Code-free
Code-free

Frantic Search

Keystone v3 API and admin token

Kalle Happonen

Geek. Systems Specialist @CSCfi

September 14, 2015

Basic disclaimer. Still CentOS 6 + Icehouse (hope that's the last time I'll write that).

The problem

The OpenStack Python APIs are a bit, uhm, optimistically documented. As in "I'm sure people will figure it out". Well that's why I'm writing this.

I tried to get the keystone v3 API working in python using the . . .

Read More

Fate Transfer

Migrating from CentOS 6 to CentOS 7

Kalle Happonen

Geek. Systems Specialist @CSCfi

July 28, 2015

We have run OpenStack for a while, and always on CentOS 6. It's old and virtualization-wise somewhat restricted. Currently we're on OpenStack Icehouse. The Juno packages don't exist for CentOS 6 so we need to make the challenging jump to CentOS 7 before upgrading.

This is mainly a problem for the compute nodes. The virtual . . .

Read More

Tromp the Domains

Trying Identity API v3 and Domains

Kalle Happonen

Geek. Systems Specialist @CSCfi

May 25, 2015

General disclaimer, I'm talking about OpenStack Juno, but a lot of this applies to Kilo too.

Before getting to this post, you will need your assignment separated from identities as per my previous post.

Keystone and keystone domains

Keystone - the identity management component of OpenStack - has for a while been pushing for the v3 of . . .

Read More

Floating Shield

Kalle Happonen

Geek. Systems Specialist @CSCfi

April 01, 2015

Normal disclaimer: RDO Icehouse

I ran into an issue where a VM previously had a floating IP, but it was released back to the pool. It was important to get that IP back for that VM.

Icehouse-era Neutron does not allow you to specify which specific floating ip you want, but kilo might. So how could this be fixed? I guess I need to flex my sql . . .

Read More

Identity Crisis

Moving Keystone from LDAP roles to SQL roles

Kalle Happonen

Geek. Systems Specialist @CSCfi

January 27, 2015

Background

In early versions of OpenStack keystone did all its own user management. When it matured a bit, there was a cool new feature, you can point it at LDAP for authentication and authorization. This was a big step forward when running OpenStack as a part of a larger system.

Everything wasn't perfect though. OpenStack took all . . .

Read More

Archive
  Subscribe by Email and Never Miss a Post