Re: [openstack-dev] Glance
Hi Dmitry, I wanted to confirm that the image is getting uploaded fine. Only horizon is showing the "504 Gateway Timeout" error after the upload is complete. Thanks, Tizy On Wed, Jun 11, 2014 at 10:01 AM, Tizy Ninan wrote: > Hi Dmitry, > > Sorry for the late reply. I will try this version of fix and let you know > the status. > > Thanks, > Tizy > > > On Wed, Jun 4, 2014 at 4:51 AM, Dmitry Borodaenko < > dborodae...@mirantis.com> wrote: > >> Here's a fix that increases haproxy server timeout for Horizon to 48h: >> https://review.openstack.org/#/c/97645/ >> >> I've marked the bug as Incomplete for now: we need a confirmation that >> only Horizon is affected and Glance isn't. Please try the current >> version of the fix, if gateway timeouts disappear, it will confirm >> that timeout value for Glance doesn't need to be changed. >> >> Thanks, >> -DmitryB >> >> >> >> On Tue, Jun 3, 2014 at 11:14 AM, Evgeny Kozhemyakin >> wrote: >> > Tizy Ninan wrote : >> >> When uploading images with large filesize (more than 1 GB) from >> dashboard, >> >> after upload is done the dashboard is showing "504 Gateway Timeout". >> What >> > >> > Anyway we've launched a bug for fuel, thank you for the notice. >> > https://bugs.launchpad.net/fuel/+bug/1326082 >> > >> > -- >> > Regards, >> > Evgeny Kozhemyakin (EVK-RIPE) >> > >> > ___ >> > OpenStack-dev mailing list >> > OpenStack-dev@lists.openstack.org >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> >> >> -- >> Dmitry Borodaenko >> >> ___ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Glance
Hi Dmitry, Sorry for the late reply. I will try this version of fix and let you know the status. Thanks, Tizy On Wed, Jun 4, 2014 at 4:51 AM, Dmitry Borodaenko wrote: > Here's a fix that increases haproxy server timeout for Horizon to 48h: > https://review.openstack.org/#/c/97645/ > > I've marked the bug as Incomplete for now: we need a confirmation that > only Horizon is affected and Glance isn't. Please try the current > version of the fix, if gateway timeouts disappear, it will confirm > that timeout value for Glance doesn't need to be changed. > > Thanks, > -DmitryB > > > > On Tue, Jun 3, 2014 at 11:14 AM, Evgeny Kozhemyakin > wrote: > > Tizy Ninan wrote : > >> When uploading images with large filesize (more than 1 GB) from > dashboard, > >> after upload is done the dashboard is showing "504 Gateway Timeout". > What > > > > Anyway we've launched a bug for fuel, thank you for the notice. > > https://bugs.launchpad.net/fuel/+bug/1326082 > > > > -- > > Regards, > > Evgeny Kozhemyakin (EVK-RIPE) > > > > ___ > > OpenStack-dev mailing list > > OpenStack-dev@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > -- > Dmitry Borodaenko > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] keystone
Hi, After restarting keystone with the following command, *$service openstack-keystone restart* it is giving a message "*Aborting wait for keystone to start*". Could you please help on what the problem could be? Thanks, Tizy ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] License Management
Thank You. Regards, Tizy On Fri, May 30, 2014 at 2:34 PM, Thierry Carrez wrote: > Tizy Ninan wrote: > > Are there are any software license management tools available for > > openstack ? For eg. the tool should track the usage of the number of > > instances launched using a particular licensed image. > > Are there any third party tools also available for this? > > This is a development-focused mailing-list, to discuss the future of > OpenStack. Your question might get to a more appropriate audience if it > was asked on the OpenStack general mailing-list, which is focused on > questions about USING OpenStack today: > > https://wiki.openstack.org/wiki/Mailing_Lists > > Cheers, > > -- > Thierry Carrez (ttx) > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] License Management
Hi, Are there are any software license management tools available for openstack ? For eg. the tool should track the usage of the number of instances launched using a particular licensed image. Are there any third party tools also available for this? Thanks, Tizy ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Keystone
Hi, Thanks for the reply. I am still not successful in integrating keystone with active directory. Can you please provide some clarifications related to the following questions. 1. Currently, my active directory schema does not have projects/tenants and roles OU. Is it necessary that I need to create projects/tenants and roles OU in the active directory schema for the keystone to authenticate to active directory.? 2. We added values to the user_tree_dn.Does the tenant_tree_dn and role_tree_dn and group_tree_dn fields needs to be filled in for authenticating? 3.How does the mapping of a user to a project/tenant and role will be done if I try to use active directory to authenticate only the users and use the already existing projects and roles tables in the mysql database? Kindly provide me some insight into these questions. Thanks, Tizy On Tue, May 20, 2014 at 8:27 AM, Adam Young wrote: > On 05/16/2014 05:08 AM, Tizy Ninan wrote: > > Hi, > > We have an openstack Havana deployment on CentOS 6.4 and nova-network > network service installed using Mirantis Fuel v4.0. > We are trying to integrate the openstack setup with the Microsoft Active > Directory(LDAP server). I only have a read access to the LDAP server. > What will be the minimum changes needed to be made under the [ldap] tag in > keystone.conf file?Can you please specify what variables need to be set and > what should be the values for each variable? > > [ldap] > # url = ldap://localhost > # user = dc=Manager,dc=example,dc=com > # password = None > # suffix = cn=example,cn=com > # use_dumb_member = False > # allow_subtree_delete = False > # dumb_member = cn=dumb,dc=example,dc=com > > # Maximum results per page; a value of zero ('0') disables paging > (default) > # page_size = 0 > > # The LDAP dereferencing option for queries. This can be either 'never', > # 'searching', 'always', 'finding' or 'default'. The 'default' option falls > # back to using default dereferencing configured by your ldap.conf. > # alias_dereferencing = default > > # The LDAP scope for queries, this can be either 'one' > # (onelevel/singleLevel) or 'sub' (subtree/wholeSubtree) > # query_scope = one > > # user_tree_dn = ou=Users,dc=example,dc=com > # user_filter = > # user_objectclass = inetOrgPerson > # user_id_attribute = cn > # user_name_attribute = sn > # user_mail_attribute = email > # user_pass_attribute = userPassword > # user_enabled_attribute = enabled > # user_enabled_mask = 0 > # user_enabled_default = True > # user_attribute_ignore = default_project_id,tenants > # user_default_project_id_attribute = > # user_allow_create = True > # user_allow_update = True > # user_allow_delete = True > # user_enabled_emulation = False > # user_enabled_emulation_dn = > > # tenant_tree_dn = ou=Projects,dc=example,dc=com > # tenant_filter = > # tenant_objectclass = groupOfNames > # tenant_domain_id_attribute = businessCategory > # tenant_id_attribute = cn > # tenant_member_attribute = member > # tenant_name_attribute = ou > # tenant_desc_attribute = desc > # tenant_enabled_attribute = enabled > # tenant_attribute_ignore = > # tenant_allow_create = True > # tenant_allow_update = True > # tenant_allow_delete = True > # tenant_enabled_emulation = False > # tenant_enabled_emulation_dn = > > # role_tree_dn = ou=Roles,dc=example,dc=com > # role_filter = > # role_objectclass = organizationalRole > # role_id_attribute = cn > # role_name_attribute = ou > # role_member_attribute = roleOccupant > # role_attribute_ignore = > # role_allow_create = True > # role_allow_update = True > # role_allow_delete = True > > # group_tree_dn = > # group_filter = > # group_objectclass = groupOfNames > # group_id_attribute = cn > # group_name_attribute = ou > # group_member_attribute = member > # group_desc_attribute = desc > # group_attribute_ignore = > # group_allow_create = True > # group_allow_update = True > # group_allow_delete = True > > Kindly help us to resolve the issue. > > Thanks, > Tizy > > > > ___ > OpenStack-dev mailing > listOpenStack-dev@lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > http://www.youtube.com/watch?v=w3Yjlmb_68g > > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Glance
Hi, We have an openstack deployment (Havana on CentOS) in HA mode with nova-network service deployed using Mirantis Fuel v4.0 . When uploading images with large filesize (more than 1 GB) from dashboard, after upload is done the dashboard is showing "504 Gateway Timeout". What could be the problem? Can anyone please help me on resolving this issue? Thanks, Tizy ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Keystone
Hi, We have an openstack Havana deployment on CentOS 6.4 and nova-network network service installed using Mirantis Fuel v4.0. We are trying to integrate the openstack setup with the Microsoft Active Directory(LDAP server). I only have a read access to the LDAP server. What will be the minimum changes needed to be made under the [ldap] tag in keystone.conf file?Can you please specify what variables need to be set and what should be the values for each variable? [ldap] # url = ldap://localhost # user = dc=Manager,dc=example,dc=com # password = None # suffix = cn=example,cn=com # use_dumb_member = False # allow_subtree_delete = False # dumb_member = cn=dumb,dc=example,dc=com # Maximum results per page; a value of zero ('0') disables paging (default) # page_size = 0 # The LDAP dereferencing option for queries. This can be either 'never', # 'searching', 'always', 'finding' or 'default'. The 'default' option falls # back to using default dereferencing configured by your ldap.conf. # alias_dereferencing = default # The LDAP scope for queries, this can be either 'one' # (onelevel/singleLevel) or 'sub' (subtree/wholeSubtree) # query_scope = one # user_tree_dn = ou=Users,dc=example,dc=com # user_filter = # user_objectclass = inetOrgPerson # user_id_attribute = cn # user_name_attribute = sn # user_mail_attribute = email # user_pass_attribute = userPassword # user_enabled_attribute = enabled # user_enabled_mask = 0 # user_enabled_default = True # user_attribute_ignore = default_project_id,tenants # user_default_project_id_attribute = # user_allow_create = True # user_allow_update = True # user_allow_delete = True # user_enabled_emulation = False # user_enabled_emulation_dn = # tenant_tree_dn = ou=Projects,dc=example,dc=com # tenant_filter = # tenant_objectclass = groupOfNames # tenant_domain_id_attribute = businessCategory # tenant_id_attribute = cn # tenant_member_attribute = member # tenant_name_attribute = ou # tenant_desc_attribute = desc # tenant_enabled_attribute = enabled # tenant_attribute_ignore = # tenant_allow_create = True # tenant_allow_update = True # tenant_allow_delete = True # tenant_enabled_emulation = False # tenant_enabled_emulation_dn = # role_tree_dn = ou=Roles,dc=example,dc=com # role_filter = # role_objectclass = organizationalRole # role_id_attribute = cn # role_name_attribute = ou # role_member_attribute = roleOccupant # role_attribute_ignore = # role_allow_create = True # role_allow_update = True # role_allow_delete = True # group_tree_dn = # group_filter = # group_objectclass = groupOfNames # group_id_attribute = cn # group_name_attribute = ou # group_member_attribute = member # group_desc_attribute = desc # group_attribute_ignore = # group_allow_create = True # group_allow_update = True # group_allow_delete = True Kindly help us to resolve the issue. Thanks, Tizy ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Fuel
Hi, Thanks for the reply. The SELinux boolean variable authlogin_nsswitch_use_ldap is not available in the list of booleans. So, how do I manually add the boolean? This boolean is required to be set to enable ldap authentication. Thanks, Tizy On Fri, May 9, 2014 at 8:52 AM, Adam Young wrote: > On 05/06/2014 09:01 PM, Roman Sokolkov wrote: > > Tizy, > > Selinux is disabled on all nodes under Fuel. > > > https://github.com/stackforge/fuel-library/blob/stable/4.0/deployment/puppet/cobbler/templates/kickstart/centos.ks.erb#L32 > > > You could check it by "getenforce" command. It should report "Disabled". > > So you could simply pass all steps related to Selinux. > > Thank you. > > Yeah, you don't need to deal with SELinux if SELinux is disabled. > > > > > > On Tue, May 6, 2014 at 12:51 AM, Tizy Ninan wrote: > >> Hi >> >> We are trying to integrate the openstack setup with the Microsoft >> Active Directory(LDAP server). >> >> As per openstack documentation, >> http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html >> in >> order to integrate with an LDAP server, an SELinux Boolean variable >> ‘authlogin_nsswitch_use_ldap’ needs to be set. We tried setting the >> variable using the following command. >> $ setsebool –P authlogin_nsswitch_use_ldap 1 >> It returned a message stating SElinux is disabled. We changed the status >> of SElinux to permissive mode and tried setting the boolean variable, but >> it returned a message stating ‘record not found in the database’. >> >> We also tried retrieving all the boolean variables by using the following >> command >> $getsebool –a >> It listed out all the boolean variables, but there was no variable named >> ‘authlogin_nsswitch_use_ldap’ in the list. >> In order to add the variable we needed semanage. When executing the >> ‘semanage’ command it returned ‘command not found’. To install semanage we >> tried installing policycoreutils-python. It showed no package >> policycoreutils-python available. >> >> We are using Mirantis Fuel v4.0. We have an openstack Havana deployment >> on CentOS 6.4 and nova-network network service. >> Can you please help us on why the SELinux boolean variable >> (authlogin_nsswitch_use_ldap) is not available. Is it because the CentOS >> image provided by the Fuel master node does not provide the SELinux >> settings? Is there any alternative ways to set this boolean variable? >> >> Kindly help us to resolve this issue. >> >> ___ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > -- > Roman Sokolkov, > Deployment Engineer, > Mirantis, Inc. > Skype rsokolkov, > rsokol...@mirantis.com > > > ___ > OpenStack-dev mailing > listOpenStack-dev@lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Fuel
Hi We are trying to integrate the openstack setup with the Microsoft Active Directory(LDAP server). As per openstack documentation, http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html in order to integrate with an LDAP server, an SELinux Boolean variable ‘authlogin_nsswitch_use_ldap’ needs to be set. We tried setting the variable using the following command. $ setsebool –P authlogin_nsswitch_use_ldap 1 It returned a message stating SElinux is disabled. We changed the status of SElinux to permissive mode and tried setting the boolean variable, but it returned a message stating ‘record not found in the database’. We also tried retrieving all the boolean variables by using the following command $getsebool –a It listed out all the boolean variables, but there was no variable named ‘authlogin_nsswitch_use_ldap’ in the list. In order to add the variable we needed semanage. When executing the ‘semanage’ command it returned ‘command not found’. To install semanage we tried installing policycoreutils-python. It showed no package policycoreutils-python available. We are using Mirantis Fuel v4.0. We have an openstack Havana deployment on CentOS 6.4 and nova-network network service. Can you please help us on why the SELinux boolean variable (authlogin_nsswitch_use_ldap) is not available. Is it because the CentOS image provided by the Fuel master node does not provide the SELinux settings? Is there any alternative ways to set this boolean variable? Kindly help us to resolve this issue. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev