Ask Your Question

jesse-pretorius's profile - activity

2019-02-18 07:58:11 -0500 received badge  Famous Question (source)
2016-09-21 11:48:42 -0500 received badge  Popular Question (source)
2016-08-10 09:59:56 -0500 received badge  Notable Question (source)
2016-06-01 08:56:56 -0500 received badge  Notable Question (source)
2016-06-01 08:56:56 -0500 received badge  Famous Question (source)
2015-11-09 11:15:55 -0500 received badge  Notable Question (source)
2015-09-28 09:00:02 -0500 received badge  Taxonomist
2015-08-03 01:59:17 -0500 received badge  Popular Question (source)
2015-04-29 04:50:17 -0500 received badge  Popular Question (source)
2014-12-05 04:30:51 -0500 received badge  Popular Question (source)
2014-07-04 04:09:44 -0500 answered a question How to use different interface for floating ip address and public interface? [nova-network]

It sounds like you're using nova-network, not neutron. To clarify - by public interface you mean the interface through which you expose horizon? As opposed to the external interface where you expose the instance public IP's?

There is often terminology which causes confusion, unfortunately.

public_interface in nova.conf has nothing to do with where you expose horizon (or your API's). This configuration option is where the public IP's for your external network are exposed (ie your instance public IP's). So, in your case nova.conf should contain the conf entry: public_interface = eth1.105

The interface through which you expose Horizon and the API's is handled through the configuration entries which have 'listen' as they key word, eg: osapi_compute_listen. For Horizon it would be setup through the web server's configuration.

2014-04-02 06:56:11 -0500 received badge  Famous Question (source)
2014-04-02 03:58:37 -0500 received badge  Popular Question (source)
2014-04-02 03:58:37 -0500 received badge  Notable Question (source)
2014-02-06 17:19:07 -0500 received badge  Student (source)
2014-02-05 05:02:17 -0500 asked a question How does one set a list of tenants for the nova AggregateMultiTenancyIsolation filter?

The documentation for the nova AggregateMultiTenancyIsolation filter describes its functionality as:

"Isolates tenants to specific host aggregates. If a host is in an aggregate that has the metadata key filter_tenant_id it only creates instances from that tenant (or list of tenants)."

In my testing I see that it is not possible to set a list of tenants with the command:

 nova aggregate-set-metadata <aggregateid> filter_tenant_id=tenant1uuid filter_tenant_id=tenant2uuid

If I try instead to set each one at a time, it overwrites the existing metadata.

How do I create a list of tenants to be isolated into the aggregate by the filter?

2013-03-22 05:41:33 -0500 commented answer How to setup an openstack with multi region support with single keystone

Nice work. How much of this work has been merged into the codebase or at least been used as the basis for blueprints?

2013-02-05 11:35:09 -0500 answered a question Add autocomplete tag to login form

I've prepared a patch for this in the following pull request: https://github.com/openstack/horizon/...

2013-02-04 13:28:22 -0500 asked a question Add autocomplete tag to login form

In order to improve security on the login form we've been advised to add 'AUTOCOMPLETE = “off”' to the form tag on the login page.

I've done a bit of digging around and it appears that some sort of templating is being used, so this isn't as easy at it appeared to be.

How do I go about doing this?

2013-02-04 12:16:08 -0500 answered a question Glance & Swift integration not working - auth failure

As it turns out I had a typo in one of the modifications to the glance/swift client we did in order to make it refer to the internalURL instead of the publicURL. Today's noddy-badge goes to me. doh!

2013-02-01 17:14:02 -0500 asked a question Glance & Swift integration not working - auth failure

I need some help identifying where the bug is in my configuration - I can successfully do keystone actions, a 'glance index', and have also tested that I can upload items into swift using glance's credentials and keystone authentication.

Environment - Openstack Essex on Ubuntu 12.04 LTS

I can't seem to find why when I try to upload an image to glance it fails:

glance add name="ubuntu-12.04.1-LTS-x86_64" is_public=true container_format=bare disk_format=qcow2 distro="ubuntu-12.04.1-LTS-x86_64" < precise-server-cloudimg-amd64-disk1.img

Failed to add image. Got error: Data supplied was not valid. Details: 400 Bad Request

The server could not comply with the request since it is either malformed or otherwise incorrect.

Error uploading image: (ClientException): Error while getting answers from auth server

---here are the logs through the process - note the ERROR item--- Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 5865 DEBUG [glance.api.middleware.version_negotiation] Processing request: POST /v1/images Accept: Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 5865 DEBUG [glance.api.middleware.version_negotiation] Matched versioned URI. Version: 1.0 Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 5865 DEBUG [keystone.middleware.auth_token] Authenticating user token Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 5865 DEBUG [keystone.middleware.auth_token] Removing headers from request environment: X-Identity-Status,X-Tenant-Id,X-Tenant-Name,X-User-Id,X-User-Name,X-Roles,X-User,X-Tenant,X-Role Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 5865 DEBUG [routes.middleware] Matched POST /images Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 5865 DEBUG [routes.middleware] Route path: '/images', defaults: {'action': u'create', 'controller': } Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 5865 DEBUG [routes.middleware] Match dict: {'action': u'create', 'controller': } Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 5865 DEBUG [glance.registry] Adding image metadata... Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 4845 DEBUG [keystone.middleware.auth_token] Authenticating user token Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 4845 DEBUG [keystone.middleware.auth_token] Removing headers from request environment: X-Identity-Status,X-Tenant-Id,X-Tenant-Name,X-User-Id,X-User-Name,X-Roles,X-User,X-Tenant,X-Role Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 4845 DEBUG [routes.middleware] Matched POST /images Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 4845 DEBUG [routes.middleware] Route path: '/images', defaults: {'action': u'create', 'controller': } Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 4845 DEBUG [routes.middleware] Match dict: {'action': u'create', 'controller': } Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 4845 INFO [sqlalchemy.engine.base.Engine] BEGIN (implicit) Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 4845 INFO [sqlalchemy.engine.base.Engine] INSERT INTO images (created_at, updated_at, deleted_at, deleted, id, name, disk_format, container_format, size, status, is_public, location, checksum, min_disk, min_ram, owner, protected) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) Feb 1 17:42:27 ang2pcgls1 2013-02-01 17:42:27 4845 INFO [sqlalchemy.engine.base.Engine] (datetime.datetime(2013 ... (more)

2013-01-30 12:19:53 -0500 answered a question Logging to syslog not working

In /etc/keystone/logging.conf I changed logger_keystone to have handlers=production and now it's working.

2013-01-30 12:01:12 -0500 answered a question Logging to syslog not working

/etc/rsyslog.conf contains the following to allow any process on the box to send to its listening address via UDP: $ModLoad imudp $UDPServerAddress 10.12.12.28 $UDPServerRun 514 $AllowedSender UDP, 10.12.12.28

/etc/rsyslog.d/50-default.conf contains the following to log locally: .;auth,authpriv.none -/var/log/syslog user.* -/var/log/user.log

/etc/rsyslog.d/remote.conf sends all syslog facility logs to a remote server: . @10.12.12.20:514

I don't think that this has anything to do with the syslog configuration - glance is configured to log to syslog and is working. Glance's config does not have a log_config parameter though, and that's the only difference I'm seeing here.

In /etc/keystone/logging.conf reference is made to the handlers (production,file,devel) and loggers (root,keystone,combined). All loggers are referring to the 'file' handler, and none to the 'production' handler which is what refers to syslog. I suspect that this is the issue but I cannot find a sample configuration where it shows me how to change this successfully.

Which of the loggers (root,keystone,combined) do I need to change? Is the logger determined by the userid that the service runs under, or some other means? I've dug around - even in the python logger documentation but I can't make head or tail of this yet.

2013-01-30 10:12:15 -0500 asked a question Logging to syslog not working

I want keystone to log to syslog, but it only seems to be sending log information to the log file instead. I figure that this may have something to do with the way the log handling is configured, but I can't figure out what I'm missing or doing wrong. Can someone please assist?

Extract of /etc/keystone/keystone.conf:

[DEFAULT] verbose = True debug = True log_config = /etc/keystone/logging.conf use_syslog = True syslog_log_facility = LOG_USER

Full content of /etc/keystone/logging.conf: [loggers] keys=root,keystone,combined

[formatters] keys=normal,normal_with_name,debug

[handlers] keys=production,file,devel

[logger_root] level=DEBUG handlers=file

[logger_keystone] level=DEBUG handlers=file qualname=keystone

[logger_combined] level=DEBUG handlers=file qualname=keystone-combined

[handler_production] class=handlers.SysLogHandler level=DEBUG formatter=normal_with_name #args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) args=(('10.12.12.28', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)

[handler_file] class=FileHandler level=DEBUG formatter=normal_with_name args=('/var/log/keystone/keystone.log', 'w')

[handler_devel] class=StreamHandler level=DEBUG formatter=debug args=(sys.stdout,)

[formatter_normal] format=%(asctime)s %(levelname)s %(message)s

[formatter_normal_with_name] format=(%(name)s): %(asctime)s %(levelname)s %(message)s

[formatter_debug] format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s

2012-12-14 13:35:35 -0500 answered a question External Keystone access trying to use Admin URL

Never mind - I misunderstood the use case. We can auth happily to keystone for other services and keystone's command set shouldn't be used externally. nova, for instance, is totally usable externally.

2012-12-14 11:33:08 -0500 asked a question External Keystone access trying to use Admin URL

We've setup external access to Keystone and Nova-API and I'm testing that access. What I find, when doing the command 'keystone --debug service-list' is that the keystone client authenticates to the purlicURL, gets a token, then tries to communicate to the adminURL instead of continuing to talk to the publicURL.

Obviously we have only opened the publicURL for the services for access, so this causes a failure.

Why would it be trying to access the adminURL instead of the publicURL?

Environment: Essex, multi-node

2012-12-12 10:22:48 -0500 answered a question novnc token invalid on first attempt, but valid on second

Thanks Vish Ishaya, that solved my question.

2012-12-11 18:35:37 -0500 answered a question novnc token invalid on first attempt, but valid on second

For the moment, during this testing, I'm only running one copy of nova-consoleauth. I will eventually want to run more, but that'll be something I work on once this is working.

2012-12-11 18:04:39 -0500 asked a question novnc token invalid on first attempt, but valid on second

When I use ‘nova get-vnc-console test3 novnc’ to create the URL including the token for novnc access to an instance console, the novnc proxy can't connect on the first attempt. When refreshing the browser using the same URL/token it works.

In examining the logs I see that nova-consoleauth checks the token on the first attempt via rabbitmq, but I don't understand why it doesn't complete the validation properly on the first round.

Can anyone point me to a way to make this work properly the first time around using Ubuntu Precise, ideally using the standard packages? Alternatively what modifications are required to make it work?

Environment: Ubuntu Precise, Openstack Essex, multi-host