Ask Your Question

vahid's profile - activity

2015-03-18 10:01:01 -0500 received badge  Good Answer (source)
2015-03-18 09:59:48 -0500 received badge  Good Question (source)
2014-11-19 03:24:56 -0500 received badge  Notable Question (source)
2014-11-19 03:24:56 -0500 received badge  Famous Question (source)
2014-07-11 03:18:11 -0500 received badge  Nice Question (source)
2014-06-03 00:22:48 -0500 received badge  Famous Question (source)
2014-04-24 05:59:37 -0500 received badge  Notable Question (source)
2014-03-17 05:05:07 -0500 received badge  Popular Question (source)
2014-02-13 11:38:43 -0500 received badge  Famous Question (source)
2014-02-11 14:24:29 -0500 asked a question Instance launch fails with nova/oslo errors

Since a few days ago every attempt to launch an instance fails on my devstack VM (same attempts worked fine before). I sync my local with repository updates regularly.

Here are the errors I see in Nova sceduler logs:

2014-02-11 11:58:28.076 ERROR nova.scheduler.filter_scheduler [req-71ab0a13-ead3-4e60-90c4-322a0fb96646 admin demo] [instance: 290ca314-c2c6-42e4-b8ab-0bda2bfa0780] Error from last host: devstackready02 (node devstackready02): [u'Traceback (most recent call last):\n', u'  File "/opt/stack/nova/nova/compute/manager.py", line 1072, in _build_instance\n    set_access_ip=set_access_ip)\n', u'  File "/opt/stack/nova/nova/compute/manager.py", line 357, in decorated_function\n    return function(self, context, *args, **kwargs)\n', u'  File "/opt/stack/nova/nova/compute/manager.py", line 1480, in _spawn\n    LOG.exception(_(\'Instance failed to spawn\'), instance=instance)\n', u'  File "/opt/stack/nova/nova/openstack/common/excutils.py", line 68, in __exit__\n    six.reraise(self.type_, self.value, self.tb)\n', u'  File "/opt/stack/nova/nova/compute/manager.py", line 1477, in _spawn\n    block_device_info)\n', u'  File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2205, in spawn\n    admin_pass=admin_password)\n', u'  File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2570, in _create_image\n    content=files, extra_md=extra_md, network_info=network_info)\n', u'  File "/opt/stack/nova/nova/api/metadata/base.py", line 163, in __init__\n    ec2utils.get_ip_info_for_instance_from_nw_info(network_info)\n', u'  File "/opt/stack/nova/nova/api/ec2/ec2utils.py", line 147, in get_ip_info_for_instance_from_nw_info\n    fixed_ips = nw_info.fixed_ips()\n', u'  File "/opt/stack/nova/nova/network/model.py", line 366, in _sync_wrapper\n    self.wait()\n', u'  File "/opt/stack/nova/nova/network/model.py", line 398, in wait\n    self[:] = self._gt.wait()\n', u'  File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 168, in wait\n    return self._exit_event.wait()\n', u'  File "/usr/local/lib/python2.7/dist-packages/eventlet/event.py", line 120, in wait\n    current.throw(*self._exc)\n', u'  File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 194, in main\n    result = function(*args, **kwargs)\n', u'  File "/opt/stack/nova/nova/compute/manager.py", line 1258, in _allocate_network_async\n    dhcp_options=dhcp_options)\n', u'  File "/opt/stack/nova/nova/network/api.py", line 94, in wrapped\n    return func(self, context, *args, **kwargs)\n', u'  File "/opt/stack/nova/nova/network/api.py", line 48, in wrapper\n    res = f(self, context, *args, **kwargs)\n', u'  File "/opt/stack/nova/nova/network/api.py", line 302, in allocate_for_instance\n    nw_info = self.network_rpcapi.allocate_for_instance(context, **args)\n', u'  File "/opt/stack/nova/nova/network/rpcapi.py", line 167, in allocate_for_instance\n    macs=jsonutils.to_primitive(macs))\n', u'  File "/opt/stack/oslo.messaging/oslo/messaging/rpc/client.py", line 150, in call\n    wait_for_reply=True, timeout=timeout)\n', u'  File "/opt/stack/oslo.messaging/oslo/messaging/transport.py", line 87, in _send\n    timeout=timeout)\n', u'  File "/opt/stack/oslo.messaging/oslo/messaging/_drivers/amqpdriver.py", line 390, in send\n ...
(more)
2013-12-12 09:40:24 -0500 received badge  Popular Question (source)
2013-12-11 11:50:20 -0500 commented answer Disk Quota for Projects

Hi Joe, Thanks for clearing that out. It makes sense now. Do you happen to know why no quota setting has been designed for local storage?

