bcd1b717155e08011e1c52725a@marcioprado.eti.br> <67a3c0c5-7338-33fb-b6ed-9bc725cdbe25@gmail.com> Message-ID: <2d0e99208cb87017b924f2619b8aa526@marcioprado.eti.br> Hi, It really was Apache configuration. I had to free access to the / usr / bin / directory in the /etc/apache2/apache.conf file But anyway, I type the login and password and do not log in. And I can not even see logs. Thanks for the tip. Em 25-04-2018 10:50, Fabian Zimmermann escreveu: > Hi, > > Am 25.04.2018 um 15:05 schrieb Marcio Prado: >> The mistake is in Keystone. I have not had time to debug yet ... >> >> [authz_core:error] client denied by server configuration: >> /usr/bin/kestone-wsgi-public > > first thought, sounds like apache-config is blocking the access. > > Check your apache(2)/sites-enabled/ > > > Fabian -- Marcio Prado Analista de TI - Infraestrutura e Redes Fone: (35) 9.9821-3561 www.marcioprado.eti.br From phuoc.hc at dcn.ssu.ac.kr Thu Apr 26 14:28:20 2018 From: phuoc.hc at dcn.ssu.ac.kr (Cong Phuoc Hoang) Date: Thu, 26 Apr 2018 23:28:20 +0900 Subject: [Openstack] Query regarding Openstack Tacker In-Reply-To: References: Message-ID: Hi Aparna, Thank you for interesting in Tacker project. In Rocky release, we are pushing effort to create VNFFGD with NSD. So we can use NSD to create VNFs and VNFFGs. Tacker uses networking-sfc to create service chain between VNFs, but there are some limitation, we can not support creating VLs, VLs must be existed before (currently, only VNF and VNFFGs - future are supported). With the guide in VNFFG (https://docs.openstack.org/ tacker/latest/user/vnffg_usage_guide.html), we also have a patch to support multiple forwarding paths with a VNFFGD. In the Queens release, we supported updating VNFFG such as updating flow classifiers, changing forwarding paths. Hope that information can help you. If you need more information or wanna contribute, please join channel #tacker on IRC or email to us :). Best regards, Phuoc Hoang Cong On Thu, Apr 26, 2018 at 4:15 PM, APARNA SUBBURAM wrote: > Hi Team , > > I have few queries related to tacker. > > I have found some enhancements on the go under the tacker section of NSD. > Enhancements proposed: NSD in Ocata can be used for creating multiple > (related) VNFs in one shot using a single TOSCA template. This is a first > (big) step into NSD, few follow-on enhancements like: 1) Creating VLs / > neutron networks using NSD (to support inter-VNF private VL) 2) VNFFGD > support in NSD. > Are these enhancements been done already or is it in proposed state? > Reference link: https://docs.openstack.org/tacker/queens/user/nsd_usage_ > guide.html > > And also those limitations which are given in VNFFG as mentioned in below > link: > https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html > > Are these limitations also been implemented or not in latest Queens Release > > Regards, > Aparna Subburam > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dangtrinhnt at gmail.com Thu Apr 26 15:11:24 2018 From: dangtrinhnt at gmail.com (Trinh Nguyen) Date: Fri, 27 Apr 2018 00:11:24 +0900 Subject: [Openstack] Query regarding Openstack Tacker In-Reply-To: References: Message-ID: Hi Aparna, You can follow up with these on-going patches which trying to make VNFFGs available in NS orchestration: + Specification: https://review.openstack.org/#/c/448109/ + Implementation: https://review.openstack.org/#/c/558166/ They are projected to be released in Rocky. Any comments are welcomed. *Trinh Nguyen *| Founder *E:* dangtrinhnt at gmail.com | *W:* *www.edlab.xyz * On Thu, Apr 26, 2018 at 11:28 PM, Cong Phuoc Hoang wrote: > Hi Aparna, > > Thank you for interesting in Tacker project. > > In Rocky release, we are pushing effort to create VNFFGD with NSD. So we > can use NSD to create VNFs and VNFFGs. Tacker uses networking-sfc to create > service chain between VNFs, but there are some limitation, we can not > support creating