I have followed the following Guide for Setup of designate.
http://docs.openstack.org/developer/designate/install/ubuntu.html
Above guide is having the exact workflow what I was looking for.
I need to setup Designate using PowerDns Backend. It provides way for doing the same.
But In case of Registering Designate with Keystone it lacks in Detail.
Please some one help me regarding the same.
Now I am trying to access http://IP.Address:9001/v2/command.
It gives error as follows:
Authentication required
Error log from designate-api:
2015-10-20 03:58:36.917 20993 WARNING keystoneclient.middleware.auth_token [-] Unable to find authentication token in headers
2015-10-20 03:58:36.917 20993 INFO keystoneclient.middleware.auth_token [-] Invalid user token - rejecting request
2015-10-20 03:58:36.917 20993 INFO eventlet.wsgi [-] 61.12.45.30 - - [20/Oct/2015 03:58:36] "GET /v1/ HTTP/1.1" 401 217 0.000681
I found the way for doing the same.
Here it is detailed steps attached.
Registering keystone with designate:
Kestone Setup:
apt-get install keystone
Edit /etc/keystone/keystone.conf and change the [database] section:
connection = mysql://keystone:keystone#localhost/keystone
rm /var/lib/keystone/keystone.db
$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'#'localhost' \
IDENTIFIED BY 'keystone';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'#'%' \
IDENTIFIED BY 'keystone';
mysql> exit
pip install mysql-python
su -s /bin/sh -c "keystone-manage db_sync" keystone
Execute the following command note down the value:
openssl rand -hex 10
Edit /etc/keystone/keystone.conf and change the [DEFAULT] section, replacing ADMIN_TOKEN with the results of the command:
[DEFAULT]
# A "shared secret" between keystone and other openstack services
admin_token = ADMIN_TOKEN
Configure the log directory. Edit the /etc/keystone/keystone.conf file and update the [DEFAULT] section:
[DEFAULT]
...
log_dir = /var/log/keystone
service keystone restart
Users tenants service and endpoint creation:
export OS_SERVICE_TOKEN=token_value
(please edit the token value generated above)
export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0
keystone tenant-create --name service --description "Service Tenant" --enabled true
keystone service-create --type dns --name designate --description="Designate"
keystone endpoint-create --service designate --publicurl http://127.0.0.1:9001/v1 --adminurl http://127.0.0.1:9001/v1 --internalurl http://127.0.0.1:9001/v1
keystone user-create --name dnsaas --tenant service --pass dnsaas --enabled true
keystone role-create --name=admin
keystone user-role-add --user dnsaas --tenant service --role admin
apt-get install python-designateclient
Create an openrc file:
$ vi openrc
export OS_USERNAME=dnsaas
export OS_PASSWORD=dnsaas
export OS_TENANT_NAME=service
export OS_AUTH_URL=http://localhost:5000/v2.0/
export OS_AUTH_STRATEGY=keystone
export OS_REGION_NAME=RegionOne
source an openrc file:
. openrc
Note :
Execute or restart the designate-central and designate-api services.
designate domain-list command
designate domain-list
Above command is not returing any errors means fine to go.
Related
I am trying to create a sql user which has the sole role of performing the login procedure but I keep getting the same error: Access denied for user 'login'#'localhost' (using password: YES)
I created the user like this:
CREATE USER IF NOT EXISTS 'user'#'%' IDENTIFIED BY 'password';
GRANT EXECUTE ON procedure `table`.`login` TO 'user'#'%';
If I try to login via terminal or mysql workbench or use the mysql_real_connect() function in my C client, i always get the same error.
I solved it by reinstalling mariadb and using the following commands:
mysql_upgrade -u root -p
chown mysql:mysql /var/lib/mysql -R
systemctl enable mysqld
systemctl start mysqld
My system is arch linux, this can also be useful to better manage the installation of mysql or mariadb: https://wiki.archlinux.org/index.php/MySQL
I'm facing issue while integrating spinnaker with Nexus.
Basically, here is my process - Building docker image using Jenkins and uploading to Nexus. Next, want to trigger spinnaker pipelines based on new image available on Nexus to deploy apps on kubernetes.
I've used these 2 commands
hal config provider docker-registry enable
hal config provider docker-registry account add my-docker-registry \
--address <pvtIP>:9082 \
--repositories repository/<repoName> \
--username <userName> \
--password
Getting error as below
+ Get current deployment
Success
- Add the my-docker-registry account
Failure
Problems in default.provider.dockerRegistry.my-docker-registry:
! ERROR Unable to fetch tags from the docker repository:
repository/test-docker-snapshots/, Unrecognized SSL message, plaintext
connection?
? Can the provided user access this repository?
- WARNING None of your supplied repositories contain any tags.
Spinnaker will not be able to deploy any docker images.
? Push some images to your registry.
- Failed to add account my-docker-registry for provider
dockerRegistry.
is it mandatory to have nexus on HTTPS ? I'm running on http, and using in internal network only...
please advise.. thanks..
If your nexus repo is running on HTTP then you should set --insecure-registry flag in your command. So you would final command would be as follows:
hal config provider docker-registry account add my-docker-registry \
--address <pvtIP>:9082 \
--repositories repository/<repoName> \
--insecure-registry true \
--username <userName> \
--password
I've tried changing the /etc/glance/policy.json and setting the following:
"publicize_image": "role:member",
And then restarting both the glance-api and glance-registry services but of course that would be too easy so it doesn't work :)
openstack image create --file gammy_image.iso JACOBS-GAMMY-IMAGE --public
403 Forbidden
You are not authorized to complete publicize_image action.
(HTTP 403)
I often upload image with command:
glance image-create --name "cirros" --file ./cirros.qcow2 --disk-format qcow2 --container-format bare --visibility public --progress
And it works fine, all users can see my image.
You have two options:
add the admin role to your user;
openstack role add --user USER_NAME --project PROJECT_NAME admin
remove the need for admin rights for this operation
As an administrator, edit the file /etc/glance/policy.json and change the following line:
"publicize_image": "role:admin",
With:
"publicize_image": "",
Then restart glance:
$ sudo glance-control all restart
I have created my Maria DB Instance under Centos 7 using the the following command
[username#localhost]$ sudo yum install mariadb-server
System Enabled and Started with the following Commands
sudo systemctl enable mariadb
sudo systemctl start mariadb
I have secured the installation with the following command
sudo mysql_secure_installation
The Server was secured and invoked the mysql prompt using
mysql -u root -p
There is no problem. I am able to use this command to get into SQL Command
However when I am trying to load tables, i am getting the following error
ERROR 1045 [28000]: Access Denied for user 'root#'localhost' (using
password: NO)
Unable to load data. What could be the solution
Thanks
Sreeram
Based on this link https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/blob/master/OpenStack_Folsom_Install_Guide_WebVersion.rst#openstack-folsom-install-guide , I tried running these scripts but it fails despite me setting the HOST_IP & EXT HOST_IP.
./keystone_basic.sh
./keystone_endpoints_basic.sh
Below is the error log received:-
-keystone:error:unrecognized arguments: service id of 18ea5916544429bed2c84af0303077
I have provide the information such as tenant_name, tenant_id and so on in a source file but it happens to be the script provided does not get recognized by the system. Below are the details of the OS I use.
I created VMs instead of using physical machines. Installed with Ubuntu 12.04 LTS.
Please advice on how to tackle this issue.
Thanks.
I had the same problem. I am using Ubuntu 12.04 LTS. After running:
keystone help user-create tenant id appears as follows:
Optional arguments:
...
--service_id <service-id>
Change --service-id to --service_id with a global replace
[Using command line]
# sed -i 's/--service-id/--service_id/g' /path/to/script.sh
restart keystone & It's database entries
mysql -u root -ppassword -e "drop database keystone"
mysql -u root -ppassword -e "create database keystone"
mysql -u root -ppassword -e "grant all privileges on keystone.* TO 'keystone'#'%' identified by 'password'"
mysql -u root -ppassword -e "grant all privileges on keystone.* TO 'keystone'#'localhost' identified by 'password'"
service keystone restart
keystone-manage db_sync