Re: [openstack-dev] Syntribos Error : AttributeError: 'tuple' object has no attribute 'headers'
Link: https://openstack.nimeyo.com/89478/?show=89495#c89495 From: run2obtain @David. Thanks for responding, it is quite painful to use such a service with no documentation especially as a non-python guy. BTW, what could be a possible resolution approach ? __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Syntribos Error : AttributeError: 'tuple' object has no attribute 'headers'
Link: https://openstack.nimeyo.com/89478/?show=89478#q89478 From: run2obtain Hi... I tried to use OpenStack Syntribos today for security testing against my devstack kilo cloud. I followed installation and configuration instructions provided at the openstack syntribos repo .Unfortunately, I received some errors after running the command : syntribos keystone.config .opencafe/templates/keystone/roles_get.txt . The errors are File "/usr/local/lib/python2.7/dist-packages/syntribos/extensions/identity/client.py", line 146, in get_token_v3 return r.headers["X-Subject-Token"] AttributeError: 'tuple' object has no attribute 'headers'. ' I have not been successful at discovering what could be wrong or how to resolve this issue, even after googling. Does anyone have a hint as to how to resolve this issue. Many thanks for your anticipated response. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [kolla] better solution for the non-ini format configure file
Link: https://openstack.nimeyo.com/83165/?show=88496#a88496
From: AndrewLiu
Recently, we find this feature of ansible:http://docs.ansible.com/ansible/playbooks_loops.html#finding-first-matched-files
A specific path of template file can be add in the ansible task.
If a user want to customize an non-ini template file, the user can copy the template file to the customization directory, and modify the template file as the user wants.
An example of how to modify the ansible task:
change from:
- name: Copying over horizon.conf
template:
src: "{{ item }}.conf.j2"
dest: "{{ node_config_directory }}/{{ item }}/{{ item }}.conf"
with_items:
- "horizon"
to:
- name: Copying over horizon.conf
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/horizon/horizon.conf"
with_first_found:
- "{{ node_custom_config }}/horizon.conf.j2"
- "horizon.conf.j2"
But a convention of how to organize the directory structure of customization template files should be addressed.
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] How to list all the servers of a user across projects
Link: https://openstack.nimeyo.com/86042/?show=86116#a86116 From: imocha http://localhost:8774/v2.1/a90db774c8fb48b290a161f075a862f6/servers/detail?all_tenants=1&user_id=d3d1ffa545c840148aeeffa62b69aa06 I am able to achieve the functionality using the above api. However, if requires admin role and if I dont add the user_id filter, it lists all the servers from all projects from all domains. This is of my concern. How do I restrict this to only one domain. How to create admin at domain level? The default admin with the Mitaka installation is above all the domains and can do everything. This would be for cloud administrator. I wanted to still have this and would like to have admin at Domain level which would be mapped to each organisation while hosting this solution for public cloud. I dont have clear documentation on policy implementation and Attribute base access control. How the token information would be used to restrict access to API and filter the result based on the token that is used in the API request. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] How to list all the servers of a user across projects
Link: https://openstack.nimeyo.com/86042/?show=86042#q86042 From: imocha How to list all the servers owned by the user across projects. I tried to create token scoped to a project and able to list the servers on that project using the compute end point http://localhost:8774/v2.1/servers However, I wanted to get all the list of servers for all the projects a user created. Initially I wanted to change the policy.json under nova but could not get it working. The rule in the policy is: "isadmin:True or projectid:%(project_id)s" is there a way to get all the servers for the user in the domain by modifying the above rule. Also, how to access the attributes of the token passed. I looked at the content of the token in the token table in keystone database. If you look at the token "extra" field, it is a json file containing the token details. Can we access this token information from the Policy.json so that we can write appropriate rule to evaluate? I tried to use the syntax like "token.domain.id" but does not work. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] How to single sign on with windows authentication with Keystone
Link: https://openstack.nimeyo.com/85057/?show=85707#c85707 From: imocha I am trying to follow the steps. I am able to install ADFS and would like to proceed further. However, I am having issues with setting up SSL endpoints for Keystone V3. I am using Mitaka. Is there any step that I can use. I am using packstack to install the Mitaka and wanted to enable SSL for the identity endpoints to work with ADFS for SAML2 flow. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Admin user creating servers for other users using Nova api
