[Openstack] AWS::EC2::VolumeAttchment incompatible with AWS
Dear OpenStack users and developers, a feature to update AWS::EC2::VolumeAttachment resource in Heat landed as a part of Icehouse release [1]. In actual AWS though, this resource does support any updates [2]. Such discrepancy must be considered as a bug [3] [4]. My questions in regard of this are: - Does anyone depends on this feature of AWS-compatible resource already? - Should we consider a deprecation period or can we fix this bug outright and leave only the native OS::Cinder::VolumeAttachment resource allowing updates? [1] https://github.com/openstack/heat/commit/d2b9b90777abe073b59cd8a4a7279f7dc3e18d00 [2] http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volumeattachment.html [3] http://lists.openstack.org/pipermail/openstack-dev/2014-July/039548.html [4] https://bugs.launchpad.net/heat/+bug/1340096 Best regards, Pavlo Shchelokovskyy. ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Heat][Nova]Error while creating a nova instance from heat stack
Hi Sadia,
first, what is OpenStack/Heat version you are using? The current code for
Server._check_active() method in master is different;
second - by the trace it looks like there is a spurious debugger (bdb?)
breakpoint left somewhere in the code, either in Heat or python-novaclient.
Might be that you or someone else has forgotten to remove a breakpoint
after a debugging session. If you have access to the node running Heat try
grepping heat or python-novaclient source for a line containing "import
bdb".
Cheers,
Pavlo Shchelokovskyy.
On Thu, Oct 16, 2014 at 9:04 AM, Sadia Bashir <11msccssbas...@seecs.edu.pk>
wrote:
> Hi Everyone,
>
> I am trying to launch a new instance from a very simple heat template
> (please see attached) but it yields me following error while creating a new
> stack:
>
> Log from /var/log/heat/heat-engine.log
>
> 2014-10-16 10:21:22.804 30952 INFO urllib3.connectionpool [-] Starting new
> HTTP connection (1): 193.168.4.121
> 2014-10-16 10:21:36.981 30952 INFO heat.engine.service [-]
> validate_template
> 2014-10-16 10:22:02.018 30952 INFO heat.engine.service [-] template is
> {u'outputs': {u'server0_ip': {u'description': u'IP of the server', u'val$
> 2014-10-16 10:22:02.034 30952 INFO heat.engine.resource [-] Validating
> Server "http_client"
> 2014-10-16 10:22:06.570 30952 INFO urllib3.connectionpool [-] Starting new
> HTTP connection (1): 193.168.4.121
> 2014-10-16 10:22:06.706 30952 INFO urllib3.connectionpool [-] Starting new
> HTTP connection (1): 193.168.4.121
> 2014-10-16 10:22:06.845 30952 INFO urllib3.connectionpool [-] Starting new
> HTTP connection (1): 193.168.4.121
> 2014-10-16 10:22:07.391 30952 INFO heat.engine.resource [-] creating
> Server "http_client"
> 2014-10-16 10:22:09.464 30952 ERROR heat.engine.resource [-] CREATE :
> Server "http_client"
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource Traceback (most
> recent call last):
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource File
> "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 371, in
> _do_ac$
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource while not
> check(handle_data):
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource File
> "/usr/lib/python2.7/dist-packages/heat/engine/resources/server.py", line
> 239, i$
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource return
> self._check_active(server)
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource File
> "/usr/lib/python2.7/dist-packages/heat/engine/resources/server.py", line
> 243, i$
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource if
> server.status != 'ACTIVE':
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource File
> "/usr/lib/python2.7/dist-packages/heat/engine/resources/server.py", line
> 243, i$
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource if
> server.status != 'ACTIVE':
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource File
> "/usr/lib/python2.7/bdb.py", line 48, in trace_dispatch
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource return
> self.dispatch_line(frame)
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource File
> "/usr/lib/python2.7/bdb.py", line 67, in dispatch_line
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource if
> self.quitting: raise BdbQuit
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource BdbQuit
> 2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource
> 2014-10-16 10:22:09.901 30952 WARNING heat.engine.service [-] Stack create
> failed, status FAILED
>
> Any suggestions to get rid of this error will be highly appreciated.
> Thanks!
>
> --
> Regards,
> *Sadia Bashir*
>
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Can I use more than one flavors on the heat create-stack command?
Hi,
could you please post the exact template and the exact command to create
the stack from this template you were using when you got this error? It
would really help to understand the problem better.
Best regards,
Pavlo Shchelokovskyy.
On Thu, Oct 23, 2014 at 12:08 PM, Michelakis, Spiros (NSN - GR/Athens) <
spiros.michela...@nsn.com> wrote:
> Hi,
> I’m trying to create a stack by using heat templates. I’m using this
> command, as it is described in OSR manual:
> *stack-create mystack --template-file
> /PATH_TO_HEAT_TEMPLATES/WordPress_Single_Instance.template --parameters
> "InstanceType=m1.large;DBUsername=USERNAME;DBPassword=PASSWORD;KeyName=HEAT_KEY;LinuxDistribution=F17"*
> when I try to run this command having the same flavor for all my
> instances, it works fine. The problem raises when I want to create 2 or
> more instances with different flavors on each one of them.
> I’m using these parameters on the “–parameters” field on the above command
> :
>
> *{"key_name":"security_key","image_name":"my_image_name","cluster_identification":"","disk_config_size":"1","disk_mstate_size":"1","disk_log_size":"1","disk_services_size":"1",*
> *"flavor_1":"**small_**flavor_1_name","flavor_2":"**small_*
> *flavor_2_name"**}*
> The error that raises when I’m trying to execute this command is:
> *“**error: NegativeStateReached: Object
> "id:c2dda18d-9019-4e9c-8514-245650e4b201
> name:ng-ci-20141020-184706-heat_name" negative state
> "stack_status":"CREATE_FAILED" reached (Resource CREATE failed: Error:
> Creation of server 2 failed.)**”*
> I have checked logs under /var/log/messages and
> /var/log/nova/scheduler.log without any findings.
> My questions:
>
> 1. Is there any restriction on the “–parameters” field of the above
>command that prevents from running this command for more than one
>flavors in this command?
>2. I have read in a forum that in order to implement this, we have to
>specify an availability zone other than the default one (nova AZ)
>including the instances we want to use on the –parameters field. Is
>this true? I cannot find any “logical explanation” behind that thought…
>.. How the existence of an AZ would affect the execution of this
>command?
>
> I would appreciate if you could provide me with any kind of tip or
> solution for this issue.
> Thank you in advance for your support.
> BR,
> Michelakis Spyros
>
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Can I use more than one flavors on the heat create-stack command?
Hi,
first of all the syntax of the command you are using is wrong, right way to
use multiple parameters in one argument would be
--parameters flavor_1=some_flavor_1_name;flavor2=some_flavor_2_name;...
or you can use it multiple times
--parameters flavor_1=some_flavor_1_name --parameters
flavor2=some_flavor_2_name
Then, if your template defines say 2 server resources with parameters
section as given in your snippet (I get that you use HOT yaml templates),
each of them referencing its own flavor parameter like
resources:
server_1:
type: OS::Nova::Server
properties:
flavor: { get_param: flavor_1 }
server_2:
type: OS::Nova::Server
properties:
flavor: { get_param: flavor_2 }
everything should work.
BTW, what is the Heat / OpenStack version you are using?
Best regards,
Pavlo Shchelokovskyy.
On Thu, Oct 23, 2014 at 3:58 PM, Michelakis, Spiros (NSN - GR/Athens) <
spiros.michela...@nsn.com> wrote:
> Hi,
>
>
>
> The command I’m running the following heat command:
>
>
>
> heat *stack-create mystack --template-file ~/templates/my.yaml
> –parameters
> "key_name":"security_key","image_name":"my_image_name","cluster_identification":"tenant1","disk_config_size":"1","disk_mstate_size":"1","disk_log_size":"1","disk_services_size":"1","flavor_1":"small_flavor_1_name","flavor_2":"small_flavor_2_name"}*
>
> and this is the part of template that refers to that parameters:
>
>
>
> parameters:
>
> key_name:
>
> type: string
>
> description: Name of keypair to assign to servers
>
> image_name:
>
> type: string
>
> description: Name of image to use for servers
>
> cluster_identification:
>
> description: Cluster identification.
