Kalle Happonen

Frantic Search

Keystone v3 API and admin token

Basic disclaimer. Still CentOS 6 + Icehouse (hope that's the last time I'll write that).

The problem

The OpenStack Python APIs are a bit, uhm, optimistically documented. As in "I'm sure people will figure it out". Well that's why I'm writing this.

I tried to get the keystone v3 API . . .

Read More

September 14, 2015

Fate Transfer

Migrating from CentOS 6 to CentOS 7

We have run OpenStack for a while, and always on CentOS 6. It's old and virtualization-wise somewhat restricted. Currently we're on OpenStack Icehouse. The Juno packages don't exist for CentOS 6 so we need to make the challenging jump to CentOS 7 before upgrading.

This is mainly a problem for the compute nodes. The . . .

Read More

July 28, 2015

Reins of Power

A simple generic v3 keystone admintoken openrc

Some things in OpenStack Keystone (mainly bootstrapping) really needs the admin token. As the admin token should not leave the keystone machines, here is a simple openrc for when you need the admin token.

#!/bin/bash
export OS_IDENTITY_API_VERSION=3
export OS_URL=$(grep ^admin_endpoint /etc/keystone/keystone.conf |cut -f 2 -d  . . .

Read More

July 08, 2015

Pixie Queen

Or how I learned to to UEFI iPXE

TL;DR;

  • make UEFI specifc iPXE chainloadable firmware
make bin-x86_64-efi/ipxe.efi
  • Configure DHCP server to manage both BIOS and UEFI machines
  • Add "initrd=initrd.img" to the kernel kickstart parameters
  • (Disable STP for the port of the the iPXE booting host)

Background

. . .

Read More

June 24, 2015

Tromp the Domains

Trying Identity API v3 and Domains

General disclaimer, I'm talking about OpenStack Juno, but a lot of this applies to Kilo too.

Before getting to this post, you will need your assignment separated from identities as per my previous post.

Keystone and keystone domains

Keystone - the identity management component of OpenStack - has for a while . . .

Read More

May 25, 2015

Floating Shield

Normal disclaimer: RDO Icehouse

I ran into an issue where a VM previously had a floating IP, but it was released back to the pool. It was important to get that IP back for that VM.

Icehouse-era Neutron does not allow you to specify which specific floating ip you want, but kilo might. So how could this be fixed? I guess I . . .

Read More

Posted in: openstack

April 01, 2015

Identity Crisis

Moving Keystone from LDAP roles to SQL roles

Background

In early versions of OpenStack keystone did all its own user management. When it matured a bit, there was a cool new feature, you can point it at LDAP for authentication and authorization. This was a big step forward when running OpenStack as a part of a larger system.

Everything wasn't perfect though. . . .

Read More

January 27, 2015

Archive

This update link alerts you to new Silvrback admin blog posts. A green bubble beside the link indicates a new post. Click the link to the admin blog and the bubble disappears.

Got It!