Ask Your Question

doka.ua's profile - activity

2019-01-17 12:52:36 -0500 received badge  Famous Question (source)
2018-09-06 16:56:59 -0500 received badge  Notable Question (source)
2018-09-06 16:56:59 -0500 received badge  Famous Question (source)
2018-07-05 06:55:18 -0500 received badge  Nice Answer (source)
2018-07-03 03:32:13 -0500 received badge  Popular Question (source)
2018-07-03 03:13:51 -0500 commented question cloud-init custom UUID?

Changing scheduler group as well 😀

2018-07-02 12:03:15 -0500 commented question cloud-init custom UUID?

Openstack will create it with new UUID and cloud-init will do all things as for new VM, while in fact it's same VM and I don't need new ssh keys, etc on the production VM :) Instead I will use own ID in metadata and point cloud-init on this value instead of system's UUID.

2018-07-02 12:02:48 -0500 commented question cloud-init custom UUID?

Sure and there is no way to say Openstack "create VM with this UUID", that's why I want to use custom UUID. When I need to resize root volume, I need to delete VM (to make volume 'available'), then resize it and then create VM back.

2018-06-27 10:15:40 -0500 asked a question cloud-init custom UUID?

Hi colleagues,

brief googling didn't answer whether it's possible to configure cloud-init to use custom UUID (e.g. provided in metadata) instead of one provided by Openstack.

Whether it's possible to configure cloud-init in this manner?

Thank you.

2018-05-16 12:06:42 -0500 received badge  Famous Question (source)
2018-05-11 01:42:23 -0500 received badge  Famous Question (source)
2018-05-04 16:30:10 -0500 received badge  Famous Question (source)
2018-04-21 15:07:11 -0500 received badge  Notable Question (source)
2018-04-20 23:51:11 -0500 received badge  Popular Question (source)
2018-04-20 09:24:45 -0500 asked a question heat "stack check"

Hi colleagues,

two questions:

  1. what "stack check" command supposed to do?
  2. check of suspended stack leads to unrecoverable error with stack - is it ok?
# openstack stack list
... | vt         | CREATE_COMPLETE |
# openstack stack check vt
... | vt         | CREATE_COMPLETE |
# openstack stack list
... | vt         | CHECK_COMPLETE  |
# openstack stack suspend vt
# openstack stack list
... | vt         | SUSPEND_COMPLETE |
# openstack stack check vt
# openstack stack list
... | vt         | CHECK_FAILED    |
# openstack stack resume vt
# openstack stack list
... | vt         | RESUME_FAILED   |

while heat-engine.log says the following:

INFO heat.engine.resource [ ... ] CHECK: Server "n1" [fb12928c-fa46-4575-8aa3-9cc9dd16f57f] Stack "vt" [7519dba6-85e4-4320-8f41-1c1a6a762dde]
ERROR heat.engine.resource Traceback (most recent call last):
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 831, in _action_recorder
ERROR heat.engine.resource     yield
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 939, in _do_action
ERROR heat.engine.resource     yield self.action_handler_task(action, args=handler_args)
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/scheduler.py", line 334, in wrapper
ERROR heat.engine.resource     step = next(subtask)
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 884, in action_handler_task
ERROR heat.engine.resource     handler_data = handler(*args)
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/resources/openstack/nova/server.py", line 885, in handle_check
ERROR heat.engine.resource     self._verify_check_conditions(checks)
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 1643, in _verify_check_conditions
ERROR heat.engine.resource     raise exception.Error('; '.join(invalid_checks))
ERROR heat.engine.resource Error: 'status': expected 'ACTIVE', got 'SUSPENDED'
ERROR heat.engine.resource
WARNING heat.engine.resource [ ... ] no calling_engine_id in store {'status': 'FAILED', 'updated_at': None, 'needed_by': [], 'properties_data': None, 'replaced_by': None, 'status_reason': u"Error: resources.n1: 'status': expected 'ACTIVE', got 'SUSPENDED'", 'replaces': None, 'current_template_id': 1510, 'name': u'n1', 'stack_id': u'7519dba6-85e4-4320-8f41-1c1a6a762dde', 'requires': [6940, 6934], 'root_stack_id': u'7519dba6-85e4-4320-8f41-1c1a6a762dde', 'physical_resource_id': u'fb12928c-fa46-4575-8aa3-9cc9dd16f57f', 'action': 'CHECK', 'rsrc_prop_data_id': 7657}: Error: 'status': expected 'ACTIVE', got 'SUSPENDED'
INFO heat.engine.stack [ ... ] Stack CHECK FAILED (vt): Resource CHECK failed: ["Error: resources.n1: 'status': expected 'ACTIVE', got 'SUSPENDED'"]
INFO heat.engine.stack [ ... ] Stack CHECK FAILED (vt): Resource CHECK failed: ["Error: resources.n1: 'status': expected 'ACTIVE', got 'SUSPENDED'"]. 'CHECK' not fully supported (see resources)
INFO heat.engine.stack [ ... ] Stack RESUME IN_PROGRESS (vt): Stack RESUME started
INFO heat.engine.stack [ ... ] Stack RESUME FAILED (vt): Resource RESUME failed: Error: resources.e-secgroup: State (u'CHECK', u'COMPLETE') invalid for resume