VLs, VLs must be existed before (currently, only VNF and > VNFFGs - future are supported). > > With the guide in VNFFG (https://docs.openstack.org/ta > cker/latest/user/vnffg_usage_guide.html), we also have a patch to support > multiple forwarding paths with a VNFFGD. In the Queens release, we > supported updating VNFFG such as updating flow classifiers, changing > forwarding paths. > > Hope that information can help you. If you need more information or wanna > contribute, please join channel #tacker on IRC or email to us :). > > Best regards, > Phuoc Hoang Cong > > On Thu, Apr 26, 2018 at 4:15 PM, APARNA SUBBURAM > wrote: > >> Hi Team , >> >> I have few queries related to tacker. >> >> I have found some enhancements on the go under the tacker section of NSD. >> Enhancements proposed: NSD in Ocata can be used for creating multiple >> (related) VNFs in one shot using a single TOSCA template. This is a first >> (big) step into NSD, few follow-on enhancements like: 1) Creating VLs / >> neutron networks using NSD (to support inter-VNF private VL) 2) VNFFGD >> support in NSD. >> Are these enhancements been done already or is it in proposed state? >> Reference link: https://docs.openstack.org/tac >> ker/queens/user/nsd_usage_guide.html >> >> And also those limitations which are given in VNFFG as mentioned in below >> link: >> https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html >> >> Are these limitations also been implemented or not in latest Queens >> Release >> >> Regards, >> Aparna Subburam >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi >> -bin/mailman/listinfo/openstack >> Post to : openstack at lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi >> -bin/mailman/listinfo/openstack >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris.friesen at windriver.com Thu Apr 26 20:13:35 2018 From: chris.friesen at windriver.com (Chris Friesen) Date: Thu, 26 Apr 2018 16:13:35 -0400 Subject: [Openstack] Glance image definition using V2 API In-Reply-To: References: <18C7C076CE65A443BC1DEC057949DEFE6F1939E0@CorysCloudVPS.Oblivion.local> Message-ID: <5AE232EF.8030202@windriver.com> On 04/22/2018 12:57 AM, Fabian Zimmermann wrote: > Hi, > > just create an empty image (Without file or location param), then use > add-location to set your locations. I was under the impression that the V2 API didn't let you update the location unless the "show_multiple_locations" config option was set to "True", which is explicitly stated in the help text to be a Bad Idea. Chris From vondra at homeatcloud.cz Fri Apr 27 09:29:39 2018 From: vondra at homeatcloud.cz (=?utf-8?Q?Tom=C3=A1=C5=A1_Vondra?=) Date: Fri, 27 Apr 2018 11:29:39 +0200 Subject: [Openstack] volume state (in-use/available) vs real work In-Reply-To: References: Message-ID: <047101d3de0a$44d22ba0$ce7682e0$@homeatcloud.cz> Hi! whether this works or not depends on the backend. For example, on Fibre Channel, the VM would still see the same size, because it is still presented from the storage to the hypervisor with the same size. Changing it on the fly requires you to dig deep in Linux SCSI rescans and device mapper resizes, write some disk sizes manually.. Luckily, ext4 refuses to mount when the device is shorted than it should be. A live migrate afterwards tends to help, though. It will get presented correctly to the new hypervisor without manual magic. To make it short: This use case is not automated on OpenStack side. Tomas -----Original Message----- From: Volodymyr Litovka [mailto:doka.ua at gmx.com] Sent: Monday, April 23, 2018 10:59 AM To: OpenStack Mailing List Subject: [Openstack] volume state (in-use/available) vs real work Hi colleagues, in order to change (increase) boot disk's size "on the fly", I can do the following sequense of commands without stopping VM: : openstack volume set --state available : openstack volume set --state in-use --size 32 and, if properly configured, disk will be automatically resized by cloud-init during next reboot. Is it dangerous to change volume state to "available" while VM is actively working? Which side-effects I can face while doing this? Thank you. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack From corey.bryant at canonical.com Fri Apr 27 12:43:58 2018 From: corey.bryant at canonical.com (Corey Bryant) Date: Fri, 27 Apr 2018 08:43:58 -0400 Subject: [Openstack] OpenStack Queens for Ubuntu 18.04 LTS Message-ID: Hi All, With yesterday’s release of Ubuntu 18.04 LTS (the Bionic Beaver) the Ubuntu OpenStack team at Canonical is pleased to announce the general availability of OpenStack Queens on Ubuntu 18.04 LTS. This release of Ubuntu is a Long Term Support release that will be supported for 5 years. Further details for the Ubuntu 18.04 release can be found at: https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes. And further details for the OpenStack Queens release can be found at: https://www.openstack.org/software/queens. Installing on Ubuntu 18.04 LTS ------------------------------ No extra steps are required required; just start installing OpenStack! Installing on Ubuntu 16.04 LTS ------------------------------ If you’re interested in OpenStack Queens on Ubuntu 16.04, please refer to http://lists.openstack.org/pipermail/openstack-dev/2018-March/127851.html, which coincided with the upstream OpenStack Queens release. Packages -------- The 18.04 archive includes updates for: aodh, barbican, ceilometer, ceph (12.2.4), cinder, congress, designate, designate-dashboard, dpdk (17.11), glance, glusterfs (3.13.2), gnocchi, heat, heat-dashboard, horizon, ironic, keystone, libvirt (4.0.0), magnum, manila, manila-ui, mistral, murano, murano-dashboard, networking-bagpipe, networking-bgpvpn, networking-hyperv, networking-l2gw, networking-odl, networking-ovn, networking-sfc, neutron, neutron-dynamic-routing, neutron-fwaas, neutron-lbaas, neutron-lbaas-dashboard, neutron-taas, neutron-vpnaas, nova, nova-lxd, openstack-trove, openvswitch (2.9.0), panko, qemu (2.11), rabbitmq-server (3.6.10), sahara, sahara-dashboard, senlin, swift, trove-dashboard, vmware-nsx, watcher, and zaqar. For a full list of packages and versions, please refer to [0]. Branch Package Builds --------------------- If you want to try out the latest updates to stable branches, we are delivering continuously integrated packages on each upstream commit in the following PPA’s: sudo add-apt-repository ppa:openstack-ubuntu-testing/mitaka sudo add-apt-repository ppa:openstack-ubuntu-testing/ocata sudo add-apt-repository ppa:openstack-ubuntu-testing/pike sudo add-apt-repository ppa:openstack-ubuntu-testing/queens bear in mind these are built per-commitish (30 min checks for new commits at the moment) so ymmv from time-to-time. Reporting bugs -------------- If you run into any issues please report bugs using the ‘ubuntu-bug’ tool: sudo ubuntu-bug nova-conductor this will ensure that bugs get logged in the right place in Launchpad. Thank you to all who contributed to OpenStack Queens and Ubuntu Bionic both upstream and in Debian/Ubuntu packaging! Regards, Corey (on behalf of the Ubuntu OpenStack team) [0] http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/queens_versions.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From corey.bryant at canonical.com Fri Apr 27 13:30:15 2018 From: corey.bryant at canonical.com (Corey Bryant) Date: Fri, 27 Apr 2018 09:30:15 -0400 Subject: [Openstack] [openstack-dev] OpenStack Queens for Ubuntu 18.04 LTS In-Reply-To: References: Message-ID: On Fri, Apr 27, 2018 at 9:03 AM, Hongbin Lu wrote: > Hi Corey, > > What are the requirements to include OpenStack Zun into the Ubuntu > packages? We have a comprehensive installation guide [1] that are using by > a lot of users when they were installing Zun. However, the missing of > Ubuntu packages is inconvenient for our users. What the Zun team can help > for adding Zun to Ubuntu. > > [1] https://docs.openstack.org/zun/latest/install/index.html > > Best regards, > Hongbin > Hi Hongbin, If we were to get working packages from the community and commitment to test, I'd be happy to sponsor uploads to Ubuntu and backport to the cloud achive. Thanks, Corey -------------- next part -------------- An HTML attachment was scrubbed... URL: From corey.bryant at canonical.com Fri Apr 27 14:57:43 2018 From: corey.bryant at canonical.com (Corey Bryant) Date: Fri, 27 Apr 2018 10:57:43 -0400 Subject: [Openstack] [openstack-dev] OpenStack Queens for Ubuntu 18.04 LTS In-Reply-To: References: Message-ID: On Fri, Apr 27, 2018 at 10:20 AM, Hongbin Lu wrote: > Corey, > > Thanks for the information. Would you clarify what is "working packages > from the community"? > > Best regards, > Hongbin > Sorry I guess that comment is probably a bit vague. The OpenStack packages are open source like many other projects. They're Apache 2 licensed and we gladly accept contributions. :) This is a good starting point for working with the Ubuntu OpenStack packages: https://wiki.ubuntu.com/OpenStack/CorePackages If you or someone else were to provide package sources for zun that DTRT to create binary packages, and if they can test them, then I'd be happy to review/sponsor the Ubuntu and cloud-archive uploads. Thanks, Corey > > On Fri, Apr 27, 2018 at 9:30 AM, Corey Bryant > wrote: > >> >> >> On Fri, Apr 27, 2018 at 9:03 AM, Hongbin Lu wrote: >> >>> Hi Corey, >>> >>> What are the requirements to include OpenStack Zun into the Ubuntu >>> packages? We have a comprehensive installation guide [1] that are using by >>> a lot of users when they were installing Zun. However, the missing of >>> Ubuntu packages is inconvenient for our users. What the Zun team can help >>> for adding Zun to Ubuntu. >>> >>> [1] https://docs.openstack.org/zun/latest/install/index.html >>> >>> Best regards, >>> Hongbin >>> >> >> Hi Hongbin, >> >> If we were to get working packages from the community and commitment to >> test, I'd be happy to sponsor uploads to Ubuntu and backport to the cloud >> achive. >> >> Thanks, >> Corey >> >> ____________________________________________________________ >> ______________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tobias.urdin at crystone.com Fri Apr 27 15:23:51 2018 From: tobias.urdin at crystone.com (Tobias Urdin) Date: Fri, 27 Apr 2018 15:23:51 +0000 Subject: [Openstack] [openstack-dev] OpenStack Queens for Ubuntu 18.04 LTS References: Message-ID: <2d5b9f1e66664cf6a1333b7837ffb189@mb01.staff.ognet.se> Hello, I was very interested in packaging Zun for Ubuntu however I did not have the time to properly get started. I was able to package kuryr-lib, I've uploaded it here for now https://github.com/tobias-urdin/deb-kuryr-lib Would love to see both Zun and Qinling in Ubuntu to get a good grip on the container world :) Best regards On 04/27/2018 04:59 PM, Corey Bryant wrote: On Fri, Apr 27, 2018 at 10:20 AM, Hongbin Lu > wrote: Corey, Thanks for the information. Would you clarify what is "working packages from the community"? Best regards, Hongbin Sorry I guess that comment is probably a bit vague. The OpenStack packages are open source like many other projects. They're Apache 2 licensed and we gladly accept contributions. :) This is a good starting point for working with the Ubuntu OpenStack packages: https://wiki.ubuntu.com/OpenStack/CorePackages If you or someone else were to provide package sources for zun that DTRT to create binary packages, and if they can test them, then I'd be happy to review/sponsor the Ubuntu and cloud-archive uploads. Thanks, Corey On Fri, Apr 27, 2018 at 9:30 AM, Corey Bryant > wrote: On Fri, Apr 27, 2018 at 9:03 AM, Hongbin Lu > wrote: Hi Corey, What are the requirements to include OpenStack Zun into the Ubuntu packages? We have a comprehensive installation guide [1] that