2013-12-11 10:38:16 -0500 asked a question Disk Quota for Projects

Hi,

I remember in Folsom calling Nova API "os-quota-sets" to get a project's quota would return a "gigabytes" field that indicated the local storage (not block storage) quota for the project. However, starting in Grizzly I no longer see that field; even though in Horizon I still see a "Gigabytes" field under Edit Project screen's Quota tab.

Here's a response example from Havana (v2):

{
   "quota_set":
   {
       "injected_file_content_bytes": 10240,
       "metadata_items": 128,
       "ram": 51200,
       "floating_ips": 10,
       "key_pairs": 100,
       "id": "200c0ea64aa0414985f290763feeff00",
       "instances": 10,
       "security_group_rules": 20,
       "injected_files": 5,
       "cores": 20,
       "fixed_ips": -1,
       "injected_file_path_bytes": 255,
       "security_groups": 10
   }
}

Does anyone know why I see this inconsistency? And if there is another way of retrieving the "gigabytes" value from the APIs?

Thanks.

2013-09-25 14:34:58 -0500 commented answer Is there a way to invalidate a token via the APIs?

I just tried this and it seems to be working as explained in that blog post. Thanks for sharing.

2013-09-25 14:34:21 -0500 received badge  Notable Question (source)
2013-09-24 13:38:50 -0500 received badge  Popular Question (source)
2013-09-13 09:39:09 -0500 received badge  Enthusiast
2013-08-30 11:30:15 -0500 commented answer Is there a way to invalidate a token via the APIs?

Thanks. I assume this DELETE feature is introduced in v3 and did not exist in v2.0. I was hoping I could do this in v2.0.

2013-08-29 19:17:10 -0500 asked a question Is there a way to invalidate a token via the APIs?

I was wondering if there is an API to log out a user or invalidate its token?

2013-08-07 05:58:05 -0500 received badge  Student (source)
2013-08-07 05:57:37 -0500 received badge  Nice Answer (source)
2013-04-24 22:55:35 -0500 received badge  Taxonomist
2013-04-17 23:27:14 -0500 received badge  Self-Learner (source)
2013-04-17 23:27:14 -0500 received badge  Teacher (source)
2013-04-17 14:23:42 -0500 received badge  Famous Question (source)
2013-04-11 10:08:33 -0500 answered a question OpenStack APIs and Admin User

Thanks to jpichon's help here is how I was able to get the list of all tenants:

  1. Authenticate as "admin" (public URL) with {"auth":{"passwordCredentials":{"username": "admin","password":"[password]"}}} in the request body.
  2. Grab the token and issue a /tenants Keystone call (public URL). This will return the list of all tenants "admin" is a member of.
  3. Authenticate as "admin" (public URL) against each tenant found in previous step until a tenant is found on which "admin" has "admin" role (look for access.user.roles in authentication output).
  4. Grab the token of the authentication against that tenant and issue a /tenants Keystone call (admin URL). This will return all tenants in the OpenStack environment, including those "admin" is not a member of.

Note: These steps can be performed with any user, as long as the user has the "admin" role in at least one tenant. If the user does not belong to any tenant as "admin" you're out of luck.

In order to get all the information from Nova APIs the switch "?all_tenants=1" should be used in the API calls. This switch guarantees that, for example, information about instances of tenants the user does not belong to are included in the output.

2013-04-11 10:08:25 -0500 received badge  Scholar (source)
2013-04-11 09:52:38 -0500 received badge  Commentator
2013-04-11 09:52:38 -0500 commented answer OpenStack APIs and Admin User

I think you got it. I did not authenticate against a particular tenant. When I do that as you suggested, I'm able to see all tenants. I'll post the steps as an answer. Truly appreciate your time and help on this.

2013-04-10 11:52:59 -0500 commented answer OpenStack APIs and Admin User

jpichon, any chance the token you are using in your admin URL query the same as the admintoken found in keystone.conf file? I'm asking because if I use that admintoken (instead of the token I'm getting after authentication) I see the full list of tenants.

2013-04-10 10:55:12 -0500 commented answer OpenStack APIs and Admin User

Thanks for the suggestion. I added the keystone tag. I also tried the two other combinations. Authentication on port 5000 and query on port 35357 stills gives me the auth error I mentioned in the post. Authentication on port 35357 and query on port 5000 gives me only tenants "admin" belongs to.

2013-04-10 10:40:33 -0500 commented answer OpenStack APIs and Admin User

Just updated the post with more details. Hopefully it'll shed some light.

2013-04-10 10:39:38 -0500 edited question OpenStack APIs and Admin User

We are using OpenStack Folsom REST APIs to collect instance, tenant and environment related information. The challenge we are having is that there is no super-admin type user for the APIs to give us all the information we need. As a workaround we have to follow these steps to achieve what we want: - We add the OpenStack admin user to every single tenant in the environment and give him the admin role (this is done through OpenStack's Horizon UI). - We use the OpenStack admin user and Keystone's admin-token (found in keystone config file) to extract all users and tenants within the environment (by calling the keystone admin API). - Then for each tenant we authenticate using OpenStack's admin user to get detailed tenant/instance level information.

As you can see this workaround involves some hacking. So, we are wondering if there is a better way of doing this. We expected the admin user to be able to access the same information through the REST APIs that he could access through the OpenStack's Horizon UI, but this doesn't seem to be the case. For example the admin user can see all tenants through the UI, but only the ones he is a member of through the REST APIs.

UPDATE:

Some more details on what I've tried in order to get the list of all tenants in an OpenStack installation.

These scenarios were tried with "admin" user who is able see all tenants, instances, ... through the OpenStack dashbaord. I tried these scenarios on three different OpenStack installations, and they all behaved the same way.

Scenario 1. Using the public URL:

  1. I authenticate to http://[ip]:5000/v2.0/tokens with "admin" user. The body is {"auth":{"passwordCredentials":{"username": "admin","password":"[password]"}}}
  2. Once the token is returned I use it to make a call to http://[ip]:5000/v2.0/tenants. This does not return tenants "admin" is not a member; and returns only the ones "admin" belongs to.
  3. I retry step 2 with ?all_tenants=1, but The result is the same.

Scenario 2. Using the admin URL:

  1. I authenticate to http://[ip]:35357/v2.0/tokens with "admin" user. The body is {"auth":{"passwordCredentials":{"username": "admin","password":"[password]"}}}
  2. Once the token is returned I use it to make a call to http://[ip]:35357/v2.0/tenants. It returns with an error message: { "error": { "message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized" } }
  3. I retry step 2 with ?all_tenants=1, but The result is the same (the error above).

Just in case, here is the output of authentication:

{
   "access":
   {
       "token":
       {
           "expires": "2013-04-11T15:24:54Z",
           "id": "95fb2a3921554cc9abd74d88468d9b32"
       },
       "serviceCatalog":
       [
       ],
       "user":
       {
           "username": "admin",
           "roles_links":
           [
           ],
           "id": "61d77b68420f4f7889c5efaad3edcb7b",
           "roles":
           [
           ],
           "name": "admin"
       }
   }
}
2013-04-10 09:59:06 -0500 commented answer OpenStack APIs and Admin User

Thanks. I think I'm trying exactly what you suggested, and having no luck. Since there is not much room in each comment I'm going to edit the post and explain what I've tried in details. Maybe that helps in pinpointing what the issue is.

2013-04-09 18:02:19 -0500 commented answer OpenStack APIs and Admin User

Well, when I authenticate and query using normal URL (port 5000), I get only tenants I'm a member of. When I try with admin URL (port 35357) I get this: { "error": { "message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized" } }

2013-04-09 17:57:45 -0500 received badge  Notable Question (source)
2013-04-09 16:28:40 -0500 commented answer OpenStack APIs and Admin User

... My guess is that the switch does not apply to Keystone APIs. If so, any idea how that piece can be achieved? To clarify, I can get only tenants my user (with admin role) is a member of; and I'd like to get all users (similar to how I see them all in the dashboard). Thanks.