Is Q2 is a case for raising bug or this is documented behaviour?

Thank you!

2018-03-05 13:04:48 -0500 received badge  Popular Question (source)
2018-02-20 16:26:42 -0500 received badge  Self-Learner (source)
2018-02-20 15:55:45 -0500 answered a question [Heat] cloud-init and colon+space

Quote it and backslash nested quotes:

runcmd:
  - "NTFY --data-binary '{\"status\": \"SUCCESS\"}'"
2018-02-20 15:19:52 -0500 received badge  Associate Editor (source)
2018-02-20 14:39:59 -0500 answered a question Openstack metadata - Why I am not able to access to the metadata?
400 Bad Request
X-Instance-ID header is missing from request.

Metadata is available from VM and accessible through metadata proxy, which poplulates request with instance ID and gives metadata server clues which metadata return in answer. Metadat proxy, in general, is accessible on address 169.254.169.254 and pinned either to DHCP or VR entity of the VM's subnet depending on configuration (neutron/dhcp_agent.ini, neutron/l3_agent.ini), e.g.

VM$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
169.254.169.254 25.1.4.10       255.255.255.255 UGH       0 0          0 eth0

where in example 25.1.4.10 is DHCP server of eth0's subnet.

If you'll try to access metadata from inside of your VM, you will get what you're looking for:

VM$ curl http://169.254.169.254/2007-01-19/meta-data/
ami-id
ami-launch-index
ami-manifest-path
hostname
instance-id
local-hostname
local-ipv4
public-hostname
public-ipv4
reservation-id
2018-02-20 10:57:04 -0500 asked a question [Heat] cloud-init and colon+space

Hi colleagues,

I'm using the following way to pass cloud-init info into VM:

  n2:
    type: OS::Nova::Server
    properties:
     [ ... ]
      user_data_format: SOFTWARE_CONFIG
      user_data:
          str_replace:
            template: { get_file: CI-v17.yaml }
            params:
              NTFY: { get_attr: ['wait_handle', 'curl_cli'] }

where CI-v17.yaml is the following:

#cloud-config

[ ... ]
timezone: Europe/Kiev
runcmd:
  - NTFY --data-binary '{"status": "SUCCESS"}'
[ ... ]

Unfortunatelty, NTFY expands to something that contains YAML control sequence ": " (colon+space e.g. X-Auth-Token: 'something') which leads to parsing error.

Is there any way to escape this sequence with something that will prevent YAML parsing error? Note that I want to use external file to store cloud-init config since I use it for multiple VMs.

Try to use

  n2-ci:
    type: OS::Heat::CloudConfig
    properties:
      cloud_config:
        str_replace:
          template: { get_file: CI-v17.yaml }
          params:
            NTFY: { get_attr: ['wait_handle', 'curl_cli'] }

  n2:
    type: OS::Nova::Server
    properties:
     [ ... ]
      user_data_format: SOFTWARE_CONFIG
      user_data: { get_resource: n2-ci }

leads to the following Heat error:

ERROR: Property error: : resources.n2-ci.properties.cloud_config: : "#cloud-config [ ... ]" is not a map

I will appreciate any ideas on how to work around this issue.

Thank you.

2018-02-12 09:36:45 -0500 received badge  Notable Question (source)
2018-02-12 09:36:45 -0500 received badge  Popular Question (source)
2017-12-27 10:08:21 -0500 received badge  Famous Question (source)
2017-10-16 07:39:09 -0500 received badge  Famous Question (source)
2017-08-02 08:10:17 -0500 marked best answer HEAT depends_on: wait for network

Hello colleagues,

I have a pretty clear problem which seems to have an easy solution which, though, doesn't work. There is LAN (i2e-net/-subnet), vRouter connects LAN with external network (e-net) and server in the LAN (din2) which I need to assign external IP (floating IP).

The problem is: when I try to create stack with all components described in the template (below), creation fails with the error "Resource CREATE failed: External network <e-net> is not reachable from subnet <i2e-subnet>. Therefore, cannot associate Port with a Floating IP." However, if I comment out assignment of floating IP in the template, create stack (successfully), then uncomment commented earlier and update stack, everything is ok - servers get's external floating IP successfully.

The problem is clear - HEAT tries to assign floating IP before vRouter provides connectivity between LAN and external network. I tried to put "depends_on" in various resources of template (you will find these places below) but no success.

Please suggest where to use depends_on in the template below or how to solve this issue in other way. Thank you.

The sceleton of HEAT template I use is the following:

############## NETWORK Configuration #######

  i2e-net:
    type: OS::Neutron::Net
    properties: [ ... ]

  i2e-subnet:
    type: OS::Neutron::Subnet
    properties: [ ... depends on i2e-net ]

  i2e-gw:
    type: OS::Neutron::Port
    properties: [ ... ]

  vRouter:
    type: OS::Neutron::Router
    properties: [ ... connected to external net e-net ]

  vRouter_iIF:
    type: OS::Neutron::RouterInterface
    properties: [ ... interface to internal i2e-subnet with i2e-gw address ]

############## SERVER Configuration #######

  srv_life:
    type: OS::Heat::SoftwareComponent
    properties: [ ... configs / actions ]

  din2_depl:
    type: OS::Heat::SoftwareDeployment
#    depends_on: vRouter
    properties:
      actions: [CREATE,UPDATE,DELETE,SUSPEND,RESUME]
      config: { get_resource: srv_life }
      server: { get_resource: din2 }
      signal_transport: NO_SIGNAL

  din2:
    type: OS::Nova::Server
#    depends_on: vRouter
    properties:
      networks:
        - port: { get_resource: din2-i2e }
    [ ... ]

#### SRV ports / addresses ###

# interface to internal net
  din2-i2e:
    type: OS::Neutron::Port
    properties:
      network: { get_resource: i2e-net }

# external IP
  din2-e2e:
    type: OS::Neutron::FloatingIP
#    depends_on: vRouter
    properties:
      floating_network_id: e-net
      port_id: { get_resource: din2-i2e }

Thanks again!

2017-08-02 08:10:17 -0500 received badge  Nice Answer (source)
2017-07-30 12:34:15 -0500 received badge  Popular Question (source)
2017-07-30 12:34:15 -0500 received badge  Notable Question (source)
2017-07-07 01:29:27 -0500 commented answer disable cloud-init's network setup from Heat template

Thanks. You're absolutely right and it was absolutely stupid question. Sometimes it happens when brain switches off while hands continue tapping keyboard.

2017-07-06 14:41:04 -0500 asked a question disable cloud-init's network setup from Heat template

Hi colleagues,

are there ways to forbid cloud-init to configure networking on guest VM, using Heat template?

At the moment, my OS::Heat::CloudConfig resource looks as below:

type: OS::Heat::CloudConfig
    properties:
      cloud_config:
        manage_etc_hosts: true
        network:
          config: disabled

and despite this setting, after I boot VM, I find that cloud-init did networking setup (e.g. there is /etc/network/interfaces.d/50-cloud-init.cfg and logs confirm this).

Any ideas on how to prevent cloud init from doing network configuring?

Thank you!

2017-06-30 13:57:15 -0500 received badge  Notable Question (source)
2017-06-08 07:57:49 -0500 received badge  Famous Question (source)
2017-06-08 07:57:49 -0500 received badge  Notable Question (source)
2017-05-26 09:53:28 -0500 asked a question Keystone: different domain to control access

Hi colleagues,

while trying to use different domains, I see something that totally breaks the idea of domains itself. It seems I'm missing something important and will appreciate if anybody will point me where I'm wrong.

