Ask Your Question

jtopjian's profile - activity

2019-07-04 14:03:34 -0500 received badge  Good Answer (source)
2019-05-10 14:47:16 -0500 received badge  Great Answer (source)
2015-05-07 10:41:57 -0500 answered a question HAProxy MySQL-Galera Keystone error (HTTP 500)

Do you have HAProxy configured to round-robin the MySQL traffic? If so, change the balance config to something where the source connection will always hit the same mysql node.

Or just make one of the mysql nodes a designated "write" node by setting the opposite node as "backup". This will then send all traffic to the writing node and resolve any deadlock errors that you might encounter:

So you'll end up killing two birds with one stone.

2014-12-15 05:00:24 -0500 received badge  Nice Answer (source)
2014-10-19 20:48:05 -0500 received badge  Nice Answer (source)
2014-10-08 13:21:33 -0500 answered a question How to setup security groups for IPv6 with nova-network?

I just came across this in Google and wanted to mention that as of Havana+, nova-network and IPv6 security groups do work. We are seeing some issues with port ranges, though.

Possible useful information:

  • Use /128 for individual IPv6 addresses
  • Use ::/0 as the equivilent
2014-10-07 13:14:06 -0500 received badge  Good Answer (source)
2014-05-05 12:36:38 -0500 received badge  Nice Answer (source)
2014-04-03 09:11:26 -0500 answered a question Difference in authtoken for different control nodes

You are using a different --os-auth-url for control02 than with control01. It is possible to do this, but make sure that both Keystone services share the same database and memcached servers (if you're using memcached).

2014-04-03 09:08:20 -0500 commented answer Why NEUTRON needs interface phy-br-ex & int-br-ex?

Specifically slide 14. Comparison with the LinuxBridge model might also help you fully understand the architecture:

2014-04-03 09:02:52 -0500 answered a question OpenStack components distributed.

larsks is correct, although I would highly recommend using Regions or Cells for this kind of deployment. By not using one of those, all instances in all remote locations will share the same network service. That could get a bit hairy.

2014-04-03 08:56:49 -0500 commented answer gluster volume for nova instance

This resolved the issue for me.

2014-03-23 13:33:20 -0500 answered a question does uuid changes after live migration

The UUID of the instance does not change due to a migration.

2014-03-23 13:32:23 -0500 answered a question Email Notification from controller

I think the best approach to this is to look into the OpenStack Notifications system:

You will most likely want to create some type of system that monitors the notification queues and reacts on certain events.

There is a great project called StackTach that reports on the various notifications that OpenStack emits. You could use this as a reference.

2014-03-23 13:30:01 -0500 answered a question Can we set floating ip directly to the instance?

If I understand your question correctly, you want Floating IPs to be attached directly to the instance rather than the private Fixed IP address?

If so, this is possible. In Neutron, the easiest way to do this is to make your public / external network shared (--shared). Be aware, though, that this will allow anyone to launch an instance on the public network. You might exhaust your public IP range quickly.

It also might conflict with L3 services in Neutron. I tested this scenario a few months ago but found I ran into difficulties when introducing Security Groups and L3 services. The core functionality, instances having a public IP directly on their virtual NIC, worked, though.

2014-03-23 13:22:20 -0500 answered a question Is live migration possible in multi-host vlan nova-network environment?

Yes, it's possible. Floating and Fixed IPs will be transferred.

However, in multi-host, make sure you enable the share_dhcp_address option so the DHCP service on all compute nodes will have the same IP. The reason for this is described here:

2014-03-23 13:14:07 -0500 answered a question How to listen for OpenStack Notifications/Events ?

I have used the following wiki page as a reference for parsing OpenStack notifications:

Also, StackTach is a great project that you could use as a reference implementation of the notification system.

2014-02-11 16:32:54 -0500 received badge  Nice Answer (source)
2014-01-15 03:29:32 -0500 commented answer Nova instance not accessible after OS update and reboot

Can you try doing "nova reboot --hard <instance id="">"?

2014-01-13 03:43:18 -0500 answered a question how to usually add the 3rd party authentication plugin in horizon?

Rather than integrate a third-party authentication service into Horizon, I think you should look at integrating it with Keystone. This is because Horizon uses the login credentials for much more than simply allowing access to the database.

I believe SAML support in Keystone is still in progress.

2014-01-13 03:34:17 -0500 answered a question How to resolve db sync error?


Please make sure you are running the nova-manage command either as root or using sudo. If you are still getting an Access Denied error, double check your SQL connection string.

Hope that helps,

2014-01-11 07:22:27 -0500 answered a question Suppose I have my floating IP tagged(VLAN tagging). If someone from external network wants to access my instances then can they ssh it as they wont have the knowledge of vlan ids of my instances?

This is dependent on your upstream router. If your router is configured to route traffic for the subnet that your Floating IP is part of plus the router tags the traffic with the appropriate VLAN, then traffic will reach your instance.

2014-01-11 07:13:21 -0500 commented question Nova instance not accessible after OS update and reboot

On the compute node, can you confirm that the instance is actually running if you do a "virsh list"?

2014-01-11 07:08:58 -0500 answered a question configuring NFS shares using horizon

In order to use the Cinder NFS driver, you have to have one or more NFS shares created outside of OpenStack. The size of your shares is totally up to you. If you decide that you only have, for example, 10gb of available space to use as an NFS share, then that's completely acceptable. You will just be limited to 10gb of block storage in your cloud.

Your compute nodes will mount the NFS shares on an as-needed basis (when an instance on that compute node requests an NFS-based block storage volume) and create a qcow2-based file that will act as a virtual hard drive.

I don't think this configuration will ever be available through Horizon since configuring NFS is outside the scope of OpenStack (meaning, you could be using a NetApp-based NFS server or a simple Linux NFS server -- there's a wide variety of options, all independent from OpenStack).

Please let me know if you need anything clarified.

2014-01-11 06:58:36 -0500 commented question Ubuntu Cloud Image: Key Injection

Does the output of "nova console-log <instance>" show anything useful? Unless you configured something specific in OpenStack, I *think* key injection will be done via the metadata service, but I'm not 100% on that.

2014-01-04 10:25:58 -0500 answered a question I Getting error while configuring identity service


It looks like there is a space at the beginning of the following line:

' admin_token = 0cef4f568cb8a558e4fb'

The configuration files are unable to contain spaces at the beginning of lines.

Hope that helps,


2013-12-31 23:49:58 -0500 commented answer Unable to locate package nova-conductor

If you created a file under /etc/apt/sources.list.d, then you no longer need to run the apt-add-repository command. Just do "apt-get upgrade" and possibly "apt-get install ubuntu-cloud-keyring".

2013-12-31 16:21:32 -0500 answered a question Unable to locate package nova-conductor

Did you install the Havana apt repo as described earlier in the guide?

2013-12-31 12:36:23 -0500 answered a question error: Could not find binary nova-compute on host ... when disabling nova-compute

Is the same host that is listed when you run nova-manage service list? The FQDN of hosts must be the same as what service list outputs.

2013-12-27 19:55:16 -0500 answered a question Nagios finds two Openstack-nova-compute processes

It's possible that you're seeing a false positive. On the compute node itself, do you see two different nova-compute procs when you run:

ps aux | grep nova-compute


2013-12-27 10:21:27 -0500 commented answer How can I start an instance in a stopped status?

But does this actually shut the instance off on the compute node?

2013-12-26 12:12:57 -0500 answered a question How do I overcommit resources?


Check out the nova.conf config file reference:

Search for cpu_allocation_ratio and you'll see a table that lists a few options for overcommitting such as:

  • cpu_allocation_ratio
  • disk_allocation_ratio
  • ram_allocation_ratio

Hope that helps,


2013-12-24 16:07:21 -0500 commented answer Change Keystone Endpoint IP

OS_AUTH_URL will be http://localhost:5000/v2.0 if you are just going to run commands on the local server. Replace localhost with a remote server if you'll be running commands remotely. I've pasted a generic openrc file here: which might help.

2013-12-24 13:58:58 -0500 answered a question Change Keystone Endpoint IP

You could do three different things:

  1. Use the various keystone help | grep endpoint commands to remove your current endpoints and re-add them with the right URLs.
  2. Use a SQL query to update the rows directly against MySQL
  3. Switch to a text-based TemplatedCatalog in keystone.conf as then the catalog is defined as a plain text file and you'd just update the endpoints just as you would with any other text file and restart Keystone when you're done.

Hope that helps,


2013-12-24 13:54:43 -0500 commented answer Project limits from REST

ah, understood. Please see revised answer.

2013-12-24 01:56:43 -0500 received badge  Nice Answer (source)
2013-12-23 16:47:32 -0500 commented answer 1 vcore instance is using 100% of node's CPU

... physical core on your compute node. You should be able to see this by running htop on your compute node. Sorry for the verbosity -- just want to make sure we meet on the same page :)

2013-12-23 16:46:46 -0500 commented answer 1 vcore instance is using 100% of node's CPU

... 16:1 overcommit ratio to cpus. So one physical core actually equals 16 vcpus that you can allocate to instances in OpenStack. With that in mind, though, if you have an instance with 1 cpu (cat /proc/cpuinfo), and it's running a job like john the ripper, it should only be affecting one...

2013-12-23 16:45:07 -0500 commented answer 1 vcore instance is using 100% of node's CPU

A vcpu (virtual cpu) is the number of cpus that an instance has. "virtual" has two meanings here. one: the cpus are being assigned to a virtual machine. two: vcpus are not one-to-one mappings to physical cpus on the compute node. 1 vcpu would equal 1 physical core but openstack applies a ...

2013-12-23 14:47:22 -0500 commented answer 1 vcore instance is using 100% of node's CPU

The benefit of vcpu allocations is to allow your instances to take advantage of multiple cpus. Maybe I'm misunderstanding the issue you're having. If you use a tool such as htop, do you see *all* cores pegged? Or just one core?

2013-12-23 10:48:40 -0500 answered a question 1 vcore instance is using 100% of node's CPU

This is because OpenStack is not placing any boundaries on the amount of CPU that the instance can claim. Note that a single core in use can still peg a server with high load. Look into cgroups to learn how to place resource restrictions on instances. In the case of CPU, you'll want to limit the amount of "cpu shares" that an instance has access to. This _should_ throttle the usage.

You will need to do this outside of OpenStack as I don't believe OpenStack has support for this yet. I have seen blueprints and wiki entries for this type of feature, but I'm not sure of an implementation status.

Edit: I stand corrected. It looks as though setting CPU shares is possible!

See the section on "Flavors".

2013-12-23 10:41:17 -0500 answered a question How do I add a keypair for a normal tenant using admin user credentials?

The URL must be:**tenantA_id**/os-keypairs

If you are unable to use this URL as-is, then the admin user needs to be added to tenantA using something like:

keystone user-role-add --user admin --tenant tenantA --role admin
2013-12-23 10:21:11 -0500 commented answer Need help with a basic 2 node openstack setup

nice work!

2013-12-23 10:19:16 -0500 commented answer Can't ping from VM to Controller Node Ubuntu/Havana/nova-networking

Glad it helped! Good luck with the metadata issue. There are a few others running into similar issues but I haven't been able to pin down the solution.

2013-12-23 10:17:09 -0500 answered a question Openvswitch plugin


Make sure that you add the interface that previously had the external IP to the bridge.

For example, if eth0 previously had the external IP:

ovs-vsctl add-port br-ex eth0

This will bridge br-ex and eth0 together. Since br-ex now has your external IP, traffic will flow through br-ex to eth0 to the wire and back.

Hope that helps,


2013-12-23 10:07:25 -0500 answered a question Project limits from REST


Rather than v2/​{tenant_id}​/limits/tenant_id=​{customer_tenant_id}, you should just be requesting:


For example, if your nova-api endpoint is , and your tenand_id is a1b2c3d4 then you would issue a request to:

Th above will only work if you're retrieving the limits for a tenant that you are a member of. If you are the admin user and you want to see the limits for a project that you are not a member of, look at following command:

nova absolute-limits --tenant a1b2c34d

Running the command with --debug will show you the API calls being used.

Hope that helps,