Re: [Openstack] Can I create a VM with 2 NICs while there is only one network?

2013-05-27 Thread Liu Wenmao 
Thanks Salvatore

I can create two ports with admin-state down, which are in the same
network, but nova says that the two NICs of the VM can not be in the same
network.

Actually I want to redirect all the packets of the network to VM eth0,
after some processes the VM sends the packets out to eth1, so the two NICs
should be in the same network. Is it possible?


root@node1:/usr/src/python-quantumclient# quantum port-create
--admin-state-down net1
Created a new port:
+--+---+
| Field| Value
|
+--+---+
| admin_state_up   | False
|
| binding:capabilities | {"port_filter": false}
   |
| binding:vif_type | ovs
|
| device_id|
|
| device_owner |
|
| fixed_ips| {"subnet_id":
"c11eaa0d-3aff-41a8-909a-1dfdfdf20f48", "ip_address": "100.0.0.12"} |
| id   | ca48bce7-7e42-4263-8832-cffb6e99ac0a
   |
| mac_address  | fa:16:3e:0e:08:e1
|
| name |
|
| network_id   | 17d31ea4-4473-4da0-9493-9a04fa5aff33
   |
| status   | DOWN
   |
| tenant_id| 53707d290204404dbff625378969c25c
   |
+--+---+
root@node1:/usr/src/python-quantumclient# quantum port-create
--admin-state-down net1
Created a new port:
+--+---+
| Field| Value
|
+--+---+
| admin_state_up   | False
|
| binding:capabilities | {"port_filter": false}
   |
| binding:vif_type | ovs
|
| device_id|
|
| device_owner |
|
| fixed_ips| {"subnet_id":
"c11eaa0d-3aff-41a8-909a-1dfdfdf20f48", "ip_address": "100.0.0.13"} |
| id   | 8a320aae-4a16-4a78-acba-1ec505cfe914
   |
| mac_address  | fa:16:3e:db:c5:15
|
| name |
|
| network_id   | 17d31ea4-4473-4da0-9493-9a04fa5aff33
   |
| status   | DOWN
   |
| tenant_id| 53707d290204404dbff625378969c25c
   |
+--+---+

root@node1:/usr/src/python-quantumclient# nova boot --image cirros --flavor
m1.tiny --nic port-id=ca48bce7-7e42-4263-8832-cffb6e99ac0a --nic
port-id=8a320aae-4a16-4a78-acba-1ec505cfe914  testips
ERROR: The server has either erred or is incapable of performing the
requested operation. (HTTP 500) (Request-ID:
req-ac85648c-4e9b-4624-bf88-a6ceeb8e79aa)

nova-api.log:
3028 2013-05-28 11:50:06.007 3232 TRACE nova.api.openstack   File
"/usr/lib/python2.7/contextlib.py", line 24, in __exit__
3029 2013-05-28 11:50:06.007 3232 TRACE nova.api.openstack
self.gen.next()
3030 2013-05-28 11:50:06.007 3232 TRACE nova.api.openstack   File
"/usr/local/lib/python2.7/dist-packages/nova-2013.1-py2.7.egg/nova/compute/api.py",
line 522, in _validate_and_provision_instance
3031 2013-05-28 11:50:06.007 3232 TRACE nova.api.openstack
self._check_requested_networks(context, requested_networks)
3032 2013-05-28 11:50:06.007 3232 TRACE nova.api.openstack   File
"/usr/local/lib/python2.7/dist-packages/nova-2013.1-py2.7.egg/nova/compute/api.py",
line 358, in _check_requested_networks
3033 2013-05-28 11:50:06.007 3232 TRACE nova.api.openstack
self.network_api.validate_networks(context, requested_networks)
3034 2013-05-28 11:50:06.007 3232 TRACE nova.api.openstack   File
"/usr/local/lib/python2.7/dist-packages/nova-2013.1-py2.7.egg/nova/network/quantumv2/api.py",
line 454, in validate_networks
3035 2013-05-28 11:50:06.007 3232 TRACE nova.api.openstack raise
exception.NetworkDuplicated(network_id=net_id)
3036 2013-05-28 11:50:06.007 3232 TRACE nova.api.openstack
NetworkDuplicated: Network 17d31ea4-4473-4da0-9493-9a04fa5aff33 is
duplicated.
3037 2013-05-28 11:50:06.007 3232 TRACE nova.api.openstack


On Sat, May 25, 2013 at 5:33 AM, Salvatore Orlando wrote:

> Nova does not have an option for creating 'unbo

Re: [Openstack] Using openstack to manage dedicated servers in a service provider setting

2013-05-27 Thread Chris Bartels 
I'll just use full server sized VMs made of KVM & disclose in my product
detail page that the dedicated servers are comprised of this design to
mitigate the attack vector we're speaking of.

-Original Message-
From: Openstack
[mailto:openstack-bounces+chris=christopherbartels@lists.launchpad.net]
On Behalf Of Robert Collins
Sent: Monday, May 27, 2013 2:37 PM
To: Jeremy Stanley
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Using openstack to manage dedicated servers in a
service provider setting

On 28 May 2013 01:23, Jeremy Stanley  wrote:

> Note that this is a not-often-talked-about security risk throughout 
> the industry, it's not just an OpenStack baremetal issue.

Indeed! However while it was obscure, esoteric and largely unknown 20 years
ago, it's now part of the standard risk profile from a security perspective
- it's precisely what UEFI secure boot targets... The current bleeding edge
of attacks is factory compromised bus devices, with stock firmware having a
hostile mode that isn't even compromised, but is built-in. *That* I'm
willing to ignore for now:). Well, other than buying good hardware :).

> Many (most? all?) data center hosting companies reuse servers between 
> short-term dedicated hardware tenants without doing much more than a 
> disk wipe and typical BIOS upgrade. For that matter, there's a similar 
> risk when purchasing used or refurbished hardware... or even new 
> hardware, depending on how much you trust the procurement chain (but 
> in that case there's at least readily available legal recourse if you 
> find out the manufacturer/distributor/carrier intentionally engaged in 
> compromising the hardware).

Yup :).

> Some companies are aware of these possibilities and may have simply 
> decided their risk analysis shows it's not worth mitigating in their 
> situations, but many are not aware that this attack surface even 
> exists to begin with. Now, whether can you trust that the computer 
> manufacturing and software industries can solve this problem (Trusted 
> Computing and so on) is another question entirely.

Yeah :(. It's not clear that adding a whole new OS to the boot process is
the right answer, but it's the only one with widespread adoption so far.

-Rob
--
Robert Collins 
Distinguished Technologist
HP Cloud Services

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized

2013-05-27 Thread Angus Salkeld 

On 27/05/13 11:14 -0300, Bruno Oliveira wrote:

Hello stackers,

I'm having a really hard time setting up ceilometer-api so I thought
if I could ask you guys for some enlightment.

I can clearly see data being pulled in the screens that are running
/ceilometer-collector, ./ceilometer-agent-compute ,./ceilometer-agent-central

Even the screen running ceilometer-api-server starts with no problem.

But I cannot reach the api at all via curl. Neither by using its
actual port (8777)
nor using the port set in the virtual host of apache. All I'm getting
is auth error

$ curl http://127.0.0.1:8777  OR  $ curl http://127.0.0.1:9090
=


 401 Unauthorized


 401 Unauthorized
 This server could not verify that you are authorized to access the
document you requested. Either you supplied the wrong credentials
(e.g., bad password), or your browser does not understand how to
supply the credentials required.
Authentication required
=


Right, Authentication is required by the client, but you are not
passing it any credentials.

I'd suggest using python-ceilometerclient to do the auth for you:
So use it like any other openstack client.

try something like this:

asalkeld@elf python-ceilometerclient (master)$ . ../devstack/openrc admin admin
asalkeld@elf python-ceilometerclient (master)$ ceilometer resource-list
+--++-+--+
| Resource ID  | Source | User ID | Project ID  
 |
+--++-+--+
| a8ce423c-c1a1-41e3-af7c-b38d92f5e36f || None| 
1076d9bd669d422bbd74e1e2f54d1510 |
+--++-+--+
asalkeld@elf python-ceilometerclient (master)$ ceilometer meter-list
+--+---+---+--+-+--+
| Name | Type  | Unit  | Resource ID  | User ID 
| Project ID   |
+--+---+---+--+-+--+
| image| gauge | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None
| 1076d9bd669d422bbd74e1e2f54d1510 |
| image.size   | gauge | B | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None
| 1076d9bd669d422bbd74e1e2f54d1510 |
| image.update | delta | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None
| 1076d9bd669d422bbd74e1e2f54d1510 |
| image.upload | delta | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None
| 1076d9bd669d422bbd74e1e2f54d1510 |
+--+---+---+--+-+--+
asalkeld@elf python-ceilometerclient (master)$ ceilometer sample-list -m 
image.update
+--+--+---++---++
| Resource ID  | Name | Type  | Volume | Unit  
| Timestamp  |
+--+--+---++---++
| a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | image.update | delta | 1.0| image 
| 2013-05-28T01:14:40.238000 |
+--+--+---++---++


Remember you can only see the samples/meter/resources that you own or all if 
you are admin.


-Angus




On top of that, the only thing I had to do in a non-standard basis, was to
setup ceilometer virtual host to answer request on port 9090 of apache
instead of the default 80 (since horizon is bind to it).


Here's a copy of my running ceilometer.conf
=
/etc/ceilometer/ceilometer.conf
=
[DEFAULT]
os_username=ceilometer
os_password=MYSECRET
os_tenant_name=admin
os_auth_url=http://localhost:5000/v2.0
signing_dirname = /tmp/keystone-signing-ceilometer
metering_api_port=8777
auth_strategy=keystone
nova_control_exchange=nova
hypervisor_inspector=libvirt
libvirt_type=kvm
glance_control_exchange=glance
quantum_control_exchange=quantum
debug=true
verbose=true
(...)
*logging writing parameters here*
(...)
log_dir=/var/log/ceilometer
rpc_backend=ceilometer.openstack.common.rpc.impl_kombu
rabbit_host=localhost
rabbit_port=5672
rabbit_userid=guest
rabbit_password=ficrowstran02
rabbit_retry_backoff=2
rabbit_max_retries=0
database_connection=mongodb://localhost:27017/ceilometer
sql_connection_debug=0
cinder_control_exchange=cinder
enable_v1_api=true

[rpc_notifier2]

[matchmaker_redis]

[publisher_meter]
metering_secret=METERING_SECRET

[keystone_authtoken]
auth_host = localhost
auth_port = 5000
admin_user = ceilometer
admin_password = MYSECRET
admin_tenant_name = admin
auth_uri = http

Re: [Openstack] Windows Image 2008 in OpenStack

2013-05-27 Thread Narayanan, Krishnaprasad 
Hi JuanFra,

Thanks for the suggestion regarding the usage of cloudinit for windows 
instances.

For all Stackers - I found this URI useful 
where there is a Windows Server 2012 Evaluation image available for download 
and it can be directly deployed to OpenStack. I was able to download and deploy 
the image in our ESSEX cloud and create a VM successfully out of the image.

Thanks
Krishnaprasad
From: JuanFra Rodriguez Cardoso [mailto:juanfra.rodriguez.card...@gmail.com]
Sent: Montag, 27. Mai 2013 23:41
To: Narayanan, Krishnaprasad
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Windows Image 2008 in OpenStack

I think a great tool would be Cloudbase's cloud-init for windows instances:

http://www.cloudbase.it/cloud-init-for-windows-instances/
Regards,
---
JuanFra

2013/5/27 Narayanan, Krishnaprasad 
mailto:naray...@uni-mainz.de>>
Hallo All,

Can somebody guide me to create a virtual machine using Windows 2008 image?

Thanks
Krishnaprasad

___
Mailing list: https://launchpad.net/~openstack
Post to : 
openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Windows Image 2008 in OpenStack

2013-05-27 Thread Narayanan, Krishnaprasad 
Hi Jason,

Thanks for your quick response.  When I execute the kvm command for starting 
the installation, the command gets executed without any error but at the same 
time, I am not getting any response.
Is this the normal behavior? Can I get to know what should I do next?

Thanks
Krishnaprasad
From: Jason Ford [mailto:jf...@blackmesh.com]
Sent: Montag, 27. Mai 2013 19:38
To: Narayanan, Krishnaprasad
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Windows Image 2008 in OpenStack

Directions are here..

http://docs.openstack.org/trunk/openstack-compute/admin/content/creating-a-windows-image.html

Enjoy.

Jason

-
Jason Ford
jf...@blackmesh.com
Http://www.blackmesh.com
888.473.0854 x710

On May 27, 2013, at 1:27 PM, "Narayanan, Krishnaprasad" 
mailto:naray...@uni-mainz.de>> wrote:
Hallo All,

Can somebody guide me to create a virtual machine using Windows 2008 image?

Thanks
Krishnaprasad
___
Mailing list: https://launchpad.net/~openstack
Post to : 
openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Windows Image 2008 in OpenStack

2013-05-27 Thread JuanFra Rodriguez Cardoso 
I think a great tool would be Cloudbase's cloud-init for windows instances:

http://www.cloudbase.it/cloud-init-for-windows-instances/

Regards,
---
JuanFra


2013/5/27 Narayanan, Krishnaprasad 

>  Hallo All,
>
> ** **
>
> Can somebody guide me to create a virtual machine using Windows 2008 image?
> 
>
> ** **
>
> Thanks
>
> Krishnaprasad
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] packstack -- suggestions needed.

2013-05-27 Thread Remo Mattei 
Hello everyone, 
I am looking at packstack and I wonder if anyone has had issues and if there is 
a way to have the packstack reset. Example. I installed packstack but for some 
reasons cinder was always giving me issues where I could not re-run packstack. 
So I just revert back to my snapshot but I wonder if there is a way like 
devstack where once you reboot the machine it comes back clean. (the script on 
stack.sh does the rebuild and the unstack.sh does all the cleaning) 

Any suggestions on this topic for RDO(using centos). I also created a copy on 
my virtual box and even though everything looks good the machine (not a enough 
juice macbook-air) does not lunch the hypervisor. but everything else looks 
good. The problem above is from a macbook pro with Parallels where I did enable 
nested vm options. 

Thanks, 
Remo 
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Using openstack to manage dedicated servers in a service provider setting

2013-05-27 Thread Robert Collins 
On 28 May 2013 01:23, Jeremy Stanley  wrote:

> Note that this is a not-often-talked-about security risk throughout
> the industry, it's not just an OpenStack baremetal issue.

Indeed! However while it was obscure, esoteric and largely unknown 20
years ago, it's now part of the standard risk profile from a security
perspective - it's precisely what UEFI secure boot targets... The
current bleeding edge of attacks is factory compromised bus devices,
with stock firmware having a hostile mode that isn't even compromised,
but is built-in. *That* I'm willing to ignore for now:). Well, other
than buying good hardware :).

> Many (most? all?) data center hosting companies reuse servers
> between short-term dedicated hardware tenants without doing much
> more than a disk wipe and typical BIOS upgrade. For that matter,
> there's a similar risk when purchasing used or refurbished
> hardware... or even new hardware, depending on how much you trust
> the procurement chain (but in that case there's at least readily
> available legal recourse if you find out the
> manufacturer/distributor/carrier intentionally engaged in
> compromising the hardware).

Yup :).

> Some companies are aware of these possibilities and may have simply
> decided their risk analysis shows it's not worth mitigating in their
> situations, but many are not aware that this attack surface even
> exists to begin with. Now, whether can you trust that the computer
> manufacturing and software industries can solve this problem
> (Trusted Computing and so on) is another question entirely.

Yeah :(. It's not clear that adding a whole new OS to the boot process
is the right answer, but it's the only one with widespread adoption so
far.

-Rob
-- 
Robert Collins 
Distinguished Technologist
HP Cloud Services

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Windows Image 2008 in OpenStack

2013-05-27 Thread Jason Ford 
Directions are here..

http://docs.openstack.org/trunk/openstack-compute/admin/content/creating-a-windows-image.html

Enjoy.

Jason

-
Jason Ford
jf...@blackmesh.com
Http://www.blackmesh.com
888.473.0854 x710

On May 27, 2013, at 1:27 PM, "Narayanan, Krishnaprasad" 
mailto:naray...@uni-mainz.de>> wrote:

Hallo All,

Can somebody guide me to create a virtual machine using Windows 2008 image?

