Ask Your Question

doka.ua's profile - activity

2019-07-20 12:59:35 -0500 received badge  Notable Question (source)
2019-07-20 12:59:35 -0500 received badge  Popular Question (source)
2019-07-20 12:59:35 -0500 received badge  Famous Question (source)
2019-05-21 06:02:34 -0500 received badge  Nice Answer (source)
2019-01-17 12:52:36 -0500 received badge  Famous Question (source)
2018-09-06 16:56:59 -0500 received badge  Famous Question (source)
2018-09-06 16:56:59 -0500 received badge  Notable Question (source)
2018-07-05 06:55:18 -0500 received badge  Nice Answer (source)
2018-07-03 03:32:13 -0500 received badge  Popular Question (source)
2018-07-03 03:13:51 -0500 commented question cloud-init custom UUID?

Changing scheduler group as well 😀

2018-07-02 12:03:15 -0500 commented question cloud-init custom UUID?

Openstack will create it with new UUID and cloud-init will do all things as for new VM, while in fact it's same VM and I don't need new ssh keys, etc on the production VM :) Instead I will use own ID in metadata and point cloud-init on this value instead of system's UUID.

2018-07-02 12:02:48 -0500 commented question cloud-init custom UUID?

Sure and there is no way to say Openstack "create VM with this UUID", that's why I want to use custom UUID. When I need to resize root volume, I need to delete VM (to make volume 'available'), then resize it and then create VM back.

2018-06-27 10:15:40 -0500 asked a question cloud-init custom UUID?

Hi colleagues,

brief googling didn't answer whether it's possible to configure cloud-init to use custom UUID (e.g. provided in metadata) instead of one provided by Openstack.

Whether it's possible to configure cloud-init in this manner?

Thank you.

2018-05-16 12:06:42 -0500 received badge  Famous Question (source)
2018-05-11 01:42:23 -0500 received badge  Famous Question (source)
2018-05-04 16:30:10 -0500 received badge  Famous Question (source)
2018-04-21 15:07:11 -0500 received badge  Notable Question (source)
2018-04-20 23:51:11 -0500 received badge  Popular Question (source)
2018-04-20 09:24:45 -0500 asked a question heat "stack check"

Hi colleagues,

two questions:

  1. what "stack check" command supposed to do?
  2. check of suspended stack leads to unrecoverable error with stack - is it ok?
# openstack stack list
... | vt         | CREATE_COMPLETE |
# openstack stack check vt
... | vt         | CREATE_COMPLETE |
# openstack stack list
... | vt         | CHECK_COMPLETE  |
# openstack stack suspend vt
# openstack stack list
... | vt         | SUSPEND_COMPLETE |
# openstack stack check vt
# openstack stack list
... | vt         | CHECK_FAILED    |
# openstack stack resume vt
# openstack stack list
... | vt         | RESUME_FAILED   |

while heat-engine.log says the following:

INFO heat.engine.resource [ ... ] CHECK: Server "n1" [fb12928c-fa46-4575-8aa3-9cc9dd16f57f] Stack "vt" [7519dba6-85e4-4320-8f41-1c1a6a762dde]
ERROR heat.engine.resource Traceback (most recent call last):
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 831, in _action_recorder
ERROR heat.engine.resource     yield
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 939, in _do_action
ERROR heat.engine.resource     yield self.action_handler_task(action, args=handler_args)
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/scheduler.py", line 334, in wrapper
ERROR heat.engine.resource     step = next(subtask)
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 884, in action_handler_task
ERROR heat.engine.resource     handler_data = handler(*args)
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/resources/openstack/nova/server.py", line 885, in handle_check
ERROR heat.engine.resource     self._verify_check_conditions(checks)
ERROR heat.engine.resource   File "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 1643, in _verify_check_conditions
ERROR heat.engine.resource     raise exception.Error('; '.join(invalid_checks))
ERROR heat.engine.resource Error: 'status': expected 'ACTIVE', got 'SUSPENDED'
ERROR heat.engine.resource
WARNING heat.engine.resource [ ... ] no calling_engine_id in store {'status': 'FAILED', 'updated_at': None, 'needed_by': [], 'properties_data': None, 'replaced_by': None, 'status_reason': u"Error: resources.n1: 'status': expected 'ACTIVE', got 'SUSPENDED'", 'replaces': None, 'current_template_id': 1510, 'name': u'n1', 'stack_id': u'7519dba6-85e4-4320-8f41-1c1a6a762dde', 'requires': [6940, 6934], 'root_stack_id': u'7519dba6-85e4-4320-8f41-1c1a6a762dde', 'physical_resource_id': u'fb12928c-fa46-4575-8aa3-9cc9dd16f57f', 'action': 'CHECK', 'rsrc_prop_data_id': 7657}: Error: 'status': expected 'ACTIVE', got 'SUSPENDED'
INFO heat.engine.stack [ ... ] Stack CHECK FAILED (vt): Resource CHECK failed: ["Error: resources.n1: 'status': expected 'ACTIVE', got 'SUSPENDED'"]
INFO heat.engine.stack [ ... ] Stack CHECK FAILED (vt): Resource CHECK failed: ["Error: resources.n1: 'status': expected 'ACTIVE', got 'SUSPENDED'"]. 'CHECK' not fully supported (see resources)
INFO heat.engine.stack [ ... ] Stack RESUME IN_PROGRESS (vt): Stack RESUME started
INFO heat.engine.stack [ ... ] Stack RESUME FAILED (vt): Resource RESUME failed: Error: resources.e-secgroup: State (u'CHECK', u'COMPLETE') invalid for resume

Is Q2 is a case for raising bug or this is documented behaviour?

Thank you!

2018-03-05 13:04:48 -0500 received badge  Popular Question (source)
2018-02-20 16:26:42 -0500 received badge  Self-Learner (source)
2018-02-20 15:55:45 -0500 answered a question [Heat] cloud-init and colon+space

Quote it and backslash nested quotes:

runcmd:
  - "NTFY --data-binary '{\"status\": \"SUCCESS\"}'"
2018-02-20 15:19:52 -0500 received badge  Associate Editor (source)
2018-02-20 14:39:59 -0500 answered a question Openstack metadata - Why I am not able to access to the metadata?
400 Bad Request
X-Instance-ID header is missing from request.

Metadata is available from VM and accessible through metadata proxy, which poplulates request with instance ID and gives metadata server clues which metadata return in answer. Metadat proxy, in general, is accessible on address 169.254.169.254 and pinned either to DHCP or VR entity of the VM's subnet depending on configuration (neutron/dhcp_agent.ini, neutron/l3_agent.ini), e.g.

VM$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
169.254.169.254 25.1.4.10       255.255.255.255 UGH       0 0          0 eth0

where in example 25.1.4.10 is DHCP server of eth0's subnet.

If you'll try to access metadata from inside of your VM, you will get what you're looking for:

VM$ curl http://169.254.169.254/2007-01-19/meta-data/
ami-id
ami-launch-index
ami-manifest-path
hostname
instance-id
local-hostname
local-ipv4
public-hostname
public-ipv4
reservation-id
2018-02-20 10:57:04 -0500 asked a question [Heat] cloud-init and colon+space

Hi colleagues,

I'm using the following way to pass cloud-init info into VM:

  n2:
    type: OS::Nova::Server
    properties:
     [ ... ]
      user_data_format: SOFTWARE_CONFIG
      user_data:
          str_replace:
            template: { get_file: CI-v17.yaml }
            params:
              NTFY: { get_attr: ['wait_handle', 'curl_cli'] }

where CI-v17.yaml is the following:

#cloud-config

[ ... ]
timezone: Europe/Kiev
runcmd:
  - NTFY --data-binary '{"status": "SUCCESS"}'
[ ... ]

Unfortunatelty, NTFY expands to something that contains YAML control sequence ": " (colon+space e.g. X-Auth-Token: 'something') which leads to parsing error.

Is there any way to escape this sequence with something that will prevent YAML parsing error? Note that I want to use external file to store cloud-init config since I use it for multiple VMs.

Try to use

  n2-ci:
    type: OS::Heat::CloudConfig
    properties:
      cloud_config:
        str_replace:
          template: { get_file: CI-v17.yaml }
          params:
            NTFY: { get_attr: ['wait_handle', 'curl_cli'] }

  n2:
    type: OS::Nova::Server
    properties:
     [ ... ]
      user_data_format: SOFTWARE_CONFIG
      user_data: { get_resource: n2-ci }

leads to the following Heat error:

ERROR: Property error: : resources.n2-ci.properties.cloud_config: : "#cloud-config [ ... ]" is not a map

I will appreciate any ideas on how to work around this issue.

Thank you.

2018-02-12 09:36:45 -0500 received badge  Notable Question (source)
2018-02-12 09:36:45 -0500 received badge  Popular Question (source)
2017-12-27 10:08:21 -0500 received badge  Famous Question (source)
2017-10-16 07:39:09 -0500 received badge  Famous Question (source)
2017-08-02 08:10:17 -0500 marked best answer HEAT depends_on: wait for network

Hello colleagues,

I have a pretty clear problem which seems to have an easy solution which, though, doesn't work. There is LAN (i2e-net/-subnet), vRouter connects LAN with external network (e-net) and server in the LAN (din2) which I need to assign external IP (floating IP).

The problem is: when I try to create stack with all components described in the template (below), creation fails with the error "Resource CREATE failed: External network <e-net> is not reachable from subnet <i2e-subnet>. Therefore, cannot associate Port with a Floating IP." However, if I comment out assignment of floating IP in the template, create stack (successfully), then uncomment commented earlier and update stack, everything is ok - servers get's external floating IP successfully.

The problem is clear - HEAT tries to assign floating IP before vRouter provides connectivity between LAN and external network. I tried to put "depends_on" in various resources of template (you will find these places below) but no success.

Please suggest where to use depends_on in the template below or how to solve this issue in other way. Thank you.

The sceleton of HEAT template I use is the following:

############## NETWORK Configuration #######

  i2e-net:
    type: OS::Neutron::Net
    properties: [ ... ]

  i2e-subnet:
    type: OS::Neutron::Subnet
    properties: [ ... depends on i2e-net ]

  i2e-gw:
    type: OS::Neutron::Port
    properties: [ ... ]

  vRouter:
    type: OS::Neutron::Router
    properties: [ ... connected to external net e-net ]

  vRouter_iIF:
    type: OS::Neutron::RouterInterface
    properties: [ ... interface to internal i2e-subnet with i2e-gw address ]

############## SERVER Configuration #######

  srv_life:
    type: OS::Heat::SoftwareComponent
    properties: [ ... configs / actions ]

  din2_depl:
    type: OS::Heat::SoftwareDeployment
#    depends_on: vRouter
    properties:
      actions: [CREATE,UPDATE,DELETE,SUSPEND,RESUME]
      config: { get_resource: srv_life }
      server: { get_resource: din2 }
      signal_transport: NO_SIGNAL

  din2:
    type: OS::Nova::Server
#    depends_on: vRouter
    properties:
      networks:
        - port: { get_resource: din2-i2e }
    [ ... ]

#### SRV ports / addresses ###

# interface to internal net
  din2-i2e:
    type: OS::Neutron::Port
    properties:
      network: { get_resource: i2e-net }

# external IP
  din2-e2e:
    type: OS::Neutron::FloatingIP
#    depends_on: vRouter
    properties:
      floating_network_id: e-net
      port_id: { get_resource: din2-i2e }

Thanks again!

2017-08-02 08:10:17 -0500 received badge  Nice Answer (source)
2017-07-30 12:34:15 -0500 received badge  Notable Question (source)
2017-07-30 12:34:15 -0500 received badge  Popular Question (source)
2017-07-07 01:29:27 -0500 commented answer disable cloud-init's network setup from Heat template

Thanks. You're absolutely right and it was absolutely stupid question. Sometimes it happens when brain switches off while hands continue tapping keyboard.

2017-07-06 14:41:04 -0500 asked a question disable cloud-init's network setup from Heat template

Hi colleagues,

are there ways to forbid cloud-init to configure networking on guest VM, using Heat template?

At the moment, my OS::Heat::CloudConfig resource looks as below:

type: OS::Heat::CloudConfig
    properties:
      cloud_config:
        manage_etc_hosts: true
        network:
          config: disabled

and despite this setting, after I boot VM, I find that cloud-init did networking setup (e.g. there is /etc/network/interfaces.d/50-cloud-init.cfg and logs confirm this).

Any ideas on how to prevent cloud init from doing network configuring?

Thank you!

2017-06-30 13:57:15 -0500 received badge  Notable Question (source)
2017-06-08 07:57:49 -0500 received badge  Notable Question (source)
2017-06-08 07:57:49 -0500 received badge  Famous Question (source)
2017-05-26 09:53:28 -0500 asked a question Keystone: different domain to control access

Hi colleagues,

while trying to use different domains, I see something that totally breaks the idea of domains itself. It seems I'm missing something important and will appreciate if anybody will point me where I'm wrong.

Well:

1) I created domain, user and assign 'admin' role to the user in the domain

openstack domain create devtest --enable
openstack user create gab --domain devtest --password xxxx --enable
openstack role add admin --user gab --domain devtest
openstack project create admin --domain devtest
openstack role add admin --project-domain devtest --project admin --user gab

2) created corresponding ENV variables for openstack client

export OS_USERNAME=gab
export OS_PASSWORD=xxxxxxxxx
export OS_PROJECT_NAME=admin
export OS_REGION_NAME='RegionOne'
export OS_USER_DOMAIN_NAME=devtest
export OS_PROJECT_DOMAIN_NAME=devtest
export OS_DEFAULT_DOMAIN=devtest
export OS_AUTH_STRATEGY='keystone'
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_INTERFACE=internal

and then, using these settings, I'm able

  • - to look at things in 'default' project, e.g. 'openstack user list' shows me an entire list of users incl ones in 'default' project
  • - to create users and projects in domain 'default'
  • - to delete users and project in domain 'default' even if these entities created by another user, e.g.

    admin@default $ openstack project create asd --domain default
    +-------------+----------------------------------+
    | Field       | Value                            |
    +-------------+----------------------------------+
    | description |                                  |
    | domain_id   | default                          |
    | enabled     | True                             |
    | id          | 0d36824bbead4b08a90b6fa29329ae54 |
    | is_domain   | False                            |
    | name        | asd                              |
    | parent_id   | default                          |
    +-------------+----------------------------------+
    
    gab@devtest $ openstack project list
    +----------------------------------+--------+
    | ID                               | Name   |
    +----------------------------------+--------+
    | 0d36824bbead4b08a90b6fa29329ae54 | asd    |
    | 795504a0e45346d7ba0a016de877e725 | admin  |
    | d4746831c856400b84e79f5eb340e8bf | admin  |
    +----------------------------------+--------+
    
    gab@devtest $ openstack project delete asd
    gab@devtest $ [... it's ok ...]
    

    and so on.

    So, the basic idea of administrative separation don't work in my environment - 'admin' user can do anything in other domains, while I want to have complete separation (admin in devtest don't have any access to another domains). How to achieve this?

    Thank you.