Ask Your Question

kj-tanaka's profile - activity

2019-04-12 01:11:46 -0500 received badge  Famous Question (source)
2019-04-12 01:11:46 -0500 received badge  Notable Question (source)
2019-04-12 01:11:46 -0500 received badge  Popular Question (source)
2016-08-16 13:45:34 -0500 received badge  Famous Question (source)
2016-05-05 19:44:39 -0500 received badge  Notable Question (source)
2016-05-05 19:44:39 -0500 received badge  Famous Question (source)
2016-03-06 01:37:37 -0500 received badge  Popular Question (source)
2016-03-06 01:37:37 -0500 received badge  Notable Question (source)
2015-10-14 17:50:08 -0500 received badge  Famous Question (source)
2015-08-18 02:30:20 -0500 received badge  Famous Question (source)
2015-08-18 02:30:20 -0500 received badge  Notable Question (source)
2015-08-06 08:40:25 -0500 received badge  Popular Question (source)
2015-08-06 08:40:25 -0500 received badge  Famous Question (source)
2015-08-06 08:40:25 -0500 received badge  Notable Question (source)
2015-08-06 05:57:28 -0500 received badge  Notable Question (source)
2015-08-06 05:57:28 -0500 received badge  Popular Question (source)
2014-11-25 16:00:00 -0500 received badge  Popular Question (source)
2014-11-25 16:00:00 -0500 received badge  Notable Question (source)
2014-08-14 02:47:08 -0500 received badge  Popular Question (source)
2014-05-03 06:16:20 -0500 received badge  Popular Question (source)
2013-12-18 23:30:57 -0500 answered a question Seeking some simple way to update /etc/hosts on all nodes

Serf looks good http://www.serfdom.io/

I'll close this question.

2013-12-18 22:42:06 -0500 answered a question Seeking some simple way to update /etc/hosts on all nodes

Thanks Clint. I will check cfn-hup and os-collect-config.

Koji

2013-12-18 21:38:06 -0500 asked a question Seeking some simple way to update /etc/hosts on all nodes

I wanted to use { get_attr: [ name, first_address ] } to retrieve ip addresses of all instances, but I get the following error. Which makes sense.

"ERROR: Remote error: CircularDependencyException Circular Dependency Found"

So my question is, is there some way to list all instances on /etc/hosts of all instances? It would be great if Heat can/(will be able to) do it with a few lines in the template.

I've spent a couple of days to learn HOT syntax by writing a Hadoop template. Here's the link of what I got.

https://github.com/kjtanaka/heat_templates/tree/master/hadoop (https://github.com/kjtanaka/heat_temp...)

Over all in my investigation, Heat did great for simplifying the initial process. I'd like to thank the developers.

Thanks and best regards, Koji

2013-12-17 19:31:02 -0500 answered a question for loop in HOT

Thanks guys for your quick answers! I'll look into InstanceGroup, and write a script if needed.

2013-12-17 18:14:32 -0500 asked a question for loop in HOT

Is there a way to use for-loop in HOT? It would be great if we can do something like this.

resources: {% for host in ['node01','node02','node03'] %} {{ host }}: type: OS::Nova::Server properties: key_name: mykey image: ubuntu-12.04 flavor: m1.small {% endfor %}

Thanks and best regards, Koji

2013-10-28 15:19:12 -0500 answered a question Keystone with SSL does not seem to work on Grizzly

You guys would probably already have resolved this issue, but I leave some comment for people who will have the same issue.

Common Name is important for SSL. If the CN and the SERVICE_ENDPOINT are different, you will probably need to recreate your certificate with the same hostname + domain name. Something like http://CN=host.yoursite.org and SERVICE_ENDPOINT=http://host.yoursite.org:35357/v2.0/

Another good thing to know is, it looks Havana provides an easy way to setup SSL. Here's how I figured it out.

https://github.com/kjtanaka/havana_startup/wiki/How-to-enable-ssl-on-keystone (https://github.com/kjtanaka/havana_st...)

2013-10-11 14:07:13 -0500 answered a question Is it possible for a normal user to check the tenant list?

Ok thanks ZhiQiang.

I'll use the script. I think I need to add some more lines on it for getting OS_TOKEN and SERVICE_TOKEN. But it should be good enough right now. So I'll close this thread.

p.s. It would be nice if keystone-client could make it happen in the future.

2013-10-10 16:23:58 -0500 answered a question Is it possible for a normal user to check the tenant list?

Thanks ZhiQiang.

I still get this error when I execute "keystone --os-username xxx --os-password xxx tenant-list"

Unable to communicate with identity service: {"error": {"message": "You are not authorized to perform the requested action: admin_required", "code": 403, "title": "Not Authorized"}}. (HTTP 403)

Should I change the following line to something else?

"identity:list_user_projects": [["rule:admin_or_owner"]]

2013-10-10 15:09:03 -0500 answered a question Is it possible for a normal user to check the tenant list?

Thanks Haneef.

I see this

"identity:list_user_projects": [["rule:admin_or_owner"]]

on the policy.

And, mine is v2.0, but this

curl -H "X-Auth-Token: Your token" keystone_url/v2.0/users/<user_id>/projects

doesn't work... I guess I'm doing something wrong, but my ideal way is some simple command line like "nova image-list". So, even though I would figure this out with curl, I still hope there is(/will be) something short command to check tenant list.

2013-10-09 16:19:46 -0500 asked a question Is it possible for a normal user to check the tenant list?

Is there a way for a normal user to check the list of the tenants where s/he has access to? The command "keystone help tenant-list" doesn't tell much, and it seems only available for admin.

Thanks in advance,

2013-08-26 12:47:18 -0500 answered a question Reset nova's quota to default for a tenant

Thanks Tiantian Gao, that solved my question.

2013-08-26 12:46:59 -0500 answered a question Reset nova's quota to default for a tenant

Thanks a lot, Tiantian!

Koji

2013-08-23 19:00:24 -0500 asked a question Reset nova's quota to default for a tenant

Hi folks,

Is there a way to update nova's quotas back to defaults for one tenant without putting the default numbers on arguments?

I am probably missing something, but right now, when I want to change quotas back to the defaults, I'm putting the default numbers like "nova quota-update <tenant-id> --instances 10".

Our OpenStack is Grizzly, by the way.

Thanks in advance! Koji

2013-04-23 17:33:54 -0500 answered a question Keystone with SSL does not seem to work on Grizzly

Hi,

What do you get if you try --os-auth-url https://127.0.0.1:5000/v2.0/tokens instead of http://127.0.0.1:5000/v2.0/tokens ? You would probably need to update the OS_AUTH_URL on your rc file.

Bests,

2013-04-22 15:59:27 -0500 answered a question Question on having Cinder at a separate node

Sorry, I accidentally reopened, but I should close this since mine has been resolved.

Koji

2013-04-22 15:56:03 -0500 answered a question Question on having Cinder at a separate node

The things which resolved my issue is to recreate Keystone's admin-user, service and endpoint. But as Karel mentioned, my service_host and service_port might be wrong. It is somehow working though.

If you could show your confg and endpoints, it would help for finding out the problem.

Koji

2013-04-05 03:21:00 -0500 answered a question How can I change quota of total volume size?

Well, I wrote wrong the previous comment.

Correct procedure is this. Tenant-id, not tenant name.

cinder quota-update --gigabytes 2500 04b61dc833c3450eb15e95df3a9d0276 cinder quota-show 04b61dc833c3450eb15e95df3a9d0276 +-----------+-------+ | Property | Value | +-----------+-------+ | gigabytes | 2500 | | volumes | 10 | +-----------+-------+

2013-04-05 03:17:18 -0500 answered a question How can I change quota of total volume size?

Jason, I could figure this out. My big mistake is this.

cinder quota-update --gigabytes 2500 cinder quota-show demo +-----------+-------+ | Property | Value | +-----------+-------+ | gigabytes | 2500 | | volumes | 10 | +-----------+-------+

Correct procedure is this.

cinder quota-update --gigabytes 2500 04b61dc833c3450eb15e95df3a9d0276 cinder quota-show demo +-----------+-------+ | Property | Value | +-----------+-------+ | gigabytes | 2500 | | volumes | 10 | +-----------+-------+

I think it would be great if cinder shows some error when user try to update some inexistent tenant-id, because on nova client, id and name work fine. At least, it should show some error... I hope.

2013-04-04 19:55:27 -0500 answered a question How can I change quota of total volume size?

Yes, I restarted cinder-api, cinder-scheduler and cinder-volume several times. I tried to restart them and tried stop-start them, but no luck...

And, I see these outputs in --debug.

reply: 'HTTP/1.1 413 Request Entity Too Large\r\n' header: Retry-After: 0 header: Content-Length: 143 header: Content-Type: application/json header: X-Compute-Request-Id: req-2a3d4c6f-8b4d-4f36-949f-133436e630a2 header: Date: Thu, 04 Apr 2013 19:50:24 GMT DEBUG (shell:473) VolumeSizeExceedsAvailableQuota: Requested volume exceeds allowed volume size quota (HTTP 413) (Request-ID: req-2a3d4c6f-8b4d-4f36-949f-133436e630a2)

So, I'll look into database and see if I can find something...

Thanks

2013-04-03 20:27:13 -0500 answered a question How can I change quota of total volume size?

Thank you Jason. I could change it to 2400. +-----------+-------+ | Property | Value | +-----------+-------+ | gigabytes | 2400 | | volumes | 10 | +-----------+-------+

But, I still get an "ERROR: VolumeSizeExceedsAvailableQuota". Do you know if there is another limitation, like a limit per user or something?

I already have a 900G volume, so I should be able to add a 1500G volume, but when I execute "cinder create 1400" or "nova volume-create 1400" I get this error. ERROR: VolumeSizeExceedsAvailableQuota: Requested volume exceeds allowed volume size quota (HTTP 413) (Request-ID: req-XXXXXXXXXXXXXXXXXXXXXXXXXXX)

2013-04-03 13:53:18 -0500 answered a question How can I change quota of total volume size?

Ah... The command doesn't seem working. cinder quota-defaults keep showing 1000. Is it because I have keystone?

+-----------+-------+ | Property | Value | +-----------+-------+ | gigabytes | 1000 | | volumes | 10 | +-----------+-------+

Also, here's absolute-limits. cinder absolute-limits +-------------------------+-------+ | Name | Value | +-------------------------+-------+ | maxTotalVolumeGigabytes | 1000 | | maxTotalVolumes | 10 | +-------------------------+-------+

I would really appreciate any help. Thanks.

2013-04-03 13:39:17 -0500 answered a question How can I change quota of total volume size?

I found out the command. Thanks.

cinder quota-update [--volumes <volumes>] [--gigabytes <gigabytes>] <tenant_id>

2013-04-03 13:32:18 -0500 asked a question How can I change quota of total volume size?

Hi,

I'm trying to figure out how to change the quota of total volume size. I have one cinder volume which should be able to have about 2.5T total. It seems 1TB is defalt and I found out "osapi_max_limit = 1000" by "cinder-manage config list". I changed it to 2000, but no luck.

I would really appriciate if some of you can help me to figure this out.

Thanks in advance. Koji

2013-03-28 04:52:35 -0500 answered a question Horizon hangs while communicating with Keystone over https

It was my mis config on Cinder /etc/cinder/api-paste.ini . Thanks again!

2013-03-28 04:47:21 -0500 answered a question Horizon hangs while communicating with Keystone over https

Thanks David Lyle, that solved my question.

2013-03-27 21:28:47 -0500 asked a question Horizon hangs while communicating with Keystone over https

Hi,

I'm trying to enable https on Keystone with a self-signed certificate. And right now, keystone and nova clients work fine with --insecure or with registering cacert.pem on the trusted CA list(e.g. /etc/ssl/certs/ca-certificates.crt) on the client side.

However, when I try to login to the Dashboard(Horizon), it just hangs forever. So I added "DEBUG = True" on /etc/openstack-dashboard/local_settings.py, and what I could see on appache error.log is these.

[Wed Mar 27 20:28:23 2013] [error] DEBUG:openstack_auth.backend:Beginning user authentication for user "admin". [Wed Mar 27 20:28:23 2013] [error] unable to retrieve service catalog with token [Wed Mar 27 20:28:23 2013] [error] Traceback (most recent call last): [Wed Mar 27 20:28:23 2013] [error] File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py", line 132, in _extract_service_catalog [Wed Mar 27 20:28:23 2013] [error] endpoint_type='adminURL') [Wed Mar 27 20:28:23 2013] [error] File "/usr/lib/python2.7/dist-packages/keystoneclient/service_catalog.py", line 62, in url_for [Wed Mar 27 20:28:23 2013] [error] raise exceptions.EndpointNotFound('Endpoint not found.') [Wed Mar 27 20:28:23 2013] [error] EndpointNotFound: Endpoint not found. [Wed Mar 27 20:28:23 2013] [error] DEBUG:openstack_auth.backend:Authentication completed for user "admin".

Dashboard is running on the same host as kesytone's. Keystone and nova clients work fine on the host without --insecure option. My question is, does Dashboard check its trusted CA list in a different file? (not /etc/ssl/certs/ca-certificates.crt?) Or is this a problem on my endpoint configuration?

Given http://host1.domain.com as hostname and CN(common name), the endpoint is like this.

publicurl = https://host1.domain.com:$(public_port)s/v2.0 (https://host1.domain.com:$(public_por...) internalurl = https://host1.domain.com:$(admin_port)s/v2.0 (https://host1.domain.com:$(admin_port...) adminurl = https://host1.domain.com:$(admin_port)s/v2.0 (https://host1.domain.com:$(admin_port...)

And I have the follows on my /etc/openstack-dashboard/local_settings.py

OPENSTACK_HOST = "host1.domain.com" OPENSTACK_KEYSTONE_URL = "https://%s:5000/v2.0" % OPENSTACK_HOST OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"

I would really appreciate if someone can help me to get through this issue.

Thanks in advance!

2013-03-06 15:10:00 -0500 answered a question Question on having Cinder at a separate node

Hi Karel,

The problem wasn't on the configuration, and has already been resolved. But thanks for your response!

2013-02-20 18:29:10 -0500 answered a question Question on having Cinder at a separate node

Hi I could resolve this. I deleted Cinder's endpoint, service and user. and then recreated user, service and endpoint.

Thanks!

2013-02-20 17:16:45 -0500 asked a question Question on having Cinder at a separate node

Hi,

Cinder works when I have it on the node which has Nova's management services(nova-api, nova-scheduler and such). And, now I'm working on separating Cinder services to another node, and facing some difficulty to understand how they work with Nova.

What I have on /etc/nova/nova.conf at my nova management node is this.

volume_api_class=nova.volume.cinder.API enabled_apis=ec2,osapi_compute,metadata

And what I have on /etc/cinder/api-paste.ini at cinder management node is this.

[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = "Cinder's IP" service_port = 5000 auth_host = "Keystone's IP" auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = cinder admin_password = *****

I installed cinder-api, cinder-scheduler and cinder-volume on the separate node. And I got this error.

ERROR: Malformed request url (HTTP 400) (Request-ID: req-ddffa7d0-62cd-48cc-aca4-6e1b49f0605a)

Now I'm looking into Keystone but recreating endpoint doesn't fix it. So if any of you can kindly provide some advice or URL, I would really appreciate it.

Thanks in advance!

2012-06-12 14:34:37 -0500 answered a question Inner-project Floating IP communication is not working

Joe, I submitted this as a bug, hoping we would get some more help.

https://bugs.launchpad.net/nova/+bug/1012144 (https://bugs.launchpad.net/nova/+bug/...)

Koji