Reins of Power

A simple generic v3 keystone admintoken openrc

Kalle Happonen

Geek. Manager @CSCfi

July 08, 2015

Some things in OpenStack Keystone (mainly bootstrapping) really needs the admin token. As the admin token should not leave the keystone machines, here is a simple openrc for when you need the admin token.

#!/bin/bash
export OS_IDENTITY_API_VERSION=3
export OS_URL=$(grep ^admin_endpoint /etc/keystone/keystone.conf |cut -f 2 -d  . . .

Read More

Pixie Queen

Or how I learned to to UEFI iPXE

Kalle Happonen

Geek. Manager @CSCfi

June 24, 2015

TL;DR;

  • make UEFI specifc iPXE chainloadable firmware
make bin-x86_64-efi/ipxe.efi
  • Configure DHCP server to manage both BIOS and UEFI machines
  • Add "initrd=initrd.img" to the kernel kickstart parameters
  • (Disable STP for the port of the the iPXE booting host)

Background

. . .

Read More

Tromp the Domains

Trying Identity API v3 and Domains

Kalle Happonen

Geek. Manager @CSCfi

May 25, 2015

General disclaimer, I'm talking about OpenStack Juno, but a lot of this applies to Kilo too.

Before getting to this post, you will need your assignment separated from identities as per my previous post.

Keystone and keystone domains

Keystone - the identity management component of OpenStack - has for a while . . .

Read More

Floating Shield

Kalle Happonen

Geek. Manager @CSCfi

April 01, 2015

Normal disclaimer: RDO Icehouse

I ran into an issue where a VM previously had a floating IP, but it was released back to the pool. It was important to get that IP back for that VM.

Icehouse-era Neutron does not allow you to specify which specific floating ip you want, but kilo might. So how could this be fixed? I guess I . . .

Read More

Identity Crisis

Moving Keystone from LDAP roles to SQL roles

Kalle Happonen

Geek. Manager @CSCfi

January 27, 2015

Background

In early versions of OpenStack keystone did all its own user management. When it matured a bit, there was a cool new feature, you can point it at LDAP for authentication and authorization. This was a big step forward when running OpenStack as a part of a larger system.

Everything wasn't perfect though. . . .

Read More

Shared Trauma

Kalle Happonen

Geek. Manager @CSCfi

January 09, 2015

This time, I'll write about a problem I did manage to DuckDuckGo, but it did little to make me happy after I debugged the problem. Our OpenStack version is Icehouse, this issue has been actively debated and different versions might have different defaults. I'm not completely sure about the Juno status, if this is handled correctly for . . .

Read More

Grizzly Fate - Part 2

Flashback

Kalle Happonen

Geek. Manager @CSCfi

December 29, 2014

In the previous post I went through some issues we had with our OpenStack upgrade from Grizzly to Icehouse.

We had successfully run the OpenStack update scripts, and we were in the Icehouse version. We started testing, and everything worked fine... until security groups. Well, they did work, they just weren't there. There was . . .

Read More

Archive
   Subscribe by email and never miss a post.