are using by a lot of users when they were installing Zun. However, the missing of Ubuntu packages is inconvenient for our users. What the Zun team can help for adding Zun to Ubuntu. [1] https://docs.openstack.org/zun/latest/install/index.html Best regards, Hongbin Hi Hongbin, If we were to get working packages from the community and commitment to test, I'd be happy to sponsor uploads to Ubuntu and backport to the cloud achive. Thanks, Corey __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From corey.bryant at canonical.com Fri Apr 27 15:54:18 2018 From: corey.bryant at canonical.com (Corey Bryant) Date: Fri, 27 Apr 2018 11:54:18 -0400 Subject: [Openstack] [openstack-dev] OpenStack Queens for Ubuntu 18.04 LTS In-Reply-To: <2d5b9f1e66664cf6a1333b7837ffb189@mb01.staff.ognet.se> References: <2d5b9f1e66664cf6a1333b7837ffb189@mb01.staff.ognet.se> Message-ID: On Fri, Apr 27, 2018 at 11:23 AM, Tobias Urdin wrote: > Hello, > > I was very interested in packaging Zun for Ubuntu however I did not have > the time to properly get started. > > I was able to package kuryr-lib, I've uploaded it here for now > https://github.com/tobias-urdin/deb-kuryr-lib > > > Would love to see both Zun and Qinling in Ubuntu to get a good grip on the > container world :) > Best regards > > Awesome Tobias. I can take a closer look next week if you'd like. Thanks, Corey > > On 04/27/2018 04:59 PM, Corey Bryant wrote: > > On Fri, Apr 27, 2018 at 10:20 AM, Hongbin Lu wrote: > >> Corey, >> >> Thanks for the information. Would you clarify what is "working packages >> from the community"? >> >> Best regards, >> Hongbin >> > > Sorry I guess that comment is probably a bit vague. > > The OpenStack packages are open source like many other projects. They're > Apache 2 licensed and we gladly accept contributions. :) > > This is a good starting point for working with the Ubuntu OpenStack > packages: > https://wiki.ubuntu.com/OpenStack/CorePackages > > If you or someone else were to provide package sources for zun that DTRT > to create binary packages, and if they can test them, then I'd be happy to > review/sponsor the Ubuntu and cloud-archive uploads. > > Thanks, > Corey > > >> >> On Fri, Apr 27, 2018 at 9:30 AM, Corey Bryant > > wrote: >> >>> >>> >>> On Fri, Apr 27, 2018 at 9:03 AM, Hongbin Lu >>> wrote: >>> >>>> Hi Corey, >>>> >>>> What are the requirements to include OpenStack Zun into the Ubuntu >>>> packages? We have a comprehensive installation guide [1] that are using by >>>> a lot of users when they were installing Zun. However, the missing of >>>> Ubuntu packages is inconvenient for our users. What the Zun team can help >>>> for adding Zun to Ubuntu. >>>> >>>> [1] https://docs.openstack.org/zun/latest/install/index.html >>>> >>>> Best regards, >>>> Hongbin >>>> >>> >>> Hi Hongbin, >>> >>> If we were to get working packages from the community and commitment to >>> test, I'd be happy to sponsor uploads to Ubuntu and backport to the cloud >>> achive. >>> >>> Thanks, >>> Corey >>> >>> ____________________________________________________________ >>> ______________ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: OpenStack-dev-request at lists.op >>> enstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> ____________________________________________________________ >> ______________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tobias.urdin at crystone.com Fri Apr 27 16:06:17 2018 From: tobias.urdin at crystone.com (Tobias Urdin) Date: Fri, 27 Apr 2018 16:06:17 +0000 Subject: [Openstack] [openstack-dev] OpenStack Queens for Ubuntu 18.04 LTS References: <2d5b9f1e66664cf6a1333b7837ffb189@mb01.staff.ognet.se> Message-ID: <5da9e30ebe8b40a49f9ada0f2ae22253@mb01.staff.ognet.se> I got started on kuryr-libnetwork but never finished the init/systemd scripts but all dependencies in control file should be ok. I uploaded it here: https://github.com/tobias-urdin/deb-kuryr-libnetwork (not a working package!) After fixing kuryr-libnetwork one can get starting packaging Zun. For Qinling you might want kuryr-libkubernetes as well, but I'm unsure. Best regards On 04/27/2018 05:56 PM, Corey Bryant wrote: On Fri, Apr 27, 2018 at 11:23 AM, Tobias Urdin > wrote: Hello, I was very interested in packaging Zun for Ubuntu however I did not have the time to properly get started. I was able to package kuryr-lib, I've uploaded it here for now https://github.com/tobias-urdin/deb-kuryr-lib Would love to see both Zun and Qinling in Ubuntu to get a good grip on the container world :) Best regards Awesome Tobias. I can take a closer look next week if you'd like. Thanks, Corey On 04/27/2018 04:59 PM, Corey Bryant wrote: On Fri, Apr 27, 2018 at 10:20 AM, Hongbin Lu > wrote: Corey, Thanks for the information. Would you clarify what is "working packages from the community"? Best regards, Hongbin Sorry I guess that comment is probably a bit vague. The OpenStack packages are open source like many other projects. They're Apache 2 licensed and we gladly accept contributions. :) This is a good starting point for working with the Ubuntu OpenStack packages: https://wiki.ubuntu.com/OpenStack/CorePackages If you or someone else were to provide package sources for zun that DTRT to create binary packages, and if they can test them, then I'd be happy to review/sponsor the Ubuntu and cloud-archive uploads. Thanks, Corey On Fri, Apr 27, 2018 at 9:30 AM, Corey Bryant > wrote: On Fri, Apr 27, 2018 at 9:03 AM, Hongbin Lu > wrote: Hi Corey, What are the requirements to include OpenStack Zun into the Ubuntu packages? We have a comprehensive installation guide [1] that are using by a lot of users when they were installing Zun. However, the missing of Ubuntu packages is inconvenient for our users. What the Zun team can help for adding Zun to Ubuntu. [1] https://docs.openstack.org/zun/latest/install/index.html Best regards, Hongbin Hi Hongbin, If we were to get working packages from the community and commitment to test, I'd be happy to sponsor uploads to Ubuntu and backport to the cloud achive. Thanks, Corey __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From torin.woltjer at granddial.com Fri Apr 27 18:47:30 2018 From: torin.woltjer at granddial.com (Torin Woltjer) Date: Fri, 27 Apr 2018 18:47:30 GMT Subject: [Openstack] Multiple floating IPs one instance Message-ID: Is it possible to run an instance with more than one floating IPs? It is not immediately evident how to do this, or whether it is even possible. I have an instance that I would like to have address on two separate networks, and would like to use floating IPs so that I can have that are capable of living longer than the instance itself. Torin Woltjer Grand Dial Communications - A ZK Tech Inc. Company 616.776.1066 ext. 2006 www.granddial.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From n.vivekanandan at ericsson.com Mon Apr 30 06:20:19 2018 From: n.vivekanandan at ericsson.com (N Vivekanandan) Date: Mon, 30 Apr 2018 06:20:19 +0000 Subject: [Openstack] [Nova] Nova Instance Launches failing on stable/pike In-Reply-To: References: Message-ID: Hi Team, Any help in this is highly appreciated. A new Ubuntu 16.04 box with devstack pulled off pike and stacked up ends up with Nova boots failing. Is this seen by others too off stable/pike? -- Thanks, Vivek From: N Vivekanandan Sent: Thursday, April 26, 2018 4:06 PM To: 'openstack at lists.openstack.org' Subject: [Openstack][Nova] Nova Instance Launches failing on stable/pike Hi Nova Team, With the latest cloned Pike repo (devstack based setup), nova instance launches always fail with the following error: >From Nova Conductor Logs [u'Traceback (most recent call last):\n', u' File "/opt/stack/nova/nova/compute/manager.py", line 1855, in _do_build_and_run_instance\n filter_properties)\n', u' File "/opt/stack/nova/nova/compute/manager.py", line 2094, in _build_and_run_instance\n instance_uuid=instance.uuid, reason=six.text_type(e))\n', u"RescheduledException: Build of instance ebff9064-f7c2-402a-8ae9-95d78aee8c24 was re-scheduled: operation failed: domain 'instance-00000001' already exists with uuid 98bc86be-104d-416f-b608-ed4dbb99a674\n"] In the 'nova show ' output says like: File \"/usr/local/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py\", line 398, in _create_session | | | self._start() | | | File \"/usr/local/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py\", line 484, in _start | | | engine_args, maker_args) | | | File \"/usr/local/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py\", line 506, in _setup_for_connection | | | \"No sql_connection parameter is established\") However, nova-manage --debug api_db sync works correctly. We have not configured CELLSV2 inside local.conf and so are using the default configurations. We see a bug filed under Nova here: https://bugs.launchpad.net/devstack/+bug/1734510 but the bug has been in 'Undecided' for a while now. Is there a workaround for this problem? -- Thakns, Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: From alee at redhat.com Mon Apr 30 20:07:09 2018 From: alee at redhat.com (Ade Lee) Date: Mon, 30 Apr 2018 16:07:09 -0400 Subject: [Openstack] [barbican] barbican migrated to storyboard Message-ID: <1525118829.3706.33.camel@redhat.com> Hi all, Thanks to the hard work done by Kendall and Jeremy, Barbican has now been been migrated to storyboard. The new link for the Barbican storyboard is https://storyboard.openstac k.org/#!/project_group/81 This is the starting point for : python-barbicanclient, castellan-ui, barbican-tempest-plugin, barbican- specs and openstack-barbican Note, that because castellan is under oslo control, it has not yet been migrated at this time. Thanks Kendall and Jeremy! Ade From abogott at wikimedia.org Mon Apr 30 22:21:35 2018 From: abogott at wikimedia.org (Andrew Bogott) Date: Mon, 30 Apr 2018 17:21:35 -0500 Subject: [Openstack] Migrating instances between clouds vs. copy-on-write images Message-ID: Sometime soon I'm going to need to migrate a few hundred VMs from one (nova-network-using) cloud to a newer (neutron-having) cloud. Google searches for suggestions about inter-cloud migration get me a whole lot of pages that suggest should I do this by taking snapshots in the old cloud and importing those snapshots into Glance on the new cloud. Doesn't that migration path result in a massive increase in storage needs in the new cloud?  Right now I have a small number of shared base images and a large number of copy-on-write instances.  If I create snapshots for each VM, won't my new Glance server need to have storage capacity equal to 100% of the expanded size of every one of my instances? Or, alternatively, maybe people using this method are purging the imported Glance images after the migration -- if that's so, then they can't be using copy-on-write, so that would drastically increase my storage needs on the compute side instead. Am I missing something?  Does glance support e.g. images-backed-by-other-images so that I can have nested copy-on-write images? Right now I'm leaning towards doing my migrations the hard way instead, by simply copying the raw instance files across and then mucking around in the nova database.  I'd love it if someone could steer me to a proper API-based approach though! Thanks! -Andrew From marcioprado at marcioprado.eti.br Mon Apr 30 23:13:07 2018 From: marcioprado at marcioprado.eti.br (Marcio Prado) Date: Mon, 30 Apr 2018 20:13:07 -0300 Subject: [Openstack] Ocata update for Pike on Ubuntu In-Reply-To: <2d0e99208cb87017b924f2619b8aa526@marcioprado.eti.br> References: <015ef7e760a2915ec4f0c9febdce750b@marcioprado.eti.br> <7cb770bcd1b717155e08011e1c52725a@marcioprado.eti.br> <67a3c0c5-7338-33fb-b6ed-9bc725cdbe25@gmail.com> <2d0e99208cb87017b924f2619b8aa526@marcioprado.eti.br> Message-ID: <8ebdb7f755329ad5d0adc5919569ef48@marcioprado.eti.br> Hello everyone, I was able to update successfully. Here are the steps: UPDATE OPENSTACK VERSION OCETA FOR PIKE UBUNTU UPDATE OF THE CONTROLLER Node 1) PAUSE ALL SERVICES service glance-registry stop service glance-api stop service nova-api stop service nova-conductor stop service nova-consoleauth stop service nova-novncproxy stop service nova-scheduler stop service neutron-server stop service neutron-linuxbridge-agent stop service neutron-dhcp-agent stop service neutron-metadata-agent stop service neutron-l3-agent stop service apache2 stop 2) REMOVE THE OCATA REPOSITORY add-apt-repository --remove cloud-archive:ocata 3) ADD THE PIKE REPOSITORY add-apt-repository cloud-archive:pike 4) UPDATE PACKAGES apt-get update apt-get upgrade 5) FORCED OPENSTACK PACKAGE UPDATE apt-get install list of all packages not installed 6) ACCEPT THE INSTALLATION AND SUB-SUBSTITUTION OF THE CONFIGURATION FILES (A COPY OF THE PRESENT CONFIGURATIONS SHALL BE MADE) Choose the option: Y In my case, the substitute archives were: /etc/nova/nova.conf /etc/keystone/keystone-paste.ini /etc/keystone/keystone.conf /etc/neutron/l3_agent.ini /etc/neutron/neutron.conf /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/metadata_agent.ini /etc/neutron/dhcp_agent.ini /etc/neutron/plugins/ml2/ml2_conf.ini /etc/glance/glance-registry.conf /etc/glance/glance-api.conf /etc/openstack-dashboard/local_settings.py Note: The old configuration files have an extension: .dpkg.conf 7) COMPARE THE SUBMITTED FILES OF ITEM 6, WITH THE FILES .dpkg.conf MAKING THE CHANGES NECESSARY 8) UPDATE DATA BANK su -s /bin/sh -c "keystone-manage token_flush" keystone su -s /bin/sh -c "keystone-manage db_sync" keystone su -s /bin/sh -c "glance-manage db_sync" glance su -s /bin/sh -c "nova-manage db sync" nova su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "neutron-db-manage upgrade heads" neutron su -s /bin/sh -c "nova-manage db online_data_migrations" neutron 9) REMOVING UNNECESSARY PACKAGES apt autoremove 10) RESET SYSTEM reboot UPDATE NODES COMPUTER 1) PAUSE ALL SERVICES /etc/init.d/nova-compute stop /etc/init.d/neutron-linuxbridge-agent stop /etc/init.d/neutron-linuxbridge-cleanup stop /etc/init.d/ceilometer-agent-compute stop 2) REMOVE THE OCATA REPOSITORY add-apt-repository --remove cloud-archive:ocata 3) ADD THE PIKE REPOSITORY add-apt-repository cloud-archive:pike 4) UPDATE PACKAGES apt-get update apt-get upgrade 5) FORCED OPENSTACK PACKAGE UPDATE apt-get install list of all packages not installed 6) ACCEPT THE INSTALLATION AND SUB-SUBSTITUTION OF THE CONFIGURATION FILES (A COPY OF THE PRESENT CONFIGURATIONS SHALL BE MADE) School option: Y In my case, the substitute archives were: /etc/libvirt/libvirtd.conf /etc/ceilometer/ceilometer.conf /etc/nova/nova.conf /etc/neutron/neutron.conf /etc/neutron/plugins/ml2/linuxbridge_agent.ini 7) COMPARE THE SUBMITTED FILES OF ITEM 6, WITH THE FILES .dpkg.conf MAKING THE CHANGES NECESSARY 9) REMOVING UNNECESSARY PACKAGES apt autoremove 10) RESET SYSTEM reboot Em 26-04-2018 08:17, Marcio Prado escreveu: > Hi, > > It really was Apache configuration. > > I had to free access to the / usr / bin / directory in the > /etc/apache2/apache.conf file > > But anyway, I type the login and password and do not log in. > > And I can not even see logs. > > Thanks for the tip. > > > Em 25-04-2018 10:50, Fabian Zimmermann escreveu: >> Hi, >> >> Am 25.04.2018 um 15:05 schrieb Marcio Prado: >>> The mistake is in Keystone. I have not had time to debug yet ... >>> >>> [authz_core:error] client denied by server configuration: >>> /usr/bin/kestone-wsgi-public >> >> first thought, sounds like apache-config is blocking the access. >> >> Check your apache(2)/sites-enabled/ >> >> >> Fabian -- Marcio Prado Analista de TI - Infraestrutura e Redes Fone: (35) 9.9821-3561 www.marcioprado.eti.br