I have installed kilo devstack and have enabled the ceilometer. So It is showing me Resource Usage panel on Admin Dashboard. But my stats tab is not showing any graph for any matrix.
ceilometer.conf
[DEFAULT]
policy_file = /etc/ceilometer/policy.json
debug = True
verbose = True
notification_topics = notifications
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_userid = stackrabbit
rabbit_password = stackqueue
rabbit_hosts = 10.0.2.15
[service_credentials]
os_auth_url = http://10.0.2.15:5000/v2.0
os_region_name = RegionOne
os_tenant_name = service
os_password = nomoresecrete
os_username = ceilometer
[keystone_authtoken]
signing_dir = /var/cache/ceilometer
cafile = /opt/stack/data/ca-bundle.pem
auth_uri = http://10.0.2.15:5000
project_domain_id = default
project_name = service
user_domain_id = default
password = nomoresecrete
username = ceilometer
auth_url = http://10.0.2.15:35357
auth_plugin = password
[notification]
store_events = True
[database]
metering_connection = mongodb://localhost:27017/ceilometer
event_connection = mongodb://localhost:27017/ceilometer
alarm_connection = mongodb://localhost:27017/ceilometer
Please check How I enabled the ceilometer in openstack (kilo) dashboard
First go in devstack directory and search local.conf file
Paste the following content in local.conf
# Enable the ceilometer metering services
enable_service ceilometer-acompute ceilometer-acentral ceilometer-anotification ceilometer-collector
# Enable the ceilometer alarming services
enable_service ceilometer-alarm-evaluator,ceilometer-alarm-notifier
# Enable the ceilometer api services
enable_service ceilometer-api
Run the following command in devstack directory
./unstack.sh ./rejoin-stack.sh
My dashboard is showing the Resource usage in admin section but it is not showing any graph regarding the resource usage on stats tab. Please help me on this.
Stats Tab on Resource Usage is not showing any graph for any matrix, Please see the image.
Related
I am trying to access a shared folder using unc path on server2 from clientX via WinRS to server1.
clientX -> server1 -> server2
My issue is basically the same as Can WinRS access UNC paths?
However, the solution there does not work for me although I followed all available instructions regarding WinRM and CredSSP configurations on clientX and server1 and it appears that everything was done as intended.
hostname of clientX is 'clientX' (acquired from cmd command 'hostname')
full computer name of clientX is 'clientX' (acquired from control panel > system)
user domain of clientX is 'CLIENTX' (acquired from cmd command 'echo %userdomain%')
hostname of server1 is 'server1' (acquired from cmd command 'hostname')
full computer name of server1 is 'server1' (acquired from control panel > system)
user domain of server1 is 'SERVER1' (acquired from cmd command 'echo %userdomain%')
the unc path on server2 is \SERVER2\sharedF\test
on server1, I can successfully run the command:
dir \\SERVER2\sharedF\test
on clientX, I can successfully run the command:
dir \\SERVER2\sharedF\test
aswell (as it also is connected to server2 directly).
on clientX, I can successfully run the command:
winrs.exe -r:http://SERVER1:5985 -u:adminOnserver1 -p:pass4server1 "dir c:"
on clientX, I fail to run the command:
winrs.exe -r:http://SERVER1:5985 -u:adminOnserver1 -p:pass4server1 "dir \\SERVER2\sharedF\test"
as I get the error message "access is denied". And that is the problem.
on clientX, the power shell command "Get-WSManCredSSP" returns:
The machine is configured to allow delegating fresh credentials to the following target(s): wsman/SERVER1
This computer is not configured to receive credentials from a remote client computer.
on clientX, the cmd command "winrm get winrm/config" returns:
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = 200.0.0.145,CLIENTX,200.0.0.159,SERVER1
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
on server1, the power shell command "Get-WSManCredSSP" returns:
The machine is not configured to allow delegating fresh credentials.
This computer is configured to receive credentials from a remote client computer.
on server1, the cmd command "winrm get winrm/config" returns:
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = 200.0.0.145,CLIENTX,200.0.0.159,SERVER1
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
on server1, the cmd command "winrm e winrm/config/listener" returns:
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, 169.254.229.41, 200.0.0.159, ::1, fe80::5465:9195:eabb:b7e7%11, fe80::c056:f6db:8f7f:e529%9
Did I do anything wrong? Any ideas?
I followed the common, basic instructions from microsoft and the solution from Can WinRS access UNC paths? and used commands like "Enable-WSManCredSSP -Role "Server"" , "Enable-WSManCredSSP -Role Client -DelegateComputer SERVER1", "winrm quickconfig".
In order to connect Nova-compute to the controller, I would like to install it from source on Ubuntu 20.04. The controller is an all-in-one Devstack.
apt install nova-compute
You can see the configuration of this node below
stack#compute:~# cat /etc/nova/nova-cpu.conf
[DEFAULT]
transport_url = rabbit://stackrabbit:PASSWORD#172.17.0.3:5672/
my_ip = 172.17.0.4
[oslo_messaging_notifications]
transport_url = rabbit://stackrabbit:PASSWORD#172.17.0.3:5672/
driver = messagingv2
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://172.17.0.3/identity
auth_url = http://172.17.0.3/identity
memcached_servers = 172.17.0.3:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = PASSWORD
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://172.17.0.3:6080/vnc_auto.html
[glance]
api_servers = http://172.17.0.3:9292
[oslo_concurrency]
lock_path = /opt/stack/data/nova
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://172.17.0.3/identity
username = placement
password = PASSWORD
The controller does not recognize this compute node with the following command.
stack#controller:~$ ./devstack/tools/discover_hosts.sh
Found 0 unmapped computes in cell: 47b7379b-c66c-4d32-adec-xxxxxxxxxx
stack#cntr:~$
Is there a requirement for identifying this node in the controller?
It would be nice if I could configure and install nova-compute separately from devstack.
I am trying to configure gateway access log of wso2 apim (4.0.0) to be written to a separate log file every day so that it should contain api username and api name in a log file. To form the structure of the log file I followed the answer of following question.
The log file structure I have as below:
datetime | remoteIp | username | invoked_api_name | api_url | request | response
Now all entries is being written in wso2carbon.log
I would like it to be written in a file with following pattern:
custom_access_log_gwyyyy-mm-dd.log
Any help is welcome!
You can introduce an extra Log Appender to log the specific Handler logs in it. Find sample instructions below
Open the <apim>/repository/conf/log4j2.properties and add the following to create a Log Appender
appender.APIHANDLER_LOG.type = RollingFile
appender.APIHANDLER_LOG.name = APIHANDLER_LOG
appender.APIHANDLER_LOG.fileName = ${sys:carbon.home}/repository/logs/api-log.log
appender.APIHANDLER_LOG.filePattern = ${sys:carbon.home}/repository/logs/api-log-%d{MM-dd-yyyy}.log
appender.APIHANDLER_LOG.layout.type = PatternLayout
appender.APIHANDLER_LOG.layout.pattern = TID: [%tenantId] [%appName] [%d] %5p {%c} - %m%ex%n
appender.APIHANDLER_LOG.policies.type = Policies
appender.APIHANDLER_LOG.policies.time.type = TimeBasedTriggeringPolicy
appender.APIHANDLER_LOG.policies.time.interval = 1
appender.APIHANDLER_LOG.policies.time.modulate = true
appender.APIHANDLER_LOG.policies.size.type = SizeBasedTriggeringPolicy
appender.APIHANDLER_LOG.policies.size.size=10MB
appender.APIHANDLER_LOG.strategy.type = DefaultRolloverStrategy
appender.APIHANDLER_LOG.strategy.max = 20
appender.APIHANDLER_LOG.filter.threshold.type = ThresholdFilter
appender.APIHANDLER_LOG.filter.threshold.level = DEBUG
Add the created Appender to the appenders property at the top of the log4j2.properties
appenders=APIHANDLER_LOG, CARBON_CONSOLE, ..
Configure your package to log into the new Appender
logger.api-log-handler.name = com.sample.handlers.APILogHandler
logger.api-log-handler.level = DEBUG
logger.api-log-handler.appenderRef.APIHANDLER_LOG.ref = APIHANDLER_LOG
logger.api-log-handler.additivity = false
loggers = api-log-handler, AUDIT_LOG, ...
Save the configurations and invoke the API. Now the logs will be printed to a file called api-log.log.
My Postgres DB in GCP (Google Cloud Platform) only accepts connections over SSL.
I tried the below inside my node.conf without any success:
dataSourceProperties {
dataSourceClassName = "org.postgresql.ds.PGSimpleDataSource"
dataSource.url = "jdbc:postgresql://db-private-ip:5432/my_node"
dataSource.ssl = true
dataSource.sslMode = verify-ca
dataSource.sslRootCert = "/opt/corda/db-certs/server-ca.pem"
dataSource.sslCert = "/opt/corda/db-certs/client-cert.pem"
dataSource.sslKey = "/opt/corda/db-certs/client-key.pem"
dataSource.user = my_node_db_user
dataSource.password = my_pass
}
I'm sure that the keys (sslMode, sslRootCert, sslCert, and sslKey) are acceptable in node.conf (even though they are not mentioned anywhere in Corda docs), because in the logs I didn't get any errors that those key are not recognized.
I get this error when I try to start the node:
[ERROR] 21:58:48+0000 [main] pool.HikariPool. - HikariPool-1 - Exception during pool initialization. [errorCode=zmhrwq, moreInformationAt=https://errors.corda.net/OS/4.3/zmhrwq]
[ERROR] 21:58:48+0000 [main] internal.NodeStartupLogging. - Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.: Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database. [errorCode=18t70u2, moreInformationAt=https://errors.corda.net/OS/4.3/18t70u2]
I tried adding ?ssl=true to the end of the data source URL as suggested in (Azure Postgres Database requires SSL Connection from Corda) but that didn't fix the problem.
Also for the same values I'm able to use the psql client to connect my VM to the DB:
psql "sslmode=verify-ca sslrootcert=server-ca.pem sslcert=client-cert.pem sslkey=client-key.pem hostaddr=db-private-ip user=some-user dbname=some-pass"
Turns out the JDBC driver cannot read the key from a PEM file, it has to be converted to a DER file using:
openssl pkcs8 -topk8 -inform PEM -in client-key.pem -outform DER -nocrypt -out client-key.der
chmod 400 client-key.der
chown corda:corda client-key.der
More details here: https://github.com/pgjdbc/pgjdbc/issues/1364
So the correct config should look like this:
dataSourceProperties {
dataSourceClassName = "org.postgresql.ds.PGSimpleDataSource"
dataSource.url = "jdbc:postgresql://db-private-ip:5432/db-name"
dataSource.ssl = true
dataSource.sslMode = verify-ca
dataSource.sslRootCert = "/opt/corda/db-certs/server-ca.pem"
dataSource.sslCert = "/opt/corda/db-certs/client-cert.pem"
dataSource.sslKey = "/opt/corda/db-certs/client-key.der"
dataSource.user = db-user-name
dataSource.password = db-user-pass
}
Everything works well until we wanted to set the NB_USER to the logged in user. When changed the config to run as root and start.sh as default cmd, getting the below error in the log and the container is failing to start. Any help is highly appreciated
After running the container as root, getting the below log for the error:
Set username to: user1
Relocating home dir to /home/user1
mv: cannot move '/home/jovyan' to '/home/user1': Device or resource busy
Here is the config.yaml
singleuser:
defaultUrl: "/lab"
uid: 0
fsGid: 0
hub:
extraConfig: |
c.KubeSpawner.args = ['--allow-root']
c.Spawner.cmd = ['start.sh','jupyterhub-singleuser']
def notebook_dir_hook(spawner):
spawner.environment = {'NB_USER':spawner.user.name, 'NB_UID':'1500'}
c.Spawner.pre_spawn_hook = notebook_dir_hook
from kubernetes import client
def modify_pod_hook(spawner, pod):
pod.spec.containers[0].security_context = client.V1SecurityContext(
privileged=True,
capabilities=client.V1Capabilities(
add=['SYS_ADMIN']
)
)`enter code here`
return pod
c.KubeSpawner.modify_pod_hook = modify_pod_hook