Ask Your Question

mickey's profile - activity

2018-01-12 12:28:29 -0500 received badge  Self-Learner (source)
2017-03-15 02:45:13 -0500 received badge  Famous Question (source)
2017-03-15 02:45:13 -0500 received badge  Popular Question (source)
2017-03-15 02:45:13 -0500 received badge  Notable Question (source)
2017-01-23 08:47:56 -0500 received badge  Notable Question (source)
2017-01-23 08:47:56 -0500 received badge  Popular Question (source)
2017-01-23 08:47:56 -0500 received badge  Famous Question (source)
2016-10-24 14:56:28 -0500 received badge  Notable Question (source)
2016-07-13 13:46:40 -0500 received badge  Notable Question (source)
2016-06-29 06:11:16 -0500 received badge  Famous Question (source)
2016-06-29 06:11:16 -0500 received badge  Popular Question (source)
2016-06-29 06:11:16 -0500 received badge  Notable Question (source)
2016-05-12 14:19:50 -0500 received badge  Popular Question (source)
2016-04-28 13:37:32 -0500 received badge  Notable Question (source)
2016-04-28 13:37:32 -0500 received badge  Famous Question (source)
2016-04-07 13:33:34 -0500 received badge  Notable Question (source)
2016-04-07 13:33:34 -0500 received badge  Popular Question (source)
2016-04-07 13:33:34 -0500 received badge  Famous Question (source)
2016-04-07 13:30:36 -0500 received badge  Nice Question (source)
2016-04-05 16:08:14 -0500 received badge  Popular Question (source)
2016-04-05 16:08:14 -0500 received badge  Notable Question (source)
2016-03-21 01:54:10 -0500 received badge  Popular Question (source)
2015-11-30 07:39:59 -0500 asked a question Apache2-Horizon SSL bug with missing permissions

Hi all. I use Openstack Kilo and wanted to enable SSL. The only problem:

    [Mon Nov 30 14:07:12.776301 2015] [:error] [pid 29731:tid 140092654630656] [client 95.90.222.115:37845]   File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/local/local_settings.py", line 116, in <module>
[Mon Nov 30 14:07:12.776308 2015] [:error] [pid 29731:tid 140092654630656] [client 95.90.222.115:37845]     SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key')
[Mon Nov 30 14:07:12.776311 2015] [:error] [pid 29731:tid 140092654630656] [client 95.90.222.115:37845]   File "/usr/lib/python2.7/dist-packages/horizon/utils/secret_key.py", line 54, in generate_or_read_from_file
[Mon Nov 30 14:07:12.776317 2015] [:error] [pid 29731:tid 140092654630656] [client 95.90.222.115:37845]     with lock:
[Mon Nov 30 14:07:12.776321 2015] [:error] [pid 29731:tid 140092654630656] [client 95.90.222.115:37845]   File "/usr/lib/python2.7/dist-packages/oslo_concurrency/lockutils.py", line 217, in __enter__
[Mon Nov 30 14:07:12.776326 2015] [:error] [pid 29731:tid 140092654630656] [client 95.90.222.115:37845]     self.acquire()
[Mon Nov 30 14:07:12.776329 2015] [:error] [pid 29731:tid 140092654630656] [client 95.90.222.115:37845]   File "/usr/lib/python2.7/dist-packages/oslo_concurrency/lockutils.py", line 200, in acquire
[Mon Nov 30 14:07:12.776334 2015] [:error] [pid 29731:tid 140092654630656] [client 95.90.222.115:37845]     self.lockfile = open(self.fname, 'a')
[Mon Nov 30 14:07:12.776345 2015] [:error] [pid 29731:tid 140092654630656] [client 95.90.222.115:37845] IOError: [Errno 13] Permission denied: '/var/lib/openstack-dashboard/_var_lib_openstack-dashboard_secret_key.lock'
[Mon Nov 30 14:07:15.387853 2015] [:error] [pid 29731:tid 140092572169984] [client 95.90.222.115:37865] mod_wsgi (pid=29731): Target WSGI script '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' cannot be loaded as Python module.
[Mon Nov 30 14:07:15.387865 2015] [:error] [pid 29731:tid 140092572169984] [client 95.90.222.115:37865] mod_wsgi (pid=29731): Exception occurred processing WSGI script '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi'.
[Mon Nov 30 14:07:15.387875 2015] [:error] [pid 29731:tid 140092572169984] [client 95.90.222.115:37865] Traceback (most recent call last):
[Mon Nov 30 14:07:15.387885 2015] [:error] [pid 29731:tid 140092572169984] [client 95.90.222.115:37865]   File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi", line 16, in <module>
[Mon Nov 30 14:07:15.387898 2015] [:error] [pid 29731:tid 140092572169984] [client 95.90.222.115:37865]     application = get_wsgi_application()
[Mon Nov 30 14:07:15.387902 2015] [:error] [pid 29731:tid 140092572169984] [client 95.90.222.115:37865]   File "/usr/lib/python2.7/dist-packages/django/core/wsgi.py", line 14, in get_wsgi_application
[Mon Nov 30 14:07:15.387911 2015] [:error] [pid 29731:tid 140092572169984] [client 95.90.222.115:37865]     django.setup()
[Mon Nov 30 14:07:15.387914 2015] [:error] [pid 29731:tid 140092572169984] [client 95.90.222.115:37865]   File "/usr/lib/python2.7/dist-packages/django/__init__.py", line 20, in setup ...
(more)
2015-11-28 02:45:59 -0500 asked a question Openstack Instance Hacked, cant create snapshot

Hi, Since some days some of our customer Instances got abused by foreign attackers. Now we want to Investigate those Instances, because they are unusable. The Problem is Openstack is unable to create a Snapshot of the attacked ones. Snapshots can be made from every other Instance except from these.

Is there any way to export that VM to another Machine?

The only message i become from Openstack "ERROR Cant create snapshot"

Ways i tried: Using the shell for creation of the snapshot: Provides the same unuseable output Error. Looking on the Nova Host itself to maybe export the whole VM, but thats just not that easy as i thought.

The only suspicious log i found: nova-api.log

    - -] [instance: a225c2b2-1128-4b75-ac10-fbab89bcb82a] Skipping quiescing instance: Quiescing is not supported in instance a225c2b2-1128-4b75-ac10-fbab89bcb82a: QEMU guest agent is not enabled
Traceback (most recent call last):

  File "/usr/lib/python2.7/dist-packages/oslo_messaging/rpc/server.py", line 142, in inner
    return func(*args, **kwargs)

  File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 88, in wrapped
    payload)

  File "/usr/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 85, in __exit__
    six.reraise(self.type_, self.value, self.tb)

  File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 71, in wrapped
    return f(self, context, *args, **kw)

  File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 6572, in quiesce_instance
    self.driver.quiesce(context, instance, image_meta)

  File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 1516, in quiesce
    self._set_quiesced(context, instance, image_meta, True)

  File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 1495, in _set_quiesced
    instance_id=instance.uuid, reason=reason)

InstanceQuiesceNotSupported: Quiescing is not supported in instance a225c2b2-1128-4b75-ac10-fbab89bcb82a: QEMU guest agent is not enabled
.
2015-11-28 09:33:33.452 16889 ERROR nova.api.openstack [req-d8372817-e198-4a9d-a284-4e38f900563e 05e3e5396c5342fa99170e55cc5be356 6f4b82627df840bda7b937199f086f73 - - -] Caught error: Request Entity Too Large (HTTP 413) (Request-ID: req-a709eec8-d085-4daa-93bd-54334c402f8d)
2015-11-28 09:33:33.452 16889 TRACE nova.api.openstack Traceback (most recent call last):
2015-11-28 09:33:33.452 16889 TRACE nova.api.openstack   File "/usr/lib/python2.7/dist-packages/nova/api/openstack/__init__.py", line 125, in __call__
2015-11-28 09:33:33.452 16889 TRACE nova.api.openstack     return req.get_response(self.application)
2015-11-28 09:33:33.452 16889 TRACE nova.api.openstack   File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1320, in send
2015-11-28 09:33:33.452 16889 TRACE nova.api.openstack     application, catch_exc_info=False)
2015-11-28 09:33:33.452 16889 TRACE nova.api.openstack   File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1284, in call_application
2015-11-28 09:33:33.452 16889 TRACE nova.api.openstack     app_iter = application(self.environ, start_response)
2015-11-28 09:33:33.452 16889 TRACE nova.api.openstack   File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__
2015-11-28 09:33:33.452 16889 TRACE nova.api.openstack     return resp(environ, start_response)
2015-11-28 09:33:33.452 16889 TRACE nova.api.openstack   File "/usr/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py", line 634, in ...
(more)
2015-11-25 16:36:45 -0500 asked a question nova-network change multi-host T to F of used network

Hi!

When I set up Openstack, I used the same commands as in the manual stood. I used the fixed network for direct access to the internet for my VMs. in the shell: nova network-create public --bridge br100 --multi-host T --fixed ....

I didnt know that we would still use the same Hoster and expand it.

Now the pain. I added a second Compute Node with a sperate AVZ and its on fixed network. But everytime i start a new VM, the First assigned IP, is from the Subnet of a different node ..

nova network-create public --bridge br100 --multi-host F --fixed-range-v4 148.251.216.144/28

Now my new Compute-Node has 2 bridges. The 1st is the one, that should be used by the old one. The second bridge is the one that should be assigned and used, not the first.

br100     Link encap:Ethernet  HWaddr fe:16:3e:84:5e:2c  
          inet addr:148.251.216.145  Bcast:148.251.216.159  Mask:255.255.255.240
          inet6 addr: fe80::3415:d4ff:fed0:1a72/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:501 errors:0 dropped:0 overruns:0 frame:0
          TX packets:317 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:39357 (39.3 KB)  TX bytes:45420 (45.4 KB)

br200     Link encap:Ethernet  HWaddr fa:56:35:39:e9:3b  
          inet addr:136.243.142.17  Bcast:136.243.142.31  Mask:255.255.255.240
          inet6 addr: fe80::d821:eaff:fe45:d060/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:643 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:27198 (27.1 KB)

I cant delete and recreate the old network, because its in use by the VMs. How can i change that?

2015-10-24 06:25:45 -0500 received badge  Popular Question (source)
2015-10-23 11:35:04 -0500 answered a question Nova-Network on Hetzner. instance cant pass bridge.

FIX! Problem solved.

I was totally confused, because basically Hetzner means that your VM´s must have a specific MAC Address beginning with 54:52:00. http://wiki.hetzner.de/index.php/KVM_... All I could find was the solution to solve the bridge and MAC-Address NAT problem in combination with Neutron. Like mangelajo described in his blog. I am very thankful for his Post! :) But i am going in another direction where i want the smallest setup with enough storage using the nova network to provide public connection for the instances.

The first time I started my Ubuntu Cloud Instance, i saw that ICMP receives 2 Packages and stops receiving more. So i checked the compute hosts bridge with tcpdumb and had a neverending Broadcast. The Bridge had 2 Subnets to provide and couldn't decide to who the the target mac belongs.
ARP "Who has the gateway IP? Tell VM". That means to me i have to seperate the public interface IP from the bridge by another virtual interface providing the Gateway.

... long story short result.

modprobe dummy
ifconfig dummy0 x.x.x.x
add route x.x.x.x dummy0

/etc/nova/nova.conf
...
...
flat_network_bridge = br100
flat_interface = dummy0
public_interface = dummy0

I created a dummy Interface using the gateway IP of my floating-pool subnet. route add x.x.x.x dummy0. Accordingly i´ve changed the public_interface and flat_interface to "dummy0".

thanks!

2015-10-22 16:14:39 -0500 asked a question Nova-network How changing default mac address?

Hi folks.

I red in a book that it is possible to change the default MAC-Address that will be assigned to the VMs. This was mentioned in neutron. But i just use Legacy Networking with Nova. I previously red in a book a very small article on if its possible and how will it be called.

base_mac

Its used to change the first 3 octets of the default MAC. (fa:16:3a .. or whatever)

how is the command or where can i find the config to change that value?

2015-10-22 04:08:49 -0500 asked a question Nova-Network on Hetzner. instance cant pass bridge.

Hi. I have installed a 3 Node Cluster on Hetzner with Compute Legacy Networking. There is a well known problem with Hetzner’s IP Policy. The given subnet for my Instances are not in the same Subnet as the Physical Interface (AAA.BBB.76.148). So i told the Host that the Subnet XXX.VVV.216.144/28 belongs to him, so that Openstack can assign it as Floating IP to the VM. The Default Gateway for the Server is AAA.BBB.76.129.

The Bridge took the IP and Gateway from the eth0 interface and uses the Default gateway (XXX.VVV.216.145) for the VMs.

After the first VM starts i sign in and try to ping 8.8.8.8

m009@ubuntu-14:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=5.55 ms
From 8.8.8.8: icmp_seq=2 Redirect Host(New nexthop: 8.8.8.8)
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=5.55 ms
From 8.8.8.8 icmp_seq=3 Destination Host Unreachable
From 8.8.8.8 icmp_seq=4 Destination Host Unreachable
From 8.8.8.8 icmp_seq=5 Destination Host Unreachable

It always automatically drops every other Packet after 2 received.

So i made a tcpdump on the Compute Host to check the traffic and what i found out:

223 27.766181   fa:16:3e:2e:db:34   Broadcast   ARP 42  Who has AAA.BBB.76.129?  Tell XXX.VVV.216.148
...
Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
Target IP: AAA.BBB.76.129

my route config:

default via AAA.BBB.76.129 dev br100 
AAA.BBB.76.128/26 dev br100  proto kernel  scope link  src AAA.BBB.76.148 
XXX.VVV.216.144/28 dev br100  proto kernel  scope link  src XXX.VVV.216.145 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 
213.133.98.64/26 dev eth1  proto kernel  scope link  src 213.133.98.99

What could be the problem?

2015-10-20 07:14:54 -0500 received badge  Famous Question (source)
2015-10-20 06:39:15 -0500 asked a question openstack kilo demo (401) in the cli - dashboard works

Hi. I installed my whole 3 node Cluster from beginning.. I stuck at testing the demo user. Some hours earlier it worked without a problem. Now everytime i test something as demo user it tells me:

    cinder --debug create --name demo 1
DEBUG:keystoneclient.session:REQ: curl -g -i -X GET http://controller:5000/v3 -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
DEBUG:keystoneclient.session:RESP: [200] content-length: 249 vary: X-Auth-Token keep-alive: timeout=5, max=100 server: Apache/2.4.7 (Ubuntu) connection: Keep-Alive date: Tue, 20 Oct 2015 11:31:40 GMT x-openstack-request-id: req-17fd19b8-5eb4-4949-8fe7-1484221d4b09 content-type: application/json x-distribution: Ubuntu 
RESP BODY: {"version": {"status": "stable", "updated": "2015-03-30T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", "links": [{"href": "http://controller:5000/v3/", "rel": "self"}]}}

DEBUG:keystoneclient.auth.identity.v3:Making authentication request to http://controller:5000/v3/auth/tokens
DEBUG:keystoneclient.session:Request returned failure status: 401
ERROR: The request you have made requires authentication. (HTTP 401) (Request-ID: req-ebf59e19-5ab4-4dac-8fb9-d15c9a4c328e)
root@Controller ~ # openstack --os-auth-url http://controller:5000 \
>   --os-project-domain-id default --os-user-domain-id default \
>   --os-project-name demo --os-username demo --os-auth-type password \
>   token issue
ERROR: openstack The request you have made requires authentication. (HTTP 401) (Request-ID: req-5d77ffb5-c89d-40e8-813e-39f64ab4556b)

I already checked if the credentials are fine. i deleted the user over the cli and made the same again.

It all worked when i tested the Identity service.

The most strange thing is, that it all works when i use the Dashboard. I can do everything what the demo user is able to. But i am not allowed to execute commands in the CLI as demo client.

yes i sourced the demo-openrc.sh and i checked the credentials. When i use a command with password prompt, keystone doesn't let this happen.

Any idea?

2015-10-15 17:27:19 -0500 received badge  Self-Learner (source)
2015-10-15 07:32:56 -0500 received badge  Notable Question (source)
2015-10-15 06:43:47 -0500 asked a question Cinder Service up but not in visible in Horizon

Hi. I have previously finished my Openstack 3 Node Setup on Hetzner. Now i wanted to check if everything works fine. The problem is i cant see the Block Storage in the Administrator tab on the Dashboard. The Service status says that cinderv2 is up on the Controller. In the local_settings.py for Horizon I enabled Cinder and reloaded the Apache2 settings, but still no success. Do i need to install additional packages for Cinder/Horizon?

2015-10-15 06:32:35 -0500 answered a question Mistral: Authorization failed: The resource could not be found. (HTTP 404)

UPDATE

After (pip install --upgrade python-openstackclient) and now the openstack cli works fine.

But Keystone still has the same trouble as mentioned.

2015-10-15 05:42:14 -0500 answered a question whole CLI doesnt work anymore. (Kilo)

UPDATE

After (pip install --upgrade python-openstackclient) and now the openstack cli works fine.

But Keystone still has the same trouble as mentioned.

the python thing didnt help

Python 2.7.6 (default, Jun 22 2015, 17:58:13) 
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from keystoneclient.v2.0 import client
  File "<stdin>", line 1
    from keystoneclient.v2.0 import client
                           ^
SyntaxError: invalid syntax
>>> from keystoneclient.v2_0 import client
>>> token = '4f87d15d7fae4325653b'
>>> endpoint = 'http://controller:35357/v2.0'
>>> keystone = client.Client(token=token, endpoint=endpoint)
>>> keystone.tenants.list()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/keystoneclient/v2_0/tenants.py", line 123, in list
    tenant_list = self._list('/tenants%s' % query, 'tenants')
  File "/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py", line 124, in _list
    resp, body = self.client.get(url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneclient/adapter.py", line 170, in get
    return self.request(url, 'GET', **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneclient/adapter.py", line 206, in request
    resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneclient/adapter.py", line 95, in request
    return self.session.request(url, method, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneclient/utils.py", line 337, in inner
    return func(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneclient/session.py", line 402, in request
    raise exceptions.from_response(resp, method, url)
keystoneclient.exceptions.Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-09ef6fdc-d177-4da1-94c1-7a6702006253)
2015-10-15 05:36:29 -0500 received badge  Popular Question (source)
2015-10-15 03:34:42 -0500 commented answer whole CLI doesnt work anymore. (Kilo)

thats so funny ... doesnt matter which version i upgrade ... it always wants a nother ERROR: openstackclient.shell Exception raised: (pbr 0.11.0 (/usr/local/lib/python2.7/dist-packages), Requirement.parse('pbr>=1.6'))

2015-10-15 03:29:02 -0500 commented answer whole CLI doesnt work anymore. (Kilo)

that was the first version it had installed. i downgraded to 0.9.0 and that didnt help