>
> type: string
>
> default: test
>
> flavor_1:
>
> type: string
>
> description: Flavor to use for servers
>
> default: small_flavor_1
>
> flavor_2:
>
> type: string
>
> description: Flavor to use for servers
>
> default: small_flavor_2
>
>
>
> Because I’m working on a proprietary product I cannot provide you with the
> exact template file…. L sorry about that… L
>
>
>
> My question is general:
>
> Can I run the stack-create command ( as it is explained in the manuals:
> http://docs.openstack.org/user-guide/content/heat-stack-create.html) for
> more than 1 flavors? And how? Meaning, can I specify to this command a way
> to declare different flavors assigned to let’s say 2 instances?
>
>
>
> Br
>
> -SM-
>
>
>
> *From:* ext Pavlo Shchelokovskyy [mailto:pshchelokovs...@mirantis.com]
> *Sent:* Thursday, October 23, 2014 1:29 PM
> *To:* openstack@lists.openstack.org
> *Subject:* Re: [Openstack] Can I use more than one flavors on the heat
> create-stack command?
>
>
>
> Hi,
>
>
>
> could you please post the exact template and the exact command to create
> the stack from this template you were using when you got this error? It
> would really help to understand the problem better.
>
>
>
> Best regards,
>
> Pavlo Shchelokovskyy.
>
>
>
> On Thu, Oct 23, 2014 at 12:08 PM, Michelakis, Spiros (NSN - GR/Athens) <
> spiros.michela...@nsn.com> wrote:
>
> Hi,
>
> I’m trying to create a stack by using heat templates. I’m using this
> command, as it is described in OSR manual:
>
> *stack-create mystack --template-file
> /PATH_TO_HEAT_TEMPLATES/WordPress_Single_Instance.template --parameters
> "InstanceType=m1.large;DBUsername=USERNAME;DBPassword=PASSWORD;KeyName=HEAT_KEY;LinuxDistribution=F17"*
>
> when I try to run this command having the same flavor for all my
> instances, it works fine. The problem raises when I want to create 2 or
> more instances with different flavors on each one of them.
>
> I’m using these parameters on the “–parameters” field on the above command:
>
>
> *{"key_name":"security_key","image_name":"my_image_name","cluster_identification":"","disk_config_size":"1","disk_mstate_size":"1","disk_log_size":"1","disk_services_size":"1","flavor_1":"small_flavor_1_name","flavor_2":"small_flavor_2_name"}*
>
> The error that raises when I’m trying to execute this command is:
>
> *“error: NegativeStateReached: Object
> "id:c2dda18d-9019-4e9c-8514-245650e4b201
> name:ng-ci-20141020-184706-heat_name" negative state
> "stack_status":
Re: [Openstack] HEAT pattern error on wait condition
Hi,
to use the token attribute you must use the OS::Heat::WaitConditionHandle
[1] (and OS::Heat::WaitCondition) resources instead. AWS one does not have
such attribute [2]
[1]
http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Heat::WaitConditionHandle
[2]
http://docs.openstack.org/developer/heat/template_guide/cfn.html#AWS::CloudFormation::WaitConditionHandle
Best regards,
Pavlo Shchelokovskyy
Software Engineer
Mirantis Inc
www.mirantis.com
On Fri, Jan 16, 2015 at 9:52 PM, Jesus arteche
wrote:
> Hey guys,
>
> I have this pattern:
>
> heat_template_version: 2013-05-23
>
> description: >
> It deploys a Drupal web site on Internet Information Services
> with PHP configured. It has a local database on SQL Server Express
>
> parameters:
> key_name:
> type: string
> description: Name of an existing key pair used to encrypt Admin
> password.
> default: chechu
>
> flavor:
> type: string
> description: ID or name of an existing flavor to be used for the
> instance.
> default: Standard_1_2
>
> image:
> type: string
> description: ID or name of an existing valid Windows Server image.
> default: 46c57db4-497f-45dd-89a5-21e0b283d279
>
> public_network_id:
> type: string
> description: >
> ID of an existing public network where a floating IP will be
> allocated.#
> default: 2795f8ad-4820-4dd5-89e0-69f95931e287
>
> private_network_id:
> type: string
> description: ID of an existing private network.
> default: 6c18553b-6cca-4e88-bfa2-74e241f9a74b
>
> sa_password:
> type: string
> description: SQL Server Express system administrator password.
> hidden: true
> default: OpenStack_2014
> constraints:
> - length: { min: 8 }
> description: SA password must be at least 8 characters long.
> - allowed_pattern:
> '(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*'
> description: >
> SA password must contain uppercase and lowercase letters,
> numbers,
> non-alphanumeric characters and it must not contain whitespaces.
>
>
> drupal_admin_username:
> type: string
> description: Drupal admin user name.
> default: cloudbase
> constraints:
> - length: { min: 4, max: 16 }
> description: >
> Drupal admin user name must be between 4 and 16 characters long.
> - allowed_pattern: '^[a-zA-Z0-9]+$'
> description: >
> Drupal admin user name must contain only alphanumeric characters.
>
> drupal_admin_password:
> type: string
> description: Drupal admin user password.
> hidden: true
> constraints:
> - length: { min: 8 }
> description: >
> Drupal admin user password must be at least 8 characters long.
> - allowed_pattern: '^[\S]+$'
> description: Drupal admin user password must not contain
> whitespaces.
> default: OpenStack_2014
>
> drupal_admin_email:
> type: string
> description: Drupal administrator email.
> default: che...@test.com
> constraints:
> - length: { min: 1 }
> description: Drupal admin email must not be empty.
> - allowed_pattern:
> '^[a-zA-Z0-9._%+-]+@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,4}$'
> description: Drupal admin email must be a valid email address.
>
> drupal_site_name:
> type: string
> description: Drupal site name.
> default: My Drupal IIS website created with Heat
> constraints:
> - length: { min: 1 }
> description: Drupal site name must not be empty.
> - allowed_pattern: '^(?!.*["\r\n\f]).*$'
> description: >
> Drupal site name must not contain double quotes and any
> whitespace character (excepting spaces and tabs).
>
> max_timeout:
> type: number
> default: 3600
> description: >
> The maximum allowed time (seconds) for the instalation to finish.
>
> resources:
>
> wait_condition:
> type: AWS::CloudFormation::WaitCondition
> properties:
> Handle: {get_resource: wait_handle}
> # Note, count of 5 vs 6 is due to duplicate signal ID 5 sent below
> Count: 5
> Timeout: {get_param: max_timeout}
>
> wait_handle:
> type: AWS::CloudFormation::WaitConditionHandle
>
> iis_drupal:
> type: OS::Nova::Server
> properties:
> image: { get_param: image }
> fla
Re: [Openstack] [autoscaling][icehouse][OS::Heat::AutoScalingGroup]
Hi, two possibilities. You can check the interval in our /etc/ceilometer/pipeline.yaml and decrease it to collect samples more frequently (The default is sometimes 600 seconds, so on average you'd have to wait about 15 min for autoscaling to kick in, 60 is good for dev purposes, but not on a production :) ). Another one is that you are filtering on the wrong metadata. You can search the ceilometer samples by resource_id of one of the nova instances in your asg and check that they indeed have metadata in the form of metadata.user_metadata.stack = 31f62d11-401e-435b-a2a7-1e5318ce8159 Best regards, Pavlo Shchelokovskyy Software Engineer Mirantis Inc www.mirantis.com On Thu, Mar 5, 2015 at 4:57 PM, Chinasubbareddy M < chinasubbaredd...@persistent.com> wrote: > Hello all, > > I can see the alarm in alarm-history. However, no actions are triggered. > Could you please help me out here ? > > Here is the alarm-show : > > root@build-server:~# ceilometer alarm-show --alarm_id > ec8d3a5f-f890-465e-b796-dba2cf2c12fe > > +---+--+ > | Property | Value > | > > +---+--+ > | alarm_actions | [u' > http://10.44.191.200:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3Aec3e9 | > | | > 3810a7c4be2881bd7ede428526a%3Astacks%2FasworkingFinal%2F31f62d11-401e- | > | | > 435b-a2a7-1e5318ce8159%2Fresources%2Fweb_server_scaleup_policy?Timestamp | > | | > =2015-03-04T13%3A13%3A31Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=8216 | > | | > 7ae13f3240e5aa6f1d6a5c4f39d3&SignatureVersion=2&Signature=fOH%2Fny5BpzbL | > | | qwWce1qHyqAjBn9YXR0F%2FPlzeeJCdYc%3D'] > | > | alarm_id | ec8d3a5f-f890-465e-b796-dba2cf2c12fe > | > | comparison_operator | gt > | > | description | Scale-up if the average CPU > 50% for 1 > minute | > | enabled | True > | > | evaluation_periods| 1 > | > | exclude_outliers | False > | > | insufficient_data_actions | [] > | > | meter_name| cpu_util > | > | name | asworkingFinal-cpu_alarm_high-swtpxt4coqme > | > | ok_actions| [] > | > | period| 60 > | > | project_id| ec3e93810a7c4be2881bd7ede428526a > | > | query | metadata.user_metadata.stack == > 31f62d11-401e-435b-a2a7-1e5318ce8159 | > | repeat_actions| True > | > | state | alarm > | > | statistic | avg > | > | threshold | 50.0 > | > | type | threshold > | > | user_id | cac9bb03d57f41359df9b12c4b6d2318 > | > > +---+--+ > > Here is the output of alarm history: > > | state transition | 2015-03-05T13:05:57.360308 | state: insufficient > data| > | state transition | 2015-03-05T13:13:57.514774 | state: alarm > | > | state transition | 2015-03-05T13:14:57.438538 | state: insufficient > data| > | state transition | 2015-03-05T13:23:57.578754 | state: alarm > | > | state transition | 2015-03-05T13:24:57.497549 | state: insufficient > data| > | state transition | 2015-03-05T13:33:57.583486 | state: alarm > | > | state transition | 2015-03-05T13:34:57.559243 | state: insufficient > data| > | state transition | 2015-03-05T13:43:57.693379 | state: alarm > | > | state transition | 2015-03-05T13:44:57.605715 | state: insufficient > data| > | state transition | 2015-03-05T13:53:57.802353
Re: [Openstack] How to add vms to heat stack?
Hi, you could try to play with adopt/abandon feature, e.g. forge an adopt data, but beware it is buggy. An alternative approach was discussed during last summit, and here are the specs of for might be relevant to your use case ([1] and [2]), but they are not approved yet. [1] https://review.openstack.org/#/c/124707/ [2] https://review.openstack.org/#/c/134848/ Best regards, Pavlo Shchelokovskyy Software Engineer Mirantis Inc www.mirantis.com On Thu, Mar 5, 2015 at 6:27 AM, jupiter wrote: > Hi, > > I have several VMs already created from nova command line, when I create a > heat stack, the template list the those VMs name, but the heat stack-create > did not pick up those VMs, instead created the new VMs with the same name. > > Is there anyway to force heat to use existing VMs name, or to add existing > VMs to heat stack? > > Thank you. > > - j > > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] How to add vms to heat stack?
Jupiter, not exactly. Adopt takes a so called "abandon data" as input, which is an output of heat stack-abandon. It is somewhat similar to a template but not completely. You can try creating and abandoning a stack to see how it looks like. Best regards, Pavlo Shchelokovskyy Software Engineer Mirantis Inc www.mirantis.com On Fri, Mar 6, 2015 at 10:47 AM, jupiter wrote: > Thanks Pavio and Richard. Should the -a be used for > passing the heat template file? Please correct me if thefollowing command > is wrong. > > $ head stack-adopt -a spec_HOT.yml test_stack > > Thank you. > > Kind regards, > > - j > > > > > On Fri, Mar 6, 2015 at 3:33 AM, Pavlo Shchelokovskyy < > pshchelokovs...@mirantis.com> wrote: > >> Hi, >> >> you could try to play with adopt/abandon feature, e.g. forge an adopt >> data, but beware it is buggy. An alternative approach was discussed during >> last summit, and here are the specs of for might be relevant to your use >> case ([1] and [2]), but they are not approved yet. >> >> [1] https://review.openstack.org/#/c/124707/ >> [2] https://review.openstack.org/#/c/134848/ >> >> Best regards, >> >> Pavlo Shchelokovskyy >> Software Engineer >> Mirantis Inc >> www.mirantis.com >> >> On Thu, Mar 5, 2015 at 6:27 AM, jupiter wrote: >> >>> Hi, >>> >>> I have several VMs already created from nova command line, when I create >>> a heat stack, the template list the those VMs name, but the heat >>> stack-create did not pick up those VMs, instead created the new VMs with >>> the same name. >>> >>> Is there anyway to force heat to use existing VMs name, or to add >>> existing VMs to heat stack? >>> >>> Thank you. >>> >>> - j >>> >>> ___ >>> Mailing list: >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> Post to : openstack@lists.openstack.org >>> Unsubscribe : >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> >>> >> >> ___ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Fwd: [Heat][Ceilometer][Autoscaling]
Hi,
when setting up the ceilometer alarm, you provide it with metadata to query
samples for (contains stack id in some form), and how to aggregate them.
That's how ceilometer knows when to fire the alarm. AFAIR those examples in
heat-templates create alarms that go off when any of the samples is above
threshold, but by fiddling with aggregate functions you can surely set it
up to alarm on some stack-average metrics.
You can check the ceilometer resource metadata by launching an ASG stack
and showing the ceilometer resource with id as id of one of nova servers.
ceilometer resource-show -r {id-of-nova-server}
Examining the user_metadata field, there will be something stack-id
related. Use that user_metadata. name to setup the ceilometer alarm.
Best regards,
Pavlo Shchelokovskyy
Software Engineer
Mirantis Inc
www.mirantis.com
On Fri, Mar 13, 2015 at 1:23 PM, Chinasubbareddy M <
chinasubbaredd...@persistent.com> wrote:
> Hello Qiming,
>
> When I put stress on the server, it is adding one more node to the auto
> scaling group. So I would like to know for the next scaling action to
> perform, is ceilometer alarm is raised based on the load on all existing
> machines in the auto scaling group or individual servers in the group.
>
> As Ceilometer is not considering stack as its resource, How it would
> calculate the statistics for the entire stack?
>
> Regards,
> Subbareddy,
> Persistent systems ltd.
>
> -Original Message-
> From: Chinasubbareddy M
> Sent: Wednesday, March 11, 2015 6:55 PM
> To: 'Qiming Teng'; openstack@lists.openstack.org
> Cc: David Peraza
> Subject: RE: [Openstack] [Heat][Ceilometer][Autoscaling]
>
> Hi,
>
> Thank you Qiming , finally it worked and problem was with auth uri in
> ec2token section , it has " /ec2token" , after removing it auto scaling
> started working .
>
> This is the final working parameter:
>
> [ec2authtoken]
> auth_uri=http://1.2.3.4:5000/v2.0
>
> -Original Message-
> From: Qiming Teng [mailto:teng...@linux.vnet.ibm.com]
> Sent: Wednesday, March 11, 2015 2:52 PM
> To: Chinasubbareddy M; openstack@lists.openstack.org
> Subject: Re: [Openstack] [Heat][Ceilometer][Autoscaling]
>
>
> > > http://:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3Aec3e93810a
> > > 7c
> > > 4be2881bd7ede428526a%3Astacks%2Fsrujana1%2Fc0b5862f-f3e6-4fa8-a6ef-f
> > > 2c
> > > f321a70bb%2Fresources%2Fweb_server_scaledown_policy?Timestamp=2 > > :/
> > > /%3cMY_IP%3e:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3Aec3e93810a7c
> > > 4b
> > > e2881bd7ede428526a%3Astacks%2Fsrujana1%2Fc0b5862f-f3e6-4fa8-a6ef-f2c
> > > f3 21a70bb%2Fresources%2Fweb_server_scaledown_policy?Timestamp=2>
> > > 015-03-10T03%3A56%3A36Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=30
> > > 13
> > > 823c3d564433b32c81c4bff2c638&SignatureVersion=2&Signature=CWLhRKiwRP
> > > OT 1P88i0AH8SaeY%2FA4QTQqMtkwY0gkZno%3D
>
> The alarm_url above shows that the part is hardcoded in your
> heat.conf file.
>
> Seems that your authentication to Keystone using ec2token has failed?
> You may check if you have the following settings in your heat.conf file:
>
> [ec2authtoken]
> auth_uri=http://1.2.3.4:5000/v2.0
>
> That is one reason that could lead to the problem you have met. Another
> thing to check is whether you have ec2 service configured in Keystone:
>
> $ keystone service-list | grep ec2
>
> It was for compatibility's reason that Heat uses EC2 token authentication
> for the alarm url, as I have mentioned in previous replies.
>
> Regards,
> Qiming
>
> On Tue, Mar 10, 2015 at 01:44:17PM +, Chinasubbareddy M wrote:
> > Hi,
> >
> > We used to have Ip address only , while troubleshooting we made that to
> localhost.
> > If you see the url , there is AWS access key and if we execute the url
> manually , its getting failed to contact keystone and get token.
