Re: [Openstack] recover a deleted instance by mistake

2016-07-22 Thread Tomas Vondra 
David Gabriel  writes:

> 
> 
> Thank very much.I forget to precise that I use the dashborad to delete the
instance.
> My storage system does not make any redundancy !
> 
> 
> Dears,
> I have recently deleted one instance by mistake.
> Is it possible to recover it ?
> Any help is welcome.
> Thanks in advance.
> regards

Through OpenStack means, no. But if you have the previously mentioned
default configuration, which stores instance disks as qcow2 images, you may
be able to work some magic using ext4magic (undelete tool for journalled ext
fs) on /var/lib/nova/instances of the compute node where it ran on..
Tomas


___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [neutron] - vlan-aware-vms

2016-07-22 Thread Kevin Benton 
Since they are essentially regular ports in the neutron data model, the
regular rules for attaching to networks would apply. So you can should be
able to create a sub-port on another network if that network is shared with
you (either globally shared or via RBAC).

On Wed, Jul 13, 2016 at 8:55 AM, Farhad Sunavala  wrote:

>
> Below is the latest spec for vlan-aware-vms
>
>
> https://specs.openstack.org/openstack/neutron-specs/specs/newton/vlan-aware-vms.html
> 
>
>
>
> I have a quick question on the above. (multi-tenancy).
>
> Assume the case of nested containers in a VM.
>
> Yes, the containers can be in different networks of the same tenant and
> the above blue-print will handle the case very well.
> How does it work when the containers are in different networks in
> different tenants ?
>
> The trick is to create neutron ports (for the subports) and then link them
> to the trunk port using
>
> neutron trunk-subport-add TRUNK \
>PORT[,SEGMENTATION-TYPE,SEGMENTATION-ID] \
>[PORT,...]
>
>
> In the above command all the neutron ports (trunk  ports and subports)
> must be in the same tenant.
> As far as I know, a tenant will not see neutron ports from another tenant.
>Or will this command allow
> neutron ports from different tenants to be attached ?
>
> Solution1:
>
>
> C1(ten1)   C2(ten2)
> |   |
> 
> OVS bridge inside VM
> 
> |
> | Trunk port
> |
> 
> br-trunk (vlan-aware-vms spec)
> 
>
> E.g.  VM "X" consists of containers C1 in Tenant 1 with portID = C1
> (network dn1)
> container C2 in Tenant 2 with portID = C2 (network dn2)
> The trunk port of VM "X" is in tenant 100 with portID = T1 (network dt)
>
> Will the above command allow a neutron trunk to have neutron sub-ports in
> different tenants ?
>
> neutron trunk-subport-add T1 \
>A  vlan 1 \
>B vlan 2
>
>
> Solution2:
> Have a separate trunk port for each tenant connected to the vM
>
> C1(Ten1)C2(Ten2)
> ||
> ||
> ---
> OVS bridge inside VM
> 
> |  |
> |Trunk(Ten1)  | (Trunk(Ten2)
> |  |
> -
> br-trunk (vlan-aware-vms spec)
> ---
>
> If the approach is solution2, then the issue is that Nova will not
> allow a neutron port to be attached to a VM (if the neutron port
> belongs to another tenant).
>
>
> Any pointers will be highly appreciated.
>
> thanks,
> Farhad.
>
>
>
>
>
>
>
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] lanch instance from image located in the admin tab (dashboard)

2016-07-22 Thread David Gabriel 
Thank you Rusty for your help.
Yes I should make the image public in order to instancitate it !

But now I have an other issue.
In fact, I lanch the image and my VM is running. It is attached with a key
as well.
When I try to connect to this VM using ssh command:
ssh -i mykey.pem ubuntu@my_ip_address
I am then asked to enter the password:
ubuntu@my_ip_address 's password:
However, I never set a password during the VM creation.
I recognize that the image is not mine so I don't konw how to fix this
problem in order to connect to my VM without entering the password ?

Thanks in advance.
Best regards





2016-07-21 18:00 GMT+02:00 Rusty Lynch :

>
>
> On 07/21/2016 10:44 AM, David Gabriel wrote:
>
>  Dears,
>
> I am working in one project where some images exist in admin tab but it do
> not in project one (dashboard).
> I don't know how to lanch one instance basing on this image that only
> exists in the admin tab (and not the project one).
>
>
> Perhaps the image is not set as public, so your specific project can not
> see the image.  You can make the image public from horizon when you log in
> as admin.
>
> --rusty
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Trove: The Parameter (VolumeType) was not defined in template

2016-07-22 Thread Amrith Kumar 
This is the heat template as we discussed on IRC.

> -Original Message-
> From: Turbo Fredriksson [mailto:tu...@bayour.com]
> Sent: Thursday, July 21, 2016 6:05 PM
> To: OpenStack Mailing List 
> Subject: [Openstack] Trove: The Parameter (VolumeType) was not defined in
> template
> 
> I'm trying to setup Trove, but I'm getting that error
> in the logs.
> 
> I'm not sure where to look, I can't find any references
> to any "template" in any documentation I've found (which
> isn't many).
> --
> Geologists recently discovered that "earthquakes" are
> nothing more than Bruce Schneier and Chuck Norris
> communicating via a roundhouse kick-based cryptosystem.
> 
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-
> bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-
> bin/mailman/listinfo/openstack

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Sahara] Sahara can't SSH into instances - can'treadSSH protocol banner

2016-07-22 Thread Jeremy Freudberg 
I have two Openstack environments, both configured in the same way.
(The main difference is one has one controller and one compute node,
and the other has two controllers and many compute nodes.) Rootwrap
fixes my problem in the small environment, but the error persists in
the big one. There isn't much in the logs, other than the same
not-very-helpful error about how Sahara can't read the SSH protocol
banner. The only other problem I notice is that if I keep an eye on
the running processes spawned by the sahara user, I do not see any
calls to "ip netns exec" in the problematic environment (only
_sahara-subprocess), while I do see these processes running in the
working environment. Even if I don't use rootwrap, and instead run
sahara-all process as root user directly, I still don't have success.
So many it is not rootwrap/permissions issue.

On Thu, Jul 21, 2016 at 10:07 PM, fuguangping
 wrote:
> Using rootwrap solve my problem, can you show some more detail information
> like sahara config & error logs ?
>
>
> -- Original --
> From:  "Jeremy Freudberg";
> Date:  Thu, Jul 21, 2016 11:26 PM
> To:  "fuguangping";
> Cc:  "openstack";
> Subject:  Re: [Openstack] [Sahara] Sahara can't SSH into instances -
> can'treadSSH protocol banner
>
> Hi there, I tried using rootwrap, but I must have configured it
> wrong... I followed the guide here
> http://docs.openstack.org/developer/sahara/userdoc/advanced.configuration.guide.html#non-root-users
> . I still get error. However, when I manually start
> openstack-sahara-all service as root, I get success. So you are right,
> it has to do with permissions of Sahara user. Have you successfully
> used Sahara rootwrap yourself with success? Any help is appreciated.
>
> Thanks so much,
> Jeremy Freudberg
>
> On Wed, Jul 20, 2016 at 9:58 PM, fuguangping
>  wrote:
>> Hi Jeremy,
>>
>>
>> Did you use rootwrap? If not, you can try
>>
>> this:https://ask.openstack.org/en/question/87430/sahara-cant-login-to-nodes/
>> . Remember to reboot sahara-engine after update your configuration.
>>
>> -- Original --
>> From:  "Jeremy Freudberg";
>> Date:  Thu, Jul 21, 2016 01:55 AM
>> To:  "Nikita Konovalov";
>> Cc:  "openstack";
>> Subject:  Re: [Openstack] [Sahara] Sahara can't SSH into instances -
>> can'tread SSH protocol banner
>>
>> Hi again, Nikita.
>>
>> Also note that I can SSH between instances as well, in addition to
>> doing so through ip netns on the Openstack controller node. So it must
>> not be an issue with SSH itself, or with TCP traffic in between
>> instances.
>>
>> Thanks for your help.
>> Jeremy
>>
>> On Wed, Jul 20, 2016 at 11:32 AM, Nikita Konovalov
>>  wrote:
>>> Hi, Jeremy.
>>>
>>> It looks like there might be a problem in instance to instance
>>> communication. Could you please check that the tcp traffic between
>>> instances
>>> is not blocked. Especially on port 22.
>>>
>>> Could you also send witch version of Sahara do you have and what versions
>>> of
>>> python dependencies are installed in your system.
>>>
>>> On Wed, Jul 20, 2016 at 6:20 PM, Jeremy Freudberg  wrote:

 Hi all, I'm having an issue with Sahara accessing its instances. This
 is over private IP, not public/floating. I have use_floating_ips =
 false and use_namespaces = true in sahara.conf. My setup also uses
 Neutron, so use_neutron = true as well.

 Here is an excerpt from the logs:

 DEBUG sahara.utils.ssh_remote
 [req-ad9e16b1-176b-4283-92ea-e2032928e3a0 ] [instance:
 f2145fd1-fa9e-4d45-9d61-653bb6d6dd6d, cluster:
 6493dfa9-4875-4844-abd4-d425b3312ee4] Returning neutron info: {'host':
 u'192.168.201.23', 'tenant': u'jfr...@bu.edu', 'network':
 u'433d83c0-1f7f-4fb7-b4a1-995b47344ac4'} get_neutron_info
 /usr/lib/python2.7/site-packages/sahara/utils/ssh_remote.py:581

 DEBUG sahara.service.engine [req-ad9e16b1-176b-4283-92ea-e2032928e3a0
 ] [instance: f2145fd1-fa9e-4d45-9d61-653bb6d6dd6d, cluster:
 6493dfa9-4875-4844-abd4-d425b3312ee4] Can't login to node, IP:
 192.168.201.23, reason SSHException: Error reading SSH protocol banner

 We would think this to be a networking issue, right? (Or maybe an SSH
 issue...) However, when I perform the SSH command manually, I can
 connect to my instances:

 ip netns exec qdhcp-433d83c0-1f7f-4fb7-b4a1-995b47344ac4 ssh -i
 /path/to/private/key ubuntu@192.168.201.23

 The above command executes successfully and SSH connects.

