I am new to Openstack. I installed Openstack using Packstack in my CentOS machine. When I try to login using the default keystone_admin credentials, it showed a server error.
Here is my keystone.log file. Can somebody help?
2020-05-07 03:13:57.097 2303 WARNING keystone.server.flask.application [req-8c75dc88-73f3-4605-8a6b-3ba515d9fd84 3a3280ddae08412ab1145c193b587161 - - default -] Authorization failed. The request you have made requires authentication. from 192.168.225.30: Unauthorized: The request you have made requires authentication.
2020-05-07 03:13:57.235 2300 WARNING keystone.common.rbac_enforcer.enforcer [req-d1a5e980-617f-48d4-8322-40b0aa068140 3a3280ddae08412ab1145c193b587161 - - default -] Deprecated policy rules found. Use oslopolicy-policy-generator and oslopolicy-policy-upgrade to detect and resolve deprecated policies in your configuration.
Link to picture
try to find any rc files in your /root folder.
the file name is similar with openrc or adminrc
$ .openrc
$ try some openstack command
and it will succeed.
Related
I am running nginx-ingress v0.44.0 on Kubernetes version v1.20.2, install ingress using helm chat ingress-nginx-3.23.0. nginx taking the traffic from the log file I see this error message.
E0209 23:21:41.300842 6 token_source.go:152] Unable to rotate token: failed to read token file "/var/run/secrets/kubernetes.io/serviceaccount/token": open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied
E0209 23:21:41.316286 6 token_source.go:152] Unable to rotate token: failed to read token file "/var/run/secrets/kubernetes.io/serviceaccount/token": open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied
Nignx is running uid 101 but serviceaccount directory owned by root user.
How to fix this error message?
Thanks
It's kinda odd, as I've tested I haven't experienced such a error.
You could use securityContext, set
fsGroup: 101 or
runAsUser/runAsGroup
But still the ingress-nginx sets appropriate securityContext (for example to bind on 80/443), so it should work.
As #sfgroups mentioned solution is to make nignx not running uid 101 but 0.
Add flag to installation command: --set controller.image.runAsUser=0.
Read: helm-nginx-ingress-installation.
I host a web site with Nginx in Debian in google cloud.
when I install code server and i visit: my_ip:8443, chrome replied with: ERR_CONNECTION_TIMED_OUT.
when I execute the command code-server:
INFO code-server v1.1156-vsc1.33.1
INFO Additional documentation: http://github.com/cdr/code-server
INFO Initializing {"data-dir":"/home/naji/.local/share/code-server","extensions-dir":"/home/naji/.local/share/code-server/extensions","working-dir":"/","log-dir":"/home/naji/.cache/code-server/logs/20190723145420188"}
INFO Starting webserver... {"host":"0.0.0.0","port":8443}
WARN No certificate specified. This could be insecure.
WARN Documentation on securing your setup: https://github.com/cdr/code-server/blob/master/doc/security/ssl.md
INFO
INFO Password: ******************
INFO
INFO Started (click the link below to open):
INFO https://localhost:8443/
INFO
INFO Starting shared process [1/5]...
WARN stderr {"data":"(node:17025) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.\n"}
INFO Connected to shared process
what is the solution ?
I am currently trying to install Openstack for the first time.
I followed the installation guide given by Openstack (here)
The basic setup is done , and I am now trying to install the four "basic" services of Openstack : Keystone, Glance , Nova and Neutron.
But I have an error with Keystone , I followed the tutorial , but when I am trying to test Keystone , by launching even the simplest command (openstack role create myrole for example)
I have the following message
The request you have made requires authentication. (HTTP 401) (Request-ID: req-e9164787-381f-4f69-af7f-7ea4932c3a0b)
You can find here all the command I previously entered here , here is the command openstack domain list --debug output and here the Keystone.log
As you can see in the keystone.log , I have the message
2019-01-16 20:45:53.064 7056 WARNING keystone.auth.core [req-fd1b7466-cf24-406f-82ce-2549156ae4d6 - - - - -] Could not find domain: default.: DomainNotFound: Could not find domain: default.
It seems that Keystone do not know the Default Domain , how can I change that.
I have already tried "Default" and "default' (with and without the lower-case) , but no change.
I cannot even create another domain , or create a Token (I read on other thread that it might be the problem source)
Let me know if you need anything more , and thanks in advance !
I followed https://www.theurbanpenguin.com/installing-devstack-on-ubuntu-16-04/ tutorial to install devstack(queens release) on my Ubuntu 16.04 server.
After the installation was done I ran the following commands
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=<password>
export OS_AUTH_URL=http://server-ip:5000/v2.0
openstack image create --public --disk-format qcow2 --container-format bare --file /home/cse3/ubuntu_images/ubuntu-14.04-server-cloudimg-amd64-disk1.img ubuntu
But whenever I open http://server-ip:5000/v2.0 in my browser I am getting unable to connect error.
When I create an image from the command line I get the following message
Failed to discover available identity versions when contacting http://server-ip:5000/v2.0. Attempting to parse version from URL.
Unable to establish connection to http://server-ip:5000/v2.0/tokens: HTTPConnectionPool(host='server-ip', port=5000): Max retries exceeded with url: /v2.0/tokens (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f84ebecabd0>: Failed to establish a new connection: [Errno 111] Connection refused',))
Can anyone suggest what steps need to be followed to remove this error?
After installing the Devstack, you should be able to view the OpenStack dashboard at http://server-ip if the server-ip is a public IP. The AUTH_URL is for you to authorize the API when you are using the SDK or the client library. And this is actually how the dashboard (Horizon) works with the Keystone identity service.
If the server_ip is not a public IP, you need to set up a proxy port in your server and your browser.
It's because the identity API changed from
export OS_AUTH_URL=http://server-ip:5000/v2.0
to
export OS_AUTH_URL=http://server-ip/identity
You can get more from the OpenStack Doc
Check your httpd is running
systemctl status httpd
If it is exited or not started .
Enable the httpd
systemctk s
I am trying on an application and previously it worked and the data was able to be persisted into MongoDB. But recenntly , we had a change of router and thus we went ahead to regenerate SDK and etc but we still has the connection error.
Error :
2017/01/26 9:24:27 [WARNING] [kaa_bootstrap_manager.c:612] (-7) - Could not find next Bootstrap access point (protocol: id=0x56C8FF92, version=1)
2017/01/26 9:24:27 [ERROR] [kaa_tcp_channel.c:307] (-7) - Kaa TCP channel [0x929A2016] error notifying bootstrap manager on access point failure
2017/01/26 9:24:27 [ERROR] [kaa_client.c:240] (-7) - Failed to process OUT event for the client socket 3
And thus , we went ahead with troubleshooting where one of the staffs i emailed passed me a link for troubleshooting .
https://kaaproject.github.io/kaa/docs/v0.10.0/Administration-guide/Troubleshooting/
I followed already but i had an error where im stucked with writing 'kaa-node restart' to restart the node service.
Here are the commands for troubleshooting:
Connect to your Kaa Sandbox via ssh:
$ ssh kaa#<YOUR-SANDBOX-IP>
password: kaa
Stop the Kaa service:
$ sudo service kaa-node stop
Clear the Kaa logs:
$ sudo rm -rf /var/log/kaa/*
Start the Kaa service:
$ sudo service kaa-node start
I typed 'sudo service kaa-node start'. it gave me:
kaa#kaa-sandbox.kaaproject.org:~$ sudo service kaa-node start
* Starting Kaa Node daemon (kaa-node):
/bin/bash: /var/log/kaa/kaa-node-server.init.log: Permission denied
Try verifying the Kaa host on the Management page. Also, the Sandbox Web UI (the Management page) is able to restart all the necessary Kaa services on the Sandbox after the Kaa host change.
Please note that the Kaa host should match the PC host IP address accessible from the network your applications are running in.
Please try and let me know if this works for you.