Openstack-Nova: install nova-compute from source and connect to controller - openstack

In order to connect Nova-compute to the controller, I would like to install it from source on Ubuntu 20.04. The controller is an all-in-one Devstack.
apt install nova-compute
You can see the configuration of this node below
stack#compute:~# cat /etc/nova/nova-cpu.conf
[DEFAULT]
transport_url = rabbit://stackrabbit:PASSWORD#172.17.0.3:5672/
my_ip = 172.17.0.4
[oslo_messaging_notifications]
transport_url = rabbit://stackrabbit:PASSWORD#172.17.0.3:5672/
driver = messagingv2
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://172.17.0.3/identity
auth_url = http://172.17.0.3/identity
memcached_servers = 172.17.0.3:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = PASSWORD
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://172.17.0.3:6080/vnc_auto.html
[glance]
api_servers = http://172.17.0.3:9292
[oslo_concurrency]
lock_path = /opt/stack/data/nova
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://172.17.0.3/identity
username = placement
password = PASSWORD
The controller does not recognize this compute node with the following command.
stack#controller:~$ ./devstack/tools/discover_hosts.sh
Found 0 unmapped computes in cell: 47b7379b-c66c-4d32-adec-xxxxxxxxxx
stack#cntr:~$
Is there a requirement for identifying this node in the controller?
It would be nice if I could configure and install nova-compute separately from devstack.

Related

WinRS/WinRM can't access UNC path with CredSSP (Double-Hop)

I am trying to access a shared folder using unc path on server2 from clientX via WinRS to server1.
clientX -> server1 -> server2
My issue is basically the same as Can WinRS access UNC paths?
However, the solution there does not work for me although I followed all available instructions regarding WinRM and CredSSP configurations on clientX and server1 and it appears that everything was done as intended.
hostname of clientX is 'clientX' (acquired from cmd command 'hostname')
full computer name of clientX is 'clientX' (acquired from control panel > system)
user domain of clientX is 'CLIENTX' (acquired from cmd command 'echo %userdomain%')
hostname of server1 is 'server1' (acquired from cmd command 'hostname')
full computer name of server1 is 'server1' (acquired from control panel > system)
user domain of server1 is 'SERVER1' (acquired from cmd command 'echo %userdomain%')
the unc path on server2 is \SERVER2\sharedF\test
on server1, I can successfully run the command:
dir \\SERVER2\sharedF\test
on clientX, I can successfully run the command:
dir \\SERVER2\sharedF\test
aswell (as it also is connected to server2 directly).
on clientX, I can successfully run the command:
winrs.exe -r:http://SERVER1:5985 -u:adminOnserver1 -p:pass4server1 "dir c:"
on clientX, I fail to run the command:
winrs.exe -r:http://SERVER1:5985 -u:adminOnserver1 -p:pass4server1 "dir \\SERVER2\sharedF\test"
as I get the error message "access is denied". And that is the problem.
on clientX, the power shell command "Get-WSManCredSSP" returns:
The machine is configured to allow delegating fresh credentials to the following target(s): wsman/SERVER1
This computer is not configured to receive credentials from a remote client computer.
on clientX, the cmd command "winrm get winrm/config" returns:
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = 200.0.0.145,CLIENTX,200.0.0.159,SERVER1
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
on server1, the power shell command "Get-WSManCredSSP" returns:
The machine is not configured to allow delegating fresh credentials.
This computer is configured to receive credentials from a remote client computer.
on server1, the cmd command "winrm get winrm/config" returns:
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = 200.0.0.145,CLIENTX,200.0.0.159,SERVER1
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
on server1, the cmd command "winrm e winrm/config/listener" returns:
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, 169.254.229.41, 200.0.0.159, ::1, fe80::5465:9195:eabb:b7e7%11, fe80::c056:f6db:8f7f:e529%9
Did I do anything wrong? Any ideas?
I followed the common, basic instructions from microsoft and the solution from Can WinRS access UNC paths? and used commands like "Enable-WSManCredSSP -Role "Server"" , "Enable-WSManCredSSP -Role Client -DelegateComputer SERVER1", "winrm quickconfig".

Configure Postfix to send email on ubuntu

I'm trying to config a postfix server to use for notifications of some my scripts.
The server should be able only to send email, not to receive them.
I'm within a company network.
I'm using a fake mail address to send the email.
Actually I can send email (and receive it to my true mail address) but postfix tries to send the same email to the the address I uses to send it (and it doesn't exist) creating an infinite queue.
Could someone help me to fix it?
this is my main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = srvsviluppocentrale
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = agenziamobilita.roma.it
myorigin = $mydomain
mydestination =
relayhost = [srvw04.rsm.local]:25
relay =
# mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all
# sender_canonical_maps=hash:/etc/postfix/sender_canonical

Stats tab on Resource Usage is not populated through ceilometer

I have installed kilo devstack and have enabled the ceilometer. So It is showing me Resource Usage panel on Admin Dashboard. But my stats tab is not showing any graph for any matrix.
ceilometer.conf
[DEFAULT]
policy_file = /etc/ceilometer/policy.json
debug = True
verbose = True
notification_topics = notifications
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_userid = stackrabbit
rabbit_password = stackqueue
rabbit_hosts = 10.0.2.15
[service_credentials]
os_auth_url = http://10.0.2.15:5000/v2.0
os_region_name = RegionOne
os_tenant_name = service
os_password = nomoresecrete
os_username = ceilometer
[keystone_authtoken]
signing_dir = /var/cache/ceilometer
cafile = /opt/stack/data/ca-bundle.pem
auth_uri = http://10.0.2.15:5000
project_domain_id = default
project_name = service
user_domain_id = default
password = nomoresecrete
username = ceilometer
auth_url = http://10.0.2.15:35357
auth_plugin = password
[notification]
store_events = True
[database]
metering_connection = mongodb://localhost:27017/ceilometer
event_connection = mongodb://localhost:27017/ceilometer
alarm_connection = mongodb://localhost:27017/ceilometer
Please check How I enabled the ceilometer in openstack (kilo) dashboard
First go in devstack directory and search local.conf file
Paste the following content in local.conf
# Enable the ceilometer metering services
enable_service ceilometer-acompute ceilometer-acentral ceilometer-anotification ceilometer-collector
# Enable the ceilometer alarming services
enable_service ceilometer-alarm-evaluator,ceilometer-alarm-notifier
# Enable the ceilometer api services
enable_service ceilometer-api
Run the following command in devstack directory
./unstack.sh ./rejoin-stack.sh
My dashboard is showing the Resource usage in admin section but it is not showing any graph regarding the resource usage on stats tab. Please help me on this.
Stats Tab on Resource Usage is not showing any graph for any matrix, Please see the image.

Postfix - status=bounced (unknown user "myuser")

I am configuring Postfix and when validating by telnet and SMTP I got the status bounced error, unknown user:
Error log:
postfix/local[18718]: 4590D7DC0A51: to=myuser#mydomain.example, relay=local, delay=9.8, delays=9.8/0.01/0/0.04, dsn=5.1.1, status=bounced (unknown user: "myuser")
The "myuser" already exists, but with full domain name: myuser#mydomain.example.
User Validation:
postmap -q myuser#mydomain.example mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
Output is: "1" - so I guess it is OK.
My postfix Configuration:
root# postconf -n:
append_at_myorigin = yes
biff = no
config_directory = /etc/postfix
default_destination_concurrency_limit = 1
delay_warning_time = 8h
disable_vrfy_command = yes
dovecot_destination_concurrency_limit = 1
dovecot_destination_recipient_limit = 1
enable_original_recipient = yes
local_destination_concurrency_limit = 1
maximal_queue_lifetime = 6d
mydestination = mydomain.example
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_delay_reject = no
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination, reject_unauth_pipelining
smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain
smtpd_soft_error_limit = 5
strict_rfc821_envelopes = yes
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
you have added mydestination = mydomain.example and so the valid users for mydomain.example will be searched in local_recipient_maps. It is very clear from the logline that local delivery agent is selected to deliver the mail, as local domain class matched. See postfix address classes for more help
Modify your main.cf like below
#/etc/postfix/main.cf
mydestination =
# set to localhost localhost.$mydomain or remove mydomain.example for now
# Ensure that postmap -q mydomain.example mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf is returning mydomain.example and
# postmap -q myuser#mydomain.example mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf succeeds
Open /etc/postfix/main.cf, look for the mydestination field and change it's value to the below
mydestination = localhost, localhost.localdomain
Don't forget to run sudo postfix reload afterwards
Use following settings in /var/postfix/main.cf
myorigin = localhost
myhostname = <your_host_name>
mydestination = localhost.$mydomain, localhost, localhost.localdomain
followed by:
sudo postmap /etc/postfix/virtual
sudo service postfix restart
For someone else, when I set mydestination=mydomain.example.
Postfix show warning do not list domain mydomain.example in BOTH mydestination and virtual_mailbox_domains. So I set it relayhost = mydomain.example
My postfix version: 3.1.0 (postconf -d | grep mail_version)

Postfix Dovecot SquirrelMail

Hoping someone can help me out with this.
Current Setup
Home Verzion router -- Dynamic IP address port 25 blocked
Windows server 2008 --> Hyper-V --> Centos6
Postfix
Dovecot
SquirrelMail
**Removed Sendmail
So i can receive an email from anywho#anywhere.com and i can now send to anywho#anywhere.com the only problem i have is that when i send to anywho#anywhere.com it comes though as me#gmail.com
I would like it to come through as me#mydomain.com
It looks like my sending domain has changed. Did i do something wrong
I could post my logs but they do not give any errors so im not sure how much that would help.
Anything else i can post let me know
[root#thenerdservice log]# grep -v \# /etc/postfix/main.cf |grep -v ^$
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.mydomain.com
mydomain = mydomain.com
myorigin = $myhostname
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 192.168.1.0/24, 127.0.0.0/8, 8.8.8.8
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
smtp_always_send_ehlo = yes
relayhost = [smtp.gmail.com]:587
smtp_sasl_tls_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_sasl_tls_security_options = noanonymous
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
queue_directory = /var/spool/postfix
You're using a relayhost.
It should go out as you#gmail.com because gmail swaps the sender to reflect your gmail account.
You can send email as you#domain.com only if you have a STATIC ip. Dynamic IP addresses are blacklisted by most email providers.
If you have a static IP, just remove: relayhost, *smtp_sasl_password_maps* and generally sasl unless you know what you're doing.
To check wether you're blacklisted or not click here.

Resources