Ask Your Question

panticz's profile - activity

2020-05-23 09:27:53 -0500 received badge  Famous Question (source)
2020-05-21 16:17:38 -0500 received badge  Notable Question (source)
2020-05-20 01:22:27 -0500 received badge  Popular Question (source)
2020-05-19 04:30:29 -0500 asked a question Howto create application credential for specific project

The application credential is created for the project to which the user is currently scoped with. Is it possible to create application credential for specific project e.g. as admin user for a unprivileged user for his project?

2020-05-12 03:45:11 -0500 received badge  Teacher (source)
2020-05-12 03:45:11 -0500 received badge  Necromancer (source)
2020-04-22 12:57:51 -0500 received badge  Famous Question (source)
2020-04-22 12:57:51 -0500 received badge  Notable Question (source)
2020-03-16 12:15:57 -0500 received badge  Popular Question (source)
2020-03-16 12:15:57 -0500 received badge  Famous Question (source)
2020-03-16 12:15:57 -0500 received badge  Notable Question (source)
2020-03-08 23:49:22 -0500 received badge  Famous Question (source)
2020-02-26 20:34:52 -0500 received badge  Popular Question (source)
2020-02-24 03:11:12 -0500 asked a question What is the purpose of reserved_dhcp_port?

I see in some subnets device-id with the name reserved_dhcp_port

openstack port list -c device_id -c id --device-id reserved_dhcp_port

Manual reset of the DHCP namespaces dont removed those:

openstack subnet set --no-dhcp ${SUBNET_ID}
openstack subnet set --dhcp ${SUBNET_ID}

What are they needed for and can they be removed safely with openstack port delete?

2020-02-07 06:10:59 -0500 asked a question Show (first) VM fixed IP only with OSC

Is there a way to show only (possibly the first) fixed IP from a VM without having to parse those from the CLI output?

# openstack server show d82ca1de-1fcd-4ca6-84db-84891ec37796 -c addresses -f value | cut -d "=" -f2 | cut -d "," -f1
10.0.1.9

# openstack server show d82ca1de-1fcd-4ca6-84db-84891ec37796 -c addresses
+-----------+------------------+
| Field     | Value            |
+-----------+------------------+
| addresses | foo-net=10.0.1.9 |
+-----------+------------------+

# openstack port list --server d82ca1de-1fcd-4ca6-84db-84891ec37796
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                      | Status |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------+--------+
| e9a5eed0-4967-49be-8f76-7764123ff721 |      | fa:16:3e:4a:69:90 | ip_address='10.0.1.9', subnet_id='edfaa7fc-7490-4417-8088-99e651e72b3f' | ACTIVE |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------+--------+
2020-01-30 02:35:22 -0500 commented question Show user ID in OpenStack CLI for unprivileged user

I can confirm that a unprivileged user can see his user id if he know his user name:

 openstack user show foo
2020-01-30 02:30:13 -0500 received badge  Notable Question (source)
2020-01-30 00:10:12 -0500 received badge  Popular Question (source)
2020-01-28 03:11:58 -0500 asked a question Show user ID in OpenStack CLI for unprivileged user

How can a unprivileged user show his user ID in OpenStack CLI?

Im able to show my project

# openstack project list
+----------------------------------+----------------------------------+
| ID                               | Name                             |
+----------------------------------+----------------------------------+
| 0f0727cadb5843e5990ca6b8ac1457bd | foo                              |
+----------------------------------+----------------------------------+

but not the user

# openstack user list 
You are not authorized to perform the requested action: identity:list_users. (HTTP 403) (Request-ID: req-644f56f2-ea5c-4ac4-aea1-3d9cbbc4303d)
2020-01-27 23:47:57 -0500 received badge  Popular Question (source)
2020-01-20 04:36:48 -0500 asked a question Stop / disable nova service on control nodes

Is it possible to stop or disable nova services on control nodes to avoid warnings before restart of those control node?

 # openstack compute service list --host ctl1-stage
+-----+------------------+------------+----------+---------+-------+----------------------------+ |  ID | Binary           | Host       | Zone     | Status  | State | Updated At                 |
+-----+------------------+------------+----------+---------+-------+----------------------------+ | 313 | nova-scheduler   | ctl1-stage | internal | enabled | up    | 2020-01-20T10:05:56.000000 | | 487 | nova-conductor   | ctl1-stage | internal | enabled | up    | 2020-01-20T10:06:04.000000 | | 607 | nova-consoleauth | ctl1-stage | internal | enabled | up    | 2020-01-20T10:05:56.000000 |
+-----+------------------+------------+----------+---------+-------+----------------------------+

# openstack compute service set --disable ctl1-stage nova-scheduler
Failed to set service status to disabled Compute service nova-scheduler of host ctl1-stage failed to set.

With debug option i get this response for the command above:

RESP BODY: {"badRequest": {"message": "Updating a nova-scheduler service is not supported. Only nova-compute services can be updated.", "code": 400}}
2020-01-08 10:32:26 -0500 received badge  Famous Question (source)
2019-12-03 02:52:30 -0500 commented answer Magnum: coe cluster can not be deleted (DELETE_FAILED)

Unfortunately stack entries with stack status DELETE_FAILED can not be deleted either with

openstack stack delete <ID>
2019-12-02 10:16:19 -0500 received badge  Notable Question (source)
2019-12-02 09:54:59 -0500 asked a question Magnum: coe cluster can not be deleted (DELETE_FAILED)

Hello,

i try to delete a broken magnum (v7.1.1.dev21) cluster but neither the cluster or the stack entries can be deleted. Any idea how to force / fix this?

openstack coe cluster list | grep DELETE_FAILED

openstack coe cluster delete ae5c347c-3ba8-4d39-9125-0bdadef253b4

openstack coe cluster show ae5c347c-3ba8-4d39-9125-0bdadef253b4
| status               | DELETE_FAILED                                                                                                                                                                              
...                                                                                                                                                                           |---
| status_reason        | Resource DELETE failed: JSONDecodeError: resources.kube_masters.resources[1].resources.etcd_pool_member: Expecting value: line 1 column 1 (char 0)    
...
| faults               | {'1': 'JSONDecodeError: resources[1].resources.etcd_pool_member: Expecting value: line 1 column 1 (char 0)', 'kube_masters': 'JSONDecodeError: resources.kube_masters.resources[1].resources.etcd_pool_member: Expecting value: line 1 column 1 (char 0)', '0': 'JSONDecodeError: resources[0].resources.api_pool_member: Expecting value: line 1 column 1 (char 0)', 'api_pool_member': 'JSONDecodeError: resources.api_pool_member: Expecting value: line 1 column 1 (char 0)', 'etcd_pool_member': 'JSONDecodeError: resources.etcd_pool_member: Expecting value: line 1 column 1 (char 0)'} |


openstack stack list | grep DELETE_FAILED

openstack stack delete 2a907fc4-7b40-43f6-9254-d4084bd056b8

t Payload           DELETE: ResourceGroup "kube_masters" [85e1c6be-bdc8-41a3-ba0f-5ca65cdea8ec] Stack "slu-k8s-cluster2-6xiqrpfe7jd6" [2a907fc4-7b40-43f6-9254-d4084bd056b8]
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource Traceback (most recent call last):
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource   File "/var/lib/kolla/venv/lib/python2.7/site-packages/heat/engine/resource.py", line 924, in _action_recorder
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource     yield
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource   File "/var/lib/kolla/venv/lib/python2.7/site-packages/heat/engine/resource.py", line 2034, in delete
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource     *action_args)
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource   File "/var/lib/kolla/venv/lib/python2.7/site-packages/heat/engine/scheduler.py", line 346, in wrapper
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource     step = next(subtask)
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource   File "/var/lib/kolla/venv/lib/python2.7/site-packages/heat/engine/resource.py", line 986, in action_handler_task
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource     done = check(handler_data)
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource   File "/var/lib/kolla/venv/lib/python2.7/site-packages/heat/engine/resources/stack_resource.py", line 596, in check_delete_complete
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource     return self._check_status_complete(self.DELETE)
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource   File "/var/lib/kolla/venv/lib/python2.7/site-packages/heat/engine/resources/stack_resource.py", line 463, in _check_status_complete
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource     action=action)
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource ResourceFailure: JSONDecodeError: resources.kube_masters.resources[1].resources.etcd_pool_member: Expecting value: line 1 column 1 (char 0)
2019-12-02 12:43:08.887 22 ERROR heat.engine.resource

# openstack stack list --nested  | grep 7390a9b1d4be4d75b4bd08ab8107e4ff
| 77848f9e-ff0c-4f7a-9fd7-8ed9e979b998 | test-k8s-cluster2-6xiqrpfe7jd6-kube_masters-mlvsrucewmsd-1-tpqatosey33u                                        | 7390a9b1d4be4d75b4bd08ab8107e4ff | DELETE_FAILED   | 2019-05-13T15:28:04Z | 2019-12-02T15:30:53Z | 85e1c6be-bdc8-41a3-ba0f-5ca65cdea8ec |
| 85e1c6be-bdc8-41a3-ba0f-5ca65cdea8ec | test-k8s-cluster2-6xiqrpfe7jd6-kube_masters-mlvsrucewmsd                                                       | 7390a9b1d4be4d75b4bd08ab8107e4ff | DELETE_FAILED   | 2019-05-13T15:28:03Z | 2019-12-02T15:30:53Z | 2a907fc4-7b40-43f6-9254-d4084bd056b8 |
| 4c91c53b-42f4-41ca-a97c-49d9261069d6 | test-k8s-cluster2-6xiqrpfe7jd6-kube_masters-mlvsrucewmsd-0-hm2ucynq6hkc                                        | 7390a9b1d4be4d75b4bd08ab8107e4ff | DELETE_FAILED   | 2019-05-13T15:28:03Z | 2019-12-02T15:30:54Z | 85e1c6be-bdc8-41a3-ba0f-5ca65cdea8ec |
| 2a907fc4-7b40-43f6-9254-d4084bd056b8 | test-k8s-cluster2-6xiqrpfe7jd6                                                                                 | 7390a9b1d4be4d75b4bd08ab8107e4ff | DELETE_FAILED   | 2019-05-13T15:24:45Z | 2019-12-02T15:30:53Z | None                                 |
2019-11-04 23:20:56 -0500 received badge  Popular Question (source)
2019-10-31 12:16:25 -0500 asked a question Permamently delete double / wrong openflow entry from br-tun OpenvSwitch bridge

Hi, i have a VM with ARP entries in both OpenVswitch bridges br-tun and br-int on the compute node where is it executed:

ovs-ofctl dump-flows br-int | egrep "arp.*10.20.0.34"
cookie=0x117c25cd8a3f96, duration=47029.368s, table=24, n_packets=20, n_bytes=840, priority=2,arp,in_port="qvod9cdff27-9c",arp_spa=10.20.0.34 actions=resubmit(,25)

ovs-ofctl dump-flows br-tun | egrep "arp.*10.20.0.34"
cookie=0x1597c76aa2fd74f2, duration=47015.961s, table=21, n_packets=0, n_bytes=0, priority=1,arp,dl_vlan=27,arp_tpa=10.20.0.34 actions=load:0x2-...:3e:42:af:1d,IN_PORT

The unnecassary / faulty entry can by deleted manually from br-tun with:

ovs-ofctl --strict del-flows br-tun "priority=1,arp,dl_vlan=27,arp_tpa=10.20.0.34"

but after the port is shutdown and up again the entry will by recreated again. When the VM is moved to another compute node, only the br-int entry is created, moving back to the initial host creates both again.

Any idea how to remove permamenty this br-tun entry?

Thanks Pawel

2019-10-14 08:10:40 -0500 asked a question Overwrite CPU frequency output in nova or KVM to specific value

Hi, is it possible to set / override the outpot of the CPU frequncy in nova or KVM to a specific value so that they don`t slightly vary inside of fthe VMs? See "CPU MHz: 2199.998":

$ lscpu 
Architecture:                    x86_64
CPU op-mode(s):                  32-bit, 64-bit
Byte Order:                      Little Endian
Address sizes:                   40 bits physical, 48 bits virtual
CPU(s):                          1
On-line CPU(s) list:             0
Thread(s) per core:              1
Core(s) per socket:              1
Socket(s):                       1
NUMA node(s):                    1
Vendor ID:                       GenuineIntel
CPU family:                      6
Model:                           85
Model name:                      Intel Xeon Processor (Skylake, IBRS)
Stepping:                        4
CPU MHz:                         2199.998
BogoMIPS:                        4399.99
Virtualization:                  VT-x
Hypervisor vendor:               KVM
Virtualization type:             full
L1d cache:                       32 KiB
...
2019-10-09 15:20:17 -0500 received badge  Notable Question (source)
2019-09-25 06:06:53 -0500 received badge  Editor (source)
2019-09-25 06:06:30 -0500 answered a question Adding compute node to an existing openstack environment
  1. Add your new compute node to the inventory (e.g. /etc/kolla/inventory) to the [external-compute] section
[external-compute]
compute_node_2
  1. Deploy OpenStack container on compute_node_2 with kolla-ansilbe:
kolla-ansible -i multimode deploy --limit compute_node_2
2019-09-25 06:01:50 -0500 commented answer Adding compute node to an existing openstack environment

kolla-ansible deploy --tags nova will deploy only the nova_libvirt, nova_ssh, cron, kolla_toolbox, fluentd containers but not the required openvswitch containers

2019-09-11 09:20:55 -0500 commented answer Octavia: Could not retrieve certificate when create HTTPS listener using application credentials

The setup is Octavia 3.0.2 on OpenStack Rocky, installed with kolla-ansible. This issue occurs only when application credentials are used. HTTPS listener creation with user / pass authentification works fine.

$ octavia-api --version
%prog 3.0.2
2019-09-11 09:14:55 -0500 received badge  Popular Question (source)
2019-09-09 09:48:21 -0500 received badge  Popular Question (source)
2019-09-09 09:48:21 -0500 received badge  Notable Question (source)
2019-09-04 04:49:27 -0500 asked a question Octavia LB flavor recommendation for Amphora VMs

What is your experience / recommendation for a Octavia flavor with is used to deploy Amphora VM for small / mid size setups? (RAM / Cores / HDD)?

2019-08-27 07:10:06 -0500 answered a question Find the server associated with a port

You can search server ID by port ID with folowing command:

openstack port show -c device_id -f value ${PORT_ID}
2019-08-22 03:05:33 -0500 asked a question Octavia: Could not retrieve certificate when create HTTPS listener using application credentials

Hi together,

i try to create a Octavia HTTPS listener by using application credentials but get this error

Could not retrieve certificate: ['https://barbican.service.dev.example.com/v1/secrets/cb28220c-1339-4fc0-83f7-9cd155e3dc09', 'https://barbican.service.dev.example.com/v1/secrets/593cc231-92ee-4b0a-8c58-0080052a6b35', 'https://barbican.service.dev.example.com/v1/secrets/cb28220c-1339-4fc0-83f7-9cd155e3dc09'] (HTTP 400) (Request-ID: req-088d6eb0-a285-4089-bc11-ff0c3097123e)

This issue occurs only when application credentials are used. Creation of HTTP listener with applications credentials works fine, also creation of HTTPS listener when user are authenticated by user / password.

Does somebody know which additional ACLs / permissions are required to fix this?

The user is able to read the secrets:

# openstack secret list
+--------------------------------------------------------------------------------------+-------+---------------------------+--------+-------------------------------------------+-----------+------------+-------------+------+------------+
| Secret href | Name  | Created                   | Status | Content types                             | Algorithm | Bit length | Secret type | Mode | Expiration |
+--------------------------------------------------------------------------------------+-------+---------------------------+--------+-------------------------------------------+-----------+------------+-------------+------+------------+
| https://barbican.service.dev.example.com/v1/secrets/593cc231-92ee-4b0a-8c58-0080052a6b35 | cert2 | 2019-07-19T13:42:21+00:00 | ACTIVE | {u'default': u'application/octet-stream'} | aes       |        256 | opaque      | cbc  | None       |
| https://barbican.service.dev.example.com/v1/secrets/cb28220c-1339-4fc0-83f7-9cd155e3dc09 | cert1 | 2019-07-19T13:42:12+00:00 | ACTIVE | {u'default': u'application/octet-stream'} | aes       |        256 | opaque      | cbc  | None       |
+--------------------------------------------------------------------------------------+-------+---------------------------+--------+-------------------------------------------+-----------+------------+-------------+------+------------+

The Octavia command was:

# openstack loadbalancer listener create foo-lb1 \
--name foo-lb1-https-listener \
--protocol-port 443 \
--protocol TERMINATED_HTTPS \
--insert-headers X-Forwarded-For=true,X-Forwarded-Proto=true \
--default-tls-container=https://barbican.service.dev.example.com/v1/secrets/cb28220c-1339-4fc0-83f7-9cd155e3dc09 \
--sni-container-refs https://barbican.service.dev.example.com/v1/secrets/cb28220c-1339-4fc0-83f7-9cd155e3dc09 https://barbican.service.dev.example.com/v1/secrets/593cc231-92ee-4b0a-8c58-0080052a6b35

Full error message:

Starting new HTTPS connection (1): octavia.service.dev.example.com:443
https://octavia.service.dev.example.com:443 "GET /v2.0/lbaas/loadbalancers HTTP/1.1" 200 779
RESP: [200] Connection: keep-alive Content-Length: 779 Content-Type: application/json Date: Fri, 19 Jul 2019 13:56:24 GMT Server: WSGIServer/0.1 Python/2.7.15rc1 x-openstack-request-id: req-50b5a3bb-21ec-4a46-8d5c-61035afd3423
RESP BODY: {"loadbalancers": [{"provider": "amphora", "description": "", "admin_state_up": true, "pools": [{"id": "169722d1-0a73-4283-bb42-aee5b662e2e2"}], "created_at": "2019-07-19T13:34:52", "provisioning_status": "ACTIVE", "updated_at": "2019-07-19T13:39:34", "vip_qos_policy_id": null, "vip_network_id": "2064c61c-64a1-466f-983a-af435ae1d51c", "listeners": [{"id": "169a91f9-ef5c-4d38-8449-e24b64cf082d"}], "tenant_id": "9646533a8d834978a868e81c9b9a39cf", "vip_port_id": "dcfc6e44-4092-4f2b-bd50-24e02abb078f", "flavor_id": "", "vip_address": "10.0.1.4", "vip_subnet_id": "787035dc-add4-4227-844a-1cf803625abc", "project_id": "9646533a8d834978a868e81c9b9a39cf", "id": "e2ed48ab-3261-422f-b9b5-a5aa63486ae7", "operating_status": "OFFLINE", "name": "foo-lb1"}], "loadbalancers_links": []}
GET call to https://octavia.service.dev.example.com/v2.0/lbaas/loadbalancers used request id req-50b5a3bb-21ec-4a46-8d5c-61035afd3423
REQ: curl -g -i -X POST https://octavia.service.dev.example.com/v2.0/lbaas/listeners -H "Content-Type: application/json" -H "User-Agent: openstacksdk/0.19.0 keystoneauth1/3.11.1 python-requests/2.20.1 CPython/2.7.15+" -H "X-Auth-Token: {SHA256}6414e14f4e78940902b11c89567689e3cc0d3ea62227b87a1e19361685c83584" -d '{"listener": {"insert_headers": {"X-Forwarded-For": "true", "X-Forwarded-Proto": "true"}, "protocol": "TERMINATED_HTTPS", "name": "foo-lb1-https-listener", "default_tls_container_ref": "https://barbican.service.dev.example.com/v1/secrets/cb28220c-1339-4fc0-83f7-9cd155e3dc09", "sni_container_refs": ["https://barbican.service.dev.example.com/v1/secrets/cb28220c-1339-4fc0-83f7-9cd155e3dc09", "https://barbican.service.dev.example.com/v1/secrets/593cc231-92ee-4b0a-8c58-0080052a6b35"], "admin_state_up": true, "protocol_port": 443, "loadbalancer_id": "e2ed48ab-3261-422f-b9b5-a5aa63486ae7"}}'
https://octavia.service.dev.example.com:443 "POST /v2.0/lbaas/listeners HTTP/1.1" 400 357
RESP: [400] Connection: keep-alive Content-Length: 357 Content-Type: application/json Date: Fri, 19 Jul 2019 13:56:27 GMT Server: WSGIServer/0.1 Python/2.7.15rc1 x-openstack-request-id: req-5eef99bf-45c9-43eb-b7c7-2dacaff980ca
RESP BODY: {"debuginfo": null, "faultcode": "Client", "faultstring": "Could not retrieve certificate: ['https://barbican.service.dev.example.com/v1/secrets/cb28220c-1339-4fc0-83f7-9cd155e3dc09', 'https ...
(more)
2019-08-22 02:51:11 -0500 received badge  Popular Question (source)
2019-08-20 10:08:25 -0500 asked a question Update / change user_id from server / VM

Hi all,

is it possible to update / change the user_id of a OpenStack server (VM) if the user no more exists?

# openstack server show 8cf8164a-6f55-4435-9f4e-621617d7951f -c user_id
+---------+----------------------------------+
| Field   | Value                            |
+---------+----------------------------------+
| user_id | ebfd5b2bf26a4f4381a290948cb3ce8b |
+---------+----------------------------------+

# openstack user show ebfd5b2bf26a4f4381a290948cb3ce8b
No user with a name or ID of 'ebfd5b2bf26a4f4381a290948cb3ce8b' exists.
2019-07-30 09:26:04 -0500 received badge  Enthusiast