When trying to create Keystone:
openstack domain create --description "An Example Domain" example
I get this return error below:
Could not clean up: 'ClientManager' object has no attribute
'sdk_connection'
I am not sure what this is in reference to...
following the Doc here https://docs.openstack.org//keystone/wallaby/doc-keystone.pdf
This means that you aren't authenticated.
stack#ubuntu:~/devstack$ openstack domain create --description "An Example Domain" example
Missing value auth-url required for auth plugin password
Could not clean up: 'ClientManager' object has no attribute 'sdk_connection'
If you are using devstack you can just source userrc_early inside the devstack folder.
stack#ubuntu:~/devstack$ source userrc_early
stack#ubuntu:~/devstack$ openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 1ddc2084930d492dbe39680cda5ef660 |
| name | example |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
Related
I have an issue to list loadbalancers on open stack using cli
from#ge ~
$ openstack loadbalancer list
public endpoint for load-balancer service not found
from#ge ~
$ export | grep OS_
declare -x OS_AUTH_TYPE="password"
declare -x OS_AUTH_URL="http://192.168.20.33:5000/v3"
declare -x OS_IDENTITY_API_VERSION="3"
declare -x OS_PASSWORD="XXXXXX"
declare -x OS_PROJECT_NAME="project-name"
declare -x OS_TENANT_NAME="tenant-name"
declare -x OS_USERNAME="from"
declare -x OS_USER_DOMAIN_ID="default"
from#ge ~
$ echo "endpoint list" | openstack
You are not authorized to perform the requested action: identity:list_endpoints. (HTTP 403) (Request-ID: req-aec8b22e-d3ad-4116-b7bb-52545f641667)
I've tried to set OS_REGION_NAME to RegionOne, but I get the same result
Any tip ?
load-balancer service not found
It seems that the load balance service not work, have you deployment Octavia service successful?
identity:list_endpoints. (HTTP 403)
According to the official document, it's Forbidden about the authorization.
The identity was successfully authenticated but it is not authorized to perform the requested action.
Maybe there is a miss-configuration of the admin's roles in keystone, you should check it in database first.
Ok thanks for your answers.
I finally managed to play with load balancers using neutron cli:
$ neutron
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
(neutron) lbaas-loadbalancer-list
+--------------------------------------+------------------------+----------------+---------------------+----------+
| id | name | vip_address | provisioning_status | provider |
+--------------------------------------+------------------------+----------------+---------------------+----------+
| 00f3453d-8738-4eb6-b362-aefc8dfaeea6 | lb1 | 192.168.36.93 | ACTIVE | haproxy |
| 090e062d-d6cc-4ebe-bcbf-165d5c21051d | lb2 | 192.168.36.169 | ACTIVE | haproxy |
| 0c244567-8f49-4be0-9055-17fa903d4619 | lb3 | 192.168.36.43 | ACTIVE | haproxy |
I just installed this plugin to monitor SQL errors:
https://mariadb.com/kb/en/sql-error-log-plugin/
but I can't for the life of me find anything on how to modify the default system variables for that error log plugin, and where.
Anyone?!
You can't modify error plugin log variables via SQL statements. They are either read-only and/or they need to be specified at startup (see source code).
So you have to pass these values either to mariadbd/mysqld or you have to specify these in your configuration file.
Example in /etc/my.cnf:
[server]
sql-error-log-filename=foo.log
sql-error-log-rotate=ON
restart server and check the values
MariaDB [test]> show variables like 'sql_error%';
+--------------------------+---------+
| Variable_name | Value |
+--------------------------+---------+
| sql_error_log_filename | foo.log |
| sql_error_log_rate | 1 |
| sql_error_log_rotate | ON |
| sql_error_log_rotations | 9 |
| sql_error_log_size_limit | 1000000 |
+--------------------------+---------+
My Project and Admin panel's resource can not be retrieve, but Identity resource can be retrieve, after I use the openstacksdk change the password:
conn.identity.update_user(user_id, password=new_password) # after this step, the Project and Admin resources can not be retrieved.
Now my Project and Admin's resources can not be retrieved:
But the Identity resources can retrieve:
And please attention, when I login the openstack dashboard, I still use the old_password, can not use the new_password login the openstack dashboard.
And, if I use the conn.identity.update_user method change to the old_password, then the issue will gone, there will become normal.
EDIT -1
I use the command :
openstack role assignment list --names
to check the role assignment list:
[root#controller ~]# openstack role assignment list --names
+-------+-------------------+-------+-----------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+-------+-------------------+-------+-----------------+--------+-----------+
| user | demo#Default | | demo#Default | | False |
| admin | nova#Default | | service#Default | | False |
| admin | cinder#Default | | service#Default | | False |
| admin | glance#Default | | service#Default | | False |
| admin | placement#Default | | service#Default | | False |
| admin | neutron#Default | | service#Default | | False |
| admin | admin#Default | | admin#Default | | False |
+-------+-------------------+-------+-----------------+--------+-----------+
This sounds like a roles issue. I would use one of the OpenStack CLI to check out the roles:
openstack role assignment list --names
Something like that assuming a recent version of OpenStack. I don't know enough about Horizon to know what roles are needed to view those pages.
I changed pulling intervals in /etc/ceilometer/pipeline.yaml file from 600 to 60 and can't make the service to use new values. I restarted everything that relates to ceilometer in openstack-status command, but that did not work. Can somebody tell me the proper way how to do it?
I am using Openstack Liberty on Ubuntu 14.04 LTS
root#OS1:~# openstack service list
+----------------------------------+------------+---------------+
| ID | Name | Type |
+----------------------------------+------------+---------------+
| 056fcccaad5c4991a8a0da199ed1d737 | cinderv2 | volumev2 |
| 483a0cd1ba79430690a8960ae3d40222 | glance | image |
| 5c704fc9253e4c15895589eb19fab2ac | keystone | identity |
| 92bfcfb417314e80a43e6e7d4d21f99b | nova | compute |
| a7a3809d73674d3da3fbe8030b47055a | horizon | dashboard |
| c21b5e3c9d68417cb11df60d72f9bb58 | heat | orchestration |
| c7030edb082346328a715b00098b974a | neutron | network |
| d331f5360e2b4d3a854e7f47107a9421 | ec2 | ec2 |
| f0a22f827bed43dbbc43822abfc3e3e0 | ceilometer | metering |
+----------------------------------+------------+---------------+
root#OS11:~# openstack-status
.
.
.
== Ceilometer services ==
ceilometer-api: active
ceilometer-agent-central: active
ceilometer-agent-compute: inactive (disabled on boot)
ceilometer-collector: active
ceilometer-alarm-notifier: active
ceilometer-alarm-evaluator: active
ceilometer-agent-notification:active
.
.
.
Well, you need to restart ceilometer-agent-notification service because this service is responsible for transforming the data into samples in the ceilometer database.
Thus, systemctl restart ceilometer-agent-notification.service will help along with restarting other services.
Since ceilometer-agent-compute service is disabled, you just need to restart ceilometer-agent-central service on the node you have modified the config file.
sudo service ceilometer-agent-central restart
You might want to auto reload pipelines after you modify it, for that, you can set refresh_pipeline_cfg=True and a proper time for pipeline_polling_interval such as 120 seconds in /etc/ceilometer/ceilometer.conf.
Note, be careful when you enable auto reload, and only save pipeline config file after you are sure about the content is right (otherwise it might lose 1 polling period data)
Ubuntu Server 14.04. Installed the latest DevStack. At the end of the installation it gave me admin & demo user/passwords and an auth URL. My intention is to create a tenant and a user. Here is what I do.
$: cat env.sh
export OS_AUTH_URL=http://10.0.3.15:5000/v2.0
export OS_USERNAME=admin
export OS_PASSWORD=8adb0ddg3b6ef3dc78ac
$:
$: source env.sh
$:
$: keystone tenant-list
+----------------------------------+-------+---------+
| id | name | enabled |
+----------------------------------+-------+---------+
| 7920e943bd1742e198ea78f8453534d5 | admin | True |
| 435d9b5ce34f430ea50e4643d33230e7 | demo | True |
+----------------------------------+-------+---------+
$: keystone tenant-create --name=ten1
$: keystone tenant-list
+----------------------------------+-------+---------+
| id | name | enabled |
+----------------------------------+-------+---------+
| 7920e943bd1742e198ea78f8453534d5 | admin | True |
| 435d9b5ce34f430ea50e4643d33230e7 | demo | True |
+----------------------------------+-------+---------+
$:
Why does tenant-list display user list? Why doesn't tenant-create say anything?
Am I missing any basic concepts?
In DevStack, the starter user names match the project/tenant user names. You can create more users with different tenant names using the docs such as http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-users.html.
I think what you're missing is linking a user to the tenant with:
$ keystone user-create --name=fred --pass=SOME_PASS --email=SOME_EMAIL
$ keystone user-role-add --user=fred --role=_member_ --tenant=ten1
When you execute stack.sh in devstack, it creates various tenants for you like admin,demo,service etc. Along with tenants, it creates users like admin,demo and service users.
With the pre-req data, once can try out admin operations and member operations.
if you wish you to have your own user and tenant , you can execute the below after sourcing openrc/env
//Create a tenant
keystone tenant-create --name <tenantName>
//Create a User in a tenant
keystone user-create --name <username> --pass <password> --tenant <tenantName>
//Assign a role for a user for a specific tenant
keystone user-role-add --user <username> --tenant <tenantName> --role <roleName>