Well:

1) I created domain, user and assign 'admin' role to the user in the domain

openstack domain create devtest --enable
openstack user create gab --domain devtest --password xxxx --enable
openstack role add admin --user gab --domain devtest
openstack project create admin --domain devtest
openstack role add admin --project-domain devtest --project admin --user gab

2) created corresponding ENV variables for openstack client

export OS_USERNAME=gab
export OS_PASSWORD=xxxxxxxxx
export OS_PROJECT_NAME=admin
export OS_REGION_NAME='RegionOne'
export OS_USER_DOMAIN_NAME=devtest
export OS_PROJECT_DOMAIN_NAME=devtest
export OS_DEFAULT_DOMAIN=devtest
export OS_AUTH_STRATEGY='keystone'
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_INTERFACE=internal

and then, using these settings, I'm able

  • - to look at things in 'default' project, e.g. 'openstack user list' shows me an entire list of users incl ones in 'default' project
  • - to create users and projects in domain 'default'
  • - to delete users and project in domain 'default' even if these entities created by another user, e.g.

    admin@default $ openstack project create asd --domain default
    +-------------+----------------------------------+
    | Field       | Value                            |
    +-------------+----------------------------------+
    | description |                                  |
    | domain_id   | default                          |
    | enabled     | True                             |
    | id          | 0d36824bbead4b08a90b6fa29329ae54 |
    | is_domain   | False                            |
    | name        | asd                              |
    | parent_id   | default                          |
    +-------------+----------------------------------+
    
    gab@devtest $ openstack project list
    +----------------------------------+--------+
    | ID                               | Name   |
    +----------------------------------+--------+
    | 0d36824bbead4b08a90b6fa29329ae54 | asd    |
    | 795504a0e45346d7ba0a016de877e725 | admin  |
    | d4746831c856400b84e79f5eb340e8bf | admin  |
    +----------------------------------+--------+
    
    gab@devtest $ openstack project delete asd
    gab@devtest $ [... it's ok ...]
    

    and so on.

    So, the basic idea of administrative separation don't work in my environment - 'admin' user can do anything in other domains, while I want to have complete separation (admin in devtest don't have any access to another domains). How to achieve this?

    Thank you.

  • 2017-05-19 10:02:20 -0500 asked a question proxying requests to Heat/Keystone

    Hi colleagues,

    are there ways to configure proxying between VM and Heat/Keystone in order to provide SoftwareDeployment function (ports 8004/5000) in case if VM resides on isolated network (e.g. if there is no internet connection, just VPN gateway to customer premises)?

    Like it's done for metadata, but for Heat's SoftwareDeployment method. It's clear it's possible by using additional port on every VM, but it can confuse customer and looks not too elegant.

    Thanks.

    2017-05-18 17:13:02 -0500 answered a question diskimage-builder: Software Deployments Broken In Xenial

    Finally, there are couple of changes to few files. Below is list of files and what I've changed to get HEAT-aware Xenial-based custom image. Before you'll be able to create custom image, you need to install diskimage-builder (https://docs.openstack.org/developer/...).

    Clone HEAT modules using stable/ocata branch:

    git clone -b stable/ocata https://git.openstack.org/openstack/tripleo-image-elements.git
    git clone -b stable/ocata https://git.openstack.org/openstack/heat-agents.git
    

    and change the following files:

    • custom image script:
    export BASE_ELEMENTS="ubuntu selinux-permissive dib-run-parts"
    export DIB_RELEASE=xenial
    
    • diskimage-builder/diskimage_builder/elements/dib-run-parts/package-installs.yaml
    python-dib-utils:
    - tripleo-image-elements/elements/os-collect-config/install.d/os-collect-config-source-install/10-os-collect-config
    [Install]
    WantedBy=cloud-init.target
    
    • heat-agents/heat-config/install.d/heat-config-source-install/50-heat-config-soure
    pip install python-heatclient python-zaqarclient python-keystoneclient
    

    and then you can launch custom image script to get 16.04 custom image.

    Enjoy!

    2017-05-18 17:11:41 -0500 marked best answer OS::Heat::SoftwareDeployment and Xenial (16.04) custom image

    Dears,

    there is a problem with Ubuntu 16.04 (Xenial) custom image for Heat. Everything built accordingly to http://docs.openstack.org/developer/h... and while it works fine with Ubuntu 14.04 (DIB_RELEASE=trusty), it fails with Ubuntu 16.04 (DIB_RELEASE=xenial).

    Screenshot from VM:

    ubuntu@adb1:~$ sudo os-collect-config --force --one-time --debug
    [ ... ]
    dib-run-parts Sat Feb 11 22:57:31 EET 2017 20-os-apply-config completed
    dib-run-parts Sat Feb 11 22:57:31 EET 2017 Running /usr/libexec/os-refresh-config/configure.d/55-heat-config
    Traceback (most recent call last):
      File "/usr/libexec/os-refresh-config/configure.d/55-heat-config", line 23, in <module>
        import requests
    ImportError: No module named requests
    
    ubuntu@adb1:~$ sudo -H pip install requests
    Requirement already satisfied: requests in /usr/local/lib/python3.5/dist-packages
    
    ubuntu@adb1:~$ cat /usr/libexec/os-refresh-config/configure.d/55-heat-config
    #!/usr/bin/env python
    #
    [ ... ]
    
    ubuntu@adb1:~$ /usr/bin/env python
    Python 2.7.12 (default, Nov 19 2016, 06:48:10) 
    >>> import requests
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
    ImportError: No module named requests
    

    On 14.04 (Trusty) module "requests" is available for python2 and 55-heat-config works without issues. On 16.04 (Xenial) module "requests" isn't available in default distribution for python2 and, thus, 55-heat-config doesn't work.

    Any ideas on why this happen and how to fix this?

    Script I use to build image (I'm doing this under 16.04.2 LTS) follows:

    #!/bin/sh
    
    # Clone the required repositories. Some of these are also available
    # via pypi or as distro packages.
    git clone https://git.openstack.org/openstack/diskimage-builder
    git clone https://git.openstack.org/openstack/tripleo-image-elements.git
    git clone https://git.openstack.org/openstack/heat-templates.git
    git clone https://git.openstack.org/openstack/dib-utils
    
    export PATH=$(pwd)/diskimage-builder/bin:$(pwd)/dib-utils/bin:$PATH
    
    # Required by diskimage-builder to discover element collections
    export ELEMENTS_PATH=tripleo-image-elements/elements:heat-templates/hot/software-config/elements
    
    # The base operating system element(s) provided by the diskimage-builder
    # elements collection. Other values which may work include:
    # centos7, debian, opensuse, rhel, rhel7, or ubuntu
    export BASE_ELEMENTS="ubuntu selinux-permissive"
    
    # Install and configure the os-collect-config agent to poll the metadata
    # server (heat service or zaqar message queue and so on) for configuration
    # changes to execute
    export AGENT_ELEMENTS="os-collect-config os-refresh-config os-apply-config"
    
    # heat-config installs an os-refresh-config script which will invoke the
    # appropriate hook to perform configuration. The element heat-config-script
    # installs a hook to perform configuration with shell scripts
    export DEPLOYMENT_BASE_ELEMENTS="heat-config heat-config-script"
    
    # Install a hook for any other chosen configuration tool(s).
    # Elements which install hooks include:
    # heat-config-cfn-init, heat-config-puppet, or heat-config-salt
    export DEPLOYMENT_TOOL=""
    
    # The name of the qcow2 image to create, and the name of the image
    # uploaded to the OpenStack image registry.
    export DIB_RELEASE=xenial
    export IMAGE_NAME=ubuntu-${DIB_RELEASE}-heat
    
    # Create the image
    diskimage-builder/bin/disk-image-create --mkfs-options '-i 16384' --no-tmpfs vm $BASE_ELEMENTS $AGENT_ELEMENTS \
            $DEPLOYMENT_BASE_ELEMENTS $DEPLOYMENT_TOOL -o $IMAGE_NAME.qcow2
    

    Thank you!

    2017-05-18 17:11:32 -0500 edited answer OS::Heat::SoftwareDeployment and Xenial (16.04) custom image

    Finally, there are couple of changes to few files. Below is list of files and what I've changed to get HEAT-aware Xenial-based custom image. Before you'll be able to create custom image, you need to install diskimage-builder (https://docs.openstack.org/developer/...).

    Clone HEAT modules using stable/ocata branch:

    git clone -b stable/ocata https://git.openstack.org/openstack/tripleo-image-elements.git
    git clone -b stable/ocata https://git.openstack.org/openstack/heat-agents.git
    

    and change the following files:

    • custom image script:
    export BASE_ELEMENTS="ubuntu selinux-permissive dib-run-parts"
    export DIB_RELEASE=xenial
    
    • diskimage-builder/diskimage_builder/elements/dib-run-parts/package-installs.yaml
    python-dib-utils:
    - tripleo-image-elements/elements/os-collect-config/install.d/os-collect-config-source-install/10-os-collect-config
    [Install]
    WantedBy=cloud-init.target
    
    • heat-agents/heat-config/install.d/heat-config-source-install/50-heat-config-soure
    pip install python-heatclient python-zaqarclient python-keystoneclient
    

    and then you can launch custom image script to get 16.04 custom image.

    Enjoy!