Link: https://openstack.nimeyo.com/85058/?show=85058#q85058 From: imocha The servers created by nova api is owned by the user who created the server. i.e. based on the token used at the time of calling the Nova API. If I want to have an admin create the server and assign ownership to a user. Is there any way to add the user_id in the server creation json request. One way is to use create TRUSTs and impersonal the user and create the server. However, in this case, it would be an overhead for the admin user and also the users need to first create the trust and admin can use the trust to generate the token. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] How to single sign on with windows authentication with Keystone
Link: https://openstack.nimeyo.com/85057/?show=85057#q85057 From: imocha I have to call the keystone APIs and want to use the windows authentication using Active Directory. Keystone provides integration with AD at the back end. To get the initial token to use OpenStack APIs, I need to pass user name and password in the keystone token creation api. Since I am already logged on to my windows domain, is there any way that I can get the token without passing the password in the api. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [kolla] Using existing ceph pools
Link: https://openstack.nimeyo.com/67172/?show=67172#q67172 From: kunciil I am planning to use an existing Ceph pool, the question is how to avoid [storage] group creating new Ceph pool with 'enableceph: "yes"' and how to pass existing Ceph values (rbduser,libvirtimagesrbd_pool etc...) to Nova, Glance and Cinder config files? __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [kolla] ValueError: No JSON object could be decoded
Link: https://openstack.nimeyo.com/67158/?show=67158#q67158
From: kunciil
TASK: [ceph | Fetching Ceph keyrings] *
fatal: [gridppcl11 -> gridppcl13] => Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ansible/runner/init.py", line 586, in executor
execrc = self.executorinternal(host, newstdin)
File "/usr/lib/python2.7/site-packages/ansible/runner/init.py", line 789, in _executorinternal
return self.executorinternalinner(host, self.modulename, self.moduleargs, inject, port, complexargs=complexargs)
File "/usr/lib/python2.7/site-packages/ansible/runner/init.py", line 1101, in _executorinternalinner
data['changed'] = utils.checkconditional(changedwhen, self.basedir, inject, failonundefined=self.erroronundefinedvars)
File "/usr/lib/python2.7/site-packages/ansible/utils/init.py", line 265, in checkconditional
conditional = template.template(basedir, conditional, inject, failonundefined=failonundefined)
File "/usr/lib/python2.7/site-packages/ansible/utils/template.py", line 124, in template
varname = templatefromstring(basedir, varname, templatevars, failonundefined)
File "/usr/lib/python2.7/site-packages/ansible/utils/template.py", line 382, in templatefromstring
res = jinja2.utils.concat(rf)
File "", line 9, in root
File "/usr/lib64/python2.7/json/init.py", line 338, in loads
return _defaultdecoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 365, in decode
obj, end = self.rawdecode(s, idx=w(s, 0).end())
File "/usr/lib64/python2.7/json/decoder.py", line 383, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
FATAL: all hosts have already failed -- aborting
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Is latest PyCharm license still available?
Link: https://openstack.nimeyo.com/65517/?show=65517#q65517 From: vanderwl I tried the link above, but got: "Invitation code is not valid." from the jetbrains website. Has something in getting the license steps changed again? __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] openstack-barbican-authenticate-keystone-barbican-command
Link: https://openstack.nimeyo.com/62868/?show=63238#c63238
From: marif82
Hi Dave,
Thanks for your response.
I am the beginner in OpenStack so I don't know how to get Keystone token so I searched and found "admintoken = a682f596-76f3-11e3-b3b2-e716f9080d50" in keystone.conf file. As you suggested i have removed the projectid from curl command and X-Auth-Token in curl command as per your suggestion and I am still getting the same error, please see below:
bash-4.2$ curl -X POST -H 'content-type:application/json' -H 'X-Auth-Token:a682f59676f311e3b3b2e716f9080d50' -H 'X-Project-Id:12345' -d '{"payload": "my-secret-here", "payloadcontenttype": "text/plain"}' http://localhost:9311/v1/secrets -v
* About to connect() to localhost port 9311 (#0)
* Trying ::1...
* Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 9311 (#0)
POST /v1/secrets HTTP/1.1
User-Agent: curl/7.29.0
Host: localhost:9311
Accept: /
content-type:application/json
X-Auth-Token:a682f59676f311e3b3b2e716f9080d50
X-Project-Id:12345
Content-Length: 67
* upload completely sent off: 67 out of 67 bytes
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=UTF-8
< Content-Length: 23
< WWW-Authenticate: Keystone uri='http://localhost:35357'
< Connection: close
<
* Closing connection 0
Authentication requiredbash-4.2$
Please help me.