Thanks
Krishnaprasad
___
Mailing list: https://launchpad.net/~openstack
Post to : 
openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Windows Image 2008 in OpenStack

2013-05-27 Thread Narayanan, Krishnaprasad 
Hallo All,

Can somebody guide me to create a virtual machine using Windows 2008 image?

Thanks
Krishnaprasad
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized

2013-05-27 Thread Bruno Oliveira 
Hello stackers,

I'm having a really hard time setting up ceilometer-api so I thought
if I could ask you guys for some enlightment.

I can clearly see data being pulled in the screens that are running
/ceilometer-collector, ./ceilometer-agent-compute ,./ceilometer-agent-central

Even the screen running ceilometer-api-server starts with no problem.

But I cannot reach the api at all via curl. Neither by using its
actual port (8777)
nor using the port set in the virtual host of apache. All I'm getting
is auth error

$ curl http://127.0.0.1:8777  OR  $ curl http://127.0.0.1:9090
=

 
  401 Unauthorized
 
 
  401 Unauthorized
  This server could not verify that you are authorized to access the
document you requested. Either you supplied the wrong credentials
(e.g., bad password), or your browser does not understand how to
supply the credentials required.
Authentication required
=


On top of that, the only thing I had to do in a non-standard basis, was to
setup ceilometer virtual host to answer request on port 9090 of apache
instead of the default 80 (since horizon is bind to it).


Here's a copy of my running ceilometer.conf
=
/etc/ceilometer/ceilometer.conf
=
[DEFAULT]
os_username=ceilometer
os_password=MYSECRET
os_tenant_name=admin
os_auth_url=http://localhost:5000/v2.0
signing_dirname = /tmp/keystone-signing-ceilometer
metering_api_port=8777
auth_strategy=keystone
nova_control_exchange=nova
hypervisor_inspector=libvirt
libvirt_type=kvm
glance_control_exchange=glance
quantum_control_exchange=quantum
debug=true
verbose=true
(...)
*logging writing parameters here*
(...)
log_dir=/var/log/ceilometer
rpc_backend=ceilometer.openstack.common.rpc.impl_kombu
rabbit_host=localhost
rabbit_port=5672
rabbit_userid=guest
rabbit_password=ficrowstran02
rabbit_retry_backoff=2
rabbit_max_retries=0
database_connection=mongodb://localhost:27017/ceilometer
sql_connection_debug=0
cinder_control_exchange=cinder
enable_v1_api=true

[rpc_notifier2]

[matchmaker_redis]

[publisher_meter]
metering_secret=METERING_SECRET

[keystone_authtoken]
auth_host = localhost
auth_port = 5000
admin_user = ceilometer
admin_password = MYSECRET
admin_tenant_name = admin
auth_uri = http://localhost:5000/v2.0/
=


The "ceilometer" user pointed at "admin_user" under the
"[keystone_authtoken]" section, as well as in "os_username" under the
"[DEFAULT]" section,
was created in keystone and it'sbind to the admin tenant.


$ keystone tenant-get admin
+-+--+
|   Property  |  Value   |
+-+--+
| description |  |
|   enabled   |   True   |
|  id | 670f5dd4070d44b6a8308277a236d1af |
| name|  admin   |
+-+--+

$ keystone user-get ceilometer
+--+--+
| Property |  Value   |
+--+--+
|  email   |  ceilome...@example.com  |
| enabled  |   True   |
|id| a98ec068f5f349439acef431e826d7ff |
|   name   |ceilometer|
| tenantId | 670f5dd4070d44b6a8308277a236d1af |
+--+--+


Finally, here's the ceilometer site running on apache. the user
and group 'stackadmin' are valid users indeed in the machine

$ id stackadmin

uid=1000(stackadmin) gid=1000(stackadmin)
groups=1000(stackadmin),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111(libvirtd),113(lpadmin),114(sambashare


=
/etc/apache2/sites-available/ceilometer
=

WSGIDaemonProcess ceilometer user=stackadmin group=stackadmin threads=5
WSGIScriptAlias / /opt/stack/ceilometer/ceilometer/api/app.wsgi
SetEnv APACHE_RUN_USER stackadmin
SetEnv APACHE_RUN_GROUP stackadmin
WSGIProcessGroup ceilometer
ErrorLog /var/log/apache2/ceilometer_error.log
LogLevel warn
CustomLog /var/log/apache2/ceilometer_access.log combined

=


Despite of everything, I keep getting that "401 Unauthorized"
auth error.

Do you guys have any suggestions of what I can try to fix it ?

Thank you all.

--

Bruno de Oliveira
Developer, System Analyst

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Using openstack to manage dedicated servers in a service provider setting

2013-05-27 Thread Jeremy Stanley 
On 2013-05-27 11:29:31 +1200 (+1200), Robert Collins wrote:
> On 27 May 2013 11:02, Chris Bartels  wrote:
> [...]
> > Couldn't I re-flash the BIOS between each tenant to be sure
> > there isn't any problem with it?
> 
> Unless you flash the BIOS with separate hardware (not by running
> the flasher on the potentially compromised hardware itself), no.
> And even then you'll need to be sure you flash every single
> EEPROM, not just the system board BIOS, and you'll need to make
> sure you catch any that have been toggled into readonly mode by an
> attacker and pull and replace them. Note that a simple examination
> of device drivers / system firmware won't necessarily cover every
> power on EEPROM in the system :).
[...]

Note that this is a not-often-talked-about security risk throughout
the industry, it's not just an OpenStack baremetal issue.

Many (most? all?) data center hosting companies reuse servers
between short-term dedicated hardware tenants without doing much
more than a disk wipe and typical BIOS upgrade. For that matter,
there's a similar risk when purchasing used or refurbished
hardware... or even new hardware, depending on how much you trust
the procurement chain (but in that case there's at least readily
available legal recourse if you find out the
manufacturer/distributor/carrier intentionally engaged in
compromising the hardware).

Some companies are aware of these possibilities and may have simply
decided their risk analysis shows it's not worth mitigating in their
situations, but many are not aware that this attack surface even
exists to begin with. Now, whether can you trust that the computer
manufacturing and software industries can solve this problem
(Trusted Computing and so on) is another question entirely.
-- 
Jeremy Stanley

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Reg: OpenStack Installation on CentOS 6.3

2013-05-27 Thread Ashutosh Narayan 
Yes, selinux has to be disabled and iptables should be OFF

On Mon, May 27, 2013 at 5:03 PM, Nehal J. Wani wrote:

