[one-users] reg rocci-server: authentication failure
Hi All, I have installed and configured rocci-server (by source) (..A). Installed opennebula 4.6 on another machine (..B). When i try to access using server, i have got the following error curl --insecure -u 'rocci:zaq12wsx' https://10.1.26.32:11443/ *Authentication failed! The following strategies are supported basic!* at B, i have created user rocci oneuser list 18 rocci oneadmin server_c - - - === configuration details as follows *VirtualHost *:11443* *# if you wish to change the default Ruby used to run this app* *PassengerRuby /usr/bin/ruby* *# enable SSL* *SSLEngine on* *# for security reasons you may restrict the SSL protocol, but some clients may fail if SSLv2 is not supported* *SSLProtocol all* *# this should point to your server host certificate* *SSLCertificateFile /etc/grid-security/apache.crt* *# this should point to your server host key* *SSLCertificateKeyFile /etc/grid-security/apache.key* *# directory containing the Root CA certificates and their hashes* *SSLCACertificatePath /etc/grid-security* *SetEnv ROCCI_SERVER_LOG_DIR /var/log/rocci-server* *SetEnv ROCCI_SERVER_ETC_DIR /etc/rocci-server* *SetEnv ROCCI_SERVER_PROTOCOL https* *SetEnv ROCCI_SERVER_HOSTNAME 10.1.26.32* *SetEnv ROCCI_SERVER_PORT 11443* *SetEnv ROCCI_SERVER_AUTHN_STRATEGIES basic* *SetEnv ROCCI_SERVER_HOOKS dummy* *SetEnv ROCCI_SERVER_BACKEND opennebula* *SetEnv ROCCI_SERVER_LOG_LEVEL debug* *SetEnv ROCCI_SERVER_LOG_REQUESTS_IN_DEBUG yes* *SetEnv ROCCI_SERVER_TMP /tmp/rocci_server* *SetEnv ROCCI_SERVER_MEMCACHES 10.1.26.32:11211 http://10.1.26.32:11211 * *## ONE backend* *SetEnv ROCCI_SERVER_ONE_XMLRPC http://10.4.112.11:2633/RPC2 http://10.4.112.11:2633/RPC2 * *SetEnv ROCCI_SERVER_ONE_USERrocci * *SetEnv ROCCI_SERVER_ONE_PASSWD zaq12wsx* */VirtualHost* Log details *[ 2015-01-07 12:38:20.0522 10266/7fc800a7b740 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.10254/generation-0/logging* *[ 2015-01-07 12:38:20.0525 10257/7f9814e6c740 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!* *[Wed Jan 07 12:38:20 2015] [notice] Apache/2.2.22 (Ubuntu) mod_ssl/2.2.22 OpenSSL/1.0.1 Apache rOCCI-server OCCI/1.1 Phusion_Passenger/4.0.44 configured -- resuming normal operations* *[Wed Jan 07 12:38:30 2015] [info] [client 10.1.26.32] Connection to child 0 established (server micloud-nc:443)* *[Wed Jan 07 12:38:30 2015] [info] Seeding PRNG with 656 bytes of entropy* *[Wed Jan 07 12:38:30 2015] [info] Initial (No.1) HTTPS request received for child 0 (server micloud-nc:443)* *App 10353 stdout: * *[ 2015-01-07 12:38:32.2411 10260/7f8088e0e700 Pool2/SmartSpawner.h:297 ]: Preloader for /opt/rOCCI-server started on PID 10353, listening on unix:/tmp/passenger.1.0.10254/generation-0/backends/preloader.10353* *App 10371 stdout: * *[Wed Jan 07 12:38:32 2015] [info] [client 10.1.26.32] Connection closed to child 0 with standard shutdown (server micloud-nc:443)* === Kindly provide solution. regards raj ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Sharing VIP between VMs
OK, thank you. I'll wait for official feature...
Until then I made small modification to Openvswitch.rb, which allows to add IP
aliases to the VM's template by adding IPs to ALIAS_IP=IP1[,IP,IP..] under
NIC section.
This only needed if CONF[:arp_cache_poisoning] is set globally.
$ diff OpenvSwitch.rb OpenvSwitch-bkp.rb
38c38
---
53,56c53
# Allow VIP (aliases), if ARP Cache is ON
allow_vip if CONF[:arp_cache_poisoning]
---
68c65
---
110,116d106
def allow_vip
if @nic[:alias_ip] != nil
ip_array = @nic[:alias_ip].split(,)
ip_array.each { |ip2|
add_flow(in_port=#{port},arp,dl_src=#{@nic[:mac]},nw_src=#{ip2},:normal,46000)
}
end
end
121c111
---
$ diff OpenvSwitch.rb OpenvSwitch-bkp.rb
38c38
---
53,56c53
# Allow VIP (aliases), if ARP Cache is ON
allow_vip if CONF[:arp_cache_poisoning]
---
68c65
---
110,116d106
def allow_vip
if @nic[:alias_ip] != nil
ip_array = @nic[:alias_ip].split(,)
ip_array.each { |ip2|
add_flow(in_port=#{port},arp,dl_src=#{@nic[:mac]},nw_src=#{ip2},:normal,46000)
}
end
end
121c111
---
--
Thank you,
Dmitri Chebotarov
VCL Sys Eng, Engineering Architectural Support, TSD - Ent Servers Messaging
223 Aquia Building, Ffx, MSN: 1B5
Phone: (703) 993-6175 | Fax: (703) 993-3404
On Jan 7, 2015, at 12:52 , Daniel Dehennin daniel.dehen...@baby-gnu.org
wrote:
Dmitri Chebotarov dcheb...@gmu.edu writes:
Hi,
Hello,
Does anyone run pacemaker/corosync cluster in VMs hosted on Opennebula?
Is it possible to share VIP?
With ARP cache poisoning feature enabled
(http://dev.opennebula.org/issues/2318) it's not possible to add
aliased VIPs to the cluster. Unless I manually run 'ovs-ofctl add-flow
br0 in_port=305,arp,dl_src=MAC,nw_src=VIP...' on the host.
The ARP poisoning block can be globally disabled in
/var/lib/one/remotes/vnm/OpenNebulaNetwork.conf, but is it possible to
selectively disable it for a specific VMs only.
There is a feature request to add multiple MAC or IP addresses[1] and
another one to override configuration per networks[2].
Making it configurable per VM, so configurable by users, may be a little
risky.
I prefer the solution of sharing reserved addresses.
Regards.
Footnotes:
[1] http://dev.opennebula.org/issues/2348
[2] http://dev.opennebula.org/issues/3387
--
Daniel Dehennin
Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF
Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Anyone else using the puppet module from epost
Is anyone out there using the puppet module that comes from epost? If so, how do you get it to turn sunstone on? I am using it and it keeps turning sunstone off even though I think I have all the right parameters set. Steve Timm -- Steven C. Timm, Ph.D (630) 840-8525 t...@fnal.gov http://home.fnal.gov/~timm/ Office: Wilson Hall room 804 Fermilab Scientific Computing Division, Scientific Computing Facilities Quadrant., Experimental Computing Facilities Dept., Project Lead for Virtual Facility Project. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Anyone else using the puppet module from epost
On 07 Jan 2015, at 19:36, Steven Timm t...@fnal.gov wrote:
Is anyone out there using the puppet module that comes from epost?
If so, how do you get it to turn sunstone on? I am using it
and it keeps turning sunstone off even though I think I have all
the right parameters set.
Steve Timm
Documentation says:
class { one:
oned = true,
sunstone= true,
sunstone_passenger = true,
}
# $sunstone true|false - default false
# defines where the Sunstone Webinterface should be installed.
# Sunstone Webinterface is fully optional.
#
# $sunstone_passenger - default false
# defines whether Sunstone Webinterface should be started by apache instead of
webrick
# needs separate apache config
# only used if $sunstone is set to true
Please file a bug at github in case that this is not working as expected:
https://github.com/epost-dev/opennebula-puppet-module/issues
--
Steven C. Timm, Ph.D (630) 840-8525
t...@fnal.gov http://home.fnal.gov/~timm/
Office: Wilson Hall room 804
Fermilab Scientific Computing Division,
Scientific Computing Facilities Quadrant.,
Experimental Computing Facilities Dept.,
Project Lead for Virtual Facility Project.
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Sharing VIP between VMs
Dmitri Chebotarov dcheb...@gmu.edu writes: Hi, Hello, Does anyone run pacemaker/corosync cluster in VMs hosted on Opennebula? Is it possible to share VIP? With ARP cache poisoning feature enabled (http://dev.opennebula.org/issues/2318) it's not possible to add aliased VIPs to the cluster. Unless I manually run 'ovs-ofctl add-flow br0 in_port=305,arp,dl_src=MAC,nw_src=VIP...' on the host. The ARP poisoning block can be globally disabled in /var/lib/one/remotes/vnm/OpenNebulaNetwork.conf, but is it possible to selectively disable it for a specific VMs only. There is a feature request to add multiple MAC or IP addresses[1] and another one to override configuration per networks[2]. Making it configurable per VM, so configurable by users, may be a little risky. I prefer the solution of sharing reserved addresses. Regards. Footnotes: [1] http://dev.opennebula.org/issues/2348 [2] http://dev.opennebula.org/issues/3387 -- Daniel Dehennin Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF signature.asc Description: PGP signature ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Sharing VIP between VMs
Hi, Does anyone run pacemaker/corosync cluster in VMs hosted on Opennebula? Is it possible to share VIP? With ARP cache poisoning feature enabled (http://dev.opennebula.org/issues/2318) it's not possible to add aliased VIPs to the cluster. Unless I manually run 'ovs-ofctl add-flow br0 in_port=305,arp,dl_src=MAC,nw_src=VIP...' on the host. The ARP poisoning block can be globally disabled in /var/lib/one/remotes/vnm/OpenNebulaNetwork.conf, but is it possible to selectively disable it for a specific VMs only. -- Thank you, Dmitri Chebotarov VCL Sys Eng, Engineering Architectural Support, TSD - Ent Servers Messaging 223 Aquia Building, Ffx, MSN: 1B5 Phone: (703) 993-6175 | Fax: (703) 993-3404 ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
