[Openstack] Configure murano on existing Juno instaltion
Hi, I have already configured Openstack Juno on Ubuntu 14.04 LTS. I want to configure murano on this. Can some one help out this? I have tried lot of method and more possible ways. I have stuck in this installation If possible, Please anyone Help me out. Regards, Gokul V ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] muti-domain identity and security groups
On 07-Nov 11:16, Sameer Kumar wrote: > > I have following questions: > > > 1. Can I assign a role defined in another domain to particular > user belonging to a different project & domain? How to achieve this in > Mitaka? For example can Bob be assigned to a member role in PRJ_B1 of > Domain B while he originally belongs to PRJ_A1 of Domain A? You should be able to use the CLI to do this. I'm not sure about how it can be done in horizon. Example command: openstack role add --user user_in_domainA --user-domain domainA --project project_in_domainB Member You example data seems to have already done this. Ben and John (from domainB) have the member role on a project in domainA. Is this causing you trouble? > > 2. Is there a way to create “Security Group” rules for an instance > and define policies associated to user and his role in a project? For > example, I want to allow certain users to use ssh and sftp > functionalities on an instance but deny these access to other users? > If not, is there any alternate to achieve the same. > > > 3. Can a user with admin role modify a shared network of project > defined in another domain? For example can Bob (admin role in PRJ_A1 > and Domain A) modify/delete ports on network NET_3 which belongs to a > PRJ_B1 of domain B? I don't really know the answer to this, but I suspect that it depends on the policy you have in place. What does your policy look like for those operations? -- david stanek web: http://www.dstanek.com blog: http://www.traceback.org ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] allow user to run single api call
Hello all! Is it possible to give a user (or role) an ability to run specific api call? It's monitoring - only user, and I want to give it permissions for all %servicename% %itemname%-list calls And changing specific policies in policy.json seems to work, but not for things like nova/cinder service-list. So I can run service-list only when the user is admin (or after I changed context is_admin in policy.json) Can I somehow allow user to run ONLY nova service-list? ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Newton, OpenvSwitch with DPDK, it is all or nothing! How to make it more modular?
Hey guys, I'm playing with OpenvSwitch with DPDK, in my KVM Ubuntu host, it is awesome! My KVM guest, have 4 vNIC, it is a L2 Bridge (another DPDK App), the first two (eth0 and eth1), are regular bridges (Libvirt Linux Bridges (or OVS regular bridges)), and the latest two (eth2 and eth3), are type=vhostuser with "/var/run/openvswitch/vhost-user-1" and "/var/run/openvswitch/vhost- user-2". So, all good! I can ssh into my VM via its eth0 (public), my VM can talk with other VMs via its eth1 (private), and my virtualized DPDK-App runs fine on top of two VirtIO vhostuser NIC (eth2 and eth3). Now, time to do this via OpenStack! But, it doesn't work like this, let me try to explain... On OpenStack, without OVS+DPDK, my KVM Guest also have 4 vNIC, first two (eth0 and eth1), are VXLAN networks (using the OpenvSwitch Agent), and the latest two (eth2 and eth3), are Provider Networks (also using the OpenvSwitch Agent). So, here comes the problem with OVS and DPDK... I've configured Neutron OVS Agent like this: http://docs.openstack.org/developer/neutron/devref/ovs_vhostuser.html My intention, is to use the OVS+DPDK _only_ for the Provider Networks, but, when I started my Instance, all the 4 vNIC are being tied to the OVS+DPDK bridges, which is clearly, not what I've configured on my Neutron Agents. So, I'm thinking here, how can I do this? Regular "OVS Regular" bridges for VXLAN networks, and "OVS DPDPK" bridges for Provider Networks? OR, how to use OVS+DPDK for VXLAN networks? If this is possible, does it still supports the ovs-firewall-driver? Another workaround, that I'm thinking here, would be to launch 2 OVS Agents on my Compute Nodes, one for OVS and VXLAN, and another only for OVS+DPDK... Or, maybe, for VXLAN, I can go back to Linux Bridges... I've read that RedHat don't recommend DPDK for VXLAN networks but, I'm using Newton on Ubuntu, so, things might be different, specially because Ubuntu have native support for a very recent DPDK version, for free, thoughts? I appreciate any comments! Thanks! Thiago ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Host multiple subnets on one data center rack
I was wondering as to how to host multiple subnets on one data center rack. Let me explain: I have a virtual network function, say vRouter. I have two subnets in the external network 192.168.x.x and 192.178.x.x, then from the edge router how can I get it to go to different compute nodes.. What is the mechanism in OpenStack to do this? Like a tunnel or something? How can I achieve the above in my data center with OpenStack? Bindya ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Tacker] Unable to assign IP address to connection points.
Hi, Anyone, could you please help me... Thanks, Varaprasad K On Tue, Nov 15, 2016 at 9:58 PM, prasad kokkula wrote: > Hi, > > [Tacker] I have tried to launch the vnf Instance using Tacker. vnf is > launched succesfully and able to do SSH. > > I have faced the issue, the connection points (CP2, CP3) are not getting > ip addreess except managament CP (CP1). Could you please let me know is > this Tacker issue or any configuration mismatch. > > I have installed openstack newton release on Centos 7. Please let me know > if you need any other configuration. > > > > > = > Below are the net-list ip's > > [root@localhost (keystone_admin)]# neutron net-list > +--+-+-- > -+ > | id | name| subnets > | > +--+-+-- > -+ > | 55077c0e-8291-4730-99b4-f280967cb69e | public | > 39256aad-d075-4c38-bf2c-14613df2252e 172.24.4.224/28 | > | 73bbaf70-9bdd-4359-a3a2-09dbd5734341 | private | > 09b9018c-ca3b-46ee-9a4e-507e5124139f 10.0.0.0/24 | > | d0560ee9-9ab0-4df8-a0d2-14064950a17c | vnf_mgmt| > 01d2b67c-ee28-4875-92e0-a8e51fdf8401 192.168.200.0/24 | > | f98f38b8-8b6c-4adb-b0e9-a265ce969acf | vnf_private | > 61d39f59-2ff7-4292-afd9-536f007fd30c 192.168.201.0/24 | > +--+-+-- > -+ > [root@localhost (keystone_admin)]# > > Tosca file used for vnf creation. > > > [root@localhost (keystone_admin)]# cat sample-vnfd.yaml > > tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 > > description: Demo vCPE example > > metadata: > template_name: sample-tosca-vnfd > > topology_template: > node_templates: > VDU1: > type: tosca.nodes.nfv.VDU.Tacker > capabilities: > nfv_compute: > properties: > num_cpus: 1 > mem_size: 512 MB > disk_size: 1 GB > properties: > image: cirros1 > availability_zone: nova > mgmt_driver: noop > user_data_format: RAW > config: | > param0: key1 > param1: key2 > > CP1: > type: tosca.nodes.nfv.CP.Tacker > properties: > management: true > requirements: > - virtualLink: > node: VL1 > - virtualBinding: > node: VDU1 > > CP2: > type: tosca.nodes.nfv.CP.Tacker > properties: > anti_spoofing_protection: false > requirements: > - virtualLink: > node: VL2 > - virtualBinding: > node: VDU1 > > CP3: > type: tosca.nodes.nfv.CP.Tacker > properties: > anti_spoofing_protection: false > requirements: > - virtualLink: > node: VL3 > - virtualBinding: > node: VDU1 > > VL1: > type: tosca.nodes.nfv.VL > properties: > network_name: vnf_mgmt > vendor: Tacker > > VL2: > type: tosca.nodes.nfv.VL > properties: > network_name: vnf_private > vendor: Tacker > > VL3: > type: tosca.nodes.nfv.VL > properties: > network_name: private > vendor: Tacker > > > === > > Regards, > Varaprasad > > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
