Help in configuring OCCI API for OpenStack

[hemanttgm]

Hello All,

I am new to this list.

I am trying to start OCCI API in devstack. I am following

1. https://wiki.openstack.org/wiki/Occi#Creating_a_devstack_Environment
2. https://wiki.openstack.org/wiki/Occi,
3. https://github.com/tmetsch/occi-os/blob/master/README.md

When I create a keystone service (keystone service-create --name nova --type occi --description 'Nova OCCI Service') it displays its ID. But when I try to get list of keystone service than some time there is no service and at some other time it display the service. Moreover when I try to create end point it says " No service with name or ID of ....... .... exists". Again sometime it displays error "Could not find service: ......ID given..... (HTTP 404)"

Please help me to setup openstack with OCCI API.

Thanks, Hemant Kumar Mehta

[tmetsch]

so could it be an issue of credentials?

also note that you will need to redo the keystone command every time you unstack and stack again.

Also note that the addition of the service in a dev environment is not strictly needed.

[hemanttgm]

Ok, so can you please suggest me how to resolve the problem.

[tmetsch]

not with the information I have - sorry. I suspect it has something to do on how you add the OCCI service to keystone. If you provide more details I might be able to help.

Try testing the OCCI calls - they should work regardless.

[hemanttgm]

Thanks a lot for prompt response again and sorry for delay in response from my side. My installation is very simple. I installed devstack in a virtualbox VM having ubuntu12.04 desktop. I took help from

1. https://wiki.openstack.org/wiki/Occi#Creating_a_devstack_Environment

2. https://github.com/tmetsch/occi-os

   I executed following commands :

3. Install pyssf pip install pyssf

4. Install devstack

   git clone git://github.com/openstack-dev/devstack.git

5. Install OCCI git clone https://github.com/tmetsch/occi-os Install dependencies: pip install pyssf Install this egg: python setup.py install

Set the contents of local.conf. I have following lines in this file

    [[local|localrc]]
    DEST=/opt/stack
    FIXED_RANGE=10.254.1.0/24
    NETWORK_GATEWAY=10.254.1.1
    LIBS_FROM_GIT=python-keystoneclient,oslo.config
    LOGFILE=$DEST/logs/stack.sh.log
    LOGDAYS=1
    LOGFILE=$DEST/logs/stack.sh.log
    SCREEN_LOGDIR=$DEST/logs/screen
    ADMIN_PASSWORD=quiet
    DATABASE_PASSWORD=$ADMIN_PASSWORD
    RABBIT_PASSWORD=$ADMIN_PASSWORD
    SERVICE_PASSWORD=$ADMIN_PASSWORD
    SERVICE_TOKEN=a682f596-76f3-11e3-b3b2-e716f9080d50
    SYSLOG=True
    SYSLOG_HOST=$HOST_IP
    SYSLOG_PORT=516
    KEYSTONE_CATALOG_BACKEND=template
    VOLUME_GROUP="stack-volumes"
    VOLUME_NAME_PREFIX="volume-"
    VOLUME_BACKING_FILE_SIZE=10250M
    API_RATE_LIMIT=True
    IP_VERSION=4

    [[post-config|$NOVA_CONF]]
        [DEFAULT]
        api_rate_limit = False
        allow_resize_to_same_host=True
        libvirt_inject_password=True
        enabled_apis=ec2,occiapi,osapi_compute,metadata

1. Run devstack

   ./stack.sh

2. Now when I run this command keystone service-create --name nova --type occi --description 'Nova OCCI Service'. It will display output like:

+-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | OCCI service | | id | 8e6de5d0d7624584bed6bec9bef7c9e0 | | name | nova | | type | occi | +-------------+----------------------------------+

Different ID each time. Now when I run following command with proper ID:

6. $ keystone endpoint-create --service_id 8e6de5d0d7624584bed6bec9bef7c9e0 --region RegionOne --publicurl http://10.0.2.15:8787/ --internalurl http://10.0.2.15:8787/ --adminurl http://10.0.2.15:8787/

It always gives one of the following two errors

1. " No service with name or ID of 8e6de5d0d7624584bed6bec9bef7c9e0 exists".
2. " Could not find service: 8e6de5d0d7624584bed6bec9bef7c9e0 (HTTP 404)"
   7. At this moment if I run command "keystone service-list" command some times it display the service or sometime its displays nothing.

This is all the information I have. Please suggest me how to proceed to setup OCCI API with openStack/ devstack. I want to write some program using occi to handle OpenStack/DevStack.

Thanks, Hemant

[tmetsch]

can you try (change pwd etc):

export KID=python -c 'from keystoneclient import client; client = client.Client(username="admin", password="mypass", tenant_name="demo", auth_url="http://localhost:35357/v2.0/"); print client.auth_token'

and then:

curl -v -H 'X-Auth-Token: '$KID -X GET localhost:8787/-/

[hemanttgm]

I also tried the commands: First commands returns nothing even the KID env variable is having none for auth url i tried both ports 35357 or 5000. while second command returns connection refused error as follows:

hemant@hemant-VirtualBox:~/Desktop/devstack$ export KID=python -c 'from keystoneclient import client; client = client.Client(username="admin", password="test123", tenant_name="demo", auth_url="http://10.0.2.15:35357/v2.0/"); print client.auth_token'

hemant@hemant-VirtualBox:~/Desktop/devstack$ curl -v -H 'X-Auth-Token: '$KID -X GET 10.0.2.15:8787/-/* About to connect() to 10.0.2.15 port 8787 (#0)

• Trying 10.0.2.15... Connection refused
• couldn't connect to host
• Closing connection #0 curl: (7) couldn't connect to host

[tmetsch]

so with ignoring OCCI for a second - does the devstack environment work in general?

[dizz]

Is there a NAT rule setup to forward traffic to the occi python process?

[hemanttgm]

Sorry for late reply, Besides the OCCI, I thing devstack is working fine, it started successfully, I have access to horizon as admin. Although when I try to launch an instance then instance gets launched successfully but finally its status is ERROR with the message in log "no host found".

Regarding NAT, I have not configured any rule. I am working on Ubuntu 12 Desktop.

[hemanttgm]

There is one positive update from my side, Today I performed a fresh install. This time I downloaded OCCI master branch and then performed the installation. Now the 1. keystone service-create and 2. keystone endpoint-create commands worked properly. I can see this service in the list in horizon as

Now the Problem is : The commands sets the value of KID as none. export KID=python -c 'from keystoneclient import client; client = client.Client(username="admin", password="test123", tenant_name="demo", auth_url="http://10.0.2.15:35357/v2.0/"); print client.auth_token'

And the command curl -v -H 'X-Auth-Token: '$KID -X GET 10.0.2.15:8787/-/* Gives following error About to connect() to 10.0.2.15 port 8787 (#0)

Trying 10.0.2.15... Connection refused couldn't connect to host Closing connection #0 curl: (7) couldn't connect to host

Please suggest what to do now to be able to call occi API Thanks, Hemant

[tmetsch]

try getting a auth token using the keystone cli.

[hemanttgm]

Thanks a lot for your response. I tried to get auth token from: curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "admin"}}}' -H "Content-type: application/json" http://10.0.2.15:35357/v2.0/tokens

As it was given in a demo video http://occi-wg.org/2012/04/17/occi-openstack-demo/ Then exported KID to the token. Still getting connection refused error.

[tmetsch]

but you did add OCCI to the api-paste file?

[hemanttgm]

Yes I added the following to api-paste.ini, and I enabled occiapi in nova.conf then tried to occi call using curl.

########

OCCI

########

[composite:occiapi] use = egg:Paste#urlmap /: occiapppipe

[pipeline:occiapppipe] pipeline = authtoken keystonecontext occiapp

with request body size limiting and rate limiting

pipeline = sizelimit authtoken keystonecontext ratelimit occiapp

[app:occiapp] use = egg:openstackocci-havana#occi_app

[tmetsch]

but the port 8787 is reachable?

[hemanttgm]

When I try to connect to 8787. It says

Trying 10.0.2.15... Connection refused couldn't connect to host Closing connection #0 curl: (7) couldn't connect to host ??

[tmetsch]

does the nova-api output give any indication wheter the OCCI api was started?

[alansill]

Sounds to me as though the Keystone service is not actually responding. Can you verify that it is present and accepting connections (e.g., lsof -i :8787) to check the results of your keystone-endpoint-create command?

[hemanttgm]

no clues from nova-api when i try it it displays an error address already in use.

And there is no output from lsof -i :8787

I think there is something incomplete in my installation or I missed some important step.

I also tried to make it working on the openstack with occi image available on http://blog.zhaw.ch/icclab/updated-occi-openstack-install-guide/. But that is also not working.

I have downloaded the image OCCI-OS.ova. I installed it on my laptop it have given error for network, I resolved it and now the VM is installed on my laptop. I booted the image and logged-in with occi user and then executed ./stack.sh from devstack folder. it successfully completed with given url and credential. I am facing two problems:

1. First problem is When I login to horizon using admin/admin then the interface gives me error for each operation i try to perform like adding instance, security group, keypair etc. Please help to resolve.
2. The second problem is I tried to connect to occi: I executed follwoing command with admin/nova user curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "admin"}}}' -H "Content-type: application/json" http://192.168.116.101:35357/v2.0/tokens After this i executed export KID= Then I executed the following command. curl -v -H 'X-Auth-Token: '$KID -X GET 192.168.116.101:8787/-/ This command displays the following output:
   • About to connect() to 192.168.116.101 port 8787 (#0)
   • Trying 192.168.116.101... connected

     GET /- HTTP/1.1 User-Agent: curl/7.22.0 (x8664-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zli b/1.2.3.4 libidn/1.23 librtmp/2.3 Host: 192.168.116.101:8787 Accept: /_ X-Auth-Token: 41bea729789641b2aa21fe4f1ede51be

     < HTTP/1.1 503 Service Unavailable < Content-Length: 212 < Content-Type: text/html; charset=UTF-8 < Date: Fri, 23 Jan 2015 08:37:16 GMT <

     503 Service Unavailable

     The server is currently unavailable. Please try again at a later time.
     

   • Connection #0 to host 192.168.116.101 left intact
   • Closing connection #0

[tmetsch]

No clue what is going on.

Once you have started devstack - can you try running runme.py? What is the output of that command?

[hemanttgm]

I tried to run, runme.py from occi folder, it says no handlers could be found for logger "Keystonemiddleware.auth_token" then keep waiting... and doesn't return to prompt. Thanks, Hemant

[tmetsch]

good - can you try to hit the OCCI interface with a request and check what it shows than?

[hemanttgm]

Thanks, It seems that we are very close. I tried two curl commands

First they says Connected and finally end up with 500 Internal server error.

HTTP/1.1 500 Internal Server Error < Content-Type: text/plain < Content-Length: 0 < Date: Fri, 30 Jan 2015 11:49:11 GMT < Connection: close

Thanks, Hemant.

[tmetsch]

okay which openstack version are you running?

[hemanttgm]

Most of the commands to see the version like "nova-all --version" or "nova-compute --version" displays "2015.1"

Thanks, Hemant.

[tmetsch]

that is the current dev branch. I suggest using an icehouse version - occi-os is tested with that.

[sandlbn]

You can use this command to get token, this one should work with juno and kilo release.

$ export KID=`curl -i -s -H "Content-Type: application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"admin","domain":{"id":"default"},"password":"mypass"}}},"scope":{"project":{"name":"demo","domain":{"id":"default"}}}}}' http://localhost:5000/v3/auth/tokens | grep "X-Subject-Token" | awk '{print $2}'`\

[ghost]

Hi, I had the same problem and reinstall the icehouse version with

git clone -b stable/icehouse https://github.com/openstack-dev/devstack.git

And I still doesn't have anything listening on port 8787. Is there some special command to perform on a fresh devstack installation on a fresh ubuntu VM ? (Except the ones described on the github) Thanks

[tmetsch]

Hi can you precisely describe your steps you took to install?

