发起问题

srelf 的档案 - activity

2020-05-11 08:15:22 -0500 回答问题 OIDC token bearer from IdP and Keystone local mapping

This is possible. You need to use a mappings file

https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html (https://docs.openstack.org/keystone/l...)

A super simple mapping file

[ {
            "local": [
                {
                    "user": {
                        "name": "{0}",
                        "email": "{0}"
                    },
                    "groups": "{1}",
                    "domain": {
                      "id" : "default"
                        }
}
            ],
            "remote": [
                {
                    "type": "OIDC-email"
                },
                {
                    "type": "OIDC-groups"
                }
            ]
        }]

This maps a user name and email to OIDC-EMAIL and then maps any groups passed in the token to match against groups ni openstack, and links that user to that group.

2019-11-28 10:16:25 -0500 回答问题 Controller HA with 3 Nodes in a Quorum

You will require all three nodes in order to return to quorum. Once all three nodes are back, and pacemaker is started on the hosts, it will rebuild the cluster and restart required services.

2019-11-28 10:12:49 -0500 评论问题 getting "MessagingTimeout: Timed out waiting for a reply to message ID ' while creating new instance in new rocky installation

check the rabbitmq status rabbitmqctl cluster_status look for any alarms or patitions. Check the nova scheduler and conductor on the controller(s) if your running in HA it could be on any of the three. Somewhere you might find an error message to give more of a clue.

2019-11-15 13:49:25 -0500 评论问题 cold migration on Queens with local disks not working due to permission issues

Check that the SELinux permissions are correct for the /var/lib/nova directory on the dest.

2019-11-15 13:38:51 -0500 获得奖牌  拥护者 (source)
2019-11-15 13:37:30 -0500 评论问题 port security impact on fragmentation

Just a quick comment, you mention that disabling port security allows ping to work. Are you sure that you dont have a security group thats not allowing ICMP traffic?

2018-11-26 11:13:00 -0500 回答问题 what tool Openstack community uses to draw network diagrams

I think it is something similar to https://www.graphviz.org/ (GraphViz).

2018-10-30 11:09:00 -0500 获得奖牌  粉丝
2018-09-17 09:38:22 -0500 回答问题 [trove] How to make trove instances connect to rabbitmq

Im assuming that your running your trove components inside your openstack cloud.

You could create a provider network which is attached to the network that your controllers/rabbitmq hosts are connected too. You can then deliver that provider network into the tenancy that your trove instances are running in.

I would recommend attaching that network as a second interface. you can then connect your trove instances directly into your management network.

you will need to think about the security implications of bridging your external networks to your internal management networks.

Hope that helps.