[Yahoo-eng-team] [Bug 1501206] Re: router:dhcp ports are open resolvers
** Also affects: neutron (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers Status in neutron: Confirmed Status in OpenStack Security Advisory: Won't Fix Status in neutron package in Ubuntu: New Bug description: When configuring an public IPv4 subnet with DHCP enabled inside Neutron (and attaching it to an Internet-connected router), the DNS recursive resolver service provided by dnsmasq inside the qdhcp network namespace will respond to DNS queries from the entire Internet. This is a huge problem from a security standpoint, as open resolvers are very likely to be abused for DDoS purposes. This does not only cause significant damage to third parties (i.e., the true destination of the DDoS attack and every network in between), but also on the local network or servers (due to saturation of all the available network bandwidth and/or the processing capacity of the node running the dnsmasq instance). Quoting from http://openresolverproject.org/: «Open Resolvers pose a significant threat to the global network infrastructure by answering recursive queries for hosts outside of its domain. They are utilized in DNS Amplification attacks and pose a similar threat as those from Smurf attacks commonly seen in the late 1990s. [...] What can I do? If you operate a DNS server, please check the settings. Recursive servers should be restricted to your enterprise or customer IP ranges to prevent abuse. Directions on securing BIND and Microsoft nameservers can be found on the Team CYMRU Website - If you operate BIND, you can deploy the TCP-ANY patch» It seems reasonable to expect that the dnsmasq instance within Neutron would only respond to DNS queries from the subnet prefixes it is associated with and ignore all others. Note that this only occurs for IPv4. That is however likely just a symptom of bug #1499170, which breaks all IPv6 DNS queries (external as well as internal). I would assume that when bug #1499170 is fixed, the router:dhcp ports will immediately start being open resolvers over IPv6 too. For what it's worth, the reason I noticed this issue in the first place was that NorCERT (the national Norwegian Computer Emergency Response Team - http://www.cert.no/) got in touch with us, notifying us about the open resolvers they had observed in our network and insisted that we lock them down ASAP. It only took NorCERT couple of days after the subnet was first created to do so. Tore To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1242455] Re: The LBaaS VIP ports (device_owner=neutron:LOADBALANCER) appear in the Instances' "Manage Floating IP Associations" dialog
[Expired for OpenStack Dashboard (Horizon) because there has been no activity for 60 days.] ** Changed in: horizon Status: Incomplete => Expired -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1242455 Title: The LBaaS VIP ports (device_owner=neutron:LOADBALANCER) appear in the Instances' "Manage Floating IP Associations" dialog Status in OpenStack Dashboard (Horizon): Expired Bug description: Version === Havana on rhel Description === The LBaaS VIP ports appear in the Instances' "Manage Floating IP Associations" dialog for floating ip association, however they are not related to instances hence they should not appear there at all. Note that they appear with the "None" prefix (the prefix usually denotes the instance name). To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1242455/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1292624] Re: horizon messages not shown on redirect to logout
[Expired for OpenStack Dashboard (Horizon) because there has been no activity for 60 days.] ** Changed in: horizon Status: Incomplete => Expired -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1292624 Title: horizon messages not shown on redirect to logout Status in OpenStack Dashboard (Horizon): Expired Bug description: When a user is redirected to logout via the success_url of a form/action, any messages generated by the form/action workflow are not shown prior to logout, but instead are shown on the next login. This is not a problem for any current features, but will become a problem for future features that require a redirect to logout. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1292624/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1434241] Re: Internal Server Error while updating project quota when using Keystone LDAP backend
[Expired for OpenStack Dashboard (Horizon) because there has been no activity for 60 days.] ** Changed in: horizon Status: Incomplete => Expired -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1434241 Title: Internal Server Error while updating project quota when using Keystone LDAP backend Status in OpenStack Dashboard (Horizon): Expired Bug description: [Thu Mar 19 18:57:12.158459 2015] [:error] [pid 4777:tid 139987244758784] [Thu Mar 19 18:57:12.184901 2015] [:error] [pid 4777:tid 139987244758784] REQ: curl -i --insecure 'http://1.2.3.4:8774/v2/b41a90047bef4e7d9031cc72d692a5c5/limits' -X GET -H "Accept: application/json" -H "User-Agent: python-novaclient" -H "X-Auth-Project-Id: b41a90047bef4e7d9031cc72d692a5c5" -H "X-Auth-Token: {SHA1}b03c7bf01bdb967570a6497da2c7cea1ec452793" [Thu Mar 19 18:57:12.226996 2015] [:error] [pid 4777:tid 139987244758784] RESP: [200] {'date': 'Thu, 19 Mar 2015 18:57:12 GMT', 'connection': 'keep-alive', 'content-type': 'application/json', 'content-length': '512', 'x-compute-request-id': 'req-ce76d5d7-49df-4986-9738-d23c9953fbd7'} [Thu Mar 19 18:57:12.227025 2015] [:error] [pid 4777:tid 139987244758784] RESP BODY: {"limits": {"rate": [], "absolute": {"maxServerMeta": 128, "maxPersonality": 5, "totalServerGroupsUsed": 0, "maxImageMeta": 128, "maxPersonalitySize": 10240, "maxServerGroups": 10, "maxSecurityGroupRules": -1, "maxTotalKeypairs": 100, "totalCoresUsed": 8, "totalRAMUsed": 12432, "totalInstancesUsed": 8, "maxSecurityGroups": -1, "totalFloatingIpsUsed": 0, "maxTotalCores": -1, "totalSecurityGroupsUsed": 1, "maxTotalFloatingIps": 10, "maxTotalInstances": -1, "maxTotalRAMSize": -1, "maxServerGroupMembers": 10}}} [Thu Mar 19 18:57:12.227038 2015] [:error] [pid 4777:tid 139987244758784] [Thu Mar 19 19:00:16.059014 2015] [:error] [pid 4776:tid 139987244758784] REQ: curl -i --insecure 'http://1.2.3.4:8774/v2/52a54b9b064348108a396f14ce9f23e3/os-quota-sets/b41a90047bef4e7d9031cc72d692a5c5' -X GET -H "Accept: application/json" -H "User-Agent: python-novaclient" -H "X-Auth-Project-Id: 52a54b9b064348108a396f14ce9f23e3" -H "X-Auth-Token: {SHA1}08bec92f7b2951f9532f59c0f9e884338f73449a" [Thu Mar 19 19:00:16.095317 2015] [:error] [pid 4776:tid 139987244758784] RESP: [200] {'date': 'Thu, 19 Mar 2015 19:00:16 GMT', 'connection': 'keep-alive', 'content-type': 'application/json', 'content-length': '368', 'x-compute-request-id': 'req-e40567ce-3384-4a5b-b1f0-62e12f15f7b8'} [Thu Mar 19 19:00:16.095365 2015] [:error] [pid 4776:tid 139987244758784] RESP BODY: {"quota_set": {"injected_file_content_bytes": 10240, "metadata_items": 128, "server_group_members": 10, "server_groups": 10, "ram": -1, "floating_ips": 10, "key_pairs": 100, "id": "b41a90047bef4e7d9031cc72d692a5c5", "instances": -1, "security_group_rules": -1, "injected_files": 5, "cores": -1, "fixed_ips": -1, "injected_file_path_bytes": 255, "security_groups": -1}} [Thu Mar 19 19:00:16.095378 2015] [:error] [pid 4776:tid 139987244758784] [Thu Mar 19 19:00:18.824318 2015] [:error] [pid 4776:tid 139987244758784] Problem instantiating action class. [Thu Mar 19 19:00:18.824357 2015] [:error] [pid 4776:tid 139987244758784] Traceback (most recent call last): [Thu Mar 19 19:00:18.824363 2015] [:error] [pid 4776:tid 139987244758784] File "/usr/local/lib/python2.7/dist-packages/openstack_dashboard/wsgi/../../horizon/workflows/base.py", line 368, in action [Thu Mar 19 19:00:18.824367 2015] [:error] [pid 4776:tid 139987244758784] context) [Thu Mar 19 19:00:18.824370 2015] [:error] [pid 4776:tid 139987244758784] File "/usr/local/lib/python2.7/dist-packages/openstack_dashboard/wsgi/../../openstack_dashboard/dashboards/identity/projects/workflows.py", line 196, in __init__ [Thu Mar 19 19:00:18.824374 2015] [:error] [pid 4776:tid 139987244758784] users_list = [(user.id, user.name) for user in all_users] [Thu Mar 19 19:00:18.824378 2015] [:error] [pid 4776:tid 139987244758784] File "/usr/local/lib/python2.7/dist-packages/openstack_dashboard/wsgi/../../keystoneclient/openstack/common/apiclient/base.py", line 480, in __getattr__ [Thu Mar 19 19:00:18.824382 2015] [:error] [pid 4776:tid 139987244758784] raise AttributeError(k) [Thu Mar 19 19:00:18.824385 2015] [:error] [pid 4776:tid 139987244758784] AttributeError: name [Thu Mar 19 19:00:18.824858 2015] [:error] [pid 4776:tid 139987244758784] Internal Server Error: /identity/b41a90047bef4e7d9031cc72d692a5c5/update/ [Thu Mar 19 19:00:18.824873 2015] [:error] [pid 4776:tid 139987244758784] Traceback (most recent call last): [Thu Mar 19 19:00:18.824877 2015] [:error] [pid 4776:tid 139987244758784] File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 137, in get_response [Thu Mar 19 19:00:18.824881 2015] [:error] [pid 4776:tid
[Yahoo-eng-team] [Bug 1734585] [NEW] Controller node in neutron - Ubuntu1710 Netplan
Public bug reported: Hello. The Installation page for Pike (Ubuntu 17.10) still has reference to ifup/down methods for setting network interfaces, Ubuntu 17.10 has gone with netplan. Here is a submission for an update to this page https://docs.openstack.org/neutron/pike/install/environment-networking- controller-ubuntu.html (Section 2) . uggested update for neutron/pike/install/environment-networking- controller-ubtuntu.html For 17.10 (w/netplan) Replace 2. with: Ubuntu 17.10 uses netplan not ifup/down, so you must etc /etc/netplan/XX-netplan-file.yaml for your system - Edit /etc/netplan/50-cloud-init.yaml (on my system) file to contain the following: # This file is generated from information provided by # the datasource. Changes to it will not persist across an instance. # To disable cloud-init's network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: version: 2 ethernets: eth0: dhcp4: true match: macaddress: 00:XX:XX:XX:XX:XX addresses: [10.0.0.11/24] gateway4: 10.0.0.1 nameservers: addresses: [8.8.8.8,8.8.4.4] set-name: eth0 eth1: dhcp4: true match: macaddress: 00:XX:XX:XX:XX:XX addresses: [172.16.1.4/24] gateway4: 172.16.1.1 nameservers: addresses: [8.8.8.8,8.8.4.4] set-name: eth1 1 - Run "netplan generate" to generate that configuration from the file you edited above 2 - Run "netplan apply" to apply the configuration (warning - if you are switching networking and are logged in remotely, you may lose connectivity here - use console instead) This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes: - [X] This doc is inaccurate in this way:Uses Deprecated Commands for Ubuntu 17.10 - [ ] This is a doc addition request. - [X] I have a fix to the document that I can paste below including example: input and output. If you have a troubleshooting or support issue, use the following resources: - Ask OpenStack: http://ask.openstack.org - The mailing list: http://lists.openstack.org - IRC: 'openstack' channel on Freenode --- Release: 11.0.3.dev6 on 2017-11-23 02:11 SHA: b1f71de42ead2c1278343307307984ad1ff00c71 Source: https://git.openstack.org/cgit/openstack/neutron/tree/doc/source/install/environment-networking-controller-ubuntu.rst URL: https://docs.openstack.org/neutron/pike/install/environment-networking-controller-ubuntu.html ** Affects: neutron Importance: Undecided Status: New ** Tags: doc netplan -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1734585 Title: Controller node in neutron - Ubuntu1710 Netplan Status in neutron: New Bug description: Hello. The Installation page for Pike (Ubuntu 17.10) still has reference to ifup/down methods for setting network interfaces, Ubuntu 17.10 has gone with netplan. Here is a submission for an update to this page https://docs.openstack.org/neutron/pike/install/environment- networking-controller-ubuntu.html (Section 2) . uggested update for neutron/pike/install/environment-networking- controller-ubtuntu.html For 17.10 (w/netplan) Replace 2. with: Ubuntu 17.10 uses netplan not ifup/down, so you must etc /etc/netplan/XX-netplan-file.yaml for your system - Edit /etc/netplan/50-cloud-init.yaml (on my system) file to contain the following: # This file is generated from information provided by # the datasource. Changes to it will not persist across an instance. # To disable cloud-init's network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: version: 2 ethernets: eth0: dhcp4: true match: macaddress: 00:XX:XX:XX:XX:XX addresses: [10.0.0.11/24] gateway4: 10.0.0.1 nameservers: addresses: [8.8.8.8,8.8.4.4] set-name: eth0 eth1: dhcp4: true match: macaddress:
[Yahoo-eng-team] [Bug 1704975] Re: Nova API floating IP delete fails
Reopening as this still affects our test automation. ** Changed in: nova Status: Expired => New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1704975 Title: Nova API floating IP delete fails Status in OpenStack Compute (nova): New Bug description: This happens with OpenStack Newton. We use some outdated openstack clients, that do not provide the "floating ip delete" command. Therefore we use the "ip floating delete" command. The floating IP is allocated using the "ip floating create" command. The floating IP is then associated to a newly started virtual machine. After some automated tests, the command to delete the virtual machine is sent. To keep the project clean, the floating IP is deleted afterwards using the "ip floating delete" command. This command fails from time to time due to some race condition. This race condition seems to be the following. Nova API requests information about the floating IP from neutron: GET /v2.0/floatingips/3aeb2a7e-ac37-4712-ac69-80dc83a060e6.json HTTP/1.1 Host: controller:9696 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: application/json User-Agent: python-neutronclient X-Auth-Token: gABZbYLBVmPuNg6lSJzyQEuUbSfAcUgJTWDYrYaRJM2ZVzfRSpKPINNfl61M7Ohdfm-1lfx03_RqXhCGBRUKrPYgBpeKWCmiF-hsd2CActr6LMw3dbOHPrrPl8JOvVQ36caRyiDSFa4xY2getQjAfitJgdQknspRUdzpJAU8jvPxxHPSXvfrAWM8J1M2NzDnJKs0-JnZmYK5NlbJDcRMgfLtknzTGJJs6TnhqaDts_i234RsWf8 {"floatingip": {"router_id": "aaab3136-d551-4e23-a62a-d16f89d34ec5", "status": "ACTIVE", "description": "", "updated_at": "2017-07-18T03:37:33Z", "dns_domain": "", "floating_network_id": "f3d64d76-a4e5-473b-878f-78b032ab89df", "fixed_ip_address": "192.168.3.10", "floating_ip_address": "10.50.0.62", "revision_number": 2, "port_id": "4b082eae-a527-45e6-8603-0d0882098e39", "id": "3aeb2a7e- ac37-4712-ac69-80dc83a060e6", "dns_name": "", "created_at": "2017-07-18T03:37:04Z", "tenant_id": "7829521236b143d2a6778e09ba588ec0", "project_id": "7829521236b143d2a6778e09ba588ec0"}} In the response the floating IP still seems to be associated to the virtual machine - but the request to delete the virtual machine was already sent. Nova API requests information about the port, too: GET /v2.0/ports/4b082eae-a527-45e6-8603-0d0882098e39.json HTTP/1.1 Host: controller:9696 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: application/json User-Agent: python-neutronclient X-Auth-Token: gABZbYLBVmPuNg6lSJzyQEuUbSfAcUgJTWDYrYaRJM2ZVzfRSpKPINNfl61M7Ohdfm-1lfx03_RqXhCGBRUKrPYgBpeKWCmiF-hsd2CActr6LMw3dbOHPrrPl8JOvVQ36caRyiDSFa4xY2getQjAfitJgdQknspRUdzpJAU8jvPxxHPSXvfrAWM8J1M2NzDnJKs0-JnZmYK5NlbJDcRMgfLtknzTGJJs6TnhqaDts_i234RsWf8 {"NeutronError": {"message": "Port 4b082eae-a527-45e6-8603-0d0882098e39 could not be found.", "type": "PortNotFound", "detail": ""}} But the virtual machine and its floating IP association seems to be deleted in the meantime. This makes Nova API fail to delete the floating IP: 2017-07-18 05:38:41.798 7170 INFO nova.api.openstack.wsgi [req-b8f7414b-6398-4738-b660-fac693a187ab 807ca03b46124ca28309d06a8e66d25e7b7adfe872a6f58903552439304fa173 7829521236b143d2a6778e09ba588ec0 - 27a851d6a3de43b8a4a4900dfa0c3141 27a851d6a3de43b8a4a4900dfa0c3141] HTTP exception thrown: Floating IP not found for ID 3aeb2a7e-ac37-4712-ac69-80dc83a060e6 2017-07-18 05:38:41.800 7170 INFO nova.osapi_compute.wsgi.server [req-b8f7414b-6398-4738-b660-fac693a187ab 807ca03b46124ca28309d06a8e66d25e7b7adfe872a6f58903552439304fa173 7829521236b143d2a6778e09ba588ec0 - 27a851d6a3de43b8a4a4900dfa0c3141 27a851d6a3de43b8a4a4900dfa0c3141] 10.20.30.237 "GET /v2.1/7829521236b143d2a6778e09ba588ec0/os-floating-ips/3aeb2a7e-ac37-4712-ac69-80dc83a060e6 HTTP/1.1" status: 404 len: 466 time: 0.2575810 openstack ip floating delete 3aeb2a7e-ac37-4712-ac69-80dc83a060e6 2017-07-18 11:32:50.867 7171 INFO nova.osapi_compute.wsgi.server [req-dafa9bec-fe87-47f6-8c44-4420b074da4d 807ca03b46124ca28309d06a8e66d25e7b7adfe872a6f58903552439304fa173 7829521236b143d2a6778e09ba588ec0 - 27a851d6a3de43b8a4a4900dfa0c3141 27a851d6a3de43b8a4a4900dfa0c3141] 10.20.30.237 "GET /v2.1/7829521236b143d2a6778e09ba588ec0/os-floating-ips/3aeb2a7e-ac37-4712-ac69-80dc83a060e6 HTTP/1.1" status: 200 len: 475 time: 0.2409530 2017-07-18 11:32:51.654 7171 INFO nova.osapi_compute.wsgi.server [req-8f93afcb-40ff-4d8e-9f2f-c6fa860a8931 807ca03b46124ca28309d06a8e66d25e7b7adfe872a6f58903552439304fa173 7829521236b143d2a6778e09ba588ec0 - 27a851d6a3de43b8a4a4900dfa0c3141 27a851d6a3de43b8a4a4900dfa0c3141] 10.20.30.237 "DELETE /v2.1/7829521236b143d2a6778e09ba588ec0/os-floating-ips/3aeb2a7e-ac37-4712-ac69-80dc83a060e6 HTTP/1.1" status: 202 len: 337 time: 0.7844548 GET /v2.0/floatingips/3aeb2a7e-ac37-4712-ac69-80dc83a060e6.json HTTP/1.1 Host:
[Yahoo-eng-team] [Bug 1734549] [NEW] Upgrading Keystone docs
Public bug reported: On https://docs.openstack.org/keystone/pike/admin/identity- upgrading.html In the "Using db_sync check" section The keystone-manage db_sync --check option is only available from the pike. It should have a note like the "(New in Newton)" lines above but saying (New in Pike) ** Affects: keystone Importance: Undecided Status: New ** Tags: doc ** Description changed: + On https://docs.openstack.org/keystone/pike/admin/identity- + upgrading.html + In the "Using db_sync check" section The keystone-manage db_sync --check option is only available from the pike. It should have a note like the "(New in Newton)" lines above but saying (New in Pike) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1734549 Title: Upgrading Keystone docs Status in OpenStack Identity (keystone): New Bug description: On https://docs.openstack.org/keystone/pike/admin/identity- upgrading.html In the "Using db_sync check" section The keystone-manage db_sync --check option is only available from the pike. It should have a note like the "(New in Newton)" lines above but saying (New in Pike) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1734549/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1734546] [NEW] Install and configure (Ubuntu) in glance
Public bug reported: In pike installation after connecting mysql, step for creating glance db and related grant operations are missing. Like below, CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS'; This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes: - [ ] This doc is inaccurate in this way: __ - [ ] This is a doc addition request. - [ ] I have a fix to the document that I can paste below including example: input and output. If you have a troubleshooting or support issue, use the following resources: - Ask OpenStack: http://ask.openstack.org - The mailing list: http://lists.openstack.org - IRC: 'openstack' channel on Freenode --- Release: 15.0.1.dev1 on 'Mon Aug 7 01:28:54 2017, commit 9091d26' SHA: 9091d262afb120fd077bae003d52463f833a4fde Source: https://git.openstack.org/cgit/openstack/glance/tree/doc/source/install/install-ubuntu.rst URL: https://docs.openstack.org/glance/pike/install/install-ubuntu.html ** Affects: glance Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1734546 Title: Install and configure (Ubuntu) in glance Status in Glance: New Bug description: In pike installation after connecting mysql, step for creating glance db and related grant operations are missing. Like below, CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS'; This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes: - [ ] This doc is inaccurate in this way: __ - [ ] This is a doc addition request. - [ ] I have a fix to the document that I can paste below including example: input and output. If you have a troubleshooting or support issue, use the following resources: - Ask OpenStack: http://ask.openstack.org - The mailing list: http://lists.openstack.org - IRC: 'openstack' channel on Freenode --- Release: 15.0.1.dev1 on 'Mon Aug 7 01:28:54 2017, commit 9091d26' SHA: 9091d262afb120fd077bae003d52463f833a4fde Source: https://git.openstack.org/cgit/openstack/glance/tree/doc/source/install/install-ubuntu.rst URL: https://docs.openstack.org/glance/pike/install/install-ubuntu.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1734546/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp