Ask Your Question

Steve's profile - activity

2016-02-01 06:01:44 -0500 received badge  Famous Question (source)
2015-11-30 11:46:35 -0500 received badge  Popular Question (source)
2015-11-29 19:37:49 -0500 asked a question How to integrate Google no recaptcha into horizon dashboard?

How to integrate Google no recaptcha into horizon dashboard login page?

2015-11-10 20:17:22 -0500 received badge  Famous Question (source)
2015-10-08 03:30:24 -0500 received badge  Famous Question (source)
2015-10-08 03:12:45 -0500 received badge  Famous Question (source)
2015-08-19 07:07:34 -0500 received badge  Notable Question (source)
2015-08-19 06:00:49 -0500 marked best answer route of the glance image

Hi,

When I install a dedicated glance node to store the images, how does it download to compute node?

  1. glance node -> controller node ->network node -> compute node?
  2. glance node ->network node -> compute node?
  3. glance node -> compute node?

Thanks.

2015-07-15 05:18:57 -0500 received badge  Famous Question (source)
2015-05-12 11:25:57 -0500 received badge  Notable Question (source)
2015-05-12 11:25:57 -0500 received badge  Popular Question (source)
2015-05-12 11:25:37 -0500 received badge  Notable Question (source)
2015-04-29 05:47:39 -0500 received badge  Famous Question (source)
2015-04-23 11:37:32 -0500 received badge  Notable Question (source)
2015-04-23 11:37:32 -0500 received badge  Popular Question (source)
2015-04-20 15:06:52 -0500 asked a question Dedicated novnc proxy server

I set up a dedicated novnc proxy server. When I configured it as http, it worked fine. But when I changed it to https, there is error "Failed to connect to server (code: 1006)".

I installed package nova-novncproxy on the dedicated novnc proxy server, icehouse.

How to install the dedicated novnc proxy server oveer ssl?

Below is the nova-novncproxy.log:

72: Reaping zombies, active child count is 0 72: 10.1.1.20: new handler Process 72: handler exception: WSRequestHandler instance has no attribute 'last_code' 72: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/websockify/websocket.py", line 699, in top_new_client self.client = self.do_handshake(startsock, address) File "/usr/lib/python2.7/dist-packages/websockify/websocket.py", line 628, in do_handshake if wsh.last_code == 101: AttributeError: WSRequestHandler instance has no attribute 'last_code'

73: Reaping zombies, active child count is 0 73: 10.1.1.20: new handler Process 73: 10.1.1.20: "GET /vnc_auto.html?token=45a86f4c-e04c-445b-ad62-3a0de4351cea&title=102(52190c39-4a65-48a2-ae33-32fb75502c58) HTTP/1.1" 200 - 74: Reaping zombies, active child count is 0 74: 10.1.1.20: new handler Process 74: handler exception: WSRequestHandler instance has no attribute 'last_code' 74: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/websockify/websocket.py", line 699, in top_new_client self.client = self.do_handshake(startsock, address) File "/usr/lib/python2.7/dist-packages/websockify/websocket.py", line 628, in do_handshake if wsh.last_code == 101: AttributeError: WSRequestHandler instance has no attribute 'last_code'

75: Reaping zombies, active child count is 0 75: 10.1.1.20: new handler Process 75: 10.1.1.20: SSL/TLS (wss://) WebSocket connection 75: 10.1.1.20: Version hybi-13, base64: 'True' 75: 10.1.1.20: Path: '/websockify' 75: handler exception: Origin header protocol does not match this host. 75: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/websockify/websocket.py", line 714, in top_new_client self.new_client() File "/usr/lib/python2.7/dist-packages/nova/console/websocketproxy.py", line 101, in new_client raise exception.ValidationError(detail=detail) ValidationError: Origin header protocol does not match this host.

76: Reaping zombies, active child count is 0

2015-04-16 22:35:16 -0500 received badge  Popular Question (source)
2015-04-15 11:54:41 -0500 asked a question nova self-sign SSL

When use self-sign SSL for nova API endpoint, how to config the compute nodes to permit insecure SSL? I found cinder_api_insecure, glance_api_insecure. But how to enable nova to permit insecure SSL?

Thanks.

2015-04-15 07:13:43 -0500 received badge  Popular Question (source)
2015-04-15 07:13:43 -0500 received badge  Notable Question (source)
2015-04-14 19:35:13 -0500 asked a question How to deploy Apache2 reverse SSL proxy for API

I installed icehouse, 1 controller, 2 (nova-compute+nova-network) nodes and 2 cinder storage nodes. The nova and cinder control services are installed on controller. I am going to change the http API services to https, use Apache2 reverse https proxy.

Does the same Apache2 reverse https proxy install on the controller only? Or, need to install on all 5 nodes, including the controller, 2 compute nodes and 2 storage nodes?

Thanks!

2015-04-10 12:29:28 -0500 commented answer Delete a volume very slow

It worked. Thanks!

2015-04-10 12:28:47 -0500 received badge  Scholar (source)
2015-04-10 09:44:59 -0500 asked a question Delete a volume very slow

When I create a volume, it is quick. But when I deleted a volume, such as a 5 GB volume, it took about 25 minute to finish the task. A larger volume took more time to be deleted. It is cinder storage node, icehouse.

Is this normal? Why it is so slow?

2015-04-10 09:36:01 -0500 received badge  Notable Question (source)
2015-04-10 09:34:48 -0500 asked a question Security between compute node and volume storage node

How to deploy security between compute node and volume storage node?

My goal is to use something like SSL to protect communications between compute nodes and cinder storage nodes.

I am using icehouse, nova compute nodes and cinder storage nodes, iscsi driver.

2015-02-15 03:03:12 -0500 received badge  Famous Question (source)
2015-02-13 00:13:29 -0500 received badge  Famous Question (source)
2015-02-10 20:27:20 -0500 commented question rules in policy.json

You can find some examples on this link http://docs.openstack.org/juno/config...

"identity:get_trust": [["rule:admin_or_owner"]], "identity:list_trusts": [["@"]], "identity:list_roles_for_trust": [["@"]],

2015-02-10 05:58:39 -0500 received badge  Notable Question (source)
2015-02-10 03:52:29 -0500 received badge  Popular Question (source)
2015-02-10 01:31:18 -0500 received badge  Notable Question (source)
2015-02-09 20:26:44 -0500 received badge  Popular Question (source)
2015-02-09 11:36:52 -0500 asked a question rules in policy.json

I have been searching the policy.json reference for a long while. But it seems nowhere can find anything about the rules, signs or meaning. I have some questions:

  1. What does the "@" mean? Such as "identity:check_role_for_trust": [[ "@" ]].
  2. How to define a rule to deny any users, including the admin user is not allowed? Such as the "identity:create_policy":?
  3. Is there any place we can find a policy.json reference guide?

Thanks

2015-02-09 09:01:14 -0500 asked a question Disable admin user on horizon

How to disable admin user and all the superusers on horizon?

My goal is to separate tenant users login portal from admin login portal. I have removed "admin" dashboard on horizon. For security reason, I would like to disable superusers get a token, and not able to login the "project" dashboard and any other resources. These superusers are totally limited the access on horizon. I am using icehouse, on ubuntu 14.04.

Thanks!

2015-02-06 01:54:40 -0500 received badge  Popular Question (source)
2015-01-30 22:12:11 -0500 asked a question Disable volume snapshot

I'm using cinder volume, icehouse. In my lab, I need to disable volume snapshot for all tenants, only admin users can create volume snapshot.

In /etc/cinder/policy.json, I set:

"volume:get_snapshot": [["rule:admin_api"]],

But it doesn't work.

How to configure the openstack to disable volume snapshot feature for all tenant users?

Thanks!

Steve

2015-01-20 07:54:49 -0500 received badge  Notable Question (source)
2015-01-20 07:54:49 -0500 received badge  Famous Question (source)