Ask Your Question

New-stack's profile - activity

2020-08-30 17:31:16 -0500 marked best answer how to implement 2-factor authentication in Horizon?

hi people, somebody have experience about 2 factor authentication in horzion? I'm interesting to implement in my test environment...

some suggestion about how to start ? ^_^

2016-03-30 23:48:37 -0500 received badge  Famous Question (source)
2016-03-11 11:34:23 -0500 received badge  Notable Question (source)
2016-03-09 06:14:35 -0500 received badge  Popular Question (source)
2016-03-09 01:39:26 -0500 answered a question IT Automation System with Openstack Orchestration

Thank's for you comment and suggestion, Eduardo.

2016-03-08 04:21:08 -0500 asked a question IT Automation System with Openstack Orchestration

Hi, i'm looking for a solution which can perfom "Automation" inside a enterprise environment, with several device (Cisco, Checkpoint, Big-IP,Big-IQ,Fortinet). All of this, are ready to use restuful api. I think about openstack orchestrator, but i'm not sure that openstack orchestrator is the right solution. Is it able to comunicate with other system/plattaform, in restful api and then orchestrate them? Or orchestration module is only for create and manage cloud resources.

The idea is something like ansible...

Thanks everyone

2015-11-03 03:47:51 -0500 received badge  Famous Question (source)
2015-04-06 09:59:42 -0500 received badge  Famous Question (source)
2015-03-12 05:22:53 -0500 received badge  Taxonomist
2015-02-25 08:19:49 -0500 received badge  Popular Question (source)
2015-02-25 08:19:49 -0500 received badge  Notable Question (source)
2015-02-05 08:53:44 -0500 received badge  Famous Question (source)
2015-02-05 08:53:44 -0500 received badge  Notable Question (source)
2015-02-04 09:51:36 -0500 asked a question Help about OS_Federation register a idp, map and rules

hi people, on my enviorment (centos7, openstack modular installation of Juno)i have installed keystone to run behiand the httpd server(with https enabled)!

I have installed shibboleth, enabled the OS_Federation and now i have some problems about how to configure it! Particularly, how can i perform these requests?

1.Map

2.Group

3.IDP

Thk!

2015-02-01 02:48:22 -0500 received badge  Famous Question (source)
2015-01-30 04:03:06 -0500 answered a question juno unable to retrieve instance flavors

First, clean the log file in nova rm -f /var/log/nova/ and try to launch instance again! When you get the error, check and post on paste.openstack.org the log file about nova-scheduler nova-conductor nova-api

2015-01-29 10:24:54 -0500 edited question [Solved] keystone ssl port closed...Why?

hi people, on my enviroment (centos7, openstack modular installation of Juno)i have installed keystone to run behind the httpd server(with https enabled)!

At the moment, if i try to contact a keystone endpoint i recive an conncection error,

keystone endpoint-list
Authorization Failed: Unable to establish connection to http://controller:35357/v2.0/tokens

If i try to scanning the keystone's ports(public/admin) by nmap i obtain that both are closed

Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT      STATE  SERVICE
5000/tcp  closed upnp
35357/tcp closed unknown
443/tcp open  https

the firewall service is not used, why i'm in this situation?

Furthermore, about the keystone's endpoint, how can l change the url? Manually from db change http:// to https:// o there is a better way?

Thanks to everyone

_____________UPDATE_____________

To keystone's endpoint (only keystone's endpoint) i set it in mysql at keystone db:

  UPDATE endpoint SET url = REPLACE (url, 'http','https') where legacy_endpoint_id= "KEYSTONE_ID"

In the keystone.conf i've set

[ssl]
enable = True
certfile = /etc/keystone/ssl/cert/keystone.pem
keyfile = /etc/keystone/ssl/private/keystonekey.pem
ca_certs = /etc/keystone/ssl/cert/ca.pem
cert_required = True

like as doc http://docs.openstack.org/admin-guide...

The service keystone is down, and if i try to restart it, i have this error, but /var/log/keystone.log is empty...

image description

(to enlarge the picture right click and view the image)

Why? :(

2015-01-29 08:46:00 -0500 commented answer [Solved] keystone ssl port closed...Why?

Now, i solved and dashboard work fine... i forget to set in every SERVICE.conf the insecure = true

Thaks

2015-01-29 06:33:40 -0500 marked best answer Policy doesn't allow compute:create:forced_host to be performed

I try to run my first instance but an error occuer

[root@cloud98 ~]# source demo-openrc.sh
[root@cloud98 ~]# nova net-list
+--------------------------------------+----------+------+
| ID                                   | Label    | CIDR |
+--------------------------------------+----------+------+
| 1f97cf12-0af9-45ff-aec8-a1ab3d88e23e | demo-net | -    |
| d5b19c47-44b6-4fd1-a27b-24ef9d75eefc | ext-net  | -    |
+--------------------------------------+----------+------+

[root@cloud98 ~]# nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64 --nic net-id=1f97cf12-0af9-45ff-aec8-a1ab3d88e23e --security-group default --key-name demo-key --availability-zone nova:cloud100 test_demo_instance
ERROR: Policy doesn't allow compute:create:forced_host to be performed. (HTTP 403) (Request-ID: req-f3b87d75-a381-4ade-9ef2-3ad41e21a37f)

Some suggestion?

2015-01-29 04:53:31 -0500 commented answer [Solved] keystone ssl port closed...Why?

ok... Thank you so much, for your time, and i owe you a lot of favours :) now i will investigate e after fixed, i post the solution!

2015-01-28 11:10:45 -0500 commented answer [Solved] keystone ssl port closed...Why?

i have purged the cache of my browser and try it, on another machine but nothing is changed.

Here the log of httpd (error_ssl) and keystone.log :(

2015-01-28 10:50:13 -0500 commented answer [Solved] keystone ssl port closed...Why?
2015-01-28 10:40:03 -0500 commented answer [Solved] keystone ssl port closed...Why?

i'have set this in /etc/openstack-dashboard/local_setting

I have alredy set mod_nss(like as mod_ssl) to apache and it's working fine ;), but i have this error after try to login by dashboard

2015-01-28 09:41:40 -0500 commented answer [Solved] keystone ssl port closed...Why?

...cert of CA which have release the keystone.pem) this problem should be solved! It's wrong?

And in the dashboard how i can set this option to have encripted authentication? Because at this time i have this error

Thank you very much!

2015-01-28 09:39:26 -0500 commented answer [Solved] keystone ssl port closed...Why?

It's work! Help me to understand please :) if you want/can... with --insecure ,is the comunication encrypted? (keystone endpoint are set in https)

To solve the CA chain, have you some suggestion? I supposed that if i used in admin-openrc, OS_CACERT=/etc/keystone/.../ca.pem (where ca.pem is the...

2015-01-27 09:14:12 -0500 commented answer [Solved] keystone ssl port closed...Why?

ok... now if i try to do : keystone endpoint-list i have finally a error (in keyston.log)and keystone is active with ports open! :) Thk :)

Server error
SSLError: [Errno 185090050] _ssl.c:340: error:0B084002:x509 certificate utines:X509_load_cert_crl_file:system lib
2015-01-27 07:08:45 -0500 received badge  Famous Question (source)
2015-01-27 06:23:46 -0500 commented answer [Solved] keystone ssl port closed...Why?

I want ssl only to authenticate, not to nova: then the section [ssl] in nova is empty! ok :)

I paste here the setting you have suggested...

It's right or i have misunderstood?

2015-01-27 04:46:29 -0500 commented answer [Solved] keystone ssl port closed...Why?

Thank's... i have this situation:

This is the endpoint list in my db (line 11, 14, 18)

This is my keyston.conf I changed the auth_uri in nova.con f neutron.conf but not in keystone.conf... Is it required?