Regards,
Arif
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] openstack-barbican-authenticate-keystone-barbican-command
Link: https://openstack.nimeyo.com/62868/?show=62868#q62868
From: marif82
Hi Asha,
I am also getting the same error when I am executing the curl command to create secret.
bash-4.2$ curl -X POST -H 'content-type:application/json' -H 'X-Project-Id:12345' -d '{"payload": "my-secret-here","payloadcontenttype": "text/plain"}' http://localhost:9311/v1/secrets
Authentication requiredbash-4.2$
Can you please help me how you have solved this problem. I am using the safenet HSM for MKEK and HMAC and it generated successfully on HSM partition.
Please help me to resolve this issue.
Thanks & Regards,
Arif
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Sahara] Data locality when reading from Swift in MapReduce
Link: https://openstack.nimeyo.com/60317/?show=60317#q60317 From: lukas I'm using the hadoop-swiftfs from the sahara-extra project to read input from Swift during my MapReduce jobs. The hadoop version I am using is 2.6.0 and this already came with the hadoop-openstack additions. I set fs.swift.service.sahara.location-aware to true in my core-site.xml and the location of input splits is correctly identified. However, it still seems that reads from MapReduce go through the Swift proxy as the proxy's network is always fully utilised. Is there a way of directly reading from the object servers and avoid sending everything to the proxy first? __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] New PyCharm License
Link: https://openstack.nimeyo.com/59599/?show=59903#a59903 From: joonmyung Hello Andrew, My Launchpad id is joon-myung-kang Thanks, Joon __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] openstack-dahboard directory is not created
Link: https://openstack.nimeyo.com/59453/?show=59660#c59660 From: vidya Thanks all, setting up the basic environment first by manually installing using rpm file from the local and then Using the latest horizon and its dependencies resolved the above issue. thanks again, appreciate your help. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] openstack-dahboard directory is not created
Link: https://openstack.nimeyo.com/59453/?show=59453#q59453 From: vidya I am trying to create openstack -dashboard on my VM and /usr/share/openstack-dashboard in not create. Please help me what i am missing here. here is what i tried 1 yum install openstack-selinux 2 yum install yum-plugin-priorities 3 yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm 4 yum install openstack-dashboard httpd mod_wsgi memcached python-memcached 5 yum install python-pip 6 yum groupinstall 'Development Tools' 7 yum install python-devel 8 yum install libffi-devel 9 yum install openssl-devel 10 pip install dep/horizon-2014.1.1.tar.gz 11 yum install openstack-dashboard 12 yum upgrade 13 reboot 14 history 15 yum install openstack-dashboard 16 pip install horizon-2014.1.1.tar.gz 16 execution gave me this Processing ./dep/horizon-2014.1.1.tar.gz Requirement already satisfied (use --upgrade to upgrade): horizon==2014.1.1 from file:///home/centos/dep/horizon-2014.1.1.tar.gz in /usr/lib/python2.7/site-packages Requirement already satisfied (use --upgrade to upgrade): Django<1.7,>=1.4 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): django-compressor>=1.3 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): django-openstack-auth>=1.1.4 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): eventlet>=0.13.0 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): iso8601>=0.1.9 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): kombu>=2.4.8 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): lesscpy>=0.9j in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): lockfile>=0.8 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): netaddr>=0.7.6 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): pbr<1.0,>=0.6 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): python-ceilometerclient>=1.0.6 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): python-cinderclient>=1.0.6 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): python-glanceclient>=0.9.0 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): python-heatclient>=0.2.3 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): python-keystoneclient>=0.7.0 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): python-neutronclient<3,>=2.3.4 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): python-novaclient>=2.17.0 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): python-swiftclient>=1.6 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): python-troveclient>=1.0.3 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): pytz>=2010h in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): six>=1.6.0 in /usr/lib/python2.7/site-packages (from horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): django-appconf>=0.4 in /usr/lib/python2.7/site-packages (from django-compressor>=1.3->horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): oslo.policy>=0.5.0 in /usr/lib/python2.7/site-packages (from django-openstack-auth>=1.1.4->horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): oslo.config>=2.3.0 in /usr/lib/python2.7/site-packages (from django-openstack-auth>=1.1.4->horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): greenlet>=0.3 in /usr/lib64/python2.7/site-packages (from eventlet>=0.13.0->horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): amqp<2.0,>=1.4.5 in /usr/lib/python2.7/site-packages (from kombu>=2.4.8->horizon==2014.1.1) Requirement already satisfied (use --upgrade to upgrade): anyjson>=0.3.3 in /usr/lib/python2.7/site-packages (from kombu>=2.4.8->horizon=