> i reinstalled the OS, disabled selinux, rebooted, and then tried the
> script again, it finished in one go! Most probably the error before was
> that I had not rebooted after disabling selinux, which is the script was
> stuck at http://fpaste.org/14729/.
>
>
> On Mon, May 27, 2013 at 2:53 PM, Ashutosh Narayan <
> aashutoshnara...@gmail.com> wrote:
>
>> Refer this bug report :
>> https://bugzilla.redhat.com/show_bug.cgi?id=957033
>>
>> It needs to have two arguments.
>> When I ran "keystone user-password-update --pass test admin"
>> It worked for me.
>>
>> On Mon, May 27, 2013 at 2:47 PM, Nehal J. Wani wrote:
>>
>>> [root@srvr1 ~(keystone_admin)]# keystone user-password-update
>>> --user=admin
>>> usage: keystone user-password-update --pass  
>>> keystone user-password-update: error: too few arguments
>>>
>>> I'll try from beginning again (fresh install) and then report my findings
>>>
>>>
>>>
>>> On Mon, May 27, 2013 at 2:39 PM, Ashutosh Narayan <
>>> aashutoshnara...@gmail.com> wrote:
>>>
>>>> Try executing the following command :
>>>>
>>>> # keystone user-password-update --user=admin
>>>>
>>>> It will prompt for entering the password
>>>>
>>>>
>>>> On Mon, May 27, 2013 at 1:53 PM, Nehal J. Wani 
>>>> wrote:
>>>>
>>>>> So I ran
>>>>>
>>>>> [root@srvr1 ~]#source keystonerc_admin
>>>>> [root@srvr1 ~(keystone_admin)]# keystone user-password-update --pass
>>>>> testpass admin
>>>>> Authorization Failed: [Errno 22] Invalid argument
>>>>>
>>>>> I am still stuck :(
>>>>>
>>>>>
>>>>> On Mon, May 27, 2013 at 1:02 PM, Ashutosh Narayan <
>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>
>>>>>> Yes, that was fixed when I was able to resolve the hostname.
>>>>>> Restart openstack-nova-* services and check.
>>>>>>
>>>>>> As far as resetting master password is concerned, I think you must
>>>>>> do so in "keystonerc_admin" file and restart openstack-* services.
>>>>>> Again run source "keystonerc_admin". This should do.
>>>>>>
>>>>>>
>>>>>> On Mon, May 27, 2013 at 12:52 PM, Nehal J. Wani <
>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>
>>>>>>> No, the dashboard appears. But there is bubble on the right side
>>>>>>> giving that error. How can I master reset the password?
>>>>>>>
>>>>>>>
>>>>>>> On Mon, May 27, 2013 at 12:51 PM, Ashutosh Narayan <
>>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>>
>>>>>>>> It means your hostname is not resolvable over the network.
>>>>>>>> Please verify that it resolves to fully qualified domain name.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, May 27, 2013 at 12:48 PM, Nehal J. Wani <
>>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Sorry for troubling you,  but now I wasn't able to login to the
>>>>>>>>> dashboard. Since I ran the script two times, two files were generated:
>>>>>>>>>
>>>>>>>>> [root@srvr3 ~]# ls -l packstack-answers-20130527-1*
>>>>>>>>> -rw---. 1 root root 8277 May 27 11:44
>>>>>>>>> packstack-answers-20130527-114418.txt
>>>>>>>>> -rw---. 1 root root 8298 May 27 12:30
>>>>>>>>> packstack-answers-20130527-123027.txt
>>>>>>>>>
>>>>>>>>> the password given in the latest one didn't work but the one in
>>>>>>>>> the old one worked. But on logging in, I get the error:
>>>>>>>>>
>>>>>>>>> *Error: *Unauthorized: Unable to retrieve usage information.
>>>>>>>>>  × <http://10.3.3.58/dashboard/admin/#>
>>>>>>>>>
>>>>>>>>> *Error: *Unauthorized: Unable to

Re: [Openstack] Reg: OpenStack Installation on CentOS 6.3

2013-05-27 Thread Nehal J. Wani 
i reinstalled the OS, disabled selinux, rebooted, and then tried the script
again, it finished in one go! Most probably the error before was that I had
not rebooted after disabling selinux, which is the script was stuck at
http://fpaste.org/14729/.


On Mon, May 27, 2013 at 2:53 PM, Ashutosh Narayan <
aashutoshnara...@gmail.com> wrote:

> Refer this bug report : https://bugzilla.redhat.com/show_bug.cgi?id=957033
>
> It needs to have two arguments.
> When I ran "keystone user-password-update --pass test admin"
> It worked for me.
>
> On Mon, May 27, 2013 at 2:47 PM, Nehal J. Wani wrote:
>
>> [root@srvr1 ~(keystone_admin)]# keystone user-password-update
>> --user=admin
>> usage: keystone user-password-update --pass  
>> keystone user-password-update: error: too few arguments
>>
>> I'll try from beginning again (fresh install) and then report my findings
>>
>>
>>
>> On Mon, May 27, 2013 at 2:39 PM, Ashutosh Narayan <
>> aashutoshnara...@gmail.com> wrote:
>>
>>> Try executing the following command :
>>>
>>> # keystone user-password-update --user=admin
>>>
>>> It will prompt for entering the password
>>>
>>>
>>> On Mon, May 27, 2013 at 1:53 PM, Nehal J. Wani 
>>> wrote:
>>>
>>>> So I ran
>>>>
>>>> [root@srvr1 ~]#source keystonerc_admin
>>>> [root@srvr1 ~(keystone_admin)]# keystone user-password-update --pass
>>>> testpass admin
>>>> Authorization Failed: [Errno 22] Invalid argument
>>>>
>>>> I am still stuck :(
>>>>
>>>>
>>>> On Mon, May 27, 2013 at 1:02 PM, Ashutosh Narayan <
>>>> aashutoshnara...@gmail.com> wrote:
>>>>
>>>>> Yes, that was fixed when I was able to resolve the hostname.
>>>>> Restart openstack-nova-* services and check.
>>>>>
>>>>> As far as resetting master password is concerned, I think you must
>>>>> do so in "keystonerc_admin" file and restart openstack-* services.
>>>>> Again run source "keystonerc_admin". This should do.
>>>>>
>>>>>
>>>>> On Mon, May 27, 2013 at 12:52 PM, Nehal J. Wani <
>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>
>>>>>> No, the dashboard appears. But there is bubble on the right side
>>>>>> giving that error. How can I master reset the password?
>>>>>>
>>>>>>
>>>>>> On Mon, May 27, 2013 at 12:51 PM, Ashutosh Narayan <
>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>
>>>>>>> It means your hostname is not resolvable over the network.
>>>>>>> Please verify that it resolves to fully qualified domain name.
>>>>>>>
>>>>>>>
>>>>>>> On Mon, May 27, 2013 at 12:48 PM, Nehal J. Wani <
>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Sorry for troubling you,  but now I wasn't able to login to the
>>>>>>>> dashboard. Since I ran the script two times, two files were generated:
>>>>>>>>
>>>>>>>> [root@srvr3 ~]# ls -l packstack-answers-20130527-1*
>>>>>>>> -rw---. 1 root root 8277 May 27 11:44
>>>>>>>> packstack-answers-20130527-114418.txt
>>>>>>>> -rw---. 1 root root 8298 May 27 12:30
>>>>>>>> packstack-answers-20130527-123027.txt
>>>>>>>>
>>>>>>>> the password given in the latest one didn't work but the one in the
>>>>>>>> old one worked. But on logging in, I get the error:
>>>>>>>>
>>>>>>>> *Error: *Unauthorized: Unable to retrieve usage information.
>>>>>>>>  × <http://10.3.3.58/dashboard/admin/#>
>>>>>>>>
>>>>>>>> *Error: *Unauthorized: Unable to retrieve quota information.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, May 27, 2013 at 12:46 PM, Ashutosh Narayan <
>>>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Happy stacking :)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, May 27,

Re: [Openstack] Reg: OpenStack Installation on CentOS 6.3

2013-05-27 Thread Ashutosh Narayan 
Refer this bug report : https://bugzilla.redhat.com/show_bug.cgi?id=957033

It needs to have two arguments.
When I ran "keystone user-password-update --pass test admin"
It worked for me.

On Mon, May 27, 2013 at 2:47 PM, Nehal J. Wani wrote:

> [root@srvr1 ~(keystone_admin)]# keystone user-password-update --user=admin
> usage: keystone user-password-update --pass  
> keystone user-password-update: error: too few arguments
>
> I'll try from beginning again (fresh install) and then report my findings
>
>
>
> On Mon, May 27, 2013 at 2:39 PM, Ashutosh Narayan <
> aashutoshnara...@gmail.com> wrote:
>
>> Try executing the following command :
>>
>> # keystone user-password-update --user=admin
>>
>> It will prompt for entering the password
>>
>>
>> On Mon, May 27, 2013 at 1:53 PM, Nehal J. Wani wrote:
>>
>>> So I ran
>>>
>>> [root@srvr1 ~]#source keystonerc_admin
>>> [root@srvr1 ~(keystone_admin)]# keystone user-password-update --pass
>>> testpass admin
>>> Authorization Failed: [Errno 22] Invalid argument
>>>
>>> I am still stuck :(
>>>
>>>
>>> On Mon, May 27, 2013 at 1:02 PM, Ashutosh Narayan <
>>> aashutoshnara...@gmail.com> wrote:
>>>
>>>> Yes, that was fixed when I was able to resolve the hostname.
>>>> Restart openstack-nova-* services and check.
>>>>
>>>> As far as resetting master password is concerned, I think you must
>>>> do so in "keystonerc_admin" file and restart openstack-* services.
>>>> Again run source "keystonerc_admin". This should do.
>>>>
>>>>
>>>> On Mon, May 27, 2013 at 12:52 PM, Nehal J. Wani >>> > wrote:
>>>>
>>>>> No, the dashboard appears. But there is bubble on the right side
>>>>> giving that error. How can I master reset the password?
>>>>>
>>>>>
>>>>> On Mon, May 27, 2013 at 12:51 PM, Ashutosh Narayan <
>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>
>>>>>> It means your hostname is not resolvable over the network.
>>>>>> Please verify that it resolves to fully qualified domain name.
>>>>>>
>>>>>>
>>>>>> On Mon, May 27, 2013 at 12:48 PM, Nehal J. Wani <
>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>
>>>>>>> Sorry for troubling you,  but now I wasn't able to login to the
>>>>>>> dashboard. Since I ran the script two times, two files were generated:
>>>>>>>
>>>>>>> [root@srvr3 ~]# ls -l packstack-answers-20130527-1*
>>>>>>> -rw---. 1 root root 8277 May 27 11:44
>>>>>>> packstack-answers-20130527-114418.txt
>>>>>>> -rw---. 1 root root 8298 May 27 12:30
>>>>>>> packstack-answers-20130527-123027.txt
>>>>>>>
>>>>>>> the password given in the latest one didn't work but the one in the
>>>>>>> old one worked. But on logging in, I get the error:
>>>>>>>
>>>>>>> *Error: *Unauthorized: Unable to retrieve usage information.
>>>>>>>  × <http://10.3.3.58/dashboard/admin/#>
>>>>>>>
>>>>>>> *Error: *Unauthorized: Unable to retrieve quota information.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, May 27, 2013 at 12:46 PM, Ashutosh Narayan <
>>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Happy stacking :)
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, May 27, 2013 at 12:40 PM, Nehal J. Wani <
>>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Anyway, I restarted the machine and ran the command again. And it
>>>>>>>>> completed till the end. Thanks a lot.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, May 27, 2013 at 12:32 PM, Nehal J. Wani <
>>>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Yes, BIOS has Virtual Technology enabled. i have already run
>>>>>>>>>> other cloud fram

Re: [Openstack] Reg: OpenStack Installation on CentOS 6.3

2013-05-27 Thread Nehal J. Wani 
[root@srvr1 ~(keystone_admin)]# keystone user-password-update --user=admin
usage: keystone user-password-update --pass  
keystone user-password-update: error: too few arguments

I'll try from beginning again (fresh install) and then report my findings



On Mon, May 27, 2013 at 2:39 PM, Ashutosh Narayan <
aashutoshnara...@gmail.com> wrote:

> Try executing the following command :
>
> # keystone user-password-update --user=admin
>
> It will prompt for entering the password
>
>
> On Mon, May 27, 2013 at 1:53 PM, Nehal J. Wani wrote:
>
>> So I ran
>>
>> [root@srvr1 ~]#source keystonerc_admin
>> [root@srvr1 ~(keystone_admin)]# keystone user-password-update --pass
>> testpass admin
>> Authorization Failed: [Errno 22] Invalid argument
>>
>> I am still stuck :(
>>
>>
>> On Mon, May 27, 2013 at 1:02 PM, Ashutosh Narayan <
>> aashutoshnara...@gmail.com> wrote:
>>
>>> Yes, that was fixed when I was able to resolve the hostname.
>>> Restart openstack-nova-* services and check.
>>>
>>> As far as resetting master password is concerned, I think you must
>>> do so in "keystonerc_admin" file and restart openstack-* services.
>>> Again run source "keystonerc_admin". This should do.
>>>
>>>
>>> On Mon, May 27, 2013 at 12:52 PM, Nehal J. Wani 
>>> wrote:
>>>
>>>> No, the dashboard appears. But there is bubble on the right side giving
>>>> that error. How can I master reset the password?
>>>>
>>>>
>>>> On Mon, May 27, 2013 at 12:51 PM, Ashutosh Narayan <
>>>> aashutoshnara...@gmail.com> wrote:
>>>>
>>>>> It means your hostname is not resolvable over the network.
>>>>> Please verify that it resolves to fully qualified domain name.
>>>>>
>>>>>
>>>>> On Mon, May 27, 2013 at 12:48 PM, Nehal J. Wani <
>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>
>>>>>> Sorry for troubling you,  but now I wasn't able to login to the
>>>>>> dashboard. Since I ran the script two times, two files were generated:
>>>>>>
>>>>>> [root@srvr3 ~]# ls -l packstack-answers-20130527-1*
>>>>>> -rw---. 1 root root 8277 May 27 11:44
>>>>>> packstack-answers-20130527-114418.txt
>>>>>> -rw---. 1 root root 8298 May 27 12:30
>>>>>> packstack-answers-20130527-123027.txt
>>>>>>
>>>>>> the password given in the latest one didn't work but the one in the
>>>>>> old one worked. But on logging in, I get the error:
>>>>>>
>>>>>> *Error: *Unauthorized: Unable to retrieve usage information.
>>>>>>  × <http://10.3.3.58/dashboard/admin/#>
>>>>>>
>>>>>> *Error: *Unauthorized: Unable to retrieve quota information.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Mon, May 27, 2013 at 12:46 PM, Ashutosh Narayan <
>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>
>>>>>>> Happy stacking :)
>>>>>>>
>>>>>>>
>>>>>>> On Mon, May 27, 2013 at 12:40 PM, Nehal J. Wani <
>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Anyway, I restarted the machine and ran the command again. And it
>>>>>>>> completed till the end. Thanks a lot.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, May 27, 2013 at 12:32 PM, Nehal J. Wani <
>>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Yes, BIOS has Virtual Technology enabled. i have already run other
>>>>>>>>> cloud frameworks such as cloudstack on it successfully. Also, it is 
>>>>>>>>> able to
>>>>>>>>> fetch packages, because if I try to reinstall the ones done by the 
>>>>>>>>> script,
>>>>>>>>> it says, package already installed.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, May 27, 2013 at 12:28 PM, Ashutosh Narayan <
>>>>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Check if your BI

Re: [Openstack] Reg: OpenStack Installation on CentOS 6.3

2013-05-27 Thread Ashutosh Narayan 
Try executing the following command :

# keystone user-password-update --user=admin

It will prompt for entering the password


On Mon, May 27, 2013 at 1:53 PM, Nehal J. Wani wrote:

> So I ran
>
> [root@srvr1 ~]#source keystonerc_admin
> [root@srvr1 ~(keystone_admin)]# keystone user-password-update --pass
> testpass admin
> Authorization Failed: [Errno 22] Invalid argument
>
> I am still stuck :(
>
>
> On Mon, May 27, 2013 at 1:02 PM, Ashutosh Narayan <
> aashutoshnara...@gmail.com> wrote:
>
>> Yes, that was fixed when I was able to resolve the hostname.
>> Restart openstack-nova-* services and check.
>>
>> As far as resetting master password is concerned, I think you must
>> do so in "keystonerc_admin" file and restart openstack-* services.
>> Again run source "keystonerc_admin". This should do.
>>
>>
>> On Mon, May 27, 2013 at 12:52 PM, Nehal J. Wani 
>> wrote:
>>
>>> No, the dashboard appears. But there is bubble on the right side giving
>>> that error. How can I master reset the password?
>>>
>>>
>>> On Mon, May 27, 2013 at 12:51 PM, Ashutosh Narayan <
>>> aashutoshnara...@gmail.com> wrote:
>>>
>>>> It means your hostname is not resolvable over the network.
>>>> Please verify that it resolves to fully qualified domain name.
>>>>
>>>>
>>>> On Mon, May 27, 2013 at 12:48 PM, Nehal J. Wani >>> > wrote:
>>>>
>>>>> Sorry for troubling you,  but now I wasn't able to login to the
>>>>> dashboard. Since I ran the script two times, two files were generated:
>>>>>
>>>>> [root@srvr3 ~]# ls -l packstack-answers-20130527-1*
>>>>> -rw---. 1 root root 8277 May 27 11:44
>>>>> packstack-answers-20130527-114418.txt
>>>>> -rw---. 1 root root 8298 May 27 12:30
>>>>> packstack-answers-20130527-123027.txt
>>>>>
>>>>> the password given in the latest one didn't work but the one in the
>>>>> old one worked. But on logging in, I get the error:
>>>>>
>>>>> *Error: *Unauthorized: Unable to retrieve usage information.
>>>>>  × <http://10.3.3.58/dashboard/admin/#>
>>>>>
>>>>> *Error: *Unauthorized: Unable to retrieve quota information.
>>>>>
>>>>>
>>>>>
>>>>> On Mon, May 27, 2013 at 12:46 PM, Ashutosh Narayan <
>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>
>>>>>> Happy stacking :)
>>>>>>
>>>>>>
>>>>>> On Mon, May 27, 2013 at 12:40 PM, Nehal J. Wani <
>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>
>>>>>>> Anyway, I restarted the machine and ran the command again. And it
>>>>>>> completed till the end. Thanks a lot.
>>>>>>>
>>>>>>>
>>>>>>> On Mon, May 27, 2013 at 12:32 PM, Nehal J. Wani <
>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Yes, BIOS has Virtual Technology enabled. i have already run other
>>>>>>>> cloud frameworks such as cloudstack on it successfully. Also, it is 
>>>>>>>> able to
>>>>>>>> fetch packages, because if I try to reinstall the ones done by the 
>>>>>>>> script,
>>>>>>>> it says, package already installed.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, May 27, 2013 at 12:28 PM, Ashutosh Narayan <
>>>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Check if your BIOS has Virtual Techology enabled ?
>>>>>>>>> And restart packstack --allinone command.
>>>>>>>>>
>>>>>>>>> Another reason is your proxy server is unable to
>>>>>>>>> fetch the required packages even after you have
>>>>>>>>> added in yum.conf. Re-check !
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, May 27, 2013 at 12:19 PM, Nehal J. Wani <
>>>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> i am trying this on a VM as well as a physical machine, but stuck

