ceilometer not upgrade due error 401 authentication - devstack

I installed openstack using devstack in one node. And this is my local.conf file:
[[local|localrc]]
ADMIN_PASSWORD=StrongAdminSecret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
PUBLIC_INTERFACE=enp0s8
HOST_IP=192.168.1.104
FLOATING_RANGE=192.168.1.0/24
PUBLIC_NETWORK_GATEWAY="192.168.1.1"
Q_FLOATING_ALLOCATION_POOL=start=192.168.1.120,end=192.168.1.140
enable_plugin gnocchi https://github.com/openstack/gnocchi master
enable_service gnocchi-api,gnocchi-metricd,gnocchi-grafana
enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer.git
CEILOMETER_BACKEND=gnocchi
enable_service horizon
enable_plugin cloudkitty https://git.openstack.org/openstack/cloudkitty.git master
enable_service ck-api ck-proc
CLOUDKITTY_COLLECTOR=gnocchi
Then try to install gnocchi and ceilometer from this link:
https://dommgifer.gitbook.io/knowledge/openstack/ceilometer-and-gnocchi-install
gnocchi upgrade is OK but when upgrade ceilometer this error is occurred:
keystoneauth1.exceptions.http.Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-dd1d31cf-f0ae-4c92-a03b-a36b08139b53)
This is my ceilometer.conf file:
[DEFAULT]
transport_url = rabbit://openstack:StrongAdminSecret#192.168.1.104
[dispatcher_gnocchi]
filter_service_activity = False
archive_policy = high
[service_credentials]
auth_url = http://192.168.1.104/identity/v3
region_name = RegionOne
password = StrongAdminSecret
username = ceilometer
project_name = service
project_domain_id = default
user_domain_id = default
auth_type = password
interface = internalURL
[keystone_authtoken]
memcached_servers = localhost:11211
cafile = /opt/stack/data/ca-bundle.pem
project_domain_name = Default
project_name = service
user_domain_name = Default
password = StrongAdminSecret
username = ceilometer
auth_url = http://192.168.1.104/identity/v3
interface = public
auth_type = password}
and this is my gnocchi.conf file:
[DEFAULT]
transport_url = rabbit://gnocchi:StrongAdminSecret#192.168.1.104
[api]
auth_mode = keystone
middlewares = oslo_middleware.cors.CORS
middlewares = keystonemiddleware.auth_token.AuthProtocol
auth_mode = keystone
[indexer]
url = mysql+pymysql://gnocchi:StrongAdminSecret#192.168.1.104/gnocchi
[keystone_authtoken]
auth_host = http://192.168.1.104/identity/v3
auth_protocol = http
admin_user = admin
admin_password = StrongAdminSecret
admin_tenant_name = admin
auth_url = http://192.168.1.104:identity/v3
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = gnocchi
password = StrongAdminSecret
interface = internalURL
region_name = RegionOne
[storage]
coordination_url = file:///var/lib/gnocchi/locks
file_basepath = /var/lib/gnocchi
driver = file
and this is my admin-openrc.sh file:
export OS_AUTH_URL=http://192.168.1.104/identity
export OS_AUTH_TYPE=password
export OS_PROJECT_ID=e250116cb5c0461f8c3d0a948fa47c2c
export OS_PROJECT_NAME="admin"
export OS_USER_DOMAIN_NAME="Default"
if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi
export OS_PROJECT_DOMAIN_ID="default"
if [ -z "$OS_PROJECT_DOMAIN_ID" ]; then unset OS_PROJECT_DOMAIN_ID; fi
unset OS_TENANT_ID
unset OS_TENANT_NAME
export OS_USERNAME="admin"
echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD="StrongAdminSecret"
export OS_REGION_NAME="RegionOne"
if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi
export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3
how can I fix this error?

Related

How can I change the Authentication method in connections between WinRm and Terraform with hyperv provider?

I'm trying to use an hyperv provider for create some virtual machines but I need to define some parameters for the HyperV API. The problem is that WinRm (that is the tool that try to connect with the host) can't access with my credentials using the Basic Auth. However, If I use the Negotiate Auth, it returns a successfully connection. So, I don't know how can I define a parameter in Terraform for that.
Here is my provider config's code in Terraform:
provider "hyperv" {
user = myusername
password = mypassword
host = myhost
port = 5985
https = false
insecure = true
timeout = "60s"
}
My winrm/config/client:
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = *
My winrm/config/service:
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = true
EnableCompatibilityHttpsListener = true
CertificateThumbprint
AllowRemoteAccess = true
Hy again guys. If someone have the same problem I resolve it on that way:
-I activate Administrador user from Local users.
-Then, one have to run this command in a CMD:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
-Reboot the system
-Then, run winrm quickconfig in a CMD, and then it would work.
I hope it help you!

Gitlab External Https Url is not working anymore

I am having a problem with GitLab server external URL
here is what I did :
I changed my GitLab.rb conf
external_url 'https://gitlab.tools.ex.com/'
and here is what I'm using
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.gmail.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "gitlab"
gitlab_rails['smtp_password'] = "XXXXX"
gitlab_rails['smtp_domain'] = "ex.com"
gitlab_rails['smtp_authentication'] = "gitlab#ex.com"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyon$
gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
first problem was a certificate problem :
ssl problem
after generating a certificate here is what I'm getting :
after generating
thanks in advance !

How to setup LDAP (RBAC) in Airflow?

The current issues I am having is that LDAP settings do not seem to work with Airflow. My current code does not produce a login screen nor are there logs in the docker container that shows it is attempting to connect to the LDAP server. I have attempted to follow these tutorials but they appear to do nothing (i.e. the webserver_config.py is not being used) TutorialOne TutorialTwo
Any information regarding how the connection works would be greatly appreciated!
webserver_config.py:
import os
from airflow import configuration as conf
from flask_appbuilder.security.manager import AUTH_LDAP
basedir = os.path.abspath(os.path.dirname(__file__))
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
CSRF_ENABLED = True
AUTH_TYPE = AUTH_LDAP
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
#AUTH_USER_REGISTRATION_ROLE = "Viewer"
AUTH_LDAP_SERVER = 'ldapserveraddressherebutIwon'tshowyousorry'
AUTH_LDAP_SEARCH = "DC=ms,DC=ds,DC=uhc,DC=com"
AUTH_LDAP_BIND_USER = 'CN=Users,DC=ms,DC=ds,DC=uhc,DC=com'
AUTH_LDAP_BIND_PASSWORD ="*******************"
AUTH_LDAP_UID_FIELD = 'sAMAccountName'
AUTH_LDAP_USE_TLS = False
AUTH_LDAP_ALLOW_SELF_SIGNED = False
# Get relative path for CA certificate file
script_dir = os.path.dirname(__file__)
AUTH_LDAP_TLS_CACERTFILE = script_dir + "ca.cer"
I have deleted the authenticate = True and auth_backend = airflow.contrib.auth.backends.ldap_auth from airflow.cfg and my webserver_config.py is in the same folder for use.
This can be achieved through the airflow.cfg.
Please read the LDAP section below and let me know.
https://airflow.apache.org/docs/stable/security.html

ldap configuration in airflow when rbac is True

I was configuring ldap in airflow.
Followed this documentation here - https://flask-appbuilder.readthedocs.io/en/latest/security.html
webserver_config.py
import os
from airflow import configuration as conf
from flask_appbuilder.security.manager import AUTH_LDAP
basedir = os.path.abspath(os.path.dirname(__file__))
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
CSRF_ENABLED = True
AUTH_TYPE = AUTH_LDAP
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
# AUTH_USER_REGISTRATION_ROLE = "Viewer"
AUTH_LDAP_SERVER = 'ldaps://ldap:636/'
AUTH_LDAP_SEARCH = "DC=domain,DC=net"
AUTH_LDAP_BIND_USER = 'CN=admin,DC=domain,DC=net'
AUTH_LDAP_BIND_PASSWORD = 'password'
AUTH_LDAP_UID_FIELD = 'sAMAccountName'
AUTH_LDAP_USE_TLS = False
for running ldap container i used osixia/docker-openldap
but i run webserver and try to login it gives Invalid login. Please try again. No matter what id password i gave.
When not using ldap it is able to login with the user i created using airflow cli create_user
I don't know if i am doing everything right. There is no good documentation/article with the steps.
Can someone help me on this? THANKS!!!

Terraform cannot connect Chef provisioner with ssh

I cannot get terraform's ssh to connect via private aws keypair for chef provisioning - the error looks to just be a timeout:
aws_instance.app (chef): Connecting to remote host via SSH...
aws_instance.app (chef): Host: 96.175.120.236:32:
aws_instance.app (chef): User: ubuntu
aws_instance.app (chef): Password: false
aws_instance.app (chef): Private key: true
aws_instance.app (chef): SSH Agent: true
aws_instance.app: Still creating... (5m30s elapsed)
Error applying plan:
1 error(s) occurred:
* dial tcp 96.175.120.236:32: i/o timeout
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
Here is my terraform plan - note the ssh settings.. the key_name setting is set to my AWS keypair name and the ssh_for_chef.pem is the private key
variable "AWS_ACCESS_KEY" {}
variable "AWS_SECRET_KEY" {}
provider "aws" {
region = "us-east-1"
access_key = "${var.AWS_ACCESS_KEY}"
secret_key = "${var.AWS_SECRET_KEY}"
}
resource "aws_instance" "app" {
ami = "ami-88aa1ce0"
count = "1"
instance_type = "t1.micro"
key_name = "ssh_for_chef"
security_groups = ["sg-c43490e1"]
subnet_id = "subnet-75dd96e2"
associate_public_ip_address = true
provisioner "chef" {
server_url = "https://api.chef.io/organizations/xxxxxxx"
validation_client_name = "xxxxxxx-validator"
validation_key = "/home/user01/Documents/Devel/chef-repo/.chef/xxxxxxxx-validator.pem"
node_name = "dubba_u_7"
run_list = [ "motd_rhel" ]
user_name = "user01"
user_key = "/home/user01/Documents/Devel/chef-repo/.chef/user01.pem"
ssl_verify_mode = "false"
}
connection {
type = "ssh"
user = "ubuntu"
private_key = "${file("/home/user01/Documents/Devel/ssh_for_chef.pem")}"
}
}
Any ideas?
I'm not sure if we had the same problem, since you didn't specify if you were able to ssh to the instance.
In my case, I was running terraform from within the VPC, and the connection was allowed with a security groups, which can't be used with a public IP.
the solution is simple (but you will have to use the new conditional interpolations of terraform v.0.8.0) -
Define this variable - variable use_public_ip { default = true }
Then, inside the connection section of the chef provisioner, add the following line -
host = "${var.use_public_ip ? aws_instance.instance.public_ip : aws_instance.instance.private_ip}"
If you wish to use the public IP, set the variable as true, otherwise, set it to false.
I use this for aws -
connection {
user = "ubuntu"
host = "${var.use_public_ip ? aws_instance.instance.public_ip : aws_instance.instance.private_ip}","
}