 Any help is greatly appreciated.

 Thanks,
 Jeremy Freudberg

 ___
 Mailing list:
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
 Post to : openstack@lists.openstack.org
 Unsubscribe :
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>>
>>>
>>>
>>> --
>>> Best Regards,
>>> Nikita Konovalov
>>> Mirantis, Inc
>>
>> _

Re: [Openstack] Trove: The Parameter (VolumeType) was not defined in template

2016-07-22 Thread Turbo Fredriksson 
On Jul 22, 2016, at 2:55 PM, Amrith Kumar wrote:

> This is the heat template as we discussed on IRC.


Right.


Since there is absolutly no mention about Trove not
working [correctly/at all] with Heat any where on
the 'Net, could we please have that added to the
documentation? And the config option either removed
or a mentioning there as well?
--
Geologists recently discovered that "earthquakes" are
nothing more than Bruce Schneier and Chuck Norris
communicating via a roundhouse kick-based cryptosystem.


___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Quota changes don't "take"

2016-07-22 Thread Turbo Fredriksson 
I'm running

- s n i p -
for proj in default $(openstack project list --column Name --format csv \
--quote none | grep -v ^Name)
do
openstack quota set --key-pairs 5 --fixed-ips 20 --floating-ips 50 \
--volumes 50 --snapshots 10 --ram 10240 --injected-files 10 \
--gigabytes 100 --secgroups 50 --secgroup-rules 50 --instances 30 \
"${proj}"

neutron quota-update --tenant-id "${proj}" --network 5 --subnet 10 \
--port 50 --router 2 --floatingip 200 --security-group 50 \
--security-group-rule 50 --vip 50 --health-monitor 50
done
- s n i p -

Looking in the databases:

- s n i p -
bladeA01:~# mysql -uroot -psecret -hlocalhost nova -e 'select * from quotas 
where resource="security_groups" or resource="instances" order by 
project_id,resource'
Warning: Using a password on the command line interface can be insecure.
+-+-+-++--+-++-+
| id  | created_at  | updated_at  | deleted_at | project_id 
  | resource| hard_limit | deleted |
+-+-+-++--+-++-+
|  85 | 2016-07-22 22:25:12 | 2016-07-22 22:38:16 | NULL   | 
04ee0e71babe4fd7aa16c3f64a8fca89 | instances   | 30 |   0 ||  
89 | 2016-07-22 22:25:12 | 2016-07-22 22:28:00 | NULL   | 
04ee0e71babe4fd7aa16c3f64a8fca89 | security_groups | 50 |   0 || 
117 | 2016-07-22 22:28:08 | NULL| NULL   | 
55de35baa6aa48ac83825a3ac2e3100e | instances   | 30 |   0 |
| 121 | 2016-07-22 22:28:08 | NULL| NULL   | 
55de35baa6aa48ac83825a3ac2e3100e | security_groups | 50 |   0 || 
125 | 2016-07-22 22:28:15 | NULL| NULL   | 
733bfa1cf26844778a7499a113f1ba54 | instances   | 30 |   0 || 
129 | 2016-07-22 22:28:16 | NULL| NULL   | 
733bfa1cf26844778a7499a113f1ba54 | security_groups | 50 |   0 |
|  45 | 2016-07-22 21:44:00 | 2016-07-22 22:27:52 | NULL   | default
  | instances   | 30 |   0 ||  41 | 2016-07-22 
21:35:45 | 2016-07-22 22:27:52 | NULL   | default  
| security_groups | 50 |   0 
|+-+-+-++--+-++-+
bladeA01:~# mysql -uroot -psecret -hlocalhost neutron -e 'select * from quotas 
where resource="security_group" order by tenant_id'
Warning: Using a password on the command line interface can be insecure.
+--+---++---+
| id   | tenant_id | resource   | limit |
+--+---++---+
| 17bb8ea8-cde0-462d-a9ff-aad6e45dad9b | admin | security_group |50 |
| c145176c-ba76-4759-af51-e9b748700a36 | compute   | security_group |50 |
| d657b56f-3bc5-49a8-b48c-8cc40295a88e | default   | security_group |50 |
| edfc5513-44aa-49ce-b3ae-914215769112 | service   | security_group |50 |
+--+---++---+
- s n i p -

And yet, in Horizon, "instances" is set to "10". And I can't
update it from there..
--
If something's hard to do, then it's not worth doing.
- Homer Simpson


___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack