Re: [Openstack] heat-watch problem
On Wed, Jul 03, 2013 at 04:21:38PM +0200, Michaël Van de Borne wrote: Hello Steven, I'm mikemowgli from IRC. As requested, here are the logs. 1. First, here's a stack trace I*get in my shell periodically (once per minute approximately), but not in the logs: * http://pastebin.com/kPswnGNL (this might not be related to cloudwatch as I got this permanently) This is due to https://bugs.launchpad.net/heat/+bug/1196618 Which is now fixed in heat master, and it is unrelated to the heat-watch authentication failure 2. Then, here is the error I get when I perform a heat-watch command. The logs of engine and cloudwatch are in attachment. In order to minimize their size, I launched and killed the daemons for this single heat-watch command. It seems that my AWS creds are accepted, but that the user does have enough permissions. However, in keystone, the heat user is admin of the service tenant. The config files of engine, cloudwatch and boto (2.9.0) are also in attachment. As confirmed on IRC (repeated here for the benefit of others), the reason is that your user associated with the ec2 keypair has the heat_stack_user role, which is intended to be reserved for users created as part of a heat stack (where the credentials are deployed inside an implicitly untrusted instance). The clues are (from api-cloudwatch.log) 2013-07-03 16:12:13.358 27398 INFO heat.api.aws.ec2token [-] AWS authentication successful. which proves the ec2 keypair and resulting signed request via boto is OK Then we get User is not authorized to perform action response, but with no corresponding log message in the engine.log - so it's the policy.json rules which limit access to in-instance heat_stack_users which is preventing access, here's the rule in the /etc/heat/policy.json: deny_stack_user: not role:heat_stack_user, ... cloudwatch:DeleteAlarms: rule:deny_stack_user, cloudwatch:DescribeAlarmHistory: rule:deny_stack_user, cloudwatch:DescribeAlarms: rule:deny_stack_user, cloudwatch:DescribeAlarmsForMetric: rule:deny_stack_user, cloudwatch:DisableAlarmActions: rule:deny_stack_user, cloudwatch:EnableAlarmActions: rule:deny_stack_user, cloudwatch:GetMetricStatistics: rule:deny_stack_user, cloudwatch:ListMetrics: rule:deny_stack_user, cloudwatch:PutMetricAlarm: rule:deny_stack_user, cloudwatch:PutMetricData: , cloudwatch:SetAlarmState: rule:deny_stack_user As you can see, the policy only allows users with the heat_stack_user role to access the PutMetricData action, which is the only action required by the in-instance user (for the cfn-push-stats agent) So no real users should ever have the heat_stack_user role, it should be reserved for use inside heat. Steve ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Scaling
On Mon, Jul 01, 2013 at 08:48:24AM +, John Ashford wrote: I am a newbie and trying to understand how to scale. If i have a web server on a VM within Openstack is it done by simply assigning more cores to the web server VM? And is there a way to do so automatically within Openstack? And when you reach the maximum number of cores on one physical machine, can you spread load across multiple physical machines without a load balancer in front? There are several ways you could approach this problem, but I'll mention the AutoScaling capability provided by heat, as it does exactly what you want AFAICT. We provide orchestration capabilities which allow you to spin up groups of instances, e.g running web server applications, and balance requests via another instance running a simple haproxy based loadbalancer (so you don't need an actual physical loadbalancer appliance). You can use the AutoScaling functionality without any loadbalancer resource if you wish, such as in the OpenShift demo linked below (where the broker node is doing the load balancing) The trigger for scaling out can either be manual (using the InstanceGroup resource combined with stack updates), or automatic (using the AutoScalingGroup resource combined with alarms. There are example templates in the heat-templates repository: https://github.com/openstack/heat-templates/blob/master/cfn/AutoScalingMultiAZSample.yaml Here are some demo videos which describe/demonstrate this feature in more detail: http://www.youtube.com/watch?v=9lLSZi6njq4 http://www.youtube.com/watch?v=nEzK-2lsEVgfeature=youtu.bet=34m35s HTH, Steve ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] cloud-init on SL6 unable to access metadata server
On Wed, Jun 05, 2013 at 09:25:17AM -0700, Justin Chiu wrote: Hi all, I sent this message out a few days ago. I am still trying to figure out what is going on. Any advice would be much appreciated. -- I am having some issues with cloud-init being unable to contact the metadata server. cloud-init built into a base Scientific Linux 6.4 image with Oz. Any ideas on what might be the cause? Can you confirm the version of cloud-init and python-boto in your image? I found on Fedora that cloud-init 0.7.x only works with newer ( 2.6.0) boto versions. Getting the wrong combination can lead to the sort of problems you're seeing IME. Steve ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] ceilometer and heat tutorial
On Fri, Apr 26, 2013 at 05:02:54PM +0200, Michaël Van de Borne wrote: Hi all, I'm looking for install and usage tutorials for ceilometer and heat. The best I could find so far are these: - ceilometer: http://docs.openstack.org/developer/ceilometer/install.html - heat: https://wiki.openstack.org/wiki/Heat/GettingStartedUsingMasterOnUbuntu Unfortunately, they seem to be intended for developers. Still have to git clone the softwares. I'm looking for tutorials like this one: http://docs.openstack.org/trunk/basic-install/content/ (using apt-get, telling how to configure everything on every node, and finishing with a simple use case to validate the installation). Does anyone have something like this? For Heat, the we don't yet have this sort of package-orientated documentation, for Ubuntu this is because heat is not yet packaged for Ubuntu, it is now in Debian Experimental though: https://launchpad.net/debian/experimental/+source/heat/2013.1-1 Heat is packaged for Fedora, there are some instructions here: http://fedoraproject.org/wiki/Test_Day:2012-09-18_OpenStack HTH, Steve ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Heat PTL candidacy
Hi! I'd like to propose myself as a candidate for the Heat PTL role, ref Thierry's nominations email [1] I've been professionally involved with software engineering for around 13 years, working in a variety of industries, from embedded/kernel development to big-enterprise customer-facing consulting. Having been involved with the Heat project from very near the start, I've been part of the strong core team who are making this project grow from a good idea into something people can actually use (and are using!). I have a deep understanding of our current code-base, and a clear view of our future roadmap (and the challenges we face!), so I believe I am in a good position to step into the role Steve Dake was unfortunately unable to continue with, and do what is required to enable the Heat project to deliver another successful release for Havana. Having attended the summit last week, I have to say I'm even more driven and enthusiastic about the project, so much great feedback and ideas from our users and potential contributors. I look forward to developing more features our users want, and encouraging much wider community participation in the project over the next few months. Thanks! Steve Hardy [1] http://lists.openstack.org/pipermail/openstack-dev/2013-April/007724.html ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Heat PTL candidacy
Repost to correctly include openstack-dev on Cc On Tue, Apr 23, 2013 at 02:45:31PM +0100, Steven Hardy wrote: Hi! I'd like to propose myself as a candidate for the Heat PTL role, ref Thierry's nominations email [1] I've been professionally involved with software engineering for around 13 years, working in a variety of industries, from embedded/kernel development to big-enterprise customer-facing consulting. Having been involved with the Heat project from very near the start, I've been part of the strong core team who are making this project grow from a good idea into something people can actually use (and are using!). I have a deep understanding of our current code-base, and a clear view of our future roadmap (and the challenges we face!), so I believe I am in a good position to step into the role Steve Dake was unfortunately unable to continue with, and do what is required to enable the Heat project to deliver another successful release for Havana. Having attended the summit last week, I have to say I'm even more driven and enthusiastic about the project, so much great feedback and ideas from our users and potential contributors. I look forward to developing more features our users want, and encouraging much wider community participation in the project over the next few months. Thanks! Steve Hardy [1] http://lists.openstack.org/pipermail/openstack-dev/2013-April/007724.html -- Steve Hardy Red Hat Engineering, Cloud ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] How to make HA between VMs in the openstack
On Mon, Apr 08, 2013 at 07:23:08PM +0800, Lei Zhang wrote: Hi Syed, Thanks for you quickly reply. But What I want is HA between VMs not HA between Physical Machine(Openstack Node/ Services) You may be interested in the Heat HA features since we implement a simple HA capability: https://wiki.openstack.org/wiki/Heat/Using-HA Steve ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Heat] Problem with visit 169.254.169.254 from VM
On Thu, Mar 07, 2013 at 09:09:57AM +0800, 蒋闻天 wrote: Hi everyone, I have a problem when i use devstack to test heat and quantum. This is my localrc DATABASE_PASSWORD=nova RABBIT_PASSWORD=nova SERVICE_TOKEN=nova SERVICE_PASSWORD=nova ADMIN_PASSWORD=nova SCREEN_LOGDIR=/var/log/devstack ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng ENABLED_SERVICES+=,quantum,q-svc,q-agt,q-dhcp,q-l3,q-meta ENABLED_SERVICES-=n-net This last line looks like invalid bash syntax? Try: ENABLED_SERVICES=$(echo $ENABLED_SERVICES | sed 's/n-net//') I suspect the problem is you have quantum and nova networking enabled due to this bash error in the localrc Steve ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [heat] Grizzly-2 development milestone available for Heat
On Mon, Jan 14, 2013 at 01:20:09PM -0200, Martinx - ジェームズ wrote: Hi! Is Grizzly-2 available on Ubuntu Raring Ringtail (13.04) daily builds? Tks! Thiago Since your question is in response to the Heat Grizzly-2 announcement, I should point out that Heat is not packaged for Ubuntu (yet!), so you will have to download the tarball and install from source to evaluate this release. Tarball: https://launchpad.net/heat/grizzly/grizzly-2 Install procedure should be the similar to: http://wiki.openstack.org/Heat/GettingStartedUsingMasterOnUbuntu Assuming you already have a functional openstack installation, you can start at Install Heat from master and skip the git clone (just untar the tarball instead) This should be an interim solution as packaging for Ubuntu is in-progress: https://bugs.launchpad.net/heat/+bug/1083501 Steve ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Problems with Fn::Join
On Fri, Dec 14, 2012 at 09:57:42AM +0100, Patrick Petit wrote:
Hi,
We are seeing a new behavior with Fn::Join in user-data block that
makes our script fail to run. Previous behavior was that no white
space nor line breaks were inserted after a coma (',') or line ends.
But now it's inserting white space plus line break after ','
separated elements... Do you have any idea why?
Thanks
Patrick
_Exemple_:
Fn::Join:[
\n,
Here you are specifying \n as the delimiter, so the fields are being
joined by a newline. If you replace the \n with then no newline will
be inserted.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-join.html
HTH,
--
Steve Hardy
Red Hat Engineering, Cloud
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
