I'm trying to setup a simple control+compute on a single ubuntu node. I'm using devstack. This is the command that fails:
neutron net-create --tenant-id 6fad6bf2ae9c49d3b19958abd59f3ce0 private-net
And the error is:
NoNetworkAvailable: Unable to create the network. No tenant network is available for allocation.
here's my relevant config ml2 config:
[ml2]
tenant_network_types = flat
extension_drivers = port_security
type_drivers = flat
mechanism_drivers = openvswitch
[ml2_type_flat]
flat_networks = public-physical-net,private-physical-net,dpdk-physical-net
[ml2_type_vlan]
network_vlan_ranges = private-physical-net
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
vni_ranges = 1001:2000
[ml2_type_geneve]
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[agent]
tunnel_types =
root_helper_daemon = sudo /usr/local/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[ovs]
datapath_type = system
bridge_mappings = public:br-ex
this is the ovs:
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port "p255p1"
Interface "p255p1"
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
ovs_version: "2.0.2"
The relevant section of local.conf:
# Do not use Nova-Network
disable_service n-net
# Enable Neutron
ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3
Q_PLUGIN=ml2
Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch
## Neutron options
FIXED_RANGE="10.0.123.0/24"
NETWORK_GATEWAY=10.0.123.1 ##MY
FLOATING_RANGE="10.0.0.0/22"
Q_FLOATING_ALLOCATION_POOL=start=10.0.1.167,end=10.0.1.169
PUBLIC_NETWORK_GATEWAY="10.0.0.205"
Q_USE_SECGROUP=True
Q_L3_ENABLED=True
PUBLIC_INTERFACE=p255p1
Q_USE_PROVIDERNET_FOR_PUBLIC=True
OVS_PHYSICAL_BRIDGE=br-ex
PUBLIC_BRIDGE=br-ex
OVS_BRIDGE_MAPPINGS=public-physical-net:br-ex
Q_ML2_PLUGIN_TYPE_DRIVERS=flat
Q_ML2_TENANT_NETWORK_TYPE=flat
ENABLE_TENANT_VLANS=False
ENABLE_TENANT_TUNNELS=False
PUBLIC_PHYSICAL_NETWORK=public-physical-net
PHYSICAL_NETWORK=private-physical-net
PUBLIC_NETWORK_NAME=public-net
PRIVATE_NETWORK_NAME=private-net
Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS="flat_networks=public-physical-net,dpdk-physical-net,private-physical-net" # CH did not exist
Related
I have long time seeking for a solution to set a proxy for my Django application.
1st I am using Django==2.0 and I run it in Windows Server 2016 in a local network that uses a Proxy to connect 10.37.235.99 and Port 80.
and I'm deploying the application using nginx-1.20.1
I have to scrape a data as
http_proxy = "10.37.235.99:80"
https_proxy = "10.37.235.99:80"
ftp_proxy = "10.37.235.99:80"
proxyDict = {
"http" : http_proxy,
"https" : https_proxy,
"ftp" : ftp_proxy
}
import socket
if socket.gethostname() == "localhost":
os.environ["PROXIES"] = proxyDict
else:
os.environ["PROXIES"] = {}
URL='my_site.com'
page = requests.get(URL)
print(page)
I tried many solutions on the internet but no way!
Working with django : Proxy setup
when I remove the proxy configuration and I use Psiphon3(with proxy) everything works perfectly.
is there any solution?
I'm trying to get an AWS/Lightsail Debian server automatically renewing certificates with certbot. My DNS is with Namecheap.
I'm follow the steps on https://blog.bryanroessler.com/2019-02-09-automatic-certbot-namecheap-acme-dns/ and https://blog.bryanroessler.com/2019-02-09-automatic-certbot-namecheap-acme-dns/. I keep getting a no-permission error.
I run:
sudo certbot certonly -d "*.example.com" --agree-tos --manual-public-ip-logging-ok --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --debug-challenges
I see:
Failed authorization procedure. example.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.example.com
It says I need to open port 53. I followed Amazon's Lightsail instructions. Neither iptables nor ufw seems to be installed. When I nmap my machine, I don't see 53. I actually installed ufw for lack of a good idea, to no avail.
My /etc/acme-dns/config.cfg is as follows:
#/etc/acme-dns/config.cfg
[general]
# DNS interface
listen = ":53"
protocol = "udp"
# domain name to serve the requests off of
domain = "acme.example.com"
# zone name server
nsname = "ns1.acme.example.com"
# admin email address, where # is substituted with .
nsadmin = "example.example.com"
# predefined records served in addition to the TXT
records = [
"acme.example.com. A <public ip>",
"ns1.acme.example.com. A <public ip>",
"acme.example.com. NS ns1.acme.example.com.",
]
debug = false
[database]
engine = "sqlite3"
connection = "/var/lib/acme-dns/acme-dns.db"
[api]
api_domain = ""
ip = "127.0.0.1"
disable_registration = false
autocert_port = "80"
port = "8082"
tls = "none"
corsorigins = [
"*"
]
use_header = false
header_name = "X-Forwarded-For"
[logconfig]
loglevel = "debug"
logtype = "stdout"
logformat = "text"
For the listen value, I also tried 127.0.0.1:53 and :53
The settings portion of /etc/letsencrypt/acme-dns-auth.py:
# URL to acme-dns instance
ACMEDNS_URL = "http://127.0.0.1:8082"
# Path for acme-dns credential storage
STORAGE_PATH = "/etc/letsencrypt/acmedns.json"
# Whitelist for address ranges to