Re: [Openstack] VM Issues on Grizzly Install on Ubuntu 12.04

2013-05-27 Thread Darragh OReilly 

I'd check the external network config first. 

You should be able to ping the external subnet's gateway from the router 
namespace.
This gateway should correspond to some real external gateway/router.

quantum subnet-show  -c gateway_ip   # 10.245.124.1 ?
ip netns exec  ping -c1  

If that is not working use tcpdump as you ping. Br-ex is using eth0, is eth0 
up? tcpdump -nei eth0


If you are still having problems, post the above output and the following:

# network node
ip link 
ip netns exec  ip address

quantum net-show 
quantum subnet-show 


>
> From: Farhan Patwa 
>To: OpenStack Maillist  
>Sent: Friday, 24 May 2013, 20:28
>Subject: [Openstack] VM Issues on Grizzly Install on Ubuntu 12.04
> 
>
>
>Hello,
>I followed the following guide to install Grizzly release on 3-node setup.
>http://docs.openstack.org/grizzly/basic-install/apt/content/basic-install_intro.html
>
>
>I am stuck at my last issue with Quantum networking (at least that’s what I 
>think).
>The VM instance comes up and gets the private IP and the metadata.
>Also I have assigned the floating IP to it but am not able to ping either IP 
>except when I use:
>
>
>ip netns exec qrouter-32f35fb4-f9f1-4817-8818-fff832f73810 ping 50.50.1.3      
> <- fixed IP – private network
>ip netns exec qrouter-32f35fb4-f9f1-4817-8818-fff832f73810 ping 10.24.124.4  
><- floating IP – external network
>
>
>Based on that I think the security rules are okay
>The router is tied to the specified tenant and using gateway of the external 
>network.
>I  think the issue is routing table or maybe firewall related but not sure how 
>to debug this.
>
>
>Some details of my environment are below.
>Any one have any words of wisdom/guidance?
>
>
>Thanks,
>
>
>-Farhan.
>
>
>Management Network: 192.168.0.0/24
>Data Network: 10.5.5.0/24
>External Network: 10.245.124.0/24
>
>
>Network Node: (192.168.0.2)
>ovs-vsctl show
>ea4fa894-5986-40f2-b10b-55eef408
>    Bridge br-tun
>        Port patch-int
>            Interface patch-int
>                type: patch
>                options: {peer=patch-tun}
>        Port "gre-1"
>            Interface "gre-1"
>                type: gre
>                options: {in_key=flow, out_key=flow, remote_ip="192.168.0.3"}
>        Port br-tun
>            Interface br-tun
>                type: internal
>    Bridge br-int
>        Port "tap3fca71a9-c8"
>            tag: 4095
>            Interface "tap3fca71a9-c8"
>                type: internal
>        Port patch-tun
>            Interface patch-tun
>                type: patch
>                options: {peer=patch-int}
>        Port "tap4b8a22a2-9c"
>            tag: 4095
>            Interface "tap4b8a22a2-9c"
>                type: internal
>        Port "tap633ed611-a9"
>            tag: 1
>            Interface "tap633ed611-a9"
>                type: internal
>        Port "qr-eebfe1cb-0f"
>            tag: 1
>            Interface "qr-eebfe1cb-0f"
>                type: internal
>        Port br-int
>            Interface br-int
>                type: internal
>    Bridge br-ex
>        Port "eth0"
>            Interface "eth0"
>        Port br-ex
>            Interface br-ex
>                type: internal
>        Port "qg-910fef3b-cb"
>            Interface "qg-910fef3b-cb"
>                type: internal
>    ovs_version: "1.4.0+build0"
>
>
>Kernel IP routing table
>Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
>0.0.0.0         192.168.0.253   0.0.0.0         UG    0      0        0 eth1
>10.5.5.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
>10.245.124.0    0.0.0.0         255.255.255.0   U     0      0        0 br-ex
>192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
>
>
>Compute Node: (192.168.0.3)
>ovs-vsctl show
>f0fe78a5-dfd0-4f6b-87be-466dac0b4473
>    Bridge br-tun
>        Port patch-int
>            Interface patch-int
>                type: patch
>                options: {peer=patch-tun}
>        Port br-tun
>            Interface br-tun
>                type: internal
>        Port "gre-2"
>            Interface "gre-2"
>                type: gre
>                options: {in_key=flow, out_key=flow, remote_ip="192.168.0.2"}
>    Bridge br-int
>        Port patch-tun
>            Interface patch-tun
>                type: patch
>                options: {peer=patch-int}
>        Port br-int
>            Interface br-int
>                type: internal
>        Port "tap6514a8cc-b2"
>            tag: 1
>            Interface "tap6514a8cc-b2"
>    ovs_version: "1.4.0+build0"
>
>
>Kernel IP routing table
>Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
>0.0.0.0         192.168.0.253   0.0.0.0         UG    0      0        0 eth1
>10.5.5.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
>10.245.124.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
>192.168.0.0     0.0.0.0         255.255.255.0  

Re: [Openstack] Reg: OpenStack Installation on CentOS 6.3

2013-05-27 Thread Nehal J. Wani 
So I ran

[root@srvr1 ~]#source keystonerc_admin
[root@srvr1 ~(keystone_admin)]# keystone user-password-update --pass
testpass admin
Authorization Failed: [Errno 22] Invalid argument

I am still stuck :(


On Mon, May 27, 2013 at 1:02 PM, Ashutosh Narayan <
aashutoshnara...@gmail.com> wrote:

> Yes, that was fixed when I was able to resolve the hostname.
> Restart openstack-nova-* services and check.
>
> As far as resetting master password is concerned, I think you must
> do so in "keystonerc_admin" file and restart openstack-* services.
> Again run source "keystonerc_admin". This should do.
>
>
> On Mon, May 27, 2013 at 12:52 PM, Nehal J. Wani wrote:
>
>> No, the dashboard appears. But there is bubble on the right side giving
>> that error. How can I master reset the password?
>>
>>
>> On Mon, May 27, 2013 at 12:51 PM, Ashutosh Narayan <
>> aashutoshnara...@gmail.com> wrote:
>>
>>> It means your hostname is not resolvable over the network.
>>> Please verify that it resolves to fully qualified domain name.
>>>
>>>
>>> On Mon, May 27, 2013 at 12:48 PM, Nehal J. Wani 
>>> wrote:
>>>
>>>> Sorry for troubling you,  but now I wasn't able to login to the
>>>> dashboard. Since I ran the script two times, two files were generated:
>>>>
>>>> [root@srvr3 ~]# ls -l packstack-answers-20130527-1*
>>>> -rw---. 1 root root 8277 May 27 11:44
>>>> packstack-answers-20130527-114418.txt
>>>> -rw---. 1 root root 8298 May 27 12:30
>>>> packstack-answers-20130527-123027.txt
>>>>
>>>> the password given in the latest one didn't work but the one in the old
>>>> one worked. But on logging in, I get the error:
>>>>
>>>> *Error: *Unauthorized: Unable to retrieve usage information.
>>>>  × <http://10.3.3.58/dashboard/admin/#>
>>>>
>>>> *Error: *Unauthorized: Unable to retrieve quota information.
>>>>
>>>>
>>>>
>>>> On Mon, May 27, 2013 at 12:46 PM, Ashutosh Narayan <
>>>> aashutoshnara...@gmail.com> wrote:
>>>>
>>>>> Happy stacking :)
>>>>>
>>>>>
>>>>> On Mon, May 27, 2013 at 12:40 PM, Nehal J. Wani <
>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>
>>>>>> Anyway, I restarted the machine and ran the command again. And it
>>>>>> completed till the end. Thanks a lot.
>>>>>>
>>>>>>
>>>>>> On Mon, May 27, 2013 at 12:32 PM, Nehal J. Wani <
>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>
>>>>>>> Yes, BIOS has Virtual Technology enabled. i have already run other
>>>>>>> cloud frameworks such as cloudstack on it successfully. Also, it is 
>>>>>>> able to
>>>>>>> fetch packages, because if I try to reinstall the ones done by the 
>>>>>>> script,
>>>>>>> it says, package already installed.
>>>>>>>
>>>>>>>
>>>>>>> On Mon, May 27, 2013 at 12:28 PM, Ashutosh Narayan <
>>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Check if your BIOS has Virtual Techology enabled ?
>>>>>>>> And restart packstack --allinone command.
>>>>>>>>
>>>>>>>> Another reason is your proxy server is unable to
>>>>>>>> fetch the required packages even after you have
>>>>>>>> added in yum.conf. Re-check !
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, May 27, 2013 at 12:19 PM, Nehal J. Wani <
>>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> i am trying this on a VM as well as a physical machine, but stuck
>>>>>>>>> at the same step on both.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, May 27, 2013 at 12:18 PM, Ashutosh Narayan <
>>>>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Nehal,
>>>>>>>>>>
>>>>>>>>>> I also came across similar issue. When I restarted the virtual
>>>>>>>

Re: [Openstack] Reg: OpenStack Installation on CentOS 6.3

2013-05-27 Thread Ashutosh Narayan 
Yes, that was fixed when I was able to resolve the hostname.
Restart openstack-nova-* services and check.

As far as resetting master password is concerned, I think you must
do so in "keystonerc_admin" file and restart openstack-* services.
Again run source "keystonerc_admin". This should do.


On Mon, May 27, 2013 at 12:52 PM, Nehal J. Wani wrote:

> No, the dashboard appears. But there is bubble on the right side giving
> that error. How can I master reset the password?
>
>
> On Mon, May 27, 2013 at 12:51 PM, Ashutosh Narayan <
> aashutoshnara...@gmail.com> wrote:
>
>> It means your hostname is not resolvable over the network.
>> Please verify that it resolves to fully qualified domain name.
>>
>>
>> On Mon, May 27, 2013 at 12:48 PM, Nehal J. Wani 
>> wrote:
>>
>>> Sorry for troubling you,  but now I wasn't able to login to the
>>> dashboard. Since I ran the script two times, two files were generated:
>>>
>>> [root@srvr3 ~]# ls -l packstack-answers-20130527-1*
>>> -rw---. 1 root root 8277 May 27 11:44
>>> packstack-answers-20130527-114418.txt
>>> -rw---. 1 root root 8298 May 27 12:30
>>> packstack-answers-20130527-123027.txt
>>>
>>> the password given in the latest one didn't work but the one in the old
>>> one worked. But on logging in, I get the error:
>>>
>>> *Error: *Unauthorized: Unable to retrieve usage information.
>>>  × <http://10.3.3.58/dashboard/admin/#>
>>>
>>> *Error: *Unauthorized: Unable to retrieve quota information.
>>>
>>>
>>>
>>> On Mon, May 27, 2013 at 12:46 PM, Ashutosh Narayan <
>>> aashutoshnara...@gmail.com> wrote:
>>>
>>>> Happy stacking :)
>>>>
>>>>
>>>> On Mon, May 27, 2013 at 12:40 PM, Nehal J. Wani >>> > wrote:
>>>>
>>>>> Anyway, I restarted the machine and ran the command again. And it
>>>>> completed till the end. Thanks a lot.
>>>>>
>>>>>
>>>>> On Mon, May 27, 2013 at 12:32 PM, Nehal J. Wani <
>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>
>>>>>> Yes, BIOS has Virtual Technology enabled. i have already run other
>>>>>> cloud frameworks such as cloudstack on it successfully. Also, it is able 
>>>>>> to
>>>>>> fetch packages, because if I try to reinstall the ones done by the 
>>>>>> script,
>>>>>> it says, package already installed.
>>>>>>
>>>>>>
>>>>>> On Mon, May 27, 2013 at 12:28 PM, Ashutosh Narayan <
>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>
>>>>>>> Check if your BIOS has Virtual Techology enabled ?
>>>>>>> And restart packstack --allinone command.
>>>>>>>
>>>>>>> Another reason is your proxy server is unable to
>>>>>>> fetch the required packages even after you have
>>>>>>> added in yum.conf. Re-check !
>>>>>>>
>>>>>>>
>>>>>>> On Mon, May 27, 2013 at 12:19 PM, Nehal J. Wani <
>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>
>>>>>>>> i am trying this on a VM as well as a physical machine, but stuck
>>>>>>>> at the same step on both.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, May 27, 2013 at 12:18 PM, Ashutosh Narayan <
>>>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hi Nehal,
>>>>>>>>>
>>>>>>>>> I also came across similar issue. When I restarted the virtual
>>>>>>>>> machine
>>>>>>>>> and re-did the same step it worked.
>>>>>>>>> Are you doing this setup on a physical machine or a virtual
>>>>>>>>> machine ?
>>>>>>>>>
>>>>>>>>> Thank you,
>>>>>>>>>
>>>>>>>>> On Mon, May 27, 2013 at 12:10 PM, Nehal J. Wani <
>>>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> I have come across the following guide: *
>>>>>>>>>> ht

Re: [Openstack] Reg: OpenStack Installation on CentOS 6.3

2013-05-27 Thread Nehal J. Wani 
No, the dashboard appears. But there is bubble on the right side giving
that error. How can I master reset the password?


On Mon, May 27, 2013 at 12:51 PM, Ashutosh Narayan <
aashutoshnara...@gmail.com> wrote:

> It means your hostname is not resolvable over the network.
> Please verify that it resolves to fully qualified domain name.
>
>
> On Mon, May 27, 2013 at 12:48 PM, Nehal J. Wani wrote:
>
>> Sorry for troubling you,  but now I wasn't able to login to the
>> dashboard. Since I ran the script two times, two files were generated:
>>
>> [root@srvr3 ~]# ls -l packstack-answers-20130527-1*
>> -rw---. 1 root root 8277 May 27 11:44
>> packstack-answers-20130527-114418.txt
>> -rw---. 1 root root 8298 May 27 12:30
>> packstack-answers-20130527-123027.txt
>>
>> the password given in the latest one didn't work but the one in the old
>> one worked. But on logging in, I get the error:
>>
>> *Error: *Unauthorized: Unable to retrieve usage information.
>>  × <http://10.3.3.58/dashboard/admin/#>
>>
>> *Error: *Unauthorized: Unable to retrieve quota information.
>>
>>
>>
>> On Mon, May 27, 2013 at 12:46 PM, Ashutosh Narayan <
>> aashutoshnara...@gmail.com> wrote:
>>
>>> Happy stacking :)
>>>
>>>
>>> On Mon, May 27, 2013 at 12:40 PM, Nehal J. Wani 
>>> wrote:
>>>
>>>> Anyway, I restarted the machine and ran the command again. And it
>>>> completed till the end. Thanks a lot.
>>>>
>>>>
>>>> On Mon, May 27, 2013 at 12:32 PM, Nehal J. Wani >>> > wrote:
>>>>
>>>>> Yes, BIOS has Virtual Technology enabled. i have already run other
>>>>> cloud frameworks such as cloudstack on it successfully. Also, it is able 
>>>>> to
>>>>> fetch packages, because if I try to reinstall the ones done by the script,
>>>>> it says, package already installed.
>>>>>
>>>>>
>>>>> On Mon, May 27, 2013 at 12:28 PM, Ashutosh Narayan <
>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>
>>>>>> Check if your BIOS has Virtual Techology enabled ?
>>>>>> And restart packstack --allinone command.
>>>>>>
>>>>>> Another reason is your proxy server is unable to
>>>>>> fetch the required packages even after you have
>>>>>> added in yum.conf. Re-check !
>>>>>>
>>>>>>
>>>>>> On Mon, May 27, 2013 at 12:19 PM, Nehal J. Wani <
>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>
>>>>>>> i am trying this on a VM as well as a physical machine, but stuck at
>>>>>>> the same step on both.
>>>>>>>
>>>>>>>
>>>>>>> On Mon, May 27, 2013 at 12:18 PM, Ashutosh Narayan <
>>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi Nehal,
>>>>>>>>
>>>>>>>> I also came across similar issue. When I restarted the virtual
>>>>>>>> machine
>>>>>>>> and re-did the same step it worked.
>>>>>>>> Are you doing this setup on a physical machine or a virtual machine
>>>>>>>> ?
>>>>>>>>
>>>>>>>> Thank you,
>>>>>>>>
>>>>>>>> On Mon, May 27, 2013 at 12:10 PM, Nehal J. Wani <
>>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> I have come across the following guide: *
>>>>>>>>> http://openstack.redhat.com/Quickstart
>>>>>>>>>
>>>>>>>>> *
>>>>>>>>> All goes well upto the point
>>>>>>>>>
>>>>>>>>> http://fpaste.org/14704/
>>>>>>>>>
>>>>>>>>> It is forever stuck there.
>>>>>>>>>
>>>>>>>>> Could anyone please help me out?
>>>>>>>>>
>>>>>>>>> I am behind a proxy server and I have added the proxy to
>>>>>>>>> /etc.yum.conf and tested that yum takes up the proxy successfully. is 
>>>>>>>>> there
>>>>>>>>> anything extra that is nee

Re: [Openstack] Reg: OpenStack Installation on CentOS 6.3

2013-05-27 Thread Ashutosh Narayan 
It means your hostname is not resolvable over the network.
Please verify that it resolves to fully qualified domain name.

On Mon, May 27, 2013 at 12:48 PM, Nehal J. Wani wrote:

> Sorry for troubling you,  but now I wasn't able to login to the dashboard.
> Since I ran the script two times, two files were generated:
>
> [root@srvr3 ~]# ls -l packstack-answers-20130527-1*
> -rw---. 1 root root 8277 May 27 11:44
> packstack-answers-20130527-114418.txt
> -rw---. 1 root root 8298 May 27 12:30
> packstack-answers-20130527-123027.txt
>
> the password given in the latest one didn't work but the one in the old
> one worked. But on logging in, I get the error:
>
> *Error: *Unauthorized: Unable to retrieve usage information.
>  × <http://10.3.3.58/dashboard/admin/#>
>
> *Error: *Unauthorized: Unable to retrieve quota information.
>
>
>
> On Mon, May 27, 2013 at 12:46 PM, Ashutosh Narayan <
> aashutoshnara...@gmail.com> wrote:
>
>> Happy stacking :)
>>
>>
>> On Mon, May 27, 2013 at 12:40 PM, Nehal J. Wani 
>> wrote:
>>
>>> Anyway, I restarted the machine and ran the command again. And it
>>> completed till the end. Thanks a lot.
>>>
>>>
>>> On Mon, May 27, 2013 at 12:32 PM, Nehal J. Wani 
>>> wrote:
>>>
>>>> Yes, BIOS has Virtual Technology enabled. i have already run other
>>>> cloud frameworks such as cloudstack on it successfully. Also, it is able to
>>>> fetch packages, because if I try to reinstall the ones done by the script,
>>>> it says, package already installed.
>>>>
>>>>
>>>> On Mon, May 27, 2013 at 12:28 PM, Ashutosh Narayan <
>>>> aashutoshnara...@gmail.com> wrote:
>>>>
>>>>> Check if your BIOS has Virtual Techology enabled ?
>>>>> And restart packstack --allinone command.
>>>>>
>>>>> Another reason is your proxy server is unable to
>>>>> fetch the required packages even after you have
>>>>> added in yum.conf. Re-check !
>>>>>
>>>>>
>>>>> On Mon, May 27, 2013 at 12:19 PM, Nehal J. Wani <
>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>
>>>>>> i am trying this on a VM as well as a physical machine, but stuck at
>>>>>> the same step on both.
>>>>>>
>>>>>>
>>>>>> On Mon, May 27, 2013 at 12:18 PM, Ashutosh Narayan <
>>>>>> aashutoshnara...@gmail.com> wrote:
>>>>>>
>>>>>>> Hi Nehal,
>>>>>>>
>>>>>>> I also came across similar issue. When I restarted the virtual
>>>>>>> machine
>>>>>>> and re-did the same step it worked.
>>>>>>> Are you doing this setup on a physical machine or a virtual machine ?
>>>>>>>
>>>>>>> Thank you,
>>>>>>>
>>>>>>> On Mon, May 27, 2013 at 12:10 PM, Nehal J. Wani <
>>>>>>> nehaljw.k...@gmail.com> wrote:
>>>>>>>
>>>>>>>> I have come across the following guide: *
>>>>>>>> http://openstack.redhat.com/Quickstart
>>>>>>>>
>>>>>>>> *
>>>>>>>> All goes well upto the point
>>>>>>>>
>>>>>>>> http://fpaste.org/14704/
>>>>>>>>
>>>>>>>> It is forever stuck there.
>>>>>>>>
>>>>>>>> Could anyone please help me out?
>>>>>>>>
>>>>>>>> I am behind a proxy server and I have added the proxy to
>>>>>>>> /etc.yum.conf and tested that yum takes up the proxy successfully. is 
>>>>>>>> there
>>>>>>>> anything extra that is needed to be done?
>>>>>>>>
>>>>>>>> Thanking You,
>>>>>>>> Nehal J. Wani
>>>>>>>> UG2, BTech CS+MS(CL)
>>>>>>>> IIIT-Hyderabad
>>>>>>>> http://commanlinewani.blogspot.com
>>>>>>>>
>>>>>>>> ___
>>>>>>>> Mailing list: https://launchpad.net/~openstack
>>>>>>>> Post to : openstack@lists.launchpad.net
>>>>>>>> Unsubscribe : https://launchpad.net/~openstack
>>>>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Ashutosh Narayan
>>>>>>>
>>>>>>> http://ashutoshn.wordpress.com/
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Nehal J. Wani
>>>>>> UG2, BTech CS+MS(CL)
>>>>>> IIIT-Hyderabad
>>>>>> http://commanlinewani.blogspot.com
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Ashutosh Narayan
>>>>>
>>>>> http://ashutoshn.wordpress.com/
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Nehal J. Wani
>>>> UG2, BTech CS+MS(CL)
>>>> IIIT-Hyderabad
>>>> http://commanlinewani.blogspot.com
>>>>
>>>
>>>
>>>
>>> --
>>> Nehal J. Wani
>>> UG2, BTech CS+MS(CL)
>>> IIIT-Hyderabad
>>> http://commanlinewani.blogspot.com
>>>
>>
>>
>>
>> --
>> Ashutosh Narayan
>>
>> http://ashutoshn.wordpress.com/
>>
>>
>
>
> --
> Nehal J. Wani
> UG2, BTech CS+MS(CL)
> IIIT-Hyderabad
> http://commanlinewani.blogspot.com
>



-- 
Ashutosh Narayan

http://ashutoshn.wordpress.com/
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp