I installed and configured octavia for openstack load balancing. but when i want create a new loadbalancer using openstack loadbalancer create --name lb1 --vip-subnet-id subnet-pub octavia worker log say: ERROR octavia.controller.worker.v1.controller_worker octavia.common.exceptions.ComputeBuildException: Failed to build compute instance due to: Failed to retrieve image with amphora tag.
why? (I use ubuntu)
another question is: I installed octavia on controller node. must install anything on compute node(s)?
I had a similar problem and adding --project service solved it when uploading the image.
$ openstack image create amphora-x64-haproxy.qcow2 --container-format bare --disk-format qcow2 --private --tag amphora --file amphora-x64-haproxy.qcow2 --property hw_architecture='x86_64' --property hw_rng_model=virtio --project service
About the second question no need for anything to be installed on compute nodes. Only network access to lb-mgmt-net from controllers.
This Link helped me.
Set tag of image with value "amphora"
openstack image set --tag "amphora" image_name
Related
I'm trying to run dagster using celery-k8s and using the examples/celery-k8s as a start. upon running the pipeline from playground I get
Initialization of resources [s3, io_manager] failed.
botocore.exceptions.NoCredentialsError: Unable to locate credentials
I have configured aws credentials in env variables as mentioned in the document
deployments:
- name: "user-code-deployment-test"
image:
repository: "somasays/dagster-usercode-example"
tag: "0.5"
pullPolicy: Always
dagsterApiGrpcArgs:
- "-f"
- "/workspace/repo.py"
port: 3030
env:
AWS_ACCESS_KEY_ID: AAAAAAAAAAAAAAAAAAAAAAAAA
AWS_SECRET_ACCESS_KEY: qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
AWS_DEFAULT_REGION: eu-central-1
and I can also see these values are set in the env variables of the pod and can also access the s3 location after pip install awscli and aws s3 ls see the screenshot below the job pod however throws Unable to locate credentials
Please help
The deployment configuration applies to the user code servers. Meanwhile the celery executor runs your pipeline code in separate kubernetes jobs. To provide your secrets there, you will want to configure the env_secrets field of the celery-k8s executor in your pipeline run config.
See https://github.com/dagster-io/dagster/blob/master/python_modules/libraries/dagster-k8s/dagster_k8s/job.py#L321-L327 for details on the config.
I am building a small docker image of this way:
In my Dockerfile I am adding an specific configuration in etc/apache2/apache2.conf about redirect http to https rule:
Specifically this rule
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>
So, my Dockerfile is
FROM wordpress:5.2.4
RUN apt-get update && apt-get install -y \
nano wget
COPY etc/apache2/apache2.conf /etc/apache2/apache2.conf
So, when it finish, I got two images in my local docker environment
REPOSITORY TAG
customize_wordpress 5.2.4
wordpress 5.2.4
Being customize_wordpress:5.2.4 my personal image and wordpress:5.2.4 the base public image that I used at FROM instruction above in the Dockerfile
Like my purpose is upload my custom image customize_wordpress:5.2.4 to azure container registry, I am following this article in order to do it
I am doing the docker tag command of this way
docker tag customize_wordpress:5.2.4 registryname.azurecr.io/customize_wordpress:5.2.4
And it works.
Also I push the image and it works as well
⟩ docker push registryname.azurecr.io/customize_wordpress:5.2.4
The push refers to repository [registryname.azurecr.io/customize_wordpress]
b63469233da6: Pushed
b032b61b15b2: Pushed
12fe3564ccac: Pushed
4e9b2aba858c: Pushed
b67d19e65ef6: Pushed
5.2.4: digest: sha256:dc62844f946a49f2e724fa38bad6e2cab73a4561b22b690876ab5534febd3569 size: 5128
[I]
So, I have these data as a environment variables in order to pass them to the helm command
export acr_login_server=registryname.azurecr.io
export acr_repository=customize_wordpress
export image_tag=5.2.4
But when I did the helm command
⟩ helm3 install wordpress-site-4 ./Deployments/Kubernetes/HelmCharts/wordpress/ --set image.registry=$acr_login_server,image.repository=$acr_repository,image.tag=$image_tag,image.pullPolicy=Always,wordpressUsername=$wordpressUsername,wordpressPassword=$wordpressPassword,wordpressEmail=$wordpressEmail,mariadb.enabled=false,externalDatabase.host=$database_host,externalDatabase.user=$database_user,externalDatabase.password=$database_password,externalDatabase.database=$database_name,externalDatabase.port=3306
I could see in my kubernetes environment that the pod say that the image is not pulled. I got
Error response from daemon: pull access denied for customize_wordpress, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Warning Failed 2m20s (x4 over 3m39s) kubelet, aks-defaultpool-34253081-vmss000001 Error: ErrImagePull
Normal Pulling 2m21s (x4 over 3m40s) kubelet, aks-defaultpool-34253081-vmss000001 Pulling image "customize_wordpress:5.2.4"
Warning Failed 2m20s (x4 over 3m39s) kubelet, aks-defaultpool-34253081-vmss000001 Failed to pull image "customize_wordpress:5.2.4": rpc error: code = Unknown desc = Error response from daemon: pull access denied for customize_wordpress, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Warning Failed 2m20s (x4 over 3m39s) kubelet, aks-defaultpool-34253081-vmss000001 Error: ErrImagePull
Normal BackOff 114s (x6 over 3m38s) kubelet, aks-defaultpool-34253081-vmss000001 Back-off pulling image "customize_wordpress:5.2.4"
Warning Failed 103s (x7 over 3m38s) kubelet, aks-defaultpool-34253081-vmss000001 Error: ImagePullBackOff
I am doing this helm command from azure devops, and previously I logged in to my ACR of multiple ways such as:
echo "Log in to an Azure Container Registry"
# docker login $(acr_login_server) --username $(service_principal_name_ci-cd-app-id) --password $(service_principal_name_ci-cd-password)
az acr login --name $(acr_name)
But the result is the same from the pod, I cannot pull the image
That's why I consider that I don't need to reference the docker registry secrets inside kubernetes and in the imagePullSecrets attribute in the helm chart values.yaml.
Despite everything I try to create that docker registry secret with my acr data but the result is the same as well.
How can I upload my customize image and pull it from Kubernetes?
Like my AKS cluster and my azure container registry, both already do exist before the private image installation, I didn't realize that I had to associate the aks cluster with the Azure container registry
It says here https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration#configure-acr-integration-for-existing-aks-clusters
So, this is the complete workflow to build our private docker image, uploaded to our private container registry (in my case Azure Container Registry) and pull that image from Azure Kubernetes service:
Build the image
docker build -t customize_wordpress:5.2.4 .
It creates the customize_wordpress:5.2.4 image
Creating tag: We need to create a tag in order to upload our image to our ACR
We have to include in the tag our ACR host server, in my case registryname.azurecr.io
Here for more information and here
⟩ docker tag customize_wordpress:5.2.4 registryname.azurecr.io/customize_wordpress:5.2.4
Push the image: Please, we have to be sure of use our complete tag created in the immediately previous step, I mean registryname.azurecr.io/customize_wordpress:5.2.4
⟩ docker push registryname.azurecr.io/customize_wordpress:5.2.4
The push refers to repository [registryname.azurecr.io/customize_wordpress]
b63469233da6: Pushed
b032b61b15b2: Pushed
b67d19e65ef6: Pushed
5.2.4: digest: sha256:dc62844f946a49f2e724fa38bad6e2cab73a4561b22b690876ab5534febd3569 size: 5128
And then before to install my Wordpress application, in my case from helm chart command (referenced above in my question), here comes the configuration of my ACR to work with my AKS cluster
I execute the aks update command:
⟩ az aks update -n MyClusterName -g MyResourceGroup --attach-acr MyACRName
So, when I install my helm chart, the image is up and running
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 14m default-scheduler Successfully assigned default/wordpress-site-4-6565b8c64f-w7xvq to aks-defaultpool-34253081-vmss000000
Normal Pulling 14m kubelet, aks-defaultpool-34253081-vmss000000 Pulling image "registryname.azurecr.io/customize_wordpress:5.2.4"
Normal Pulled 14m kubelet, aks-defaultpool-34253081-vmss000000 Successfully pulled image "registryname.azurecr.io/customize_wordpress:5.2.4"
Normal Created 14m kubelet, aks-defaultpool-34253081-vmss000000 Created container wordpress
If we do that, we don't need to reference the docker registry secret and any imagePullSecrets attribute in our helm chart or yaml file, our image will be pulled without reference any credentials
While installing Devstack on a compute node in a multi-node devstack lab environment error encountered: Service n-net is not running.
The local.conf file has localrc as:
HOST_IP=192.168.42.12 # change this per compute node
FLAT_INTERFACE=eth0
FIXED_RANGE=10.4.128.0/20
FIXED_NETWORK_SIZE=4096
FLOATING_RANGE=192.168.42.128/25
MULTI_HOST=1
LOGFILE=/opt/stack/logs/stack.sh.log
ADMIN_PASSWORD=labstack
DATABASE_PASSWORD=supersecret
RABBIT_PASSWORD=supersecret
SERVICE_PASSWORD=supersecret
DATABASE_TYPE=mysql
SERVICE_HOST=192.168.42.11
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
GLANCE_HOSTPORT=$SERVICE_HOST:9292
ENABLED_SERVICES=n-cpu,n-net,n-api-meta,c-vol
NOVA_VNC_ENABLED=True
NOVNCPROXY_URL="http://$SERVICE_HOST:6080/vnc_auto.html"
VNCSERVER_LISTEN=$HOST_IP
VNCSERVER_PROXYCLIENT_ADDRESS=$VNCSERVER_LISTEN
Please help me removing this error.
P.S: I must use nova-net and not neutron for interaction between the controller and the compute nodes.
For the Ocata release I founded a solution (2-node setup). An import part is the placement-api since the Newton update (14.0.0), so first of all enable this in all your nodes:
local.conf:
enable_service placement-api
First run ./stack.sh on your controller node and after that installation run it on the other nodes.
Also here you will see the error Service n-net is not running...
Now edit your nova.conf file in /etc/nova/nova.conf because there will be no database and database_api section:
[database]
connection=mysql+pymysql://root:DB_PASS#IP_OF_CONTROLLER_NODE/nova
[api_database]
connection=mysql+pymysql://root:DB_PASS#IP_OF_CONTROLLER_NODE/nova_api
When adding these, you can check if it works with following command:
stack#jerico-02:/devstack$ nova-manage --debug host list
host zone
0.0.0.0 internal
jerico-03 internal
jerico-02 nova
Also in the dashboard the new compute (hypervisor) shows up!
Hope it helps!
(Tested on Ubuntu Server 16.04 LTS with devstack and OpenStack Ocata)
I am trying to get non SRIOV pci-passthrough using OpenStack Liberty, but not successful.
These are the steps followed
create pci_passthrough_whitelist in nova.conf of the compute node as pci_passthrough_whitelist = {"address": "0000:89:00.0", "physical_network": "test_phy_nw"}
As sriov is not used, do not add sriovnicswitch as mechanism driver
in ml2. and do not do any ml2 sriov configurations. do not configure pci_passthrough_alias as alias does not support BDF (address)
create a neutron net - neutron net-create --name test_os_nw
--provider:physical_network test_phy_nw --provider:physical_network_type flat. (is Flat ok ? or should i use vlan or vxlan type networks ?)
create port with direct vnic_type - neutron port-create
--name pci.port --binding:vnic_type direct
boot an instance with this port nova boot --flavor m1.small --image
ubuntu --nic port-id=$(neutron port-show pci.port -F id -f value)
test.vm
Two questions in this regard
Are the steps mentioned above correct & am i missing anything in the
above steps ?
Is the process to achieve pci-passthrough (non SRIOV) different from
SRIOV pci-passthrough ? If it is different, can you please share a
link to it (or better can u give a quick summary of the process).
After some more experimenting and reading, figured out BDF based pass through is supported only for SRIOV (as of Liberty).
I create Fedora instance in horizon by giving public key. But i didn't get any user and password to ssh the instance. Also tried to create instance from shell by running this,
nova boot --config-drive=true --flavor 3 --key-name testkey --image be1437b9-b7b4-4e56-a2c3-f92cdd0848ce --user-data cloud-config.txt test
Instance launched successfully in both case and when i try to login with root it ask me for password.
So please tell me what is the exact way to create a fedora instance in Openstack and what would be its user and password for ssh.
Just to confirm, I suppose that you have the corresponding .pem file for the keyname that you create (testkey) and this file has the appropriate permissions to be used to access using ssh. I mean chmod 600 of the .pem file.
If this is the case, you should go into the instance only executing the following sentence:
ssh -i testkey.pem root#<IP address>
Have you installed cloud-init package from epel repository?
So, you can get into the server using 'fedora' or 'cloud-user' user account.
http://docs.openstack.org/image-guide/content/ch_obtaining_images.html
Let leave cloud-init option in nova boot, I have also tried this one,
nova boot --flavor 3 --key-name testkey --image be1437b9-b7b4-4e56-a2c3-f92cdd0848ce test
In this command Instance launches successfully, but still I can't ssh the instance.
Where as now when I create instance from horizon I do ssh in that instance easily.
For the first time login it is recommended that you generate a key-pair (In ubuntu, https://help.ubuntu.com/community/SSH/OpenSSH/Keys) and inject into the image (http://docs.openstack.org/grizzly/basic-install/yum/content/basic-install_operate.html) and do SSH to the instance using the key-pair. Once you are logged in, you can create a user and using this user you can login through VNC console.