Re: [Openstack] Docs: credentials create FAILURE
> It does not yet contain the instructions for EC2 credentials with the > keystone client: > keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER > keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER Will Essex have traditional authentication mechanism ? (nova-auth or whatever OpenStack had before keystone) Or keystone only ? If keystone only, then how-do I test authentication ? (this thing is unclear in the docs) Looked at "os-identity-starter-guide-trunk.pdf", but can't find keystone docs for testing authentication. -- -Alexey Eromenko "Technologov" ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Docs: credentials create FAILURE
Hi Alexey - Yes, I viscerally understand this need for the project. Possibly viscerally is a made-up word but my gut screams for this type of doc. :) With the need in mind, this guide is a starter guide for installing, configuring, and validating installations of each project step-by-step (however yes it is currently Ubuntu-only). http://docs.openstack.org/diablo/openstack-compute/install/content/ Specifically this section discusses user and role creation and the next section describes how to obtain tokens for created users by validating the install: http://docs.openstack.org/diablo/openstack-compute/install/content/identity-configure-keystone.html It does not yet contain the instructions for EC2 credentials with the keystone client: keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER The guide will be updated when packages are made available for Essex. The intent is not to have it remain Ubuntu only it's just that we need packaging tested on more distros prior to publishing step-by-step instructions that are tested. I would appreciate having your notes and your submission of doc updates as you go through it, and please do note differences for Debian - preferably as doc bugs rather than only mailing list posts. (I won't stop you from communicating here, that's not my intent, just that we need capturing and tracking and patching). Thanks, Anne On Sun, Feb 26, 2012 at 7:50 PM, Alexey Eromenko wrote: >>The devstack script sets them for you if you source openrc. >>https://github.com/openstack-dev/devstack/blob/master/openrc#L55 > > Devstack is automated setup of OpenStack with many specifics. (For the > record: I have tried "devstack" on Ubuntu, but fails for me for other > reasons) > > Let's back to OpenStack: > > The official OpenStack docs do not rely on "devstack", else they > become "devstack" docs. (if they use devstack specifics, they lose the > generic approach of standard OpenStack install) > > I have looked at OpenRC, but I can't find step-by-step guide on how-to > configure authentication / credentials, or how-to test credentials for > that matter. > >> There's a PDF icon on this page: >> http://docs.openstack.org/trunk/openstack-compute/admin/content/ > > OK, I see the PDF icon for Essex. > > -- > -Alexey Eromenko "Technologov" > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Devstack: Installation FAILURE
Platform: (fresh) Ubuntu 11.10 (oneiric) + Devstack. user@ubuntu1110:~/devstack$ ./stack.sh ... horizon is now available at http://10.0.2.15/ keystone is serving at http://10.0.2.15:5000/v2.0/ examples on using novaclient command line is in exercise.sh the default users are: admin and demo the password: b4a0bee9b2036e2bbf30 This is your host ip: 10.0.2.15 stack.sh completed in 85 seconds. (looks like success) Opening browser, FireFox: http://10.0.2.15/ "Internal Server Error ..." Dashboard FAILS to be opened on FireFox. user@ubuntu1110:~/devstack$ nova-manage user list 2012-02-27 03:56:10 DEBUG nova.utils [req-72bf0eda-776f-49de-871d-7b676f8ff933 None None] backend from (pid=5258) __get_backend /opt/stack/nova/nova/utils.py:602 user@ubuntu1110:~/devstack$ user@ubuntu1110:~/devstack$ curl http://0.0.0.0:5000 {"versions": {"values": [{"status": "beta", "updated": "2011-11-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "http://10.0.2.15:5000/v2.0/";, "rel": "self"}, {"href": "http://docs.openstack.org/api/openstack-identity-service/2.0/content/";, "type": "text/html", "rel": "describedby"}, {"href": "http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf";, "type": "application/pdf", "rel": "describedby"}]}]}}user@ubuntu1110:~/devstack$ user@ubuntu1110:~/devstack$ Any ideas ? -- -Alexey Eromenko "Technologov", 27.Feb.2012. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Docs: credentials create FAILURE
>The devstack script sets them for you if you source openrc. >https://github.com/openstack-dev/devstack/blob/master/openrc#L55 Devstack is automated setup of OpenStack with many specifics. (For the record: I have tried "devstack" on Ubuntu, but fails for me for other reasons) Let's back to OpenStack: The official OpenStack docs do not rely on "devstack", else they become "devstack" docs. (if they use devstack specifics, they lose the generic approach of standard OpenStack install) I have looked at OpenRC, but I can't find step-by-step guide on how-to configure authentication / credentials, or how-to test credentials for that matter. > There's a PDF icon on this page: > http://docs.openstack.org/trunk/openstack-compute/admin/content/ OK, I see the PDF icon for Essex. -- -Alexey Eromenko "Technologov" ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Docs: credentials create FAILURE
Hi Alexey - I've logged this bug so the docs can be updated in time for Essex. https://bugs.launchpad.net/openstack-manuals/+bug/941711 Essex will be released April 5th and the PDF will be named with "essex" at that point. For now it has "trunk" in the file name. There's a PDF icon on this page: http://docs.openstack.org/trunk/openstack-compute/admin/content/ that links to this PDF: http://docs.openstack.org/trunk/openstack-compute/admin/os-compute-adminguide-trunk.pdf The PDF icon placement is a new feature for the docs. Maybe you're not viewing images or are unable to access it from your particular OS/browser combination? Please report a bug against openstack-manuals if the PDF icon does not appear for you. Thanks, Anne On Sun, Feb 26, 2012 at 6:47 PM, Alexey Eromenko wrote: > Platform: Debian wheezy/testing + nova-2012.1~e3-4 > > According to official docs: (Chapter "Creating Credentials") > > mkdir –p /root/creds > /usr/bin/python /usr/bin/nova-manage project zipfile $NOVA_PROJECT > $NOVA_PROJECT_USER /root/creds/novacreds.zip > > (docs from Diablo, please publish Essex docs PDF) > > But it fails: > > root@nova-server2:~# nova-manage project zipfile myproj novaadmin > /root/creds/novacreds.zip > 2012-02-26 19:43:15,399 DEBUG nova.utils > [req-412c4070-6e61-4c79-b103-ab3aad410299 None None] backend 'nova.db.sqlalchemy.api' from > '/usr/lib/python2.7/dist-packages/nova/db/sqlalchemy/api.pyc'> from > (pid=17890) debug /usr/lib/python2.7/dist-packages/nova/log.py:175 > 2012-02-26 19:43:15,531 DEBUG nova.utils [-] Running cmd (subprocess): > openssl genrsa -out /tmp/tmpxkBuVy/temp.key 1024 from (pid=17890) > debug /usr/lib/python2.7/dist-packages/nova/log.py:175 > 2012-02-26 19:43:15,606 DEBUG nova.utils [-] Running cmd (subprocess): > openssl req -new -key /tmp/tmpxkBuVy/temp.key -out > /tmp/tmpxkBuVy/temp.csr -batch -subj > /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=myproj-novaadmin-2012-02-27T00:43:15Z > from (pid=17890) debug > /usr/lib/python2.7/dist-packages/nova/log.py:175 > 2012-02-26 19:43:15,635 DEBUG nova.crypto [-] Flags path: > /var/lib/nova/CA from (pid=17890) debug > /usr/lib/python2.7/dist-packages/nova/log.py:175 > 2012-02-26 19:43:15,636 DEBUG nova.utils [-] Running cmd (subprocess): > openssl ca -batch -out /tmp/tmpvb0kOW/outbound.csr -config > ./openssl.cnf -infiles /tmp/tmpvb0kOW/inbound.csr from (pid=17890) > debug /usr/lib/python2.7/dist-packages/nova/log.py:175 > 2012-02-26 19:43:15,656 DEBUG nova.utils [-] Result was 1 from > (pid=17890) debug /usr/lib/python2.7/dist-packages/nova/log.py:175 > Unexpected error while running command. > Command: openssl ca -batch -out /tmp/tmpvb0kOW/outbound.csr -config > ./openssl.cnf -infiles /tmp/tmpvb0kOW/inbound.csr > Exit code: 1 > Stdout: '' > Stderr: "Using configuration from ./openssl.cnf\nerror loading the > config file './openssl.cnf'\n140252486485672:error:02001002:system > library:fopen:No such file or > directory:bss_file.c:169:fopen('./openssl.cnf','rb')\n140252486485672:error:2006D080:BIO > routines:BIO_new_file:no such > file:bss_file.c:172:\n140252486485672:error:0E078072:configuration > file routines:DEF_LOAD:no such file:conf_def.c:197:\n" > The above error may show that the certificate db has not been created. > Please create a database by running a nova-api server on this host. > > Any ideas ? > -- > -Alexey Eromenko "Technologov" > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Docs: nova-manage network create FAILURE
Good explanation, thanks Vish. http://docs.openstack.org/diablo/openstack-compute/admin/content/configuring-flat-dhcp-networking.html has the --flat_interace requirement, and http://docs.openstack.org/diablo/openstack-compute/admin/content/configuring-vlan-networking.html describes the --vlan_interface requirement. Thanks for asking Alexey. We can edit the page with the nova-manage network create command also. Anne On Sun, Feb 26, 2012 at 7:03 PM, Vishvananda Ishaya wrote: > you need to specify --bridge_interface when you create a network > If you set --vlan_interface in your flagfile (for vlan mode) > or --flat_interface (for flatdhcp mode) > then you don't need to specify it on the command line. > Vish > > On Feb 26, 2012, at 4:41 PM, Alexey Eromenko wrote: > >> Platform: Debian wheezy/testing + nova-2012.1~e3-4 >> >> Official docs say: >> >> nova-manage network create novanet 192.168.0.0/24 1 256 >> >> (I read both diablo and trunk docs) >> >> But it fails: >> >> root@nova-server2:~# nova-manage network create novanet 192.168.0.0/24 1 256 >> Command failed, please check log for more info >> 2012-02-26 19:37:55,035 CRITICAL nova [-] --bridge_interface is >> required to create a network. >> (nova): TRACE: Traceback (most recent call last): >> (nova): TRACE: File "/usr/bin/nova-manage", line 2376, in >> (nova): TRACE: main() >> (nova): TRACE: File "/usr/bin/nova-manage", line 2364, in main >> (nova): TRACE: fn(*fn_args, **fn_kwargs) >> (nova): TRACE: File "/usr/bin/nova-manage", line 800, in create >> (nova): TRACE: raise >> exception.NetworkNotCreated(req='--bridge_interface') >> (nova): TRACE: NetworkNotCreated: --bridge_interface is required to >> create a network. >> (nova): TRACE: >> >> Any ideas ? >> >> -- >> -Alexey Eromenko "Technologov" >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Docs: credentials create FAILURE
The creds database is now created by running nova-cert (a patch went in recently to update that error message), but nova-manage project zipfile is not the best way to get creds. You can get credentials from the essex dashboard or by setting them manually. The devstack script sets them for you if you source openrc. https://github.com/openstack-dev/devstack/blob/master/openrc#L55 The certs are only used for euca-bundle-vol. You can get certs using the nova command line tool. For example https://github.com/openstack-dev/devstack/blob/master/exercises/bundle.sh Vish On Feb 26, 2012, at 4:47 PM, Alexey Eromenko wrote: > Platform: Debian wheezy/testing + nova-2012.1~e3-4 > > According to official docs: (Chapter "Creating Credentials") > > mkdir –p /root/creds > /usr/bin/python /usr/bin/nova-manage project zipfile $NOVA_PROJECT > $NOVA_PROJECT_USER /root/creds/novacreds.zip > > (docs from Diablo, please publish Essex docs PDF) > > But it fails: > > root@nova-server2:~# nova-manage project zipfile myproj novaadmin > /root/creds/novacreds.zip > 2012-02-26 19:43:15,399 DEBUG nova.utils > [req-412c4070-6e61-4c79-b103-ab3aad410299 None None] backend 'nova.db.sqlalchemy.api' from > '/usr/lib/python2.7/dist-packages/nova/db/sqlalchemy/api.pyc'> from > (pid=17890) debug /usr/lib/python2.7/dist-packages/nova/log.py:175 > 2012-02-26 19:43:15,531 DEBUG nova.utils [-] Running cmd (subprocess): > openssl genrsa -out /tmp/tmpxkBuVy/temp.key 1024 from (pid=17890) > debug /usr/lib/python2.7/dist-packages/nova/log.py:175 > 2012-02-26 19:43:15,606 DEBUG nova.utils [-] Running cmd (subprocess): > openssl req -new -key /tmp/tmpxkBuVy/temp.key -out > /tmp/tmpxkBuVy/temp.csr -batch -subj > /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=myproj-novaadmin-2012-02-27T00:43:15Z > from (pid=17890) debug > /usr/lib/python2.7/dist-packages/nova/log.py:175 > 2012-02-26 19:43:15,635 DEBUG nova.crypto [-] Flags path: > /var/lib/nova/CA from (pid=17890) debug > /usr/lib/python2.7/dist-packages/nova/log.py:175 > 2012-02-26 19:43:15,636 DEBUG nova.utils [-] Running cmd (subprocess): > openssl ca -batch -out /tmp/tmpvb0kOW/outbound.csr -config > ./openssl.cnf -infiles /tmp/tmpvb0kOW/inbound.csr from (pid=17890) > debug /usr/lib/python2.7/dist-packages/nova/log.py:175 > 2012-02-26 19:43:15,656 DEBUG nova.utils [-] Result was 1 from > (pid=17890) debug /usr/lib/python2.7/dist-packages/nova/log.py:175 > Unexpected error while running command. > Command: openssl ca -batch -out /tmp/tmpvb0kOW/outbound.csr -config > ./openssl.cnf -infiles /tmp/tmpvb0kOW/inbound.csr > Exit code: 1 > Stdout: '' > Stderr: "Using configuration from ./openssl.cnf\nerror loading the > config file './openssl.cnf'\n140252486485672:error:02001002:system > library:fopen:No such file or > directory:bss_file.c:169:fopen('./openssl.cnf','rb')\n140252486485672:error:2006D080:BIO > routines:BIO_new_file:no such > file:bss_file.c:172:\n140252486485672:error:0E078072:configuration > file routines:DEF_LOAD:no such file:conf_def.c:197:\n" > The above error may show that the certificate db has not been created. > Please create a database by running a nova-api server on this host. > > Any ideas ? > -- > -Alexey Eromenko "Technologov" > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Docs: nova-manage network create FAILURE
you need to specify --bridge_interface when you create a network If you set --vlan_interface in your flagfile (for vlan mode) or --flat_interface (for flatdhcp mode) then you don't need to specify it on the command line. Vish On Feb 26, 2012, at 4:41 PM, Alexey Eromenko wrote: > Platform: Debian wheezy/testing + nova-2012.1~e3-4 > > Official docs say: > > nova-manage network create novanet 192.168.0.0/24 1 256 > > (I read both diablo and trunk docs) > > But it fails: > > root@nova-server2:~# nova-manage network create novanet 192.168.0.0/24 1 256 > Command failed, please check log for more info > 2012-02-26 19:37:55,035 CRITICAL nova [-] --bridge_interface is > required to create a network. > (nova): TRACE: Traceback (most recent call last): > (nova): TRACE: File "/usr/bin/nova-manage", line 2376, in > (nova): TRACE: main() > (nova): TRACE: File "/usr/bin/nova-manage", line 2364, in main > (nova): TRACE: fn(*fn_args, **fn_kwargs) > (nova): TRACE: File "/usr/bin/nova-manage", line 800, in create > (nova): TRACE: raise exception.NetworkNotCreated(req='--bridge_interface') > (nova): TRACE: NetworkNotCreated: --bridge_interface is required to > create a network. > (nova): TRACE: > > Any ideas ? > > -- > -Alexey Eromenko "Technologov" > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Docs: euca-authorize FAILURE
Platform: Debian wheezy/testing + nova-2012.1~e3-4 Official docs say: (Chapter: Enabling Access to VMs on the Compute Node) euca-authorize -P icmp -t -1:-1 default euca-authorize -P tcp -p 22 default (docs from Diablo, please publish Essex docs PDF) Since the docs did not state whenever this step depends on previous Chapter "Creating Credentials", I assume it is not. But it fails: root@nova-server2:~# euca-authorize -P icmp -t -1:-1 default EC2_ACCESS_KEY environment variable must be set. Connection failed root@nova-server2:~# euca-authorize -P tcp -p 22 default EC2_ACCESS_KEY environment variable must be set. Connection failed -- -Alexey Eromenko "Technologov" ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Docs: credentials create FAILURE
Platform: Debian wheezy/testing + nova-2012.1~e3-4 According to official docs: (Chapter "Creating Credentials") mkdir –p /root/creds /usr/bin/python /usr/bin/nova-manage project zipfile $NOVA_PROJECT $NOVA_PROJECT_USER /root/creds/novacreds.zip (docs from Diablo, please publish Essex docs PDF) But it fails: root@nova-server2:~# nova-manage project zipfile myproj novaadmin /root/creds/novacreds.zip 2012-02-26 19:43:15,399 DEBUG nova.utils [req-412c4070-6e61-4c79-b103-ab3aad410299 None None] backend from (pid=17890) debug /usr/lib/python2.7/dist-packages/nova/log.py:175 2012-02-26 19:43:15,531 DEBUG nova.utils [-] Running cmd (subprocess): openssl genrsa -out /tmp/tmpxkBuVy/temp.key 1024 from (pid=17890) debug /usr/lib/python2.7/dist-packages/nova/log.py:175 2012-02-26 19:43:15,606 DEBUG nova.utils [-] Running cmd (subprocess): openssl req -new -key /tmp/tmpxkBuVy/temp.key -out /tmp/tmpxkBuVy/temp.csr -batch -subj /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=myproj-novaadmin-2012-02-27T00:43:15Z from (pid=17890) debug /usr/lib/python2.7/dist-packages/nova/log.py:175 2012-02-26 19:43:15,635 DEBUG nova.crypto [-] Flags path: /var/lib/nova/CA from (pid=17890) debug /usr/lib/python2.7/dist-packages/nova/log.py:175 2012-02-26 19:43:15,636 DEBUG nova.utils [-] Running cmd (subprocess): openssl ca -batch -out /tmp/tmpvb0kOW/outbound.csr -config ./openssl.cnf -infiles /tmp/tmpvb0kOW/inbound.csr from (pid=17890) debug /usr/lib/python2.7/dist-packages/nova/log.py:175 2012-02-26 19:43:15,656 DEBUG nova.utils [-] Result was 1 from (pid=17890) debug /usr/lib/python2.7/dist-packages/nova/log.py:175 Unexpected error while running command. Command: openssl ca -batch -out /tmp/tmpvb0kOW/outbound.csr -config ./openssl.cnf -infiles /tmp/tmpvb0kOW/inbound.csr Exit code: 1 Stdout: '' Stderr: "Using configuration from ./openssl.cnf\nerror loading the config file './openssl.cnf'\n140252486485672:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('./openssl.cnf','rb')\n140252486485672:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:\n140252486485672:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:\n" The above error may show that the certificate db has not been created. Please create a database by running a nova-api server on this host. Any ideas ? -- -Alexey Eromenko "Technologov" ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Docs: nova-manage network create FAILURE
Platform: Debian wheezy/testing + nova-2012.1~e3-4 Official docs say: nova-manage network create novanet 192.168.0.0/24 1 256 (I read both diablo and trunk docs) But it fails: root@nova-server2:~# nova-manage network create novanet 192.168.0.0/24 1 256 Command failed, please check log for more info 2012-02-26 19:37:55,035 CRITICAL nova [-] --bridge_interface is required to create a network. (nova): TRACE: Traceback (most recent call last): (nova): TRACE: File "/usr/bin/nova-manage", line 2376, in (nova): TRACE: main() (nova): TRACE: File "/usr/bin/nova-manage", line 2364, in main (nova): TRACE: fn(*fn_args, **fn_kwargs) (nova): TRACE: File "/usr/bin/nova-manage", line 800, in create (nova): TRACE: raise exception.NetworkNotCreated(req='--bridge_interface') (nova): TRACE: NetworkNotCreated: --bridge_interface is required to create a network. (nova): TRACE: Any ideas ? -- -Alexey Eromenko "Technologov" ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp