Ask Your Question

Daniel P's profile - activity

2016-05-12 04:09:10 -0500 received badge  Good Question (source)
2016-05-12 04:08:58 -0500 received badge  Guru (source)
2016-05-12 04:08:58 -0500 received badge  Great Answer (source)
2015-06-15 05:55:54 -0500 received badge  Popular Question (source)
2015-06-15 05:55:54 -0500 received badge  Notable Question (source)
2015-06-12 08:44:33 -0500 asked a question problem: horizon only showing HTML

Hi,

I've followed the installation instructions for installing Kilo, particularly the dashboard here:

http://docs.openstack.org/juno/instal...

as well as enabling HTTPS here:

http://docs.openstack.org/kilo/config...

When I go to the login page, the browser is only presenting HTML; all the django/ css prettiness is not showing. I can login successfully, but it's only HTML, so all the formatting and graphics are not showing up, so the interface is nearly unusable.

Can anyone suggest how I can troubleshoot this?

2015-05-13 02:39:07 -0500 received badge  Nice Question (source)
2015-02-19 06:45:41 -0500 received badge  Nice Question (source)
2014-12-17 03:40:07 -0500 received badge  Famous Question (source)
2014-11-19 15:04:48 -0500 received badge  Famous Question (source)
2014-09-30 06:49:05 -0500 received badge  Notable Question (source)
2014-09-25 12:19:27 -0500 received badge  Popular Question (source)
2014-09-25 12:19:27 -0500 received badge  Notable Question (source)
2014-09-18 04:58:01 -0500 asked a question how to wrap ssh calls from nova-compute?

Hi,

I have a wrapper script for ssh that I need nova-compute to call when performing live migration.

The reason for this is when attempting live migration, I'm seeing this error:

Command: ssh <computeHost> mkdir -p
/var/lib/nova/instances/7c8cf258-02e7-4fa2-85b0-a3ec26b0ddd6
Exit code: 255
Stdout: ''
Stderr: 'Permission denied (gssapi-keyex,gssapi-with-mic).'

This error is expected since we use kerberos for authentication; our security policy doesn't allow ssh via keys.

So I've written a simple wrapper script for ssh that first runs kinit to grab the relevant tgt, then passes the original ssh parameters to the system ssh binary.

The question now is how best to redirect nova-compute's ssh calls to my ssh wrapper script?

I've looked through the config reference but don't see any specific ssh path parameters, nor do I see anything that allows me to prepend to PATH for nova-compute.

What is the best way to do this? Can I do this from within Openstack, or do I need something configured externally?

If it's any help, I'm on Ubuntu Trusty.

2014-09-18 04:43:02 -0500 commented answer live migration: what is a simple way to setup ssh for libvirt?

turns out my problems were due to restrictions on our system due to security policy. Just knowing that you were able to setup ssh and that it was as simple as one would expect it to be, is helpful! thanks for your comments.

2014-09-18 04:42:03 -0500 received badge  Supporter (source)
2014-09-09 08:26:38 -0500 received badge  Famous Question (source)
2014-09-09 08:04:31 -0500 commented answer live migration: what is a simple way to setup ssh for libvirt?

Thanks for your response. Is that what you did then when you used ssh for live migration; created a home directory for nova and exchanged the proper ssh keys?

If you didn't use ssh, may I ask what transport you're using in production for live migration and why?

2014-09-09 08:00:46 -0500 received badge  Popular Question (source)
2014-09-08 06:03:20 -0500 asked a question live migration: what is a simple way to setup ssh for libvirt?

Hi,

I'm attempting to setup live migration per the documentation here:

http://docs.openstack.org/admin-guide...

I've successfully setup NFS, and synced UID and GID across servers. I now need to enable secure remote TCP for libvirt, which lead me here:

http://libvirt.org/remote.html

It seems like ssh should be a simple solution, so I'm seeking to setup a typical exchange of ssh keys between nova users on the compute nodes, but it looks like the nova user by default has no home directory which I can put ssh keys into, etc. Is there a reasonable way to set this up? I'm hesitant to start creating a home directory, etc, since I'm assuming the nova user has no home directory, shell, etc for security reasons.

For those of you who have setup a secure libvirt transport to support live migration, did you use SSH or something else? What did your setup look like?

2014-06-23 08:04:17 -0500 received badge  Famous Question (source)
2014-06-13 03:35:28 -0500 received badge  Notable Question (source)
2014-06-13 02:05:47 -0500 received badge  Famous Question (source)
2014-06-13 00:30:33 -0500 received badge  Enlightened (source)
2014-06-13 00:30:33 -0500 received badge  Good Answer (source)
2014-06-12 08:28:21 -0500 received badge  Commentator
2014-06-12 08:28:21 -0500 commented answer how to add additional compute nodes?

I've done the compute node steps here, as well as network setup for the compute node here.

2014-06-12 08:19:02 -0500 received badge  Popular Question (source)
2014-06-12 07:12:12 -0500 commented question how to add additional compute nodes?

No, I performed the installation manually, following the Ubuntu Installation guide for Icehouse

2014-06-12 06:24:13 -0500 asked a question how to add additional compute nodes?

Following the Ubuntu install guide, my first compute node is up and running, and shows up on the dashboard under the 'hypervisors' tab. I've just carried out the relevant instructions in the 'Configure Compute services' and 'Add a networking service' for adding a second compute node, but it's not being reported in dashboard, or with 'nova hypervisor-list'.

What is the mechanism whereby the controller node picks up additional compute nodes? Since I would assume it's a push model, where the compute nodes tell the controller they are available...

So what am I missing here: services I should restart, any steps not mentioned in the install guide?

Any help appreciated!

edit: gone a little further with this. After copying the nova.conf file from the other compute node and then modifying the IP entries, when I attempt to start the nova-compute service it crashes immediately on startup. There's absolutely nothing in the logs under /var/log/nova

2014-06-10 22:28:41 -0500 marked best answer unable to SSH into new instances

Hi! I've launched instances from several images which should work directly on openstack, but in all cases I am unable to login to the instances via SSH. Looking at SSH debug, it starts the connection, but then hangs...

Two of the images I've tried are ubuntu precise here, and fedora 20 here.

Steps I've taken:

  • Generated an SSH key pair named cloud_rsa and cloud_rsa.pub. I've imported the public key into openstack. Selected this key pair when creating the instances.
  • setup security group rules for security group 'demo' that the instances are associated with.

    Egress IPv4 Any - 0.0.0.0/0 (CIDR)
    Ingress IPv4 TCP 22 (SSH) 0.0.0.0/0 (CIDR)

  • associated floating IPs to the instances, and can successfully ping the floating IPs from a host on the external network.
  • Can ping an external website from the cirros instance I have running on the same network as the other instances, with the same security group
  • I have console access to the nodes, and can view their boot logs via horizon.

here is the log output for the precise instance (excluding kernel messages):

Loading, please wait...
Begin: Loading essential drivers ... done.
[    0.732066] udevd[83]: starting version 175
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Begin: Running /scripts/local-premount ... [    0.860687] FDC 0 is a S82078B
[    0.864043] usb 1-1: new full-speed USB device number 2 using uhci_hcd
done.
[    0.905029] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
Begin: Running /scripts/local-bottom ... [    0.962927]  vda: vda1
GROWROOT: CHANGED: partition=1 start=2048 old: size=4192256 end=4194304 new: size=41940992,end=41943040
[    1.020370] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
done.
done.
Begin: Running /scripts/init-bottom ... done.
[    1.220119] Refined TSC clocksource calibration: 2194.775 MHz.
[    1.392947] EXT4-fs (vda1): re-mounted. Opts: (null)
cloud-init start-local running: Wed, 04 Jun 2014 11:34:27 +0000. up 2.37 seconds
no instance data found in start-local
ci-info: lo    : 1 127.0.0.1       255.0.0.0       .
ci-info: eth0  : 1 192.168.32.19   255.255.255.0   fa:16:3e:4e:1c:6d
ci-info: route-0: 0.0.0.0         192.168.32.1    0.0.0.0         eth0   UG
ci-info: route-1: 192.168.32.0    0.0.0.0         255.255.255.0   eth0   U
cloud-init start running: Wed, 04 Jun 2014 11:34:29 +0000. up 4.15 seconds
found data source: DataSourceEc2
2014-06-04 11:34:34,073 - __init__.py[WARNING]: Unhandled non-multipart userdata ''
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
a5:c9:17:64:47:3f:23:09:a5:fd:a0:26:f3:e1:6f:76 root@precise1
The key's randomart image is:
+--[ RSA 2048]----+
|          +o+    |
|         o = o   |
|          + = +  |
|       . + o + o |
|        S =   .  |
|         B .     |
|          o      |
|           .o E  |
|           o..   |
+-----------------+
Generating public/private dsa key pair.
Your ...
(more)
2014-06-10 22:28:41 -0500 received badge  Nice Answer (source)
2014-06-06 00:49:33 -0500 received badge  Notable Question (source)
2014-06-05 07:47:54 -0500 received badge  Self-Learner (source)
2014-06-05 05:49:03 -0500 answered a question unable to SSH into new instances

edit: I've gotten to the root of this problem: even after logging in, I was still experiencing seemingly random disconnect problems; certain commands would freeze up, etc. Turns out it was an MTU problem! From one of the guests I ping'd out with various packet sizes until I settled on an upper limit of 1438. See the QA here for how to permanently change the MTU in the guests.

I've isolated the problem to the client/server SSH interaction. I found that on the client side (ubuntu 14.04) when I add the following parameter to ssh_config:

MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160

I can successfully login to both the cirros and the ubuntu precise instances! Strangely, even with this configuration parameter, SSH still hangs on the fedora instance after

debug1: SSH2_MSG_KEXINIT sent

I really don't know why specifying this MACs list in ssh_config is working, since on several of any successful ssh connections I've looked at, they always seem to be using hmac-md5, which is first in the list both in the config option I set above, and higher in precedence than the others as specified in the man page for ssh_config. Perhaps someone who knows more about SSH can help on this? Better understading this might help with solving the hangup with the fedora instance!

2014-06-05 05:18:31 -0500 commented question unable to SSH into new instances

ah, good catch with the fedora instance not picking up an IP on eth0, I wonder why that's happening...but horizon is showing that this instance has an assigned IP, and I can ping the node.

2014-06-05 04:31:50 -0500 received badge  Student (source)
2014-06-05 02:16:30 -0500 received badge  Popular Question (source)