[ghost]

Of course: I install some dev-tools:

sudo apt-get install python-pip python-dev build-essential

Then I install pyssf:

sudo pip install pyssf

Then I clone the openstack github:

git clone -b stable/icehouse https://github.com/openstack-dev/devstack.git

And installed openstackocci-icehouse:

sudo pip install openstackocci-icehouse

and I copied into local.conf

[[local|localrc]] FLOATING_RANGE=192.168.52.224/27 FIXED_RANGE=172.16.1.0/24 FIXED_NETWORK_SIZE=256 FLAT_INTERFACE=eth0 ADMIN_PASSWORD=supersecret MYSQL_PASSWORD=iheartdatabases RABBIT_PASSWORD=flopsymopsy SERVICE_PASSWORD=iheartksl SERVICE_TOKEN=xyzpdqlazydog [[post-config|$NOVA_CONF]] [DEFAULT] api_rate_limit = False allow_resize_to_same_host=True libvirt_inject_password=True enabled_apis=ec2,occiapi,osapi_compute,metadata

I executed ./stack.sh

I copied into /etc/nova/api-paste.ini (Not sure if this the right file as it is not indicated on the github which api-paste.ini it is)

########

OCCI

######## [composite:occiapi] use = egg:Paste#urlmap /: occiapppipe [pipeline:occiapppipe] pipeline = authtoken keystonecontext occiapp

with request body size limiting and rate limiting

pipeline = sizelimit authtoken keystonecontext ratelimit occiapp

[app:occiapp] use = egg:openstackocci-icehouse#occi_app

And I executed ./stack.sh again I didn't edited nova.conf as it is indicated in the openstack tutorial to do it with the local.conf file. ( https://wiki.openstack.org/wiki/Occi#Creating_a_devstack_Environment ) Thanks.

[sandlbn]

Can you attach your /var/log/nova/nova-api.log ? also can you check, that occi endpoint is registered in keystone ?

#keystone endpoint-list

should looks like

| f27b303b076c4cac9a52404b199136a1 | RegionOne | http://10.0.0.75:8774/v3 | http://10.0.0.75:8774/v3 | http://10.0.0.75:8774/v3 | f1c3f452d3294ec98bdf815f93b161ca |

also please double check openstack services:

#keystone service-list

| 388642722b0d4a8d944d2672ed1161dd | nova | compute | Openstack Compute Service | | 9fa4e1a823644125a07bdc714d195db0 | nova | occi | Nova OCCI Service |

[tmetsch]

The problem is that you second stack run will overwrite the api-paste file again. so instead of running devstack all over again. Just restart the nova-api.

[ghost]

First of all, thanks for your responses @tmetsch I have restarted the nova-api (by going to the nova-api screen, kill the process and restart with the line: )

/usr/local/bin/nova-api & echo $! >/opt/stack/status/stack/n-api.pid; fg || echo "n-api failed to start" | tee "/opt/stack/status/stack/n-api.failure"

But "lsof -i 8787" is still not showing anything, is it the best way to test that the occi-os is installed ?

@sandlbn I do not have any nova folder in /var/log/ I have this this line (among others) when I execute keystone service-list (note that I had to download and source the OpenStack rc file to have keystone working)

| 34ec9c1450714ae8b529b9bfefd64308 | RegionOne | http://192.168.52.163:8774/v3 | http://192.168.52.163:8774/v3 | http://192.168.52.163:8774/v3 | aa5a8ec63c6545e2b48c385a85dd1a3e |

keystone service-list output this:

| 3992274c6afa460992541e06579fa371 | nova | occi | Nova OCCI Service | | f7b8a8406d254dbc8a7ac522bdcb69c5 | nova | compute | Nova Compute Service |

But I created the service with keystone with the same line that @hemanttgm

keystone service-create --name nova --type occi --description 'Nova OCCI Service'

Thanks

[tmetsch]

the keystone part is irrelevant for occi-os to work

have you made sure the occi section is still in api-paste.ini? and occi is enabled in nova.conf?

[ghost]

All right. The occi section is still in /etc/nova/api-paste.ini But the /etc/nova/nova.conf doesn't seems to be well configured:

enabled_apis = ec2,osapi_compute,metadata

However I added the lines in local.conf as recommended in the Openstack tutorial for Occi. I will try to add it manually as mentioned in the readme and relaunch nova-api. [EDIT]: I added the occiapi to enabeld_apis and relaunch nova-api and it seems to do the job, "lsof -i :8787" output this:

nova-api 48577 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48587 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48588 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48589 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48590 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48591 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48592 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48593 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48602 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48603 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48604 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN) nova-api 48605 stack 6u IPv4 80594 0t0 TCP :8787 (LISTEN)

Thanks

[tmetsch]

cool