Ask Your Question

zaneb's profile - activity

2019-03-22 08:51:12 -0500 edited question Software Deployment in Heat: Problem with os-collect-config

HI all, I have a problem with the coe cluster deploy k8s creation. On the master node on k8s i have this error:

 ***Authorization failed: Unable to establish connection to 
Mar 21 13:47:11 k8s-gdbdfoalflcp-master-0 runc[2256]: Source [heat] Unavailable.
Mar 21 13:47:11 k8s-gdbdfoalflcp-master-0 runc[2256]: /var/lib/os-collect-config/local-data not found. Skipping***

Seems that the master node want to connect the internal url reported

I don't understand where is setted this parameter. i have installed manually magnum project by follow this documentation on centos queens on my overcloud deployed by using tripleo

In the magnum.conf i have specified only public endpoint for uri and url [keystone authentication] section:


transport_url = rabbit://guest:nYBy8MUw2CfAhTRwbwBY2p8sT@internal:5672//


host = publicip



cert_manager_type = local



region_name = regionOne







connection = mysql+pymysql://magnum:iniziale@internalip/magnum








auth_uri = http://public:5000/v3

auth_version = v3

memcached_servers = internal:11211

project_domain_id = default

project_name = service

user_domain_id = default

password = xxxxx

username = magnum

auth_url = http://publicip:5000

auth_type = password

admin_user = magnum

admin_password = xxxxx

admin_tenant_name = service






lock_path = /var/lib/magnum/tmp




driver = messagingv2







trustee_domain_name = magnum

trustee_domain_admin_name = magnum_domain_admin

trustee_domain_admin_password = xxxxx

trustee_keystone_interface = public


can anyone help me please?

2019-03-22 08:49:22 -0500 answered a question Software Deployment in Heat: Problem with os-collect-config

The problem will be in heat.conf rather than magnum.conf. You likely either have the auth_uri set to the internal IP or the endpoint_type set to Internal in the clients_keystone section.

We're looking at finding a way to ensure that in the future software deployments always get an external auth URL regardless of how Heat is configured.

2019-03-04 12:57:40 -0500 answered a question Autoscaling not working

I suspect that the server_group query in Aodh refers to an OS::Nova::ServerGroup, not to the ID of the stack. (Nova doesn't know that the servers are part of a Heat stack, and Nova events are where Gnocchi gets its measurements from.) Since there is no Server Group with that ID in Nova, the alarm is not seeing any measurements.

2019-02-27 16:21:57 -0500 commented answer Use condition to enable/disable one of the properties

That's weird, that is Nova complaining that the {get_resource: stack-server-group} part is resolving to None. Was it working before?

2019-02-26 21:08:49 -0500 received badge  Taxonomist
2019-02-19 17:00:20 -0500 answered a question Use condition to enable/disable one of the properties

Use the if macro:

              - cnd_enable_anti_affinity
              - group: {get_resource: stack-server-group}
2019-02-17 15:31:54 -0500 answered a question Is there a way in a Heat Template to constrain a parameter to provider nets?

There doesn't appear to be one, no. The complete list of available custom constraints can be found in setup.cfg. You'd be welcome to propose a new one here.

2019-02-17 15:25:38 -0500 edited question Is there a way in a Heat Template to constrain a parameter to provider nets?

I'm trying to create a router in a heat template and want to be able to present a list of provider networks to choose from when creating the external gateway. This would be similar to the way the custom constraint shows the networks available in the project. I tried using neutron.providernet but that doesn't seem to work.

    type: string
    description: ID or name of public network for which floating IP address will be allocated
      - custom_constraint: neutron.providernet
2019-02-12 15:58:07 -0500 answered a question HEAT Trigger with project creation

The Adjutant project is building workflows for project (i.e. tenant) management (amongst other things). That is probably the best place to implement what you're trying to do. (It is an official OpenStack project.)

The other option is to trigger something off of events. To do this as a regular user, you could trigger off an event alarm and use a Zaqar subscription to execute a Mistral workflow that creates the network environment (example in another context). However, IIUC you are speaking as a cloud operator and therefore have no need to restrict yourself to APIs a regular user can access. So you could write something to listen to oslo.notification events directly and make the API calls you want.

2019-02-12 00:33:49 -0500 answered a question HEAT Formatting list into string for load balancer pool member

You want to create a template that contains a single Server and a PoolMember. Then use the name of that template (instead of OS::Nova::Server) as the 'type' of the asg's 'resource' property. That way you'll have a scaling group where the scaled unit is a server that is a member of the load balancer pool.

2019-02-12 00:30:31 -0500 edited question HEAT Formatting list into string for load balancer pool member

FYI I am a user of a stack on the Ocata release. Hello, I have been experimenting and not been able to actually find a working solution. I am defining n node members to start my auto scaling group (I actually don't care about the asg, it's just a convenient way to spin up many nodes in a single block once just by using a parameter) and I would like to place n members into lbaas pool memberbership. The closest I can get is a retrieval of the IP addresses of all nodes as a list, however the address field in pool member wants only one string of an ip, not a list. Worst, that field won't allow any manipulation using a split. I've tried using repeat here too and it didn't work, it would just add only the last address. Code:

heat_template_version: 2017-02-24
    type: OS::Heat::AutoScalingGroup
      min_size: 1
      desired_capacity: {get_param: servercount}
      max_size: {get_param: servercount}
        type: OS::Nova::Server
          name: perf
          flavor: { get_param: instance_type }
          image: { get_param: image_id }
            - network: <defined>
          tags: [{get_param: environment}]
              template: {get_file:}

    type: OS::Neutron::LBaaS::LoadBalancer
      name: {get_param: environment}
      provider: vmwareedge
      vip_subnet: DMZLow-LS-Net
    type: OS::Neutron::LBaaS::Listener
      loadbalancer: {get_resource: lb}
      name: {get_param: environment}
      protocol: HTTPS
      protocol_port: 443
    type: OS::Neutron::LBaaS::Pool
      lb_algorithm: ROUND_ROBIN
      listener: {get_resource: lblistener}
      name: {get_param: environment}
      protocol: HTTPS

    type: OS::Neutron::LBaaS::PoolMember
      address: <how do I populate n number of servers without statically copying this block? even then how do I get just one server ip here if it won't let me split from a list?>
      pool: {get_resource: lbpool}
      protocol_port: 8443
      subnet: DMZLow-LS-Net

    type: OS::Neutron::LBaaS::HealthMonitor
      delay: 5
      max_retries: 4
      pool: {get_resource: lbpool}
      timeout: 10
      type: TCP
      url_path: /status
    description: >
      This is a list of first ip addresses of the servers in the group
      for a specified network.
    value: {get_attr: [asg, outputs_list, first_address]}
2019-01-30 20:17:40 -0500 answered a question Heat snaphost

There is an unofficial tool called Flame that is designed to do this for a subset of resource types. That might get you part of the way there.

2019-01-30 01:20:15 -0500 answered a question CircularDependencyException - Accessing a property within the resource

No, there's no way to access the attributes from the same resource. Attributes aren't available until the resource is complete, while properties must be available before the resource is started. That's why you'll always get a CircularDependencyError if you try it.

One alternative is to use a SoftwareDeployment to pass the data you want to the server, since this runs after the server is created.

2019-01-30 01:04:32 -0500 answered a question overcloud undercloud


The undercloud is a single machine (often bare-metal, but can be run in a manually managed VM) running a set of OpenStack services, including Ironic. The Red Hat product that provides this functionality is called Director, but the upstream project is TripleO. Only the operators of the main cloud interact with the undercloud.

Ironic on the undercloud is used to provision a bunch of bare-metal servers which are configured as OpenStack controller, compute, and storage nodes. This happens over the provisioning network. In recent versions of TripleO these services are deployed in containers; they are never deployed in VMs. This OpenStack installation is known as the overcloud, and it's the cloud that actual users are expected to interact with.

End-user Nova workloads run in VMs on the overcloud compute nodes.

2019-01-28 16:37:22 -0500 answered a question what is the best infrastructure for openstack ?

Generally speaking, there's no reason to run on top of Xen (and you certainly shouldn't run on top of other hypervisors, like KVM, that don't support nested virt well).

The Rackspace cloud does, I believe, run on top of Xen. This enabled them to dynamically manage their server inventory, and do stuff like e.g. deploying test clouds. If you too have spent millions of dollars on custom deployment tooling that relies on Xen as an L0 hypervisor, then you should consider it. However, if you're asking this question then you haven't and you shouldn't.

2019-01-27 17:49:16 -0500 commented answer Adding dynamic network interfaces using HEAT template

Please open a new question, but the short answer is you can use the addresses attribute of the server.

2019-01-27 17:39:37 -0500 answered a question openstack heat

In the controller. Director is just the installer for the main OpenStack cloud (though it's also based on OpenStack).

2019-01-24 14:08:28 -0500 received badge  Nice Answer (source)
2019-01-21 22:08:50 -0500 answered a question Adding dynamic network interfaces using HEAT template

Intrinsic functions (like get_resource and repeat) are evaluated from the inside out, so in this case Heat will try to resolve {get_resource: <%port%>}, which obviously fails.

Some options:

  • Don't explicitly create an OS::Neutron::Port, but instead allow OS::Nova::Server to create the ports you need.
  • Generate the template externally to Heat with only the port resources you need and reference only those in the Server network config.
  • Include all potential ports in the template and enable or disable them from the environment with conditionals, then use the if macro to choose to reference them or not in the Server network config.
2019-01-21 17:20:51 -0500 answered a question What is the best way to make condition to "openstack update stack" ?

Definitely the second one IMHO.

2019-01-01 20:28:14 -0500 answered a question Enable SELinux on KVM Guest

Fedora and CentOS both include SELinux by default and would certainly be an easier choice.

Ubuntu's default choice of MAC is AppArmor, not SELinux. The Debian wiki has instructions for setting it up that should work on Ubuntu, but it's far more likely that something has gone wrong with this process than anything to do with OpenStack. SELinux is a kernel feature that has nothing to do with the hypervisor, although as you've noted it may rely on the bootloader setting it up correctly.

I assume you're using a Cinder volume and not ephemeral storage (although IIUC even with ephemeral storage the changes to the bootloader should survive a reboot).

2019-01-01 14:21:01 -0500 edited question Aodh unable to notify scalingpolicy

We have setup openstack ocata metering with ceilometer, gnocchi and aodh with sql backend.

Alarm is getting information as well as chaning state to ok and alarm from insufficient data but aodh throws following error unable to call scalingpolicy

2018-12-28 10:45:57.612 24166 DEBUG aodh.notifier [-] Notifying alarm 51d17032-4f1b-4757-bdad-783924c73cd9 with action SplitResult(scheme=u'trust+http', netloc=u'c18177041c6b4c5a8c1fce69f5c8f89a:delete@openstack-server:8004', path=u'/v1/1017debf6f4147dcb7ea20115c132311/stacks/a1/63338a93-8133-460a-94a6-87ce267656a5/resources/scaleup_policy/signal', query='', fragment='') _handle_action /usr/lib/python2.7/site-packages/aodh/notifier/
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier [-] Unable to notify alarm 51d17032-4f1b-4757-bdad-783924c73cd9
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier Traceback (most recent call last):
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier   File "/usr/lib/python2.7/site-packages/aodh/notifier/", line 140, in _handle_action
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier     notifier.notify(action, alarm_id, alarm_name, severity,
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier   File "/usr/lib/python2.7/site-packages/aodh/notifier/", line 45, in notify
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier     headers = {'X-Auth-Token': keystone_client.get_auth_token(client)}
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier   File "/usr/lib/python2.7/site-packages/aodh/", line 58, in get_auth_token
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier     return client.session.auth.get_access(client.session).auth_token
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier   File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/", line 136, in get_access
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier     self.auth_ref = self.get_auth_ref(session)
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier   File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/generic/", line 198, in get_auth_ref
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier     return self._plugin.get_auth_ref(session, **kwargs)
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier   File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/v3/", line 167, in get_auth_ref
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier     authenticated=False, log=False, **rkwargs)
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier   File "/usr/lib/python2.7/site-packages/keystoneclient/", line 545, in post
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier     return self.request(url, 'POST', **kwargs)
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier   File "/usr/lib/python2.7/site-packages/positional/", line 101, in inner
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier     return wrapped(*args, **kwargs)
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier   File "/usr/lib/python2.7/site-packages/keystoneclient/", line 445, in request
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier     raise exceptions.from_response(resp, method, url)
2018-12-28 10:45:57.827 24166 ERROR aodh.notifier BadRequest: Expecting to find domain in user. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) (Request-ID: req-1f4c3cd8-3672-4286-990a-15c8f620f01a)
2018-12-28 10:45:57 ...
2018-12-12 19:51:25 -0500 commented question [solved in Py3.7] Rocky openstackclient: issubclass() arg 1 must be a class

I think if you run the command with the --debug flag (i.e. openstack --debug network create ...) then it should show you the stack trace that will reveal where the problem is.

2018-12-06 21:38:42 -0500 answered a question I want to get involved in OpenStack but don't know what I want to work on.

The Technical Committee maintains a 'Help most needed' list.

2018-11-29 01:57:59 -0500 received badge  Nice Answer (source)
2018-11-28 10:50:03 -0500 answered a question Type in ResourceGroup and get_param

The problem here is actually on the client side. You can get the file name from a parameter, but the client isn't smart enough to automatically upload it for you like it usually does.

Heat won't allow you to reference local files on the Heat server, and the Heat server can't access local files on the client, for hopefully obvious reasons. It would work if you used an http/https URL that is accessible to the server (e.g. you could upload the template file to Swift).

A better way is probably to map the file in the environment using a custom type name, instead of in the parameters. e.g. your template would be something like:

      type: OS::Heat::ResourceGroup
        count: 5
           type: My::Custom::Type

and you'd pass an environment file like:

  My::Custom::Type: file.yaml

Then the client will know that it needs to upload the file for you, and you can switch to a different file by passing a different environment.

Finally, If you're using the Rocky release (or later) you can upload all of the files to a Swift container, and instantiate the main template from there. Heat will download all of the files in the container, so you can select which one you want with a parameter and it will always be available.

2018-11-28 10:35:06 -0500 commented question HEAT creating multiple servers

So what you're asking for is a way to create 100 stacks from the same template, each with a different environment file? The short answer is no, but depending on what you are setting in the environment files, there may be a way to do it within a template using one of the scaling group resource types.

2018-11-27 23:46:45 -0500 received badge  Necromancer (source)
2018-11-27 23:45:45 -0500 received badge  Necromancer (source)
2018-11-27 23:45:03 -0500 received badge  Necromancer (source)
2018-11-27 00:25:58 -0500 received badge  Great Answer (source)
2018-11-27 00:25:17 -0500 received badge  Necromancer (source)
2018-11-26 14:21:08 -0500 answered a question Will created VM be destroyed?

If rollback is enabled in Heat (by passing the --enable-rollback flag to openstack stack create) then yes, the stack will be rolled back and the already-created resource deleted.

If rollback is disabled (the default), the stack will be left in a state where only one of the VMs is created. You can try to correct the problem and update again.

2018-11-26 14:18:03 -0500 answered a question Heat global environment yaml

The 'global environment' doesn't do what you think it does. It's a place where the operator can put templates and environment files that map resource type names to either other types or to templates in that directory. It's not something that end-users can access.

You'll need to distribute the environment files with your templates, or put them somewhere accessible (e.g. in Swift). Users will need to specifically select an environment file when they create or update a stack.

2018-11-26 14:14:54 -0500 edited question Heat global environment yaml

Hi everyone,

I have created a complex series of nested heat templates for use in my company and the goal is to make these portable between openstack deployments. The user_data passed in the various resources often have lab specific data which means that every environment needs to modify the template with their IPs (think NTP, DNS etc). With that in mind, I am trying to leverage the /etc/heat/environment.d/ global environment to allow each separate deployment to have a "config.yaml" where they can put the IPs / FQDNs that apply to their environment. The goal is that I would not need to modify any of the existing templates to support a new environment, only the config.yaml that would be placed into /etc/heat/environment.d/.

The problem I am having here is that no matter what I put into this directory I cannot get it to work as described in the documentation. In the docs, there is an example given where they use the stack-create command with -e <something>.yaml. Further in the docs when it is describing the global environments it states that the same yaml provided in the earlier command could also be put into this directory and would no longer need to be passed in.

In my case, I am doing a simple example:


    type: string
    label: test



  test: value

When I run the stack create with -e passing in config.yaml it works as expected. When I put config.yaml into that directory, restart heat, and try it again without -e it complains that I have not provided all of the parameters.

Is there something I am missing to make this work? I can see in the logs that it has loaded my config.yaml and there are no errors.

Thanks a lot in advance for your help.

2018-11-26 14:10:39 -0500 answered a question collect up and down time for deployed openstack resources

There are billing services for OpenStack (CloudKitty), and metric collection services that feed into it (Ceilometer/Gnocchi, Monasca). It may be possible to repurpose one of those for measuring uptime (although I'm not sure if the measurements will be granular enough for your purposes).

Masakari is a service for providing High Availability of tenant workloads, so that might be a piece to start looking at extending.

2018-11-26 14:05:08 -0500 answered a question how to install rpm from coltroller to an instance
2018-11-26 13:28:21 -0500 commented answer is ther anyway to mark an instance as unhealthy?

You can use the UUID of the server to identify the resource beginning in Ocata. Prior to that it had to be the name of the server resource in Heat. Server names are too ambiguous. There's no way to force a rebuild instead of replacement.

2018-11-26 13:20:53 -0500 answered a question Heat yaml Environment File

You can set the defaults in an environment file, but there's no way to set the constraints in an environment file.

2018-11-26 13:19:53 -0500 edited question Heat yaml Environment File


i have a question about the Environment File in a Heat deployment.

I have in the normal Template File some constraints:allowd_values :

    type: string
    label: IP Adress 
    description: Please insert IP Adress
      - allowed_values:
        - 172.30.112
        - 10.198.113
        - 192.168.115

I heard that u can use some Environment File to input the "allowed_values" IP´s.

Why?: I have more Template files and i dont want to change the "allowed_values" in every single file. I want to have 1 File that ref to the other one so i only have to change this on.

is this possible?


2018-11-26 13:18:34 -0500 answered a question OS::Heat::ResourceGroup resources modified in unexpected order

You can use the removal_policies property to blacklist an index (corresponding to the entry you remove from the input list).

Note that in Mitaka there's no way to reuse this index again once you've blacklisted it. (In Queens and later you can do this by setting the removal_policies_mode.)

2018-11-26 12:20:52 -0500 commented answer heat-dashboard in queens

Personally, I would use one of the installers, like TripleO or Openstack-ansible. But if you are rolling your own then OS packages are probably the best thing to use. I don't know about Masakari; it doesn't appear to be packaged in either Debian/Ubuntu nor RDO.

2018-11-26 08:55:44 -0500 answered a question heat-dashboard in queens

In Newton, the Heat dashboard is built in to Horizon. In Queens it's a separate package, so you have to install it explicitly.

It is packaged for Debian, so you should be able to install it with apt-get if that's how you're installing the rest of OpenStack.

2018-11-26 08:49:42 -0500 edited question heat-dashboard in queens

i want to install heat for queen. in the queen all keyston api use 5000 port but in the heat document use 35357 i change it to 5000 but still can not see orchestration in dashboard

2018-11-20 11:02:25 -0500 answered a question Use autohealing Heat template example in Newton

Event alarms have been supported in Aodh for a while, but a lot of features used by those example templates were added only in Ocata. This includes the OS::Aodh::EventAlarm and OS::Zaqar::MistralTrigger resource types. (The template version is not actually especially important in this case, and could be changed to an earlier version, but it will still fail if you don't have the required resource plugins.)

To get this working on Newton you would need to upgrade Heat to Ocata, or at least backport those two resource type plugins. As I recall, there were also several changes required to other services to be able to develop these templates. I'm not sure how many of those landed in Newton vs. Ocata.

2018-11-20 10:53:08 -0500 edited question Use autohealing Heat template example in Newton

i want to use event alarm as said in heat_template_version: 2017-02-24

but i use openstack newton that is not support heat_template_version: 2017-02-24 what should i do ? how can i set event alarm?

2018-11-19 13:36:57 -0500 commented question HEAT readfile sequentially and assign the value

The answer likely involves the yaql function, but it's not clear enough from your question what you expect the output to look like to give a definitive answer.

2018-11-19 11:38:25 -0500 edited question heat creation failed- port is still in use

Hi, " heat stack-create my stack " failed due to port is still in use. i have removed the port from database, re-create the stack, it still says stack-creation failed and port is still in use. Anyone has idea how to debug this issue? any log i should look at? i assume there might be orphan process there.

| 4049d136-6bf4-4a07-b60a-9d3561746a97 | Resource CREATE failed: Conflict: resources.plt_server_1: Port
| plt_server_1              | 70f8d24b-2965-45d0-aa0c-2957cab2ade5 | Conflict: resources.plt_server_1: Port 62ee1071-a649-4323-968e-b78a0384c0ec is still in use. (HTTP 409) (Request-ID: req-b5a9a252-fe80-41a6-8416-7e18070ad9df)                                                                                                  | CREATE_FAILED      | 2018-11-15T05:30:09 |


| plt_server_1              | 7af7255a-b9bf-49d2-9d5b-ae6466daccb1 | state changed                                                                                                                                                                                                                                                   | DELETE_COMPLETE    | 2018-11-15T05:30:04 |
| plt_server_1              | 0187c50b-7333-42f2-a2b2-fe9d11efb0ec | state changed                                                                                                                                                                                                                                                   | DELETE_IN_PROGRESS | 2018-11-15T05:30:01 |
| plt_server_1              | a008b12c-7de8-4270-bb5c-d1d11f5a87fd | ResourceInError: resources.plt_server_1: Went to status ERROR due to "Message: Exceeded maximum number of retries. Exceeded max scheduling attempts 3 for instance 2fd740bc-a5d9-4f26-ae22-73786732ac2d. Last exception: [u'Traceback (most recent call last):\ | CREATE_FAILED      | 2018-11-15T05:30:00 |
| plt_server_1              | 13fdf1ff-251c-4dc6-aff0-a84831a82c64 | state changed                                                                                                                                                                                                                                                   | CREATE_IN_PROGRESS | 2018-11-15T05:27:50 |
| plt_volume_1              | 25097937-abab-4587-ad2f-8c90fde4e50c | state changed
2018-11-19 11:35:35 -0500 edited answer documentation for HEAT

The Template Guide contains documentation for creating templates, including describing all of the properties and attributes of OpenStack-native and CloudFormation compatibility resource types.

For example, here is the entry for the OS::Nova::Server resource type.