From mehbhatt at cisco.com Tue Oct 1 06:29:41 2013 From: mehbhatt at cisco.com (Mehul Bhatt (mehbhatt)) Date: Tue, 1 Oct 2013 06:29:41 +0000 Subject: [rhos-list] Ceph on RHOS 3 Message-ID: Greetings folks, I am compiling Ceph on RHEL as of now, but I was wondering can I download & install using yum? I was trying to follow steps listed at http://openstack.redhat.com/Using_Ceph_for_Block_Storage_with_RDO, but apparently, there is no yum package named "ceph-deploy". "yum install ceph-deploy python-pushy" fails with both packages unavailable: [root at rhos-storage-node2 ~]# yum install ceph-deploy python-pushy Loaded plugins: priorities, product-id, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. rhel-6-server-cf-tools-1-rpms | 2.8 kB 00:00 rhel-6-server-rhev-agent-rpms | 3.1 kB 00:00 rhel-6-server-rpms | 3.7 kB 00:00 rhel-6-server-rpms/primary_db | 22 MB 00:21 rhel-ha-for-rhel-6-server-rpms | 3.7 kB 00:00 rhel-lb-for-rhel-6-server-rpms | 3.7 kB 00:00 rhel-server-ost-6-3-rpms | 2.8 kB 00:00 rhel-server-ost-6-3-rpms/primary_db | 1.6 MB 00:58 330 packages excluded due to repository priority protections Setting up Install Process No package ceph-deploy available. No package python-pushy available. Error: Nothing to do Any idea? Or building Ceph from scratch is the only option? Thanks, -Mehul. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mehbhatt at cisco.com Tue Oct 1 06:48:18 2013 From: mehbhatt at cisco.com (Mehul Bhatt (mehbhatt)) Date: Tue, 1 Oct 2013 06:48:18 +0000 Subject: [rhos-list] Ceph on RHOS 3 Message-ID: Never mind - I took the hard path of building from scratch - following page has information about where are the released RPMs: http://ceph.com/docs/master/install/rpm/ -Mehul. From: Mehul Bhatt (mehbhatt) Sent: Tuesday, October 01, 2013 12:00 PM To: rhos-list at redhat.com Subject: Ceph on RHOS 3 Greetings folks, I am compiling Ceph on RHEL as of now, but I was wondering can I download & install using yum? I was trying to follow steps listed at http://openstack.redhat.com/Using_Ceph_for_Block_Storage_with_RDO, but apparently, there is no yum package named "ceph-deploy". "yum install ceph-deploy python-pushy" fails with both packages unavailable: [root at rhos-storage-node2 ~]# yum install ceph-deploy python-pushy Loaded plugins: priorities, product-id, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. rhel-6-server-cf-tools-1-rpms | 2.8 kB 00:00 rhel-6-server-rhev-agent-rpms | 3.1 kB 00:00 rhel-6-server-rpms | 3.7 kB 00:00 rhel-6-server-rpms/primary_db | 22 MB 00:21 rhel-ha-for-rhel-6-server-rpms | 3.7 kB 00:00 rhel-lb-for-rhel-6-server-rpms | 3.7 kB 00:00 rhel-server-ost-6-3-rpms | 2.8 kB 00:00 rhel-server-ost-6-3-rpms/primary_db | 1.6 MB 00:58 330 packages excluded due to repository priority protections Setting up Install Process No package ceph-deploy available. No package python-pushy available. Error: Nothing to do Any idea? Or building Ceph from scratch is the only option? Thanks, -Mehul. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dneary at redhat.com Tue Oct 1 15:03:31 2013 From: dneary at redhat.com (Dave Neary) Date: Tue, 01 Oct 2013 17:03:31 +0200 Subject: [rhos-list] Ceph on RHOS 3 In-Reply-To: References: Message-ID: <524AE443.7010602@redhat.com> Hi, Did you do the two prerequisite steps listed in the page http://ceph.com/docs/master/install/rpm/ (linked to from the page you mention below): sudo rpm --import 'https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc' su -c 'rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm' sudo yum install snappy leveldb gdisk python-argparse gperftools-libs su -c 'rpm -Uvh http://ceph.com/rpm-dumpling/el6/noarch/ceph-release-1-0.el6.noarch.rpm' Interesting mix of sudo and su -c there... Cheers, Dave. On 10/01/2013 08:29 AM, Mehul Bhatt (mehbhatt) wrote: > Greetings folks, > > > > I am compiling Ceph on RHEL as of now, but I was wondering can I > download & install using yum? I was trying to follow steps listed at > http://openstack.redhat.com/Using_Ceph_for_Block_Storage_with_RDO, but > apparently, there is no yum package named "ceph-deploy". > > > > "yum install ceph-deploy python-pushy" fails with both packages unavailable: > > > > [root at rhos-storage-node2 ~]# yum install ceph-deploy python-pushy > > Loaded plugins: priorities, product-id, security, subscription-manager > > This system is receiving updates from Red Hat Subscription Management. > > rhel-6-server-cf-tools-1-rpms | 2.8 kB 00:00 > > rhel-6-server-rhev-agent-rpms | 3.1 kB 00:00 > > rhel-6-server-rpms | 3.7 kB 00:00 > > rhel-6-server-rpms/primary_db | 22 MB 00:21 > > rhel-ha-for-rhel-6-server-rpms | 3.7 kB 00:00 > > rhel-lb-for-rhel-6-server-rpms | 3.7 kB 00:00 > > rhel-server-ost-6-3-rpms | 2.8 kB 00:00 > > rhel-server-ost-6-3-rpms/primary_db | 1.6 MB 00:58 > > 330 packages excluded due to repository priority protections > > Setting up Install Process > > *No package ceph-deploy available.* > > *No package python-pushy available.* > > Error: Nothing to do > > > > > > Any idea? Or building Ceph from scratch is the only option? > > > > > > Thanks, > > > > -Mehul. > > > > _______________________________________________ > rhos-list mailing list > rhos-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhos-list > -- Dave Neary - Community Action and Impact Open Source and Standards, Red Hat - http://community.redhat.com Ph: +33 9 50 71 55 62 / Cell: +33 6 77 01 92 13 From dhkarimi at sei.cmu.edu Mon Oct 7 12:42:38 2013 From: dhkarimi at sei.cmu.edu (Derrick H. Karimi) Date: Mon, 7 Oct 2013 12:42:38 +0000 Subject: [rhos-list] Cirros VM image DHCP issues In-Reply-To: <5229E5C9.1070506@redhat.com> References: <521B3BFA.70109@redhat.com> <018AC617-CF5E-4079-A186-56AD36A2FC57@redhat.com> <521B9438.2080902@redhat.com> <9C3E8F27-E3BB-4AEA-B650-00967544BC2D@redhat.com> <421EE192CD0C6C49A23B97027914202B158236AD@marathon> <5229E5C9.1070506@redhat.com> Message-ID: <5252AC3D.9070902@sei.cmu.edu> Sorry for the late reply. On 09/06/2013 10:25 AM, Perry Myers wrote: > On 09/06/2013 08:42 AM, Derrick H. Karimi wrote: >> I have seen the similar issue (also happens with some Ubuntu images), this solved it for me >> >> iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill > Is that a rule you put in the guest or on the host? This is a rule on the host. > > Do you only see this issue on Cirros images or by chance do you see it > with Fedora or RHEL images as well? My redhat images never had this problem. I don't have any fedora images. My Cirros and Ubuntu images have this problem. But I have not tried the recent cirros images mentioned in this thread. > >> taken from here >> http://serverfault.com/questions/448347/instances-in-openstack-are-not-getting-dhcp-leases > There was some talk on this thread that if virtio networking is enabled, > this behavior doesn't occur... What did you find? Unknown. That is starting to get over my head. > > Perry I should also note, that it was some months ago (with Folsom) when I applied this "fix" and I would expect if I started today with the latest software and images that this issue could be gone, or the OP does in fact have a different issue. -- --Derrick H. Karimi --Software Developer, SEI Emerging Technology Center --Carnegie Mellon University From xzhao at bnl.gov Fri Oct 11 13:46:03 2013 From: xzhao at bnl.gov (Xin Zhao) Date: Fri, 11 Oct 2013 09:46:03 -0400 Subject: [rhos-list] quantum net-create throws 403 forbidden error Message-ID: <5258011B.8080406@bnl.gov> Hello, I am following the rhos installation instruction (https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html/Installation_and_Configuration_Guide/Configuring_a_Provider_Network1.html) and having a problem with creating the provider network, here is the issue: When I try to create a network, using the admin user's credential, it throws "403 forbidden" error: [root at nethost ~(keystone_admin)]# quantum net-create public01 --router:external True --provider:network_type flat --provider:physical_network physnet1 (403, 'Forbidden') [root at nethost ~(keystone_admin)]# quantum net-list (403, 'Forbidden') What do I miss here? Thanks, From lars at redhat.com Fri Oct 11 13:56:03 2013 From: lars at redhat.com (Lars Kellogg-Stedman) Date: Fri, 11 Oct 2013 09:56:03 -0400 Subject: [rhos-list] quantum net-create throws 403 forbidden error In-Reply-To: <5258011B.8080406@bnl.gov> References: <5258011B.8080406@bnl.gov> Message-ID: <20131011135602.GG22841@localhost.localdomain> On Fri, Oct 11, 2013 at 09:46:03AM -0400, Xin Zhao wrote: > When I try to create a network, using the admin user's credential, it throws > "403 forbidden" error: > > [root at nethost ~(keystone_admin)]# quantum net-list > (403, 'Forbidden') Are you otherwise able to interact with openstack? For example, can you successfully run something like "keystone tenant-list" or "nova flavor-list"? Or are these returning errors as well? -- Lars Kellogg-Stedman -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From xzhao at bnl.gov Fri Oct 11 14:01:11 2013 From: xzhao at bnl.gov (Xin Zhao) Date: Fri, 11 Oct 2013 10:01:11 -0400 Subject: [rhos-list] quantum net-create throws 403 forbidden error In-Reply-To: <20131011135602.GG22841@localhost.localdomain> References: <5258011B.8080406@bnl.gov> <20131011135602.GG22841@localhost.localdomain> Message-ID: <525804A7.2010103@bnl.gov> On 10/11/2013 9:56 AM, Lars Kellogg-Stedman wrote: > On Fri, Oct 11, 2013 at 09:46:03AM -0400, Xin Zhao wrote: >> When I try to create a network, using the admin user's credential, it throws >> "403 forbidden" error: >> >> [root at nethost ~(keystone_admin)]# quantum net-list >> (403, 'Forbidden') > Are you otherwise able to interact with openstack? For example, can > you successfully run something like "keystone tenant-list" or "nova > flavor-list"? Or are these returning errors as well? > On the network host, I can't run keystone command, as the package is not installed there. On the controller host, I can, "keystone tenant-list" works just fine, actually I have most of the rest of the openstack services set up in the controller host and they seem to run fine. I haven't installed nova, that comes next after the network part in the installation guide. Thanks, Xin From lars at redhat.com Fri Oct 11 14:25:21 2013 From: lars at redhat.com (Lars Kellogg-Stedman) Date: Fri, 11 Oct 2013 10:25:21 -0400 Subject: [rhos-list] quantum net-create throws 403 forbidden error In-Reply-To: <525804A7.2010103@bnl.gov> References: <5258011B.8080406@bnl.gov> <20131011135602.GG22841@localhost.localdomain> <525804A7.2010103@bnl.gov> Message-ID: <20131011142521.GH22841@localhost.localdomain> On Fri, Oct 11, 2013 at 10:01:11AM -0400, Xin Zhao wrote: > On the controller host, I can, "keystone tenant-list" works just > fine, actually I have most of the rest of the openstack services set > up in the controller host and they seem to run fine. Are you certain that the credentials file you're using on your network host is the same as the one installed on your controller? Watch the quantum and keystone logs and see if they produce any useful error messages when you run the quantum commands (/var/log/quantum/* on your network host, /var/log/keystone/keystone.log on your controller). -- Lars Kellogg-Stedman -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From xzhao at bnl.gov Fri Oct 11 15:07:28 2013 From: xzhao at bnl.gov (Xin Zhao) Date: Fri, 11 Oct 2013 11:07:28 -0400 Subject: [rhos-list] quantum net-create throws 403 forbidden error In-Reply-To: <20131011142521.GH22841@localhost.localdomain> References: <5258011B.8080406@bnl.gov> <20131011135602.GG22841@localhost.localdomain> <525804A7.2010103@bnl.gov> <20131011142521.GH22841@localhost.localdomain> Message-ID: <52581430.5070407@bnl.gov> On 10/11/2013 10:25 AM, Lars Kellogg-Stedman wrote: > On Fri, Oct 11, 2013 at 10:01:11AM -0400, Xin Zhao wrote: >> On the controller host, I can, "keystone tenant-list" works just >> fine, actually I have most of the rest of the openstack services set >> up in the controller host and they seem to run fine. > Are you certain that the credentials file you're using on your > network host is the same as the one installed on your controller? > > Watch the quantum and keystone logs and see if they produce any useful > error messages when you run the quantum commands (/var/log/quantum/* > on your network host, /var/log/keystone/keystone.log on your controller). The credential file is the same, and there is nothing in the logs. BTW, I may misunderstand the doc, do I also need to configure identity service, message broker and plugin on both the network host and compute nodes ? Thanks, Xin From lars at redhat.com Fri Oct 11 15:25:13 2013 From: lars at redhat.com (Lars Kellogg-Stedman) Date: Fri, 11 Oct 2013 11:25:13 -0400 Subject: [rhos-list] quantum net-create throws 403 forbidden error In-Reply-To: <52581430.5070407@bnl.gov> References: <5258011B.8080406@bnl.gov> <20131011135602.GG22841@localhost.localdomain> <525804A7.2010103@bnl.gov> <20131011142521.GH22841@localhost.localdomain> <52581430.5070407@bnl.gov> Message-ID: <20131011152513.GJ22841@localhost.localdomain> On Fri, Oct 11, 2013 at 11:07:28AM -0400, Xin Zhao wrote: > The credential file is the same, and there is nothing in the logs. > > BTW, I may misunderstand the doc, do I also need to configure identity > service, message broker > and plugin on both the network host and compute nodes ? You only need to run a single instance of these services, but you do need to make sure that your configuration points to the correct host. If you're installing RHOS using packstack this should all be taken care of for you. If you're not installing RHOS using packstack, you may want to try that first; documentation on using packstack for deploying RHOS is available here: https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html/Getting_Started_Guide/part-Deploying_OS_using_PackStack.html This is a largely automated process that can configure a multi-node OpenStack environment. -- Lars Kellogg-Stedman -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From xzhao at bnl.gov Fri Oct 11 17:49:48 2013 From: xzhao at bnl.gov (Xin Zhao) Date: Fri, 11 Oct 2013 13:49:48 -0400 Subject: [rhos-list] quantum net-create throws 403 forbidden error In-Reply-To: <20131011152513.GJ22841@localhost.localdomain> References: <5258011B.8080406@bnl.gov> <20131011135602.GG22841@localhost.localdomain> <525804A7.2010103@bnl.gov> <20131011142521.GH22841@localhost.localdomain> <52581430.5070407@bnl.gov> <20131011152513.GJ22841@localhost.localdomain> Message-ID: <52583A3C.6050407@bnl.gov> Hello, I will try the packstack later, right now since I have worked a long way through the RHOS document, I would like to finish the remaining two services, quantum and nova, instead of starting over with the new packstack approach, if it's possible. But now I am stuck with configuring quantum. Even after I configured the identity/qpid/plugin part on the network node, the command still returns 403 error. Even when I run the same command from the controller host, I get the same error: [root at controller ~(keystone_admin)]# quantum net-create public01 --router:external True --provider:network_type flat --provider:physical_network physnet1 (403, 'Forbidden') [root at controller ~(keystone_admin)]# quantum net-list (403, 'Forbidden') Any help will be greatly appreciated ? Or, should I jump to the "Networking Admin Guide" off the openstack homepage, and start following instructions there to configure quantum ? Thanks, Xin On 10/11/2013 11:25 AM, Lars Kellogg-Stedman wrote: > On Fri, Oct 11, 2013 at 11:07:28AM -0400, Xin Zhao wrote: >> The credential file is the same, and there is nothing in the logs. >> >> BTW, I may misunderstand the doc, do I also need to configure identity >> service, message broker >> and plugin on both the network host and compute nodes ? > You only need to run a single instance of these services, but you do > need to make sure that your configuration points to the correct host. > If you're installing RHOS using packstack this should all be taken > care of for you. > > If you're not installing RHOS using packstack, you may want to try > that first; documentation on using packstack for deploying RHOS is > available here: > > https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html/Getting_Started_Guide/part-Deploying_OS_using_PackStack.html > > This is a largely automated process that can configure a multi-node > OpenStack environment. > From xzhao at bnl.gov Fri Oct 11 19:26:18 2013 From: xzhao at bnl.gov (Xin Zhao) Date: Fri, 11 Oct 2013 15:26:18 -0400 Subject: [rhos-list] quantum net-create throws 403 forbidden error In-Reply-To: <52583A3C.6050407@bnl.gov> References: <5258011B.8080406@bnl.gov> <20131011135602.GG22841@localhost.localdomain> <525804A7.2010103@bnl.gov> <20131011142521.GH22841@localhost.localdomain> <52581430.5070407@bnl.gov> <20131011152513.GJ22841@localhost.localdomain> <52583A3C.6050407@bnl.gov> Message-ID: <525850DA.3090803@bnl.gov> Hello, While debugging this issue further, I now wonder where the port 9696 is supposed to be open, on the network node or the controller node (where the networking service API runs) ? When it's time to define the endpoint of the quantum service, the doc says the IP of the endpoint should be the one of the network node, with port 9696. But the quantum-server daemon runs on the controller node on port 9696. I must get one of them wrong, any wisdom on this ? Thanks, Xin On 10/11/2013 1:49 PM, Xin Zhao wrote: > Hello, > > I will try the packstack later, right now since I have worked a long > way through the RHOS document, I would like > to finish the remaining two services, quantum and nova, instead of > starting over with the new packstack approach, > if it's possible. > > But now I am stuck with configuring quantum. Even after I configured > the identity/qpid/plugin part on the network node, > the command still returns 403 error. Even when I run the same command > from the controller host, I get the same error: > > [root at controller ~(keystone_admin)]# quantum net-create public01 > --router:external True --provider:network_type flat > --provider:physical_network physnet1 > (403, 'Forbidden') > [root at controller ~(keystone_admin)]# quantum net-list > (403, 'Forbidden') > > Any help will be greatly appreciated ? Or, should I jump to the > "Networking Admin Guide" off the openstack homepage, and start > following instructions there > to configure quantum ? > > Thanks, > Xin > > > On 10/11/2013 11:25 AM, Lars Kellogg-Stedman wrote: >> On Fri, Oct 11, 2013 at 11:07:28AM -0400, Xin Zhao wrote: >>> The credential file is the same, and there is nothing in the logs. >>> >>> BTW, I may misunderstand the doc, do I also need to configure identity >>> service, message broker >>> and plugin on both the network host and compute nodes ? >> You only need to run a single instance of these services, but you do >> need to make sure that your configuration points to the correct host. >> If you're installing RHOS using packstack this should all be taken >> care of for you. >> >> If you're not installing RHOS using packstack, you may want to try >> that first; documentation on using packstack for deploying RHOS is >> available here: >> >> https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html/Getting_Started_Guide/part-Deploying_OS_using_PackStack.html >> >> This is a largely automated process that can configure a multi-node >> OpenStack environment. >> > > _______________________________________________ > rhos-list mailing list > rhos-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhos-list From xzhao at bnl.gov Mon Oct 14 15:44:02 2013 From: xzhao at bnl.gov (Xin Zhao) Date: Mon, 14 Oct 2013 11:44:02 -0400 Subject: [rhos-list] quantum net-create throws 403 forbidden error In-Reply-To: <525850DA.3090803@bnl.gov> References: <5258011B.8080406@bnl.gov> <20131011135602.GG22841@localhost.localdomain> <525804A7.2010103@bnl.gov> <20131011142521.GH22841@localhost.localdomain> <52581430.5070407@bnl.gov> <20131011152513.GJ22841@localhost.localdomain> <52583A3C.6050407@bnl.gov> <525850DA.3090803@bnl.gov> Message-ID: <525C1142.40705@bnl.gov> Hello, After changing the endpoint for the quantum service to point to the controller host IP, where the networking service API runs, the quantum commands work now. So looks like there is a doc bug in this section (https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html/Installation_and_Configuration_Guide/Creating_the_Service_Endpoint.html), when it says " Replace /|IP|/ with the IP address or host name of the system that will be acting as the network node. " Anyway, I now have a new error: # quantum net-create public01 --router:external True --provider:network_type flat --provider:physical_network physextnet Invalid input for operation: Unknown provider:physical_network physextnet. Here is the corresponding error messages from the /var/log/quantum/server.log file on the controller node: 2013-10-14 11:18:01 ERROR [quantum.api.v2.resource] create failed Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/quantum/api/v2/resource.py", line 82, in resource result = method(request=request, **args) File "/usr/lib/python2.6/site-packages/quantum/api/v2/base.py", line 369, in create obj = obj_creator(request.context, **kwargs) File "/usr/lib/python2.6/site-packages/quantum/plugins/openvswitch/ovs_quantum_plugin.py", line 469, in create_network network['network']) File "/usr/lib/python2.6/site-packages/quantum/plugins/openvswitch/ovs_quantum_plugin.py", line 438, in _process_provider_create raise q_exc.InvalidInput(error_message=msg) InvalidInput: Invalid input for operation: Unknown provider:physical_network physextnet. Any wisdom on what I miss here? Thanks, Xin On 10/11/2013 3:26 PM, Xin Zhao wrote: > Hello, > > While debugging this issue further, I now wonder where the port 9696 > is supposed to be open, on the network node or the controller node > (where the networking service API runs) ? > When it's time to define the endpoint of the quantum service, the doc > says the IP of the endpoint should be the one of the network node, > with port 9696. > But the quantum-server daemon runs on the controller node on port > 9696. I must get one of them wrong, any wisdom on this ? > > Thanks, > Xin > > On 10/11/2013 1:49 PM, Xin Zhao wrote: >> Hello, >> >> I will try the packstack later, right now since I have worked a long >> way through the RHOS document, I would like >> to finish the remaining two services, quantum and nova, instead of >> starting over with the new packstack approach, >> if it's possible. >> >> But now I am stuck with configuring quantum. Even after I configured >> the identity/qpid/plugin part on the network node, >> the command still returns 403 error. Even when I run the same command >> from the controller host, I get the same error: >> >> [root at controller ~(keystone_admin)]# quantum net-create public01 >> --router:external True --provider:network_type flat >> --provider:physical_network physnet1 >> (403, 'Forbidden') >> [root at controller ~(keystone_admin)]# quantum net-list >> (403, 'Forbidden') >> >> Any help will be greatly appreciated ? Or, should I jump to the >> "Networking Admin Guide" off the openstack homepage, and start >> following instructions there >> to configure quantum ? >> >> Thanks, >> Xin >> >> >> On 10/11/2013 11:25 AM, Lars Kellogg-Stedman wrote: >>> On Fri, Oct 11, 2013 at 11:07:28AM -0400, Xin Zhao wrote: >>>> The credential file is the same, and there is nothing in the logs. >>>> >>>> BTW, I may misunderstand the doc, do I also need to configure identity >>>> service, message broker >>>> and plugin on both the network host and compute nodes ? >>> You only need to run a single instance of these services, but you do >>> need to make sure that your configuration points to the correct host. >>> If you're installing RHOS using packstack this should all be taken >>> care of for you. >>> >>> If you're not installing RHOS using packstack, you may want to try >>> that first; documentation on using packstack for deploying RHOS is >>> available here: >>> >>> https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html/Getting_Started_Guide/part-Deploying_OS_using_PackStack.html >>> >>> >>> This is a largely automated process that can configure a multi-node >>> OpenStack environment. >>> >> >> _______________________________________________ >> rhos-list mailing list >> rhos-list at redhat.com >> https://www.redhat.com/mailman/listinfo/rhos-list > > _______________________________________________ > rhos-list mailing list > rhos-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhos-list -------------- next part -------------- An HTML attachment was scrubbed... URL: From prmarino1 at gmail.com Tue Oct 15 18:29:05 2013 From: prmarino1 at gmail.com (Paul Robert Marino) Date: Tue, 15 Oct 2013 14:29:05 -0400 Subject: [rhos-list] issue with RDO Quantum Message-ID: Ive been having an issue with RDO quantum I found an error that keeps popping up, I dont know that this is the cause and dont beleave it is the root cause of my issues but its an obvious shinny penny in my debugging process. 2013-10-15 14:23:34 WARNING [quantum.agent.linux.dhcp] FAILED VERSION REQUIREMENT FOR DNSMASQ. DHCP AGENT MAY NOT RUN CORRECTLY! Please ensure that its version is 2.59 or above! Now I know this may have been fixed by a prior ticket I submitted but I find it alarming that it comes up now. From twilson at redhat.com Wed Oct 16 06:38:13 2013 From: twilson at redhat.com (Terry Wilson) Date: Wed, 16 Oct 2013 02:38:13 -0400 (EDT) Subject: [rhos-list] issue with RDO Quantum In-Reply-To: References: Message-ID: <1017577941.2959894.1381905493472.JavaMail.root@redhat.com> ----- Original Message ----- > Ive been having an issue with RDO quantum > > I found an error that keeps popping up, I dont know that this is the > cause and dont beleave it is the root cause of my issues but its an > obvious shinny penny in my debugging process. > > 2013-10-15 14:23:34 WARNING [quantum.agent.linux.dhcp] FAILED VERSION > REQUIREMENT FOR DNSMASQ. DHCP AGENT MAY NOT RUN CORRECTLY! Please > ensure that its version is 2.59 or above! This warning can be safely ignored as the dnsmasq we ship has been patched to work. I thought we'd patched around this warning, but apparently we haven't in this case. Terry From pmyers at redhat.com Wed Oct 16 06:42:39 2013 From: pmyers at redhat.com (Perry Myers) Date: Wed, 16 Oct 2013 09:42:39 +0300 Subject: [rhos-list] issue with RDO Quantum In-Reply-To: <1017577941.2959894.1381905493472.JavaMail.root@redhat.com> References: <1017577941.2959894.1381905493472.JavaMail.root@redhat.com> Message-ID: <525E355F.9090604@redhat.com> On 10/16/2013 09:38 AM, Terry Wilson wrote: > ----- Original Message ----- >> Ive been having an issue with RDO quantum >> >> I found an error that keeps popping up, I dont know that this is the >> cause and dont beleave it is the root cause of my issues but its an >> obvious shinny penny in my debugging process. >> >> 2013-10-15 14:23:34 WARNING [quantum.agent.linux.dhcp] FAILED VERSION >> REQUIREMENT FOR DNSMASQ. DHCP AGENT MAY NOT RUN CORRECTLY! Please >> ensure that its version is 2.59 or above! > > This warning can be safely ignored as the dnsmasq we ship has been patched to work. I thought we'd patched around this warning, but apparently we haven't in this case. In RHOS I am pretty sure this warning is patched out, but we should patch it out in RDO as well. Terry or P?draig, can one of you guys make sure that we fix that? Perry From vkarani1 at in.ibm.com Wed Oct 16 18:25:21 2013 From: vkarani1 at in.ibm.com (Velayutham Karani1) Date: Wed, 16 Oct 2013 23:55:21 +0530 Subject: [rhos-list] AUTO: Velayutham Karani1 is out of the office (returning 21-10-2013) Message-ID: I am out of the office until 21-10-2013. I am out of office till 20 October 2013 with limited access to mobile and no access to email. I will return to office by 21 Oct 2013. I can reply to your mail on my return. If urgent response needed, please contact my manager Shanmugam Raman at shanmugam at in.ibm.com. Thanks, Velu. Note: This is an automated response to your message "rhos-list Digest, Vol 15, Issue 6" sent on 16/10/2013 21:30:02. This is the only notification you will receive while this person is away. From murali at versa-networks.com Thu Oct 17 05:28:51 2013 From: murali at versa-networks.com (Murali G D) Date: Thu, 17 Oct 2013 10:58:51 +0530 Subject: [rhos-list] Java REST API SDK for RHOS Grizzly 3.0 Message-ID: <9841a42d86deaaff28ffc64959ae55a1@mail.gmail.com> Hi, What would be the compatible stable Java SDK library which can communicate with Red Hat OpenStack 3.0 (Grizzly) REST APIs? Openstack suggests https://github.com/woorea/openstack-java-sdk as seen in https://wiki.openstack.org/wiki/SDKs#Java ? Regards,Murali G D -------------- next part -------------- An HTML attachment was scrubbed... URL: From draddatz at sgi.com Fri Oct 18 15:58:28 2013 From: draddatz at sgi.com (David Raddatz) Date: Fri, 18 Oct 2013 15:58:28 +0000 Subject: [rhos-list] How to use ssh for password-less login on an instance Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B7300B9@P-EXMB2-DC21.corp.sgi.com> Hello, I'm using the OpenStack Getting Started guide and other OpenStack docs to try to set up an environment where I can log in to an instance I've created without using a password. The doc says to create a keypair and I should be able to log in to the instance but I'm always prompted for a password. This happens if I try to log in as root or if I try to log in to a tester user that I created. As far as I can tell, the keypair is not doing anything for me since I can log with or without using the keypair if I specify the password. Here's what I do: I create a VM image of my own, run virt-sysprep on it, upload into glance, then launch an instance using the keypair that I created. Then I try to ssh into the instance (with or with the -i keypair option) and I can log in to root when I provide the password. I thought the keypair was supposed to allow password-less login to instances but I can't get it to work. Any pointers are appreciated please, Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: From lars at redhat.com Fri Oct 18 16:13:03 2013 From: lars at redhat.com (Lars Kellogg-Stedman) Date: Fri, 18 Oct 2013 12:13:03 -0400 Subject: [rhos-list] How to use ssh for password-less login on an instance In-Reply-To: <18CF1869BE7AB04DB1E4CC93FD43702A1B7300B9@P-EXMB2-DC21.corp.sgi.com> References: <18CF1869BE7AB04DB1E4CC93FD43702A1B7300B9@P-EXMB2-DC21.corp.sgi.com> Message-ID: <20131018161303.GA25480@redhat.com> On Fri, Oct 18, 2013 at 03:58:28PM +0000, David Raddatz wrote: > I'm using the OpenStack Getting Started guide and other OpenStack > docs to try to set up an environment where I can log in to an > instance I've created without using a password. The doc says to > create a keypair and I should be able to log in to the instance but > I'm always prompted for a password. > > [...] > > I thought the keypair was supposed to allow password-less login to > instances but I can't get it to work. In order for the keypair to get provisioned on your new instance, you need to have something run in the instance to grab it from the metadata service and install it in the right place. On "cloud" images for Fedora and Ubuntu, the "cloud-init" package takes care of this. If you're building your own image, simply installing "cloud-init" should be sufficient. If you don't want to install cloud-init, you can get the public key from: http://169.254.169.254/latest/meta-data/public-keys//0/openssh-key ...and then place it somewhere useful. -- Lars Kellogg-Stedman -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From epgbcn4 at tid.es Fri Oct 18 16:17:57 2013 From: epgbcn4 at tid.es (Ivan Stoykov) Date: Fri, 18 Oct 2013 18:17:57 +0200 Subject: [rhos-list] rhos-list Digest, Vol 15, Issue 8 In-Reply-To: References: Message-ID: <1cbd97a9-6723-4204-87a1-daf9b445ffb8@email.android.com> Hello David, In short : you need to have cloud-init package installed and configured at your image, preferably with non root user, then your metadata server should be running and accessible from your VMs. 1. Install cloud-init from epel repo 2. Configure it at /etc/cloudinit/ 3. Import the new image 4. Boot new VM and try to log in with the user you configured at the cloudinit config Cheers Cheers rhos-list-request at redhat.com wrote: Send rhos-list mailing list submissions to rhos-list at redhat.com To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/rhos-list or, via email, send a message with subject or body 'help' to rhos-list-request at redhat.com You can reach the person managing the list at rhos-list-owner at redhat.com When replying, please edit your Subject line so it is more specific than "Re: Contents of rhos-list digest..." Today's Topics: 1. How to use ssh for password-less login on an instance (David Raddatz) ________________________________ Message: 1 Date: Fri, 18 Oct 2013 15:58:28 +0000 From: David Raddatz To: "rhos-list at redhat.com" Subject: [rhos-list] How to use ssh for password-less login on an instance Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B7300B9 at P-EXMB2-DC21.corp.sgi.com> Content-Type: text/plain; charset="us-ascii" Hello, I'm using the OpenStack Getting Started guide and other OpenStack docs to try to set up an environment where I can log in to an instance I've created without using a password. The doc says to create a keypair and I should be able to log in to the instance but I'm always prompted for a password. This happens if I try to log in as root or if I try to log in to a tester user that I created. As far as I can tell, the keypair is not doing anything for me since I can log with or without using the keypair if I specify the password. Here's what I do: I create a VM image of my own, run virt-sysprep on it, upload into glance, then launch an instance using the keypair that I created. Then I try to ssh into the instance (with or with the -i keypair option) and I can log in to root when I provide the password. I thought the keypair was supposed to allow password-less login to instances but I can't get it to work. Any pointers are appreciated please, Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: ________________________________ ________________________________ rhos-list mailing list rhos-list at redhat.com https://www.redhat.com/mailman/listinfo/rhos-list End of rhos-list Digest, Vol 15, Issue 8 **************************************** -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra pol?tica de env?o y recepci?n de correo electr?nico en el enlace situado m?s abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: From draddatz at sgi.com Fri Oct 18 16:42:04 2013 From: draddatz at sgi.com (David Raddatz) Date: Fri, 18 Oct 2013 16:42:04 +0000 Subject: [rhos-list] rhos-list Digest, Vol 15, Issue 8 In-Reply-To: <1cbd97a9-6723-4204-87a1-daf9b445ffb8@email.android.com> References: <1cbd97a9-6723-4204-87a1-daf9b445ffb8@email.android.com> Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B7300FC@P-EXMB2-DC21.corp.sgi.com> Thank you, Ivan and Lars, I did notice a mention of cloud-init in one of the openstack docs (not Red Hat?s). I?m sorry if I?m slow in understanding this but I just want to make sure I set it up right. From your response below: 1. Install cloud-init from epel repo a. Install it on my ?host? or controller node OR is it on the VM that I?m using to create an image from? 2. Configure it at /etc/cloudinit/ a. Anything in particular that I need to configure or will it be self-evident once I edit the file? 3. Import the new image a. Just to make sure - this is done using glance image-create I assume - right? I also assume that I need to run virt-sysprep after I set up my VM image that I?m creating to use as the OpenStack image - is that correct? 4. Boot new VM and try to log in with the user you configured at the cloudinit config a. I hope it works! Now, will this work with the root user as well as a non-root user? Dave From: rhos-list-bounces at redhat.com [mailto:rhos-list-bounces at redhat.com] On Behalf Of Ivan Stoykov Sent: Friday, October 18, 2013 11:18 AM To: rhos-list at redhat.com Subject: Re: [rhos-list] rhos-list Digest, Vol 15, Issue 8 Hello David, In short : you need to have cloud-init package installed and configured at your image, preferably with non root user, then your metadata server should be running and accessible from your VMs. 1. Install cloud-init from epel repo 2. Configure it at /etc/cloudinit/ 3. Import the new image 4. Boot new VM and try to log in with the user you configured at the cloudinit config Cheers Cheers rhos-list-request at redhat.com wrote: Send rhos-list mailing list submissions to rhos-list at redhat.com To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/rhos-list or, via email, send a message with subject or body 'help' to rhos-list-request at redhat.com You can reach the person managing the list at rhos-list-owner at redhat.com When replying, please edit your Subject line so it is more specific than "Re: Contents of rhos-list digest..." Today's Topics: 1. How to use ssh for password-less login on an instance (David Raddatz) ________________________________ Message: 1 Date: Fri, 18 Oct 2013 15:58:28 +0000 From: David Raddatz > To: "rhos-list at redhat.com" > Subject: [rhos-list] How to use ssh for password-less login on an instance Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B7300B9 at P-EXMB2-DC21.corp.sgi.com> Content-Type: text/plain; charset="us-ascii" Hello, I'm using the OpenStack Getting Started guide and other OpenStack docs to try to set up an environment where I can log in to an instance I've created without using a password. The doc says to create a keypair and I should be able to log in to the instance but I'm always prompted for a password. This happens if I try to log in as root or if I try to log in to a tester user that I created. As far as I can tell, the keypair is not doing anything for me since I can log with or without using the keypair if I specify the password. Here's what I do: I create a VM image of my own, run virt-sysprep on it, upload into glance, then launch an instance using the keypair that I created. Then I try to ssh into the instance (with or with the -i keypair option) and I can log in to root when I provide the password. I thought the keypair was supposed to allow password-less login to instances but I can't get it to work. Any pointers are appreciated please, Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: ________________________________ ________________________________ rhos-list mailing list rhos-list at redhat.com https://www.redhat.com/mailman/listinfo/rhos-list End of rhos-list Digest, Vol 15, Issue 8 **************************************** -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra pol?tica de env?o y recepci?n de correo electr?nico en el enlace situado m?s abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: From lars at redhat.com Fri Oct 18 16:56:33 2013 From: lars at redhat.com (Lars Kellogg-Stedman) Date: Fri, 18 Oct 2013 12:56:33 -0400 Subject: [rhos-list] rhos-list Digest, Vol 15, Issue 8 In-Reply-To: <18CF1869BE7AB04DB1E4CC93FD43702A1B7300FC@P-EXMB2-DC21.corp.sgi.com> References: <1cbd97a9-6723-4204-87a1-daf9b445ffb8@email.android.com> <18CF1869BE7AB04DB1E4CC93FD43702A1B7300FC@P-EXMB2-DC21.corp.sgi.com> Message-ID: <20131018165633.GA9225@redhat.com> On Fri, Oct 18, 2013 at 04:42:04PM +0000, David Raddatz wrote: > a. Install it on my ?host? or controller node OR is it on the > VM that I?m using to create an image from? You install it *inside your instance*. cloud-init will fetch an ssh key from the metadata server and place it on the instance filesystem in an appropriate account. > a. Anything in particular that I need to configure or will it > be self-evident once I edit the file? You probably won't have to edit much to get things working. You may want to change the name of the user that it creates and/or provisions, which depending on what vintage of cloud-init you have may default to "ec2-user", "fedora", or "cloud-user". > a. Just to make sure - this is done using glance image-create > I assume - right? Yes. After getting your image into a state that you're happy with it, you use `glance image-create` to upload the image to OpenStack so that you can deploy instances from it. > I also assume that I need to run virt-sysprep > after I set up my VM image that I?m creating to use as the OpenStack > image - is that correct? It's probably a good idea. I have never run virt-sysprep, but I probably take of things manually the virt-sysprep will do for you automatically (e.g., removing MAC addresses from network configuration files, etc). > a. I hope it works! > Now, will this work with the root user as well as a non-root user? What do you mean? You can configure cloud-init to provision either a non-root user or the root user. If you provision a non-root user, you'll probably want to arrange for that user to have sudo privileges (this is the typical configuration). You may want to start by grabbing one of the pre-build cloud images from here: - http://fedoraproject.org/en/get-fedora-options#clouds You can use this to see how things work when they're already configured. -- Lars Kellogg-Stedman -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From sgordon at redhat.com Fri Oct 18 17:15:35 2013 From: sgordon at redhat.com (Steve Gordon) Date: Fri, 18 Oct 2013 13:15:35 -0400 (EDT) Subject: [rhos-list] rhos-list Digest, Vol 15, Issue 8 In-Reply-To: <20131018165633.GA9225@redhat.com> References: <1cbd97a9-6723-4204-87a1-daf9b445ffb8@email.android.com> <18CF1869BE7AB04DB1E4CC93FD43702A1B7300FC@P-EXMB2-DC21.corp.sgi.com> <20131018165633.GA9225@redhat.com> Message-ID: <1876676322.8465866.1382116535980.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Lars Kellogg-Stedman" > To: "David Raddatz" > Cc: rhos-list at redhat.com > Sent: Friday, October 18, 2013 12:56:33 PM > Subject: Re: [rhos-list] rhos-list Digest, Vol 15, Issue 8 > > What do you mean? You can configure cloud-init to provision either a > non-root user or the root user. If you provision a non-root user, > you'll probably want to arrange for that user to have sudo privileges > (this is the typical configuration). > > You may want to start by grabbing one of the pre-build cloud images > from here: > > - http://fedoraproject.org/en/get-fedora-options#clouds > > You can use this to see how things work when they're already > configured. Additionally a RHEL 6 image suitable for use with OpenStack (including cloud-init configured ready for SSH key injection) is available on Red Hat Network: https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=16952 -Steve From prmarino1 at gmail.com Fri Oct 18 17:38:21 2013 From: prmarino1 at gmail.com (Paul Robert Marino) Date: Fri, 18 Oct 2013 13:38:21 -0400 Subject: [rhos-list] How to use ssh for password-less login on an instance In-Reply-To: <18CF1869BE7AB04DB1E4CC93FD43702A1B7300B9@P-EXMB2-DC21.corp.sgi.com> Message-ID: <5261720f.c549e00a.7cb0.2ca1@mx.google.com> An HTML attachment was scrubbed... URL: From draddatz at sgi.com Fri Oct 18 19:01:14 2013 From: draddatz at sgi.com (David Raddatz) Date: Fri, 18 Oct 2013 19:01:14 +0000 Subject: [rhos-list] rhos-list Digest, Vol 15, Issue 8 In-Reply-To: <1876676322.8465866.1382116535980.JavaMail.root@redhat.com> References: <1cbd97a9-6723-4204-87a1-daf9b445ffb8@email.android.com> <18CF1869BE7AB04DB1E4CC93FD43702A1B7300FC@P-EXMB2-DC21.corp.sgi.com> <20131018165633.GA9225@redhat.com> <1876676322.8465866.1382116535980.JavaMail.root@redhat.com> Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B730161@P-EXMB2-DC21.corp.sgi.com> I got the RHEL 6 image and that one works. I wanted to create my own so that is why I was looking for more details on configuring my own image. Thanks, Dave > -----Original Message----- > From: Steve Gordon [mailto:sgordon at redhat.com] > Sent: Friday, October 18, 2013 12:16 PM > To: Lars Kellogg-Stedman > Cc: David Raddatz; rhos-list at redhat.com > Subject: Re: [rhos-list] rhos-list Digest, Vol 15, Issue 8 > > ----- Original Message ----- > > From: "Lars Kellogg-Stedman" > > To: "David Raddatz" > > Cc: rhos-list at redhat.com > > Sent: Friday, October 18, 2013 12:56:33 PM > > Subject: Re: [rhos-list] rhos-list Digest, Vol 15, Issue 8 > > > > > What do you mean? You can configure cloud-init to provision either a > > non-root user or the root user. If you provision a non-root user, > > you'll probably want to arrange for that user to have sudo privileges > > (this is the typical configuration). > > > > You may want to start by grabbing one of the pre-build cloud images > > from here: > > > > - http://fedoraproject.org/en/get-fedora-options#clouds > > > > You can use this to see how things work when they're already > > configured. > > Additionally a RHEL 6 image suitable for use with OpenStack (including cloud- > init configured ready for SSH key injection) is available on Red Hat Network: > > > https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?ci > d=16952 > > -Steve From draddatz at sgi.com Fri Oct 18 19:03:48 2013 From: draddatz at sgi.com (David Raddatz) Date: Fri, 18 Oct 2013 19:03:48 +0000 Subject: [rhos-list] rhos-list Digest, Vol 15, Issue 8 In-Reply-To: <20131018165633.GA9225@redhat.com> References: <1cbd97a9-6723-4204-87a1-daf9b445ffb8@email.android.com> <18CF1869BE7AB04DB1E4CC93FD43702A1B7300FC@P-EXMB2-DC21.corp.sgi.com> <20131018165633.GA9225@redhat.com> Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B730173@P-EXMB2-DC21.corp.sgi.com> Thanks for the info, Lars. Regarding this... > > > Now, will this work with the root user as well as a non-root user? > > What do you mean? You can configure cloud-init to provision either a non- > root user or the root user. If you provision a non-root user, you'll probably > want to arrange for that user to have sudo privileges (this is the typical > configuration). > I was just curious if there were any limitations for setting up the root user this way. Based on your response, it should work for both equally well. Thanks, Dave From draddatz at sgi.com Fri Oct 18 19:57:10 2013 From: draddatz at sgi.com (David Raddatz) Date: Fri, 18 Oct 2013 19:57:10 +0000 Subject: [rhos-list] cloud-init configuration for ssh access Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B730196@P-EXMB2-DC21.corp.sgi.com> Hello, I'm editing the /etc/cloud/cloud.cfg file (there was no /etc/cloudinit/ directory or file) that cloud-init installed and want to check on a couple things: Is there a way to comment things out? (the # sign is my guess) Near the top it has users: - default Do I need to add "- root" if I want to allow root to login as well? OR, do I just change disable_root: from 1 to 0? Under "system_info:", there is a "default_user:" section with cloud-user. I just renamed that so I wouldn't confused for when I was using the rh image or my image (used cloud-tester for my image). Do I need to add cloud-tester under "users:" or should I be OK since I made that user the default. Thanks for all the help so far, Dave > -----Original Message----- > From: Lars Kellogg-Stedman [mailto:lars at redhat.com] > Sent: Friday, October 18, 2013 11:57 AM > To: David Raddatz > Cc: rhos-list at redhat.com > Subject: Re: [rhos-list] rhos-list Digest, Vol 15, Issue 8 > > On Fri, Oct 18, 2013 at 04:42:04PM +0000, David Raddatz wrote: > > a. Install it on my ?host? or controller node OR is it on the > > VM that I?m using to create an image from? > > You install it *inside your instance*. cloud-init will fetch an ssh key from the > metadata server and place it on the instance filesystem in an appropriate > account. > > > a. Anything in particular that I need to configure or will it > > be self-evident once I edit the file? > > You probably won't have to edit much to get things working. You may want > to change the name of the user that it creates and/or provisions, which > depending on what vintage of cloud-init you have may default to "ec2-user", > "fedora", or "cloud-user". > > > a. Just to make sure - this is done using glance image-create > > I assume - right? > > Yes. After getting your image into a state that you're happy with it, you use > `glance image-create` to upload the image to OpenStack so that you can > deploy instances from it. > > > I also assume that I need to run virt-sysprep after I set up my VM > > image that I?m creating to use as the OpenStack image - is that > > correct? > > It's probably a good idea. I have never run virt-sysprep, but I probably take > of things manually the virt-sysprep will do for you automatically (e.g., > removing MAC addresses from network configuration files, etc). > > > a. I hope it works! > > > Now, will this work with the root user as well as a non-root user? > > What do you mean? You can configure cloud-init to provision either a non- > root user or the root user. If you provision a non-root user, you'll probably > want to arrange for that user to have sudo privileges (this is the typical > configuration). > > You may want to start by grabbing one of the pre-build cloud images from > here: > > - http://fedoraproject.org/en/get-fedora-options#clouds > > You can use this to see how things work when they're already configured. > > -- > Lars Kellogg-Stedman From draddatz at sgi.com Fri Oct 18 20:06:37 2013 From: draddatz at sgi.com (David Raddatz) Date: Fri, 18 Oct 2013 20:06:37 +0000 Subject: [rhos-list] cloud-init configuration for ssh access In-Reply-To: <18CF1869BE7AB04DB1E4CC93FD43702A1B730196@P-EXMB2-DC21.corp.sgi.com> References: <18CF1869BE7AB04DB1E4CC93FD43702A1B730196@P-EXMB2-DC21.corp.sgi.com> Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B7301AE@P-EXMB2-DC21.corp.sgi.com> Note, on a whim, I edited the /etc/cloud/cloud.cfg file in my RH instance to change disable_root from 1 to 0 and I was able to then ssh into the instance as root (before it would say that I should use cloud-user). So, I think that answers most, if not all, of my questions. (I commented out the disable_root: 1 line using the # sign and added disable_root: 0). I don't think I need to add cloud-tester under "users:" now based on this either. Dave > -----Original Message----- > From: rhos-list-bounces at redhat.com [mailto:rhos-list- > bounces at redhat.com] On Behalf Of David Raddatz > Sent: Friday, October 18, 2013 2:57 PM > To: Lars Kellogg-Stedman > Cc: rhos-list at redhat.com > Subject: Re: [rhos-list] cloud-init configuration for ssh access > > Hello, > > I'm editing the /etc/cloud/cloud.cfg file (there was no /etc/cloudinit/ > directory or file) that cloud-init installed and want to check on a couple > things: > > Is there a way to comment things out? (the # sign is my guess) > > Near the top it has > users: > - default > > Do I need to add "- root" if I want to allow root to login as well? OR, do I just > change disable_root: from 1 to 0? > > Under "system_info:", there is a "default_user:" section with cloud-user. I > just renamed that so I wouldn't confused for when I was using the rh image > or my image (used cloud-tester for my image). Do I need to add cloud-tester > under "users:" or should I be OK since I made that user the default. > > Thanks for all the help so far, > Dave > > > -----Original Message----- > > From: Lars Kellogg-Stedman [mailto:lars at redhat.com] > > Sent: Friday, October 18, 2013 11:57 AM > > To: David Raddatz > > Cc: rhos-list at redhat.com > > Subject: Re: [rhos-list] rhos-list Digest, Vol 15, Issue 8 > > > > On Fri, Oct 18, 2013 at 04:42:04PM +0000, David Raddatz wrote: > > > a. Install it on my ?host? or controller node OR is it on the > > > VM that I?m using to create an image from? > > > > You install it *inside your instance*. cloud-init will fetch an ssh > > key from the metadata server and place it on the instance filesystem > > in an appropriate account. > > > > > a. Anything in particular that I need to configure or will it > > > be self-evident once I edit the file? > > > > You probably won't have to edit much to get things working. You may > > want to change the name of the user that it creates and/or provisions, > > which depending on what vintage of cloud-init you have may default to > > "ec2-user", "fedora", or "cloud-user". > > > > > a. Just to make sure - this is done using glance image-create > > > I assume - right? > > > > Yes. After getting your image into a state that you're happy with it, > > you use `glance image-create` to upload the image to OpenStack so that > > you can deploy instances from it. > > > > > I also assume that I need to run virt-sysprep after I set up my VM > > > image that I?m creating to use as the OpenStack image - is that > > > correct? > > > > It's probably a good idea. I have never run virt-sysprep, but I > > probably take of things manually the virt-sysprep will do for you > > automatically (e.g., removing MAC addresses from network configuration > files, etc). > > > > > a. I hope it works! > > > > > Now, will this work with the root user as well as a non-root user? > > > > What do you mean? You can configure cloud-init to provision either a > > non- root user or the root user. If you provision a non-root user, > > you'll probably want to arrange for that user to have sudo privileges > > (this is the typical configuration). > > > > You may want to start by grabbing one of the pre-build cloud images > > from > > here: > > > > - http://fedoraproject.org/en/get-fedora-options#clouds > > > > You can use this to see how things work when they're already configured. > > > > -- > > Lars Kellogg-Stedman > > _______________________________________________ > rhos-list mailing list > rhos-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhos-list From lars at redhat.com Fri Oct 18 20:17:49 2013 From: lars at redhat.com (Lars Kellogg-Stedman) Date: Fri, 18 Oct 2013 16:17:49 -0400 Subject: [rhos-list] cloud-init configuration for ssh access In-Reply-To: <18CF1869BE7AB04DB1E4CC93FD43702A1B730196@P-EXMB2-DC21.corp.sgi.com> References: <18CF1869BE7AB04DB1E4CC93FD43702A1B730196@P-EXMB2-DC21.corp.sgi.com> Message-ID: <20131018201749.GE9225@redhat.com> On Fri, Oct 18, 2013 at 07:57:10PM +0000, David Raddatz wrote: > Is there a way to comment things out? (the # sign is my guess) Yes. This file uses YAML syntax (http://en.wikipedia.org/wiki/YAML), which uses '#' as a comment character. You'll find lots of cloud-init documentation here: http://cloudinit.readthedocs.org/en/latest/index.html (Although note that this documents the most recent version of cloud-init, while the version in EPEL seems to be behind a few revs. A cursory look at the examples suggests that they're still relevant.) > Near the top it has > users: > - default > Do I need to add "- root" if I want to allow root to login as well? > OR, do I just change disable_root: from 1 to 0? When `disable_root` is `1`, then when you try to log into your system as root using your ssh key you will see this message: Please login as the user "cloud" rather than the user "root". (Where "cloud" is whatever user was provisioned by cloud-init) Having `disable_root` set to 0 basically means "do nothing to the root account". > Under "system_info:", there is a "default_user:" section with > cloud-user. I just renamed that so I wouldn't confused for when I > was using the rh image or my image (used cloud-tester for my image). > Do I need to add cloud-tester under "users:" or should I be OK since > I made that user the default. I believe the `- default` entry in the `users` section will cause cloud-init to set up the `default_user` in the `system_info` section. I have never actually bothered trying to modify this so consider this conjecture on my part. This page has example of creating additional users via cloud-init: http://cloudinit.readthedocs.org/en/latest/topics/examples.html Note that if you're building your own image, you may also want to add dracut-modules-growroot.noarch and rebuilding your initramfs. If you're using a simple partitioning scheme, this module will edit your partition table to expand the partition containing your root filesystem so that it fills the disk. This allows you (or Fedora, or Ubuntu) to distribute a small cloud image and then deploy it onto a much larger disk and be able to take advantage of the extra space. -- Lars Kellogg-Stedman -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From draddatz at sgi.com Fri Oct 18 20:47:39 2013 From: draddatz at sgi.com (David Raddatz) Date: Fri, 18 Oct 2013 20:47:39 +0000 Subject: [rhos-list] cloud-init configuration for ssh access In-Reply-To: <20131018201749.GE9225@redhat.com> References: <18CF1869BE7AB04DB1E4CC93FD43702A1B730196@P-EXMB2-DC21.corp.sgi.com> <20131018201749.GE9225@redhat.com> Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B7301C8@P-EXMB2-DC21.corp.sgi.com> OK - I've got to be really close. I created my instance (after installing cloud-init in it and configuring it for my cloud-tester user as the default and setting disable_root to 0, ran virt-sysprep on the image, uploaded it using glance and launched an instance using that image and keypair) and when I try to ssh into the instance using the keypair, I get: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). I get this for both users (root and cloud-tester). What am I missing? Dave > -----Original Message----- > From: Lars Kellogg-Stedman [mailto:lars at redhat.com] > Sent: Friday, October 18, 2013 3:18 PM > To: David Raddatz > Cc: rhos-list at redhat.com > Subject: Re: cloud-init configuration for ssh access > > On Fri, Oct 18, 2013 at 07:57:10PM +0000, David Raddatz wrote: > > Is there a way to comment things out? (the # sign is my guess) > > Yes. This file uses YAML syntax (http://en.wikipedia.org/wiki/YAML), > which uses '#' as a comment character. > > You'll find lots of cloud-init documentation here: > > http://cloudinit.readthedocs.org/en/latest/index.html > > (Although note that this documents the most recent version of cloud-init, > while the version in EPEL seems to be behind a few revs. A cursory look at > the examples suggests that they're still > relevant.) > > > Near the top it has > > users: > > - default > > > Do I need to add "- root" if I want to allow root to login as well? > > OR, do I just change disable_root: from 1 to 0? > > When `disable_root` is `1`, then when you try to log into your system as root > using your ssh key you will see this message: > > Please login as the user "cloud" rather than the user "root". > > (Where "cloud" is whatever user was provisioned by cloud-init) > > Having `disable_root` set to 0 basically means "do nothing to the root > account". > > > Under "system_info:", there is a "default_user:" section with > > cloud-user. I just renamed that so I wouldn't confused for when I was > > using the rh image or my image (used cloud-tester for my image). > > Do I need to add cloud-tester under "users:" or should I be OK since I > > made that user the default. > > I believe the `- default` entry in the `users` section will cause cloud-init to set > up the `default_user` in the `system_info` section. > I have never actually bothered trying to modify this so consider this > conjecture on my part. > > This page has example of creating additional users via cloud-init: > > http://cloudinit.readthedocs.org/en/latest/topics/examples.html > > Note that if you're building your own image, you may also want to add > dracut-modules-growroot.noarch and rebuilding your initramfs. > If you're using a simple partitioning scheme, this module will edit your > partition table to expand the partition containing your root filesystem so that > it fills the disk. This allows you (or Fedora, or > Ubuntu) to distribute a small cloud image and then deploy it onto a much > larger disk and be able to take advantage of the extra space. > > -- > Lars Kellogg-Stedman From lars at redhat.com Fri Oct 18 20:57:54 2013 From: lars at redhat.com (Lars Kellogg-Stedman) Date: Fri, 18 Oct 2013 16:57:54 -0400 Subject: [rhos-list] cloud-init configuration for ssh access In-Reply-To: <18CF1869BE7AB04DB1E4CC93FD43702A1B7301C8@P-EXMB2-DC21.corp.sgi.com> References: <18CF1869BE7AB04DB1E4CC93FD43702A1B730196@P-EXMB2-DC21.corp.sgi.com> <20131018201749.GE9225@redhat.com> <18CF1869BE7AB04DB1E4CC93FD43702A1B7301C8@P-EXMB2-DC21.corp.sgi.com> Message-ID: <20131018205753.GF9225@redhat.com> On Fri, Oct 18, 2013 at 08:47:39PM +0000, David Raddatz wrote: > I get this for both users (root and cloud-tester). What am I missing? I don't know. What are you doing? :) If you could post your cloud.cfg somewhere I'd be happy to take a look at it. -- Lars Kellogg-Stedman -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From dfv at eurotux.com Mon Oct 21 15:11:10 2013 From: dfv at eurotux.com (Diogo Vieira) Date: Mon, 21 Oct 2013 16:11:10 +0100 Subject: [rhos-list] Openstack Grizzly upgrade to Havana Message-ID: <2FA0AA5C-1677-4914-BEFC-258D5BD5F9FC@eurotux.com> I have installed Openstack Grizzly (RDO distribution) and now want to upgrade to the most recent version (Havana). Is there any information somewhere on how to proceed? Thank you, Diogo Vieira From pbrady at redhat.com Fri Oct 25 15:37:52 2013 From: pbrady at redhat.com (=?ISO-8859-1?Q?P=E1draig_Brady?=) Date: Fri, 25 Oct 2013 16:37:52 +0100 Subject: [rhos-list] Openstack Grizzly upgrade to Havana In-Reply-To: <2FA0AA5C-1677-4914-BEFC-258D5BD5F9FC@eurotux.com> References: <2FA0AA5C-1677-4914-BEFC-258D5BD5F9FC@eurotux.com> Message-ID: <526A9050.4070203@redhat.com> On 10/21/2013 04:11 PM, Diogo Vieira wrote: > I have installed Openstack Grizzly (RDO distribution) and now want to upgrade to the most recent version (Havana). Is there any information somewhere on how to proceed? Just referencing where this was handled, as I initially thought this was not responded to: https://www.redhat.com/archives/rdo-list/2013-October/thread.html#00091 thanks, P?draig. From prmarino1 at gmail.com Wed Oct 30 16:14:53 2013 From: prmarino1 at gmail.com (Paul Robert Marino) Date: Wed, 30 Oct 2013 12:14:53 -0400 Subject: [rhos-list] Openstack GSSAIP (Kerberos 5) and sasl for services question Message-ID: Ive been looking over this doc because I would like to secure the backend component of openstack with Kerberos. http://openstack.redhat.com/Keystone_integration_with_IDM I don't want to do a full IPA server for this just Kerberos which for the most part is fairly simple. I already have preexisting Heimdal Kerberos 5 server cluster from an other project which I can utilize in the environment which works fine with the MIT client libraries and does its own replication without using LDAP as a backend. so far most of it seems fairly strait forward but I found one thing I found in the doc thats messy and was hoping the doc is out of date and maybe there was a cleaner solution. here is what I have an issue with " The problem with this is that the key we just obtained is only good for a specified period of time: 24 hours by default. Once 24 hours passes the Kerberos ticket will no longer be valid and nova and cinder will no longer be able to communicate with qpidd. The fix for now is to create a cron job which will renew these credentials. " I also assume the same would be true for all of the openstack services not just nova and cinder, has the ability to specify and utilize a keytab been added or does any one know if there are any plans to add the feature in the future. If not who should I be nagging :-) . Really it needs to be added to all of the openstack services it it isn't there already From ayoung at redhat.com Thu Oct 31 13:41:42 2013 From: ayoung at redhat.com (Adam Young) Date: Thu, 31 Oct 2013 09:41:42 -0400 Subject: [rhos-list] Openstack GSSAPI (Kerberos 5) and sasl for services question In-Reply-To: References: Message-ID: <52725E16.10107@redhat.com> On 10/30/2013 12:14 PM, Paul Robert Marino wrote: > Ive been looking over this doc because I would like to secure the > backend component of openstack with Kerberos. > http://openstack.redhat.com/Keystone_integration_with_IDM > > I don't want to do a full IPA server for this just Kerberos which for > the most part is fairly simple. > I already have preexisting Heimdal Kerberos 5 server cluster from an > other project which I can utilize in the environment which works fine > with the MIT client libraries and does its own replication without > using LDAP as a backend. > > so far most of it seems fairly strait forward but I found one thing I > found in the doc thats messy and was hoping the doc is out of date and > maybe there was a cleaner solution. here is what I have an issue with > > " > > The problem with this is that the key we just obtained is only good > for a specified period of time: 24 hours by default. Once 24 hours > passes the Kerberos ticket will no longer be valid and nova and cinder > will no longer be able to communicate with qpidd. > > The fix for now is to create a cron job which will renew these credentials. > > > " > I also assume the same would be true for all of the openstack services > not just nova and cinder, > has the ability to specify and utilize a keytab been added or does any > one know if there are any plans to add the feature in the future. If > not who should I be nagging :-) . > Really it needs to be added to all of the openstack services it it > isn't there already It is a shortcoming addressed at the GSSAPI level, but that code is not in the RHEL 6 series yet. In the future, you will be able to put a Keytab in the appropriate subdirectory under /var/run and the new TGT will be fetched upon demand. Simo Sorce was involved with the projkect to do that and can provide more details. > > _______________________________________________ > rhos-list mailing list > rhos-list at redhat.com > https://www.redhat.com/mailman/listinfo/rhos-list From simo at redhat.com Thu Oct 31 14:19:29 2013 From: simo at redhat.com (Simo Sorce) Date: Thu, 31 Oct 2013 10:19:29 -0400 Subject: [rhos-list] Openstack GSSAPI (Kerberos 5) and sasl for services question In-Reply-To: <52725E16.10107@redhat.com> References: <52725E16.10107@redhat.com> Message-ID: <1383229169.8612.90.camel@willson.li.ssimo.org> On Thu, 2013-10-31 at 09:41 -0400, Adam Young wrote: > On 10/30/2013 12:14 PM, Paul Robert Marino wrote: > > Ive been looking over this doc because I would like to secure the > > backend component of openstack with Kerberos. > > http://openstack.redhat.com/Keystone_integration_with_IDM > > > > I don't want to do a full IPA server for this just Kerberos which for > > the most part is fairly simple. > > I already have preexisting Heimdal Kerberos 5 server cluster from an > > other project which I can utilize in the environment which works fine > > with the MIT client libraries and does its own replication without > > using LDAP as a backend. > > > > so far most of it seems fairly strait forward but I found one thing I > > found in the doc thats messy and was hoping the doc is out of date and > > maybe there was a cleaner solution. here is what I have an issue with > > > > " > > > > The problem with this is that the key we just obtained is only good > > for a specified period of time: 24 hours by default. Once 24 hours > > passes the Kerberos ticket will no longer be valid and nova and cinder > > will no longer be able to communicate with qpidd. > > > > The fix for now is to create a cron job which will renew these credentials. > > > > > > " > > I also assume the same would be true for all of the openstack services > > not just nova and cinder, > > has the ability to specify and utilize a keytab been added or does any > > one know if there are any plans to add the feature in the future. If > > not who should I be nagging :-) . > > Really it needs to be added to all of the openstack services it it > > isn't there already > > It is a shortcoming addressed at the GSSAPI level, but that code is not > in the RHEL 6 series yet. In the future, you will be able to put a > Keytab in the appropriate subdirectory under /var/run and the new TGT > will be fetched upon demand. > > Simo Sorce was involved with the projkect to do that and can provide > more details. This is the MIT project page: http://k5wiki.kerberos.org/wiki/Projects/Keytab_initiation It boils down to putting a keytab in /var/kerberos/krb5/user//client.keytab and then make gssapi initiation calls without trying to check for credentials using direct krb5 calls or anything like that. not all the software does the right thing yet, but we will collaborate with authors and help fix what doesn't work. Simo. -- Simo Sorce * Red Hat, Inc * New York From draddatz at sgi.com Thu Oct 31 20:46:03 2013 From: draddatz at sgi.com (David Raddatz) Date: Thu, 31 Oct 2013 20:46:03 +0000 Subject: [rhos-list] nova compute not starting Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B7310F1@P-EXMB2-DC21.corp.sgi.com> Hello, I'm hoping someone here can help me with this please... I ran into a problem launching an instance. Looking around, I determined it's because nova compute was not started. In /var/log/nova/compute.log, I saw 5 errors like this: 2013-10-31 15:09:24.930 ERROR nova.compute.manager [req-06e4a986-c134-40ae-9420-2d21170dff60 None None] Instance 51003341-a898-cd52-8d89-75780ea8be2d found in the hypervisor, but not in the database And then a CRITICAL error with: 2013-10-31 15:09:27.529 271623 CRITICAL nova [-] Unexpected error while running command. Command: env LC_ALL=C LANG=C qemu-img info /root/work/openstack-testing/images/basevm.img Exit code: 1 Stdout: '' Stderr: "qemu-img: Could not open '/root/work/openstack-testing/images/basevm.img'\n" That basevm.img image is VM image I was working on and is not related to OpenStack (and it does exist in the /root/work/openstack-testing/images directory). Note that if I run virsh list --all, I get: Id Name State ---------------------------------------------------- - basevm shut off - default16cvm shut off - instance-00000037 shut off - kvmnode1 shut off - numa16cvm shut off - old-kvmtest-default8cvm shut off Only the instance-00000037 VM is an OpenStack VM and the other 5 (note it is 5 - same as the number of error messages above) are not OpenStack VMs/instances. The instance that was created and result in instance-00000037 no longer exists if I run a nova list command. So, any ideas on how to recover from this? If I try restarting the openstack-nova-compute service I just get the same errors that I mentioned above. Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: From draddatz at sgi.com Thu Oct 31 20:49:37 2013 From: draddatz at sgi.com (David Raddatz) Date: Thu, 31 Oct 2013 20:49:37 +0000 Subject: [rhos-list] cloud-init configuration for ssh access Message-ID: <18CF1869BE7AB04DB1E4CC93FD43702A1B731106@P-EXMB2-DC21.corp.sgi.com> A quick post-mortem on this issue and I wanted to share what we learned (or "I" learned anyway) in case it avoids problems for others... While I was apparently following the docs by "just install cloud-init on your VM image", while working with Lars we discovered if you reboot your image after installing cloud-init, it will create some files/directories in /var/lib/cloud which will then prevent the instance from allowing ssh to work (my Permission denied issue I was seeing). For example, doing the following: - create VM and install RHEL 6.4 and set up with other files/software - install/configure cloud-init on VM - reboot VM (just to make sure it still boots) - shutdown VM - run virt-sysprep on image (per recommendation in docs) - upload to glance and launch instance using the defined keypair - trying to use ssh -i with the same keypair results in Permission denied Whereas, doing the following: - create VM and install RHEL 6.4 and set up with other files/software - install/configure cloud-init on VM - shutdown VM - run virt-sysprep on image (per recommendation in docs) - upload to glance and launch instance using the defined keypair - trying to use ssh -i with the same keypair Works! No password prompt (as expected) Not rebooting the VM allowed the ssh to work as the /var/lib/cloud directory was empty when it was shutdown. Not sure if this is a doc issue (to warn people NOT to reboot the VM after cloud-init installation/configuration) or a bug (which Lars was going to investigate a little) but thought it was worth a quick email to warn folks about. Thanks again to Lars for his assistance on this, Dave > -----Original Message----- > From: Lars Kellogg-Stedman [mailto:lars at redhat.com] > Sent: Friday, October 18, 2013 3:58 PM > To: David Raddatz > Cc: rhos-list at redhat.com > Subject: Re: cloud-init configuration for ssh access > > On Fri, Oct 18, 2013 at 08:47:39PM +0000, David Raddatz wrote: > > I get this for both users (root and cloud-tester). What am I missing? > > I don't know. What are you doing? :) > > If you could post your cloud.cfg somewhere I'd be happy to take a look at it. > > -- > Lars Kellogg-Stedman From prmarino1 at gmail.com Thu Oct 31 23:14:25 2013 From: prmarino1 at gmail.com (Paul Robert Marino) Date: Thu, 31 Oct 2013 19:14:25 -0400 Subject: [rhos-list] Openstack GSSAPI (Kerberos 5) and sasl for services question In-Reply-To: <1383229169.8612.90.camel@willson.li.ssimo.org> Message-ID: <5272e451.c549e00a.08e6.ffff9c66@mx.google.com> An HTML attachment was scrubbed... URL: