As i am trying to obtain application credentials on OpenStack using the following command:
openstack application credential create monitoring --unrestricted
i get an error that says:
Conflict occurred attempting to store application_credential - Duplicate entry found with name monitoring
Does it mean that credentials are already obtained and i can't create them again ?
I would really appreciate any kind of help. Thanks in advance :)
##general la lista de usuario y luego elimina de la lista
[root#controller ~]# openstack user list
[root#controller ~]# openstack user list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 35a9a277ae71428bb750fe7325d831b0 | admin |
| d22c71d930dc4a959ceff863ccb43cec | demo |
| e2f3a48634434958a3f0e58fd5438cea | glance |
| 32bcb7e060114ead8c4e92fc5ffcb60c | demo2 |
| 19b7cb2a14df43e59340336605311096 | placement |
| 49cf4ef00b7c464db6f62ccbac485cb3 | nova |
| e8d2abfd4fad4631b0093690c07f8a50 | nova1 |
+----------------------------------+-----------+
### a usuario me refiero escribe el ID del user list que quieres elimnar
[root#controller ~]# user delete e8d2abfd4fad4631b0093690c07f8a50
[root#controller ~]# openstack user list
pagina :
https://blog.csdn.net/qq_34259391/article/details/108224730
Related
I am trying to define an OpenStack cloud for juju. To do this, I have first deployed Devstack using the following configuration in the local.conf file:
$ cat local.conf | grep -v "#" | grep -v "^$"
[[local|localrc]]
ADMIN_PASSWORD=admin
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
HOST_IP=172.29.21.181
FLOATING_RANGE=172.29.20.1/22
Q_FLOATING_ALLOCATION_POOL=start=172.29.21.182,end=172.29.21.184
PUBLIC_NETWORK_GATEWAY=172.29.21.181
ENABLED_SERVICES+=,tls-proxy
ENABLED_SERVICES+=,g-api,g-reg
LOGFILE=$DEST/logs/stack.sh.log
LOGDAYS=2
SWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f5
SWIFT_REPLICAS=1
SWIFT_DATA_DIR=$DEST/data
After a successful deployment, these are the endpoints:
$ openstack endpoint list
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+
| 0b489b8a683d4be489448230437e39ca | RegionOne | cinder | block-storage | True | public | https://172.29.21.181/volume/v3/$(project_id)s |
| 0b9e96cfe0b440b781171ac0b082de3a | RegionOne | keystone | identity | True | admin | https://172.29.21.181/identity |
| 29ce5b2061dd474492f3aebda164acd0 | RegionOne | cinderv2 | volumev2 | True | public | https://172.29.21.181/volume/v2/$(project_id)s |
| 45e10e75eb6848f5a934674373962e11 | RegionOne | glance | image | True | public | https://172.29.21.181/image |
| 8c35460b8c0d4c21ac9b7dd27bc92c48 | RegionOne | keystone | identity | True | public | https://172.29.21.181/identity |
| af451150c3094497936fd6877380d877 | RegionOne | placement | placement | True | public | https://172.29.21.181/placement |
| b3907f627f684ada8526b89c2c9683f9 | RegionOne | neutron | network | True | public | https://172.29.21.181:9696/ |
| c642b07700b54be39e1dd537e8c0f8be | RegionOne | nova | compute | True | public | https://172.29.21.181/compute/v2.1 |
| dbb94215bc89457383a390a0490a89f6 | RegionOne | nova_legacy | compute_legacy | True | public | https://172.29.21.181/compute/v2/$(project_id)s |
| e1037ed336d541b080e365caa0020e78 | RegionOne | cinderv3 | volumev3 | True | public | https://172.29.21.181/volume/v3/$(project_id)s |
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+
But when I try to add the cloud to juju using the "juju add-cloud" command (I am following the indications of this link: https://juju.is/docs/olm/openstack) I get the following error:
$ juju add-cloud openstack
This operation can be applied to both a copy on this client and to the one on a controller.
No current controller was detected and there are no registered controllers on this client: either bootstrap one or register one.
Cloud Types
lxd
maas
manual
openstack
vsphere
Select cloud type: openstack
Enter the API endpoint url for the cloud [https://172.29.21.181/identity]: https://172.29.21.181/identity
Can't validate endpoint: No Openstack server running at https://172.29.21.181/identity
Enter the API endpoint url for the cloud [https://172.29.21.181/identity]: https://172.29.21.181/identity/v3
Can't validate endpoint: No Openstack server running at https://172.29.21.181/identity/v3
Enter the API endpoint url for the cloud [https://172.29.21.181/identity]: http://172.29.21.181/identity
Can't validate endpoint: No Openstack server running at http://172.29.21.181/identity
Enter the API endpoint url for the cloud [https://172.29.21.181/identity]: https://172.29.21.181:5000/v3
Can't validate endpoint: No Openstack server running at https://172.29.21.181:5000/v3
I can curl the url:
$ curl https://172.29.21.181/identity
{"versions": {"values": [{"id": "v3.14", "status": "stable", "updated": "2020-04-07T00:00:00Z", "links": [{"rel": "self", "href": "https://172.29.21.181/identity/v3/"}], "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}]}]}}
And I can connect to the port where Keystone is listening:
$ nc -vz 172.29.21.181 5000
Connection to 172.29.21.181 5000 port [tcp/*] succeeded!
I set no_proxy=127.0.0.1,localhost,172.29.21.181 and NO_PROXY=127.0.0.1,localhost,172.29.21.181
as environment variables, because searching for solutions on the Internet I understood that maybe it could solve my problem. But it didn't work.
Apart from this cloud I have another one deployed through Openstack-Ansible. In this cloud I have not encountered this error, the only difference I see is that the url is https://{HOST_IP}:5000/v3.
If anyone has any ideas it would be very helpful, thank you.
I have found a way to bypass this error, but I don’t know exactly why. I have modified the OS_AUTH_URL environment variable to end in “/v3”:
$ unset OS_AUTH_URL
$ export OS_AUTH_URL=https://172.29.21.181/identity/v3
Now, after using it as suggested value when running “juju add-cloud”, I don’t get the error when running “juju bootstrap”. I guess when you enter the url manually, juju checks the validity of it and fails for some code reason maybe. Having skipped that check, I guess the “juju bootstrap” command will directly use the url ending in “/v3” which is correct and works.
Now I get the following error:
$ juju bootstrap openstack --verbose
Adding contents of "/opt/stack/.local/share/juju/ssh/juju_id_rsa.pub" to authorized-keys
Creating Juju controller "openstack-regionone" on openstack/RegionOne
Loading image metadata
ERROR failed to bootstrap model: no image metadata found
But I guess I just have to add Swift to my deployment and follow the instructions in this link: https://juju.is/docs/olm/cloud-image-metadata
I am getting error while executing OpenStack simple mistral workflow on OpenStack(wallaby) devstack environment. While I can execute the workflow from CLI command and got success But it fails if I try the same thing with GUI
root#openstack:~# openstack workflow definition show test_get
---
version: '2.0'
test_get:
description: Test Get.
tasks:
my_task:
action: std.http
input:
url: http://www.google.com
root#openstack:~# openstack workflow execution create test_get
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| ID | 482e3803-45ef-411e-a0f4-1427abfc8649 |
| Workflow ID | 9dc0d4a4-8c5b-4288-8126-e1147da3bd02 |
| Workflow name | test_get |
| Workflow namespace | |
| Description | |
| Task Execution ID | <none> |
| Root Execution ID | <none> |
| State | RUNNING |
| State info | None |
| Created at | 2021-06-21 16:58:54 |
| Updated at | 2021-06-21 16:58:54 |
| Duration | ... |
+--------------------+--------------------------------------+
But while executing in GUI I get **
Execution is missing field "workflow_identifier"
**
Faced the same issue in Yoga release. Spent a few hours to investigate it and found interesting thing:
/usr/local/lib/python3.8/dist-packages/mistralclient/api/v2/executions.py
class ExecutionManager(base.ResourceManager):
resource_class = Execution
def create(self, wf_identifier='', namespace='',
workflow_input=None, description='', source_execution_id=None,
**params):
self._ensure_not_empty(
workflow_identifier=wf_identifier or source_execution_id
)
But! in the webform we are using workflow_identifier instead of wf_identifier
/usr/local/lib/python3.8/dist-packages/mistraldashboard/workflows/forms.py
def handle(self, request, data):
try:
data['workflow_identifier'] = data.pop('workflow_name')
data['workflow_input'] = {}
for param in self.workflow_parameters:
value = data.pop(param)
if value == "":
value = None
data['workflow_input'][param] = value
ex = api.execution_create(request, **data)
FIX is to rename workflow_identifier to wf_identifier in the form like
data['wf_identifier'] = data.pop('workflow_name')
After that mistral-dashboard works fine with execution creating.
Centos7.8 install openstack mitaka version, control the node to install mirror service glance, the mirror contains problems
According to the official documentation Mitaka official documentation operations, Step 3 Upload the image to the image service using the QCOW2 disk format, bare container format, and public visibility so all projects can access it:
I execute the following command
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
The size of the image in the output is zero. How should I check this problem
[root#controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | d41d8cd98f00b204e9800998ecf8427e |
| container_format | bare |
| created_at | 2020-05-24T14:45:54Z |
| disk_format | qcow2 |
| file | /v2/images/c89f6866-0c48-4ee5-84f1-bf7fa0998edf/file |
| id | c89f6866-0c48-4ee5-84f1-bf7fa0998edf |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | a9629b19eb9348adbf02a5432dd79411 |
| protected | False |
| schema | /v2/schemas/image |
| size | 0 |
| status | active |
| tags | |
| updated_at | 2020-05-24T14:45:54Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
I'm setting up Openstack on some machines. I was following this guide http://docs.openstack.org/liberty/install-guide-ubuntu/ until I ran into this problem:
When I'm verifying Image service (Glance), I got the following problem:
$ cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=passw0rd
export OS_AUTH_URL=http://Renaissance:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
$ source admin-openrc.sh
$ glance --debug image-create --name "cirros" \
> --file cirros-0.3.4-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --visibility public --progress
curl -g -i -X GET -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: {SHA1}7ce8d893ef6cdaca2ed5a876c8211a841455ba65' -H 'Content-Type: application/octet-stream' http://Renaissance:9292/v2/schemas/image
Request returned failure status 401.
Invalid OpenStack Identity credentials.
I would get same error using any other glance function (e.g. glance image-list).
I think I'm having my configurations correct since I followed the guide.
Here's my Openstack services, projects, users, roles and endpoints
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| bf585630a5cb475b9e883493de3813fa | glance | image |
| fc29e468dae849e6afb97ecc3bf487f6 | keystone | identity |
+----------------------------------+----------+----------+
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| 0bc473b2e77a4a9bb7871ed2afacb995 | admin |
| dcaf480621164c409b6704c3f42e0869 | service |
| e9f709d860fe46e2819b6bf1c78ccd0f | nonadmin |
+----------------------------------+----------+
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| 485374adcbe54ce5b9ef465b84aa2c9f | admin |
| 7447f4cd56f64ccfb111cba74f9a4b92 | nonadmin |
| d9ffc32240d24328b10af8b2550ec414 | glance |
+----------------------------------+----------+
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 466fea231ef54d3ca4564fb42f51bb5c | admin |
| a36c726d27f04ebf92d336c3acfcd945 | user |
+----------------------------------+-------+
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 01f62a7b9f7f4fa782e8bc695e74afc1 | RegionOne | glance | image | True | internal | http://Renaissance:9292 |
| abb7e5052d8646428e82ef58ca21b376 | RegionOne | keystone | identity | True | public | http://Renaissance:5000/v2.0 |
| d5b3180255b44a0eafe0810a20e104bc | RegionOne | glance | image | True | public | http://Renaissance:9292 |
| e0392842c6f64ac389a5688bc2581192 | RegionOne | keystone | identity | True | internal | http://Renaissance:5000/v2.0 |
| e0eb3dd0ed774669bce9a74dd3831c05 | RegionOne | keystone | identity | True | admin | http://Renaissance:35357/v2.0 |
| ec855dca8f87454e997fd55c47f17703 | RegionOne | glance | image | True | admin | http://Renaissance:9292 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
My auth configuration of glance (in glance-api.conf and glance-registry.conf) is listed below:
...
[keystone_authtoken]
# Complete public Identity API endpoint. (string value)
auth_uri = http://Renaissance:5000
auth_uri = http://Renaissance:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = passw0rd
...
And I can get token using Openstack:
$ openstack token issue
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2016-10-01T01:16:48.482839Z |
| id | 2a4e052a2c4140a28f550158d95ecd3b |
| project_id | 0bc473b2e77a4a9bb7871ed2afacb995 |
| user_id | 485374adcbe54ce5b9ef465b84aa2c9f |
+------------+----------------------------------+
I'm guessing its the api version problem, but I've been changing the version number in the uri but it didn't work. Any help is appreciated. Thanks!
in your glance configuration, the project name is service, but your env var project name is admin.
solutions:
ensure passw0rd is the real pw to glance:service account
change glance conf to use admin project instead
For some applications my team creates authenticated users with a password/email combination. This will get the user an firebase user uid. The problem with this is that the keys in firebase itself are external id's, and they do not match the auth.uid. How would I go about creating security rules then?
Sample auth.uid:
9dkad6c7-s649-9623-99e2-5a0dbgf5dfdz
Then a sample of the structure:
database
|
—— conversations
|
——{external id 1}
| |
| ——{external id 2}
| |
| {data here}
|
messages
|
——{externalid1|externalid2}
| |
| —{-KFasdahsduids}
| |
| {data here}
|
|
users
|
——{externalId}
| |
| {first name}
| {last name}
| {firebaseUID}
| {more data here}
|
——{externalId2}
|
{first name}
{lastname}
{firebaseUID}
{more data here}
The problem really is that the auth.uid is not the same as the external ones, and we really need those external id's. Can I do something with the UID that is stored in the /users/? Any suggestions?