> >
> > If we get the token manually and request it again ,it's getting failed
> with unknown heat resource.
> >
> > It would be easy if you can share any working template which is
> generating proper webhook.
> >
> >
> > Regards,
> > Subbareddy,
> > Persistent systems.
> >
> >
> >
> > -Original Message-
> > From: Qiming Teng [mailto:teng...@linux.vnet.ibm.com]
> > Sent: Wednesday, March 11, 2015 3:00 AM
> > To: openstack@lists.openstack.org
> > Subject: Re: [Openstack] [Heat][Ceilometer][Autoscaling]
> >
> > Checked your alarm_url string again, it seems that your heat.conf file
> contains this line:
> >
> > heat_waitcondition_server_url=http://
Re: [Openstack] Fwd: [Heat][Ceilometer][Autoscaling]
Hi,
I mean the statistic property of the Alarm resource [1], together with
period and evaluation_periods.
[1]
http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Ceilometer::Alarm
Best regards,
Pavlo Shchelokovskyy
Software Engineer
Mirantis Inc
www.mirantis.com
On Fri, Mar 13, 2015 at 3:19 PM, Chinasubbareddy M <
chinasubbaredd...@persistent.com> wrote:
> Hi,
>
>
>
> Thank you for your reply , part from your reply didn’t have any clue for
> me , here is that
>
>
>
> but by fiddling with aggregate functions you can surely set it up to alarm
> on some stack-average metrics.
>
>
>
> Could you please give me one example of such so that may help me out to go
> further ?
>
>
>
> *From:* Pavlo Shchelokovskyy [mailto:pshchelokovs...@mirantis.com]
> *Sent:* Friday, March 13, 2015 5:34 PM
> *To:* openstack@lists.openstack.org
> *Subject:* [Openstack] Fwd: [Heat][Ceilometer][Autoscaling]
>
>
>
> Hi,
>
>
>
> when setting up the ceilometer alarm, you provide it with metadata to
> query samples for (contains stack id in some form), and how to aggregate
> them. That's how ceilometer knows when to fire the alarm. AFAIR those
> examples in heat-templates create alarms that go off when any of the
> samples is above threshold, but by fiddling with aggregate functions you
> can surely set it up to alarm on some stack-average metrics.
>
>
>
> You can check the ceilometer resource metadata by launching an ASG stack
> and showing the ceilometer resource with id as id of one of nova servers.
>
>
>
> ceilometer resource-show -r {id-of-nova-server}
>
>
>
> Examining the user_metadata field, there will be something stack-id
> related. Use that user_metadata. name to setup the ceilometer alarm.
>
>
>
> Best regards,
>
>
> Pavlo Shchelokovskyy
>
> Software Engineer
>
> Mirantis Inc
>
> www.mirantis.com
>
>
>
> On Fri, Mar 13, 2015 at 1:23 PM, Chinasubbareddy M <
> chinasubbaredd...@persistent.com> wrote:
>
> Hello Qiming,
>
> When I put stress on the server, it is adding one more node to the auto
> scaling group. So I would like to know for the next scaling action to
> perform, is ceilometer alarm is raised based on the load on all existing
> machines in the auto scaling group or individual servers in the group.
>
> As Ceilometer is not considering stack as its resource, How it would
> calculate the statistics for the entire stack?
>
> Regards,
> Subbareddy,
> Persistent systems ltd.
>
> -Original Message-
> From: Chinasubbareddy M
> Sent: Wednesday, March 11, 2015 6:55 PM
> To: 'Qiming Teng'; openstack@lists.openstack.org
> Cc: David Peraza
> Subject: RE: [Openstack] [Heat][Ceilometer][Autoscaling]
>
> Hi,
>
> Thank you Qiming , finally it worked and problem was with auth uri in
> ec2token section , it has " /ec2token" , after removing it auto scaling
> started working .
>
> This is the final working parameter:
>
> [ec2authtoken]
> auth_uri=http://1.2.3.4:5000/v2.0
>
> -Original Message-
> From: Qiming Teng [mailto:teng...@linux.vnet.ibm.com]
> Sent: Wednesday, March 11, 2015 2:52 PM
> To: Chinasubbareddy M; openstack@lists.openstack.org
> Subject: Re: [Openstack] [Heat][Ceilometer][Autoscaling]
>
>
> > > http://:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3Aec3e93810a
> <http://%3cMY_IP%3e:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3Aec3e93810a>
> > > 7c
> > > 4be2881bd7ede428526a%3Astacks%2Fsrujana1%2Fc0b5862f-f3e6-4fa8-a6ef-f
> > > 2c
> > > f321a70bb%2Fresources%2Fweb_server_scaledown_policy?Timestamp=2 > > :/
> > > /%3cMY_IP%3e:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3Aec3e93810a7c
> > > 4b
> > > e2881bd7ede428526a%3Astacks%2Fsrujana1%2Fc0b5862f-f3e6-4fa8-a6ef-f2c
> > > f3 21a70bb%2Fresources%2Fweb_server_scaledown_policy?Timestamp=2>
> > > 015-03-10T03%3A56%3A36Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=30
> > > 13
> > > 823c3d564433b32c81c4bff2c638&SignatureVersion=2&Signature=CWLhRKiwRP
> > > OT 1P88i0AH8SaeY%2FA4QTQqMtkwY0gkZno%3D
>
>
> The alarm_url above shows that the part is hardcoded in your
> heat.conf file.
>
> Seems that your authentication to Keystone using ec2token has failed?
> You may check if you have the following settings in your heat.conf file:
>
> [ec2authtoken]
> auth_uri=http://1.2.3.4:5000/v2.0
>
> That is one reason that could lead to the problem you have met. Another
> thing to check is whether you have ec2 service configured in Keystone:
>
> $ keystone service-list | grep ec2
>
> It was fo
Re: [Openstack] [Heat][Ceilometer]
HI, when you create an alarm in Heat [1], you pass it the metadata to filter resources for which to collect samples (usually it involves a stack id in some way or another) and a ceilometer query to filter samples more precisely. Then using the aggregation function (statistic) e.g. average and a big enough period to aggregate upon (all set in the alarm resource of Heat too) you could effectively have an average load of all the servers in the autoscaling group combined as a trigger for an alarm. [1] http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Ceilometer::Alarm-props Best regards, Pavlo Shchelokovskyy Software Engineer Mirantis Inc www.mirantis.com On Fri, Mar 13, 2015 at 11:11 AM, Srujana C P wrote: > Hi, > > > > I am using sample heat template to understand the auto scaling > functionality. When I put stress on the server, it is adding one more node > to the auto scaling group. So I would like to know for the next scaling > action to perform, is ceilometer alarm is raised based on the load on all > existing machines in the auto scaling group or individual servers in the > group. > > > > As Ceilometer is not considering stack as its resource, How it would > calculate the statistics for the entire stack? > > > > Thanks, > > Srujana > > DISCLAIMER == This e-mail may contain privileged and confidential > information which is the property of Persistent Systems Ltd. It is intended > only for the use of the individual or entity to which it is addressed. If > you are not the intended recipient, you are not authorized to read, retain, > copy, print, distribute or use this message. If you have received this > communication in error, please notify the sender and delete all copies of > this message. Persistent Systems Ltd. does not accept any liability for > virus infected mails. > > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Heat Waitcondition error
Hi, it seems that your auth backend does not allow creating password-less users, and it looks like we have a bug in the WaitConditionHandle implementation. I've opened a bug for this - https://bugs.launchpad.net/heat/+bug/129 Best regards, Pavlo Shchelokovskyy Software Engineer Mirantis Inc www.mirantis.com On Wed, Apr 15, 2015 at 2:01 PM, Jesus arteche wrote: > hey guys, > > Im runing this template : > > > https://github.com/openstack/heat-templates/blob/master/hot/native_waitcondition.yaml > > On my Juno deployment, and I'm getting this error: > > *Create_Failed: Resource CREATE failed: BadRequest: Password is not strong > enough (HTTP 400)* > > This is for the Wait_Handle resource... > > Any idea? > > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Heat Waitcondition error
Hi, I honestly don't know, you should ask Keystone experts around Best, Pavlo Shchelokovskyy Software Engineer Mirantis Inc www.mirantis.com On Thu, Apr 16, 2015 at 2:50 PM, Jesus arteche wrote: > hey Pavio, > > How can I allow the password-less auth to do a quick check? > > On Wed, Apr 15, 2015 at 1:57 PM, Pavlo Shchelokovskyy < > pshchelokovs...@mirantis.com> wrote: > >> Hi, >> >> it seems that your auth backend does not allow creating password-less >> users, and it looks like we have a bug in the WaitConditionHandle >> implementation. I've opened a bug for this - >> https://bugs.launchpad.net/heat/+bug/129 >> >> Best regards, >> >> >> Pavlo Shchelokovskyy >> Software Engineer >> Mirantis Inc >> www.mirantis.com >> >> On Wed, Apr 15, 2015 at 2:01 PM, Jesus arteche >> wrote: >> >>> hey guys, >>> >>> Im runing this template : >>> >>> >>> https://github.com/openstack/heat-templates/blob/master/hot/native_waitcondition.yaml >>> >>> On my Juno deployment, and I'm getting this error: >>> >>> *Create_Failed: Resource CREATE failed: BadRequest: Password is not >>> strong enough (HTTP 400)* >>> >>> This is for the Wait_Handle resource... >>> >>> Any idea? >>> >>> ___ >>> Mailing list: >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> Post to : openstack@lists.openstack.org >>> Unsubscribe : >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> >>> >> >> ___ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] OpenStack RC file from within heat
Davio, yes, you could do that, but for local files only from CLI, not Horizon. You could use a "str_replace" and "get_file" functions. As an example, here https://github.com/pshchelo/stackdev/blob/master/templates/autoscaling/asg.yaml#L33-L45 I am dropping a local file through the Nova's user data to the VM. Though I must stress that passing real user cloud credentials inside VM is a security risk, VMs by default should be better considered as vulnerable. Best regards, On Fri, Feb 19, 2016 at 1:08 PM Davíð Örn Jóhannsson wrote: > Is it possible to gain access to OpenStack RC file from within a heat > template, in order to place it on a host during cloud init? > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > -- Dr. Pavlo Shchelokovskyy Senior Software Engineer Mirantis Inc www.mirantis.com ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] using Pseudo Parameters in heat
Hi,
as you mention, this is not a ResourceType (you can not create one) but a
pseudo-parameter (pseudo means it is not provided by user, but is
"understood" from the stack itself), thus they have not to be consistent re
capitalization.
Cheers,
On Fri, Feb 19, 2016 at 5:00 PM Davíð Örn Jóhannsson
wrote:
> Looks like ResourceTypes are not consistent in Casing it is
> OS::project_id not OS::Project_id
> --
> *Frá:* Davíð Örn Jóhannsson
> *Sent:* 19. febrúar 2016 14:30
> *Til:* openstack@lists.openstack.org
> *Efni:* [Openstack] using Pseudo Parameters in heat
>
>
> Does someone have any clue about using Pseudo Parameters in heat, my guess
> was to use it as follows but that resulted in property error The Parameter
> (project_id) was not provided and I have found no useful documentation up
> to this point.
>
>
> OpenStack Kilo
>
>
> user_data:
> str_replace:
> template: |
> #!/bin/bash -v
> echo '127.0.0.1 $SERVER_NAME' >> /etc/hosts
> echo $PROJECT_ID > /etc/project_id
> params:
> $SERVER_NAME: { get_param: server_name }
> $PROJECT_ID: { get_param: 'OS::Project_id' }
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
--
Dr. Pavlo Shchelokovskyy
Senior Software Engineer
Mirantis Inc
www.mirantis.com
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Access the floating ip address in heat
Hi David,
the last line in params for server's user_data seems wrong. I really doubt
you literally have template parameter named "OS::Nova::FloatingIP".
Instead you'd have to use get_attr on the OS::Nova::FloatingIP resource you
presumably already created in the template somewhere (you are using it in
the 'association' resource) like that [1]:
$FLOATING_IP: { get_attr: [floating_ip, ip ] }
[1]
http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Nova::FloatingIP-attr-ip
Cheers,
Dr. Pavlo Shchelokovskyy
Senior Software Engineer
Mirantis Inc
www.mirantis.com
On Mon, May 9, 2016 at 3:04 PM, Davíð Örn Jóhannsson
wrote:
> I’m trying to access the floating ip assigned to an instance created with
> a heat template and write it to file during creation of the instance, my
> approach is not working and I’m wondering if anyone has any suggestions on
> how I could archive this.
>
> server:
> type: OS::Nova::Server
> properties:
> name: { get_param: server_name }
> image: { get_param: image }
> flavor: { get_param: flavor }
> key_name: { get_param: key_name }
> scheduler_hints:
> group: {get_param: server_group }
> admin_user: { get_param: admin_user }
> networks:
> - port: { get_resource: test_data_server_port }
> user_data_format: RAW
> user_data:
> str_replace:
> template: |
> #!/bin/bash -v
> echo '127.0.0.1 $SERVER_NAME' >> /etc/hosts
> echo $PROJECT_ID > /etc/project_id
> echo $FLOATING_IP > /etc/floating_ip
>
> params:
> $SERVER_NAME: { get_param: server_name }
> $PROJECT_ID: { get_param: 'OS::project_id' }
> $FLOATING_IP: { get_param: 'OS::Nova::FloatingIP' }
>
> test_data_server_port:
> type: OS::Neutron::Port
> properties:
> network_id: { get_param: private_net_id }
> security_groups: [{ get_param: test_security_group }, default]
> replacement_policy: AUTO
>
> association:
> type: OS::Nova::FloatingIPAssociation
> properties:
> floating_ip: { get_resource: floating_ip }
> server_id: { get_resource: test_server }
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Heat autoscaling: heat.engine.resource Forbidden: You are not authorized to perform the requested action.
Hi,
no, "heat_stack_owner" role is actually not needed in MOS 8.0. Earlier it
was used as a special role to pass via trusts, but now all roles are passed
via trust by default. You also do not have to be "admin" either, priviledge
"escalation" is handled by Heat using Keystone V3 trusts and domains which
should have been set up automatically during deployment.
One question though - Is by any chance the "heat_stack_user" role assigned
to the actual ("human") user who is accessing Heat API? It _must_not_ be -
this is a special role used by internal Heat-created users (implementation
detail), and it has _very_ limited privileges in regard Heat API access.
Also, could you show the template you are testing autoscaling with? just in
case...
Cheers,
Dr. Pavlo Shchelokovskyy
Senior Software Engineer
Mirantis Inc
www.mirantis.com
On Tue, May 10, 2016 at 6:52 PM, magicb...@hotmail.com <
magicb...@hotmail.com> wrote:
> Hi again,
>
> these are the roles I have :
>
> #openstack role list
> +--+-+
> | ID | Name|
> +--+-+
> | 0d77782f1ae54fa799b0585b267fb746 | ResellerAdmin |
> | 2c0a5b381f2b4f10b42aaa09678210a5 | heat_stack_user |
> | 9fe2ff9ee4384b1894a90878d3e92bab | _member_|
> | d819d32c0eba4c86a99241e741c241c1 | admin |
> | e0729bbb6f8544268fd371e50682754a | SwiftOperator |
>
>
> So, there is no "heat_stack_owner" role defined in my environment, but
> you're right, in
> http://docs.openstack.org/draft/install-guide-ubuntu/heat-install.html
> docs says:
>
> *Add the **heat_stack_owner** role to the **demo** project and user to
> enable stack management by the **demo** user:*
>
> *$** openstack role add --project demo --user demo heat_stack_owner*
>
>
> Is this a bug in Mirantis MOS 8.0?
>
>
> On 10/05/16 17:05, magicb...@hotmail.com wrote:
>
> Hi Raghavendra,
>
>
> how can I check those privileges? Even with "admin" user, I get the same
> error. :(
>
> Best regards
>
> J.
> On 10/05/16 13:23,
> raghavendra@accenture.com wrote:
>
> Hi Mag,
>
>
>
> Please check if you have provided the *heat-stack-owner* and *admin
> *privileges
> to the tenant then try to spin up the Heat stack.
>
>
>
> Regards,
>
> Raghavendra Lad
>
>
>
> *From:* magicb...@hotmail.com [mailto:magicb...@hotmail.com
> ]
> *Sent:* Tuesday, May 10, 2016 4:30 PM
> *To:* openstack@lists.openstack.org
> *Subject:* [Openstack] Heat autoscaling: heat.engine.resource Forbidden:
> You are not authorized to perform the requested action.
>
>
>
> Hi
>
> testing Openstack Mitaka (deployed with Mirantis FUEL 8.0), when testing
> Heat Autoscaling, I get this error:
>
> *heat.engine.resource Forbidden: You are not authorized to perform the
> requested action.*
>
>
>
> Any ideas on what's going on?
>
>
>
> Thanks in advance.
>
> J
>
>
>
>
>
> --
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited. Where allowed
> by local law, electronic communications with Accenture and its affiliates,
> including e-mail and instant messaging (including content), may be scanned
> by our systems for the purposes of information security and assessment of
> internal compliance with Accenture policy.
>
> __
>
> www.accenture.com
>
>
>
>
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Openstack Heat for normal users?
Hi, are you sure that's "heat_stack_owner" and _not_ "heat_stack_user" role that is assigned to your normal, non-admin user? These are frequently confused, but there's a great deal of difference between them, the latter role indeed has almost no access to Heat API. Also, what OpenStack version are you using? AFAIR starting from Kilo (or may be even later maintenance releases of Juno) one does not actually need the heat_stack_owner role altogether, all user roles should be passed via trust by default (you have to make sure Heat is configured to use Keystone V3 for that). Cheers, Dr. Pavlo Shchelokovskyy Senior Software Engineer Mirantis Inc www.mirantis.com On Tue, May 17, 2016 at 4:19 PM, Florian Rommel < florian.rom...@datalounges.com> wrote: > Hi, all, most of our major hurdles are now gone with Openstack and it > looks almost all great now.. > > Now the tricky part. I have gotten into HEAT and have written many > templates and actually very complex ones too and I would love for normal > users and other tenants to be able to use them but I keep getting an error > retrieving stack list. > The user has heat stack owner assigned to him and i can see orchestration > in the dashboard but no stacks can be retrieved nor looked at the resource > types. What exactly kind of permissions/groups does the user need to be in? > Thanks again for any help already. > when i source the demo rc file i get: > > root@control:~ # source .opendemo > root@control:~ # heat stack-list > ERROR: You are not authorized to use index. > root@control:~ # > > while the admin rc gives: > > root@control:~ # heat stack-list > > +--++-++--+ > | id | stack_name | stack_status| > creation_time | updated_time | > > +--++-++--+ > | e7ca31f9-cd14-4f98-9f71-566ef69809c0 | Test4 | CREATE_COMPLETE | > 2016-05-17T12:37:33.684783 | None | > > +--++-++--+ > root@control:~ # > > only difference is the project name and username/password. > > Best regards, > //FR > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Openstack Heat for normal users?
Hi Florian, great to hear that your problem is solved. As I pointed out, in Liberty you actually do not need the "heat_stack_owner" role at all. Just make sure that in your heat.conf the following option is set to empty value (which AFAIK is default in Liberty): # Subset of trustor roles to be delegated to heat. If left unset, all roles of # a user will be delegated to heat when creating a stack. (list value) trusts_delegated_roles = (that's new line right after after "=", for oslo_cfg to parse empty ListOpt). At some point, heat_stack_owner role was used by default as a single role to be passed via trust, but now we can pass all roles at once without a need of a special role. So to avoid future confusion, you can consider deleting the heat_stack_owner role and strictly advise people to not use heat_stack_user role for actual (human) OpenStack users (this one is internal for Heat). You could also rename that role to anything less confusing (like "heat_internal_do_not_use" :) ) and reconfigure heat.conf and heat's policy.json to use that name as a role for Heat-internal users. Cheers, Dr. Pavlo Shchelokovskyy Senior Software Engineer Mirantis Inc www.mirantis.com On Tue, May 17, 2016 at 5:29 PM, Florian Rommel < florian.rom...@datalounges.com> wrote: > Hi, thank you for pointing it out, apparently you need to have one of the > roles applied in Liberty (which is what we used), but my demo user had both > applied. If then chooses the lower level access, hence no access. Once I > gave the user only heat_stack_owner i could deploy stacks within the normal > projects as normal users. > > Thank you again. > > //Florian > > On 17 May 2016, at 16:37, Pavlo Shchelokovskyy < > pshchelokovs...@mirantis.com> wrote: > > Hi, > > are you sure that's "heat_stack_owner" and _not_ "heat_stack_user" role > that is assigned to your normal, non-admin user? These are frequently > confused, but there's a great deal of difference between them, the latter > role indeed has almost no access to Heat API. > > Also, what OpenStack version are you using? AFAIR starting from Kilo (or > may be even later maintenance releases of Juno) one does not actually need > the heat_stack_owner role altogether, all user roles should be passed via > trust by default (you have to make sure Heat is configured to use Keystone > V3 for that). > > Cheers, > > Dr. Pavlo Shchelokovskyy > Senior Software Engineer > Mirantis Inc > www.mirantis.com > > On Tue, May 17, 2016 at 4:19 PM, Florian Rommel < > florian.rom...@datalounges.com> wrote: > >> Hi, all, most of our major hurdles are now gone with Openstack and it >> looks almost all great now.. >> >> Now the tricky part. I have gotten into HEAT and have written many >> templates and actually very complex ones too and I would love for normal >> users and other tenants to be able to use them but I keep getting an error >> retrieving stack list. >> The user has heat stack owner assigned to him and i can see orchestration >> in the dashboard but no stacks can be retrieved nor looked at the resource >> types. What exactly kind of permissions/groups does the user need to be in? >> Thanks again for any help already. >> when i source the demo rc file i get: >> >> root@control:~ # source .opendemo >> root@control:~ # heat stack-list >> ERROR: You are not authorized to use index. >> root@control:~ # >> >> while the admin rc gives: >> >> root@control:~ # heat stack-list >> >> +--++-++--+ >> | id | stack_name | stack_status| >> creation_time | updated_time | >> >> +--++-++--+ >> | e7ca31f9-cd14-4f98-9f71-566ef69809c0 | Test4 | CREATE_COMPLETE | >> 2016-05-17T12:37:33.684783 | None | >> >> +--++-++--+ >> root@control:~ # >> >> only difference is the project name and username/password. >> >> Best regards, >> //FR >> ___ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> > > > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Heat create-stack fails.
Hi Michael, you should consult the docs for "keystoneauth" library [0], that is actually using these options to construct an authentificated client. It supports quite a number of auth plugins (that's what you specify as auth_type), each having specific other options. [0] http://docs.openstack.org/developer/keystoneauth/authentication-plugins.html Cheers, Dr. Pavlo Shchelokovskyy Senior Software Engineer Mirantis Inc www.mirantis.com On Fri, Jun 3, 2016 at 6:21 AM, Michael Van Der Beek < michael@antlabs.com> wrote: > Hi Eugen, > > > > For some reason, I’m not getting any email from this list. > > My mailserver doesn’t even show any attempts from the list server. > > > > Anyway, the install guide does not specify what the auth_plugin is suppose > to be. > > By default auth_plugin is depreciated. > > > > # Authentication type to load (unknown value) > > # Deprecated group;name - DEFAULT;auth_plugin > > #auth_type= > > > > As the install guide does not specified, any idea what should I put in > here. > > > > The guide has many places that the commands have changed syntax so its not > very accurate any more. > > > > Regards, > > > > Michael > > - > > Hi, > > I'm just guessing, but maybe you didn't change the auth_plugin in > nova.conf on compute node? > > Regards, > Eugen > > > > *From:* Michael Van Der Beek > *Sent:* Thursday, June 2, 2016 4:48 PM > *To:* 'openstack@lists.openstack.org' > *Subject:* Heat create-stack fails. > > > > Hi All, > > > > Sorry to trouble you guys. > > I’ve been following the install guide found at > > > http://docs.openstack.org/juno/install-guide/install/yum/content/ch_preface.html > > > > I’ve gotten everything to work except the Orchestra. > > > > When I do this. > > [root@controller nova]# heat stack-create -f /root/test-stack.yml -P > "ImageID=cirros-0.3.3-x86_64;NetID=$NET_ID" testStack > > > +--+++-+--+ > > | id | stack_name | stack_status | > creation_time | updated_time | > > > +--+++-+--+ > > | a3c21978-78e0-4cb1-b92e-cb853df4aa04 | testStack | CREATE_IN_PROGRESS | > 2016-06-02T08:39:53 | None | > > > +--+++-+--+ > > > > Later.. > > [root@controller nova]# heat stack-list > > > +--++---+-+--+ > > | id | stack_name | stack_status | > creation_time | updated_time | > > > +--++---+-+--+ > > | a3c21978-78e0-4cb1-b92e-cb853df4aa04 | testStack | CREATE_FAILED | > 2016-06-02T08:39:53 | None | > > > +--++---+-+--+ > > > > From what I understand, the heat log shows this: > > 2016-06-02 16:39:53.681 2853 INFO heat.engine.stack [-] Stack CREATE > IN_PROGRESS (testStack): Stack CREATE started > > 2016-06-02 16:39:53.692 2853 INFO heat.engine.resource [-] creating Server > "server" Stack "testStack" [a3c21978-78e0-4cb1-b92e-cb853df4aa04] > > 2016-06-02 16:39:54.699 2853 INFO heat.engine.resource [-] CREATE: Server > "server" Stack "testStack" [a3c21978-78e0-4cb1-b92e-cb853df4aa04] > > 2016-06-02 16:39:54.699 2853 ERROR heat.engine.resource Traceback (most > recent call last): > > 2016-06-02 16:39:54.699 2853 ERROR heat.engine.resource File > "/usr/lib/python2.7/site-packages/heat/engine/resource.py", line 704, in > _action_recorder > > 2016-06-02 16:39:54.699 2853 ERROR heat.engine.resource yield > > 2016-06-02 16:39:54.699 2853 ERROR heat.engine.resource File > "/usr/lib/python2.7/site-packages/heat/engine/resource.py", line 775, in > _do_action > > 2016-06-02 16:39:54.699 2853 ERROR heat.engine.resource yield > self.action_handler_task(action, args=handler_args) > > 2016-06-02 16:39:54.699 2853 ERROR heat.engine.resource File > "/usr/lib/python2.7/site-packages/heat/engine/scheduler.py", line 297, in > wrapper > > 2016-06-02 16:39:54.699 2853 ERROR heat.engine.reso
Re: [Openstack] [heat][nova][cinder]Mount a CD-ROM ISO to an instance
Hi, do you mean the configdrive? It is iso9660 filesystem image attached to vm on boot by Nova and containing the bootstrap configuration for VM and is used by cloud-init [0] You can force creation of configdrive for a particular instance via Heat template too [1] [0] http://docs.openstack.org/user-guide/cli_config_drive.html [1] http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Nova::Server-prop-config_drive Cheers, Dr. Pavlo Shchelokovskyy Senior Software Engineer Mirantis Inc www.mirantis.com On Thu, Jun 9, 2016 at 11:20 AM, pnkk wrote: > Hi, > > Can you please suggest a way to mount a cdrom iso to a instance during > boot time along with the actual image. > > That iso has the bootstrap configuration needed for the VM. > > Regards, > Kanthi > > > > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Nova][Ironic] An issue of provision 3 ironic nodes using Heat
Hi Gary, this is a known limitation of current model of Nova/Ironic interaction, which should be solved with ongoing Resource Providers work [0]. In the meantime I could suggest two options: - as you are using Heat's ResourceGroup anyway, you can use batching capabilities of ResourceGroup and create servers in batches of 1 with some delay [1] - tweak nova scheduler settings. In particular, scheduler_host_subset_size (default is 1) might be increased (if you have only Ironic hypervisors, then up to the number of baremetal nodes in your deployment) - this will not guarantee the successful scheduling, but will reduce number of collisions and retry attempts. Also, in regards Heat+Nova+Ironic, beware of the following bug [2] and do not pre-create ports in the template to assign them to servers later if those are going to be baremetal servers, it's not going to work. Let Nova do the ports handling for you. [0] https://review.openstack.org/#/c/312696/ [1] http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Heat::ResourceGroup-prop-batch_create [2] https://bugs.launchpad.net/nova/+bug/1544195 Cheers, Dr. Pavlo Shchelokovskyy Senior Software Engineer Mirantis Inc www.mirantis.com On Tue, Jun 14, 2016 at 5:10 PM, Duan, Li-Gong (Gary, HPServers-Core-OE-PSC) wrote: > > Hi, > > > > We are encountering a weird error when we try to use a heat template(resource group) to provision 3 baremetal machines. Only the first instance is provisioned successfully while other 2 instances failed because they are assigned to the same ironic node and they failed to bind a network port, according to the logs. > > Btw, it succeeds if we just provision one node at a time. > > > > Have you ever encountered similar issues or any suggestions on how to fixing this issue? > > > > Any comments/suggestions would be appreciated greatly. > > Feel free to let me know if you need further details about this issues. > > > > start of n-sch.log --- > > 2016-06-14 18:41:50.872 ^[[00;32mDEBUG nova.scheduler.filter_scheduler [^[[01;36mreq-8d084465-4ed7-440e-b016-6dc7fcc3882b ^[[00;36madmin admin^[[00;32m] ^[[01;35m^[[00;32mFiltered [(Magnum, 6671314c-12a6-4090-85dc-2d1882188af0) ram: 16384MB disk: 69632MB io_ops: 0 instances: 0, (Magnum, 695ae540-83a4-4d06-a17b-02e72c81805a) ram: 16384MB disk: 857088MB io_ops: 0 instances: 0, (Magnum, 9bf2b3ba-d62d-4e3f-8c39-df174b786749) ram: 16384MB disk: 570368MB io_ops: 0 instances: 0]^[[00m ^[[00;33mfrom (pid=20074) _schedule /opt/stack/nova/nova/scheduler/filter_scheduler.py:118^[[00m > > 1097 2016-06-14 18:41:50.873 ^[[00;32mDEBUG nova.scheduler.filter_scheduler [^[[01;36mreq-8d084465-4ed7-440e-b016-6dc7fcc3882b ^[[00;36m admin admin^[[00;32m] ^[[01;35m^[[00;32mSelected host: WeighedHost [host: (Magnum, 695ae540-83a4-4d06-a17b-02e72c81805a) ram: 16384 MB disk: 857088MB io_ops: 0 instances: 0, weight: 1.25]^[[00m ^[[00;33mfrom (pid=20074) _schedule /opt/stack/nova/nova/scheduler/fi lter_scheduler.py:131^[[00m > > > > 1142 2016-06-14 18:41:51.628 ^[[00;32mDEBUG nova.scheduler.filter_scheduler [^[[01;36mreq-885b8ffc-d8a5-449c-a31e-335e88d2b839 ^[[00;36m admin admin^[[00;32m] ^[[01;35m^[[00;32mWeighed [WeighedHost [host: (Magnum, 695ae540-83a4-4d06-a17b-02e72c81805a) ram: 12288MB dis k: 840704MB io_ops: 0 instances: 0, weight: 1.11066308244], WeighedHost [host: (Magnum, 9bf2b3ba-d62d-4e3f-8c39-df174b786749) ram: 16384MB disk: 570368MB io_ops: 0 instances: 0, weight: 0.999103942652], WeighedHost [host: (Magnum, 6671314c-12a6-4090-85dc-2d18821 88af0) ram: 16384MB disk: 69632MB io_ops: 0 instances: 0, weight: 0.560931899642]]^[[00m ^[[00;33mfrom (pid=20074) _schedule /opt/s tack/nova/nova/scheduler/filter_scheduler.py:123^[[00m > > 1143 2016-06-14 18:41:51.628 ^[[00;32mDEBUG nova.scheduler.filter_scheduler [^[[01;36mreq-885b8ffc-d8a5-449c-a31e-335e88d2b839 ^[[00;36m admin admin^[[00;32m] Selected host: WeighedHost [host: (Magnum, 695ae540-83a4-4d06-a17b-02e72c81805a) ram: 12288 MB disk: 840704MB io_ops: 0 instances: 0, weight: 1.11066308244]^[[00m ^[[00;33mfrom (pid=20074) _schedule /opt/stack/nova/nova/sch eduler/filter_scheduler.py:131 > > -- end of n-sch.log -- > > > > --- n-cpu.log-- > > 13129 2016-06-14 18:41:51.087 ^[[00;36mINFO nova.compute.claims [^[[01;36mreq-8d084465-4ed7-440e-b016-6dc7fcc3882b ^[[00;36madmin admin^[[00;36m] ^[[01;35m[instance: cf88cb38-e54e-4e19-85ec-d97a03098dfb] ^[[00;36mTotal disk: 837 GB, used: 0.00 GB^[[00m > > > > 13159 2016-06-14 18:41:51.581 ^[[00;32mDEBUG nova.compute.manager [^[[01;36mreq-8d084465-4ed7-440e-b016-6dc7fcc3882b ^[[00;36madmin admin^[[00;32m] ^[[01;35m [instance: cf88cb38-e54e-4e19-85ec-d97a03098dfb] ^[[00;32mStart spawning the instance on the hyperv
Re: [Openstack] [openstack][ironic]Question about whole image build
Hi James, e.g. when building images with DIB [0] you can install additional packages with "-p ,..." CLI argument. BTW, which OS are you referring to - the bootstrap image used by Ironic or the target image that is applied to the BM node? [0] http://docs.openstack.org/developer/diskimage-builder/ Cheers, Dr. Pavlo Shchelokovskyy Senior Software Engineer Mirantis Inc www.mirantis.com On Thu, Jun 16, 2016 at 10:04 AM, James Guo wrote: > Different ironic node maybe have different hardware. > So OS must install different hardware driver. > Then how to make image adapt to different hardware? > Do we need tools like sysprep or kudzu? > > > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [ironic]ironic-python-agent fails to lookup node with 401 status code
Hi, you shouldn't use the latest master IPA version with ironic as of Mitaka release. The ironic API endpoint it tries to contact (v1/lookup...) was introduced during Newton development and thus is present in ironic API from Newton release onwards. The fallback to the old lookup endpoint (implemented as vendor driver passthru) was removed recently from IPA in master branch (after Newton release). That means your IPA version tries to contact the ironic API via endpoint that does not exist in this ironic version. Use ramdisk with IPA built from stable/mitaka or stable/newton branches. As for the "without any authentication" point - yes, that's the way it currently works, all communications between IPA and ironic API are not using Keystone tokens as we still have to figure out a reliable and secure way to pass tokens or credentials to get them into the ramdisk. Cheers, Dr. Pavlo Shchelokovskyy Senior Software Engineer Mirantis Inc www.mirantis.com On Thu, Jan 12, 2017 at 5:13 AM, int32bit wrote: > Hi, All, > > I'm a newcomer to Openstack Ironic. Recently, I'm work on deploy ironic > manually, and I found that the node status 100% *blocked in `callback > wait` status* until timeout. The ironic-api log shows that: > > 2017-01-12 10:21:00.626 158262 INFO keystonemiddleware.auth_token [-] > Rejecting request > 2017-01-12 10:21:00.627 158262 INFO ironic_api [-] 10.0.81.31 "GET > /v1/lookup?addresses=xxx HTTP/1 > > I guess the problem is IPA, so I dug into IPA source and traced the > request process and found that the IPA client request *without any > authentication* [1]. > > [1] https://github.com/openstack/ironic-python-agent/ > blob/master/ironic_python_agent/ironic_api_client.py#L109-L111 > > > My ironic version is *5.1.1-1(mitaka) *and *IPA has updated to newest > version from master branch*. > > My config as follows: > > ``` > [keystone_authtoken] > auth_uri=http://:5000/ > auth_version=v3.0 > identity_uri=http://:35357/ > admin_user=ironic > admin_password=IRONIC_PASSWORD > admin_tenant_name=service > > [conductor] > api_url=http://201.0.0.120:6385 # ensure the node can access > ``` > > I'm really not sure if I miss something or something wrong in config. > > Thanks for any help! > krystism > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [ironic]ironic-python-agent fails to lookup node with 401 status code
Hi, I'm pretty sure one can, via overriding source_repository element settings [0] with export DIB_REPOREF_ironic_agent=stable/mitaka [0[ https://github.com/openstack/diskimage-builder/blob/7fc4856c6a0f5d63cdba2ee30ea7c7d762676bb6/elements/source-repositories/README.rst#override-per-source Cheers, Dr. Pavlo Shchelokovskyy Senior Software Engineer Mirantis Inc www.mirantis.com On Thu, Jan 12, 2017 at 4:46 PM, int32bit wrote: > Thanks Pavlo! After downgrade my IPA to Mitaka branch, my ironic seems > work fine now. But another problem, can we specify IPA version when we > create image via DIB? > > On Thu, Jan 12, 2017 at 3:42 PM, Pavlo Shchelokovskyy < > pshchelokovs...@mirantis.com> wrote: > >> Hi, >> >> you shouldn't use the latest master IPA version with ironic as of Mitaka >> release. >> The ironic API endpoint it tries to contact (v1/lookup...) was introduced >> during Newton development and thus is present in ironic API from Newton >> release onwards. The fallback to the old lookup endpoint (implemented as >> vendor driver passthru) was removed recently from IPA in master branch >> (after Newton release). That means your IPA version tries to contact the >> ironic API via endpoint that does not exist in this ironic version. Use >> ramdisk with IPA built from stable/mitaka or stable/newton branches. >> >> As for the "without any authentication" point - yes, that's the way it >> currently works, all communications between IPA and ironic API are not >> using Keystone tokens as we still have to figure out a reliable and secure >> way to pass tokens or credentials to get them into the ramdisk. >> >> Cheers, >> >> Dr. Pavlo Shchelokovskyy >> Senior Software Engineer >> Mirantis Inc >> www.mirantis.com >> >> On Thu, Jan 12, 2017 at 5:13 AM, int32bit wrote: >> >>> Hi, All, >>> >>> I'm a newcomer to Openstack Ironic. Recently, I'm work on deploy ironic >>> manually, and I found that the node status 100% *blocked in `callback >>> wait` status* until timeout. The ironic-api log shows that: >>> >>> 2017-01-12 10:21:00.626 158262 INFO keystonemiddleware.auth_token [-] >>> Rejecting request >>> 2017-01-12 10:21:00.627 158262 INFO ironic_api [-] 10.0.81.31 "GET >>> /v1/lookup?addresses=xxx HTTP/1 >>> >>> I guess the problem is IPA, so I dug into IPA source and traced the >>> request process and found that the IPA client request *without any >>> authentication* [1]. >>> >>> [1] https://github.com/openstack/ironic-python-agent/blob/ma >>> ster/ironic_python_agent/ironic_api_client.py#L109-L111 >>> >>> >>> My ironic version is *5.1.1-1(mitaka) *and *IPA has updated to newest >>> version from master branch*. >>> >>> My config as follows: >>> >>> ``` >>> [keystone_authtoken] >>> auth_uri=http://:5000/ >>> auth_version=v3.0 >>> identity_uri=http://:35357/ >>> admin_user=ironic >>> admin_password=IRONIC_PASSWORD >>> admin_tenant_name=service >>> >>> [conductor] >>> api_url=http://201.0.0.120:6385 # ensure the node can access >>> ``` >>> >>> I'm really not sure if I miss something or something wrong in config. >>> >>> Thanks for any help! >>> krystism >>> >>> ___ >>> Mailing list: http://lists.openstack.org/cgi >>> -bin/mailman/listinfo/openstack >>> Post to : openstack@lists.openstack.org >>> Unsubscribe : http://lists.openstack.org/cgi >>> -bin/mailman/listinfo/openstack >>> >>> >> > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [HEAT] order in attributes list
Hi,
AFAIU the get_attr function does not use the values you've passed to Heat
in the resource definition, instead it fetches their actual values from
Neutron (basically making a 'port show' API call), and Heat does nothing
wrt to ordering afterwards.
Btw AFAIR this is exactly why heat requires a separate network with single
IPv4 subnet during tempest tests - the default network created by devstack
at some point started to have both IPv4 and IPv6 subnets, and there's no
way I know of to get specifically the IPv4 address using get_attr.
OTOH may be some newer Heat template features like map filters,
conditionals and yaql expressions could possibly be utilized for that..
need to investigate :-)
Cheers,
On Tue, Apr 3, 2018 at 6:10 PM, Volodymyr Litovka wrote:
> Hi colleagues,
>
> I have the following HOT configuration of a port:
>
> n1-wan:
> type: OS::Neutron::Port
> properties:
> fixed_ips:
> - { subnet: e-subnet1, ip_address: 51.x.x.x }
> - { subnet: e-subnet2, ip_address: 25.x.x.x }
>
> when I try to extract these values in template using {get_attr}, then,
> regardless of fixed_ips' order in port definition (either "subnet1,
> subnet2" or "subnet2, subnet1"), the value of { get_attr: [n1-wan,
> fixed_ips] } always give the following result:
>
> output_value:
>- ip_address: 25.x.x.x
> subnet_id: ...
>- ip_address: 51.x.x.x
> subnet_id: ...
>
> and, thus, { get_attr: [n1-wan, fixed_ips, 1, ip_address ] } gives me
> 51.x.x.x value.
>
> So, the question is - how the list of fixed_ips is ordered? Is there way
> to know for sure index of entry I'm interested in?
>
> Thank you.
>
> --
> Volodymyr Litovka
> "Vision without Execution is Hallucination." -- Thomas Edison
>
>
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac
> k
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac
> k
>
--
Dr. Pavlo Shchelokovskyy
Senior Software Engineer
Mirantis Inc
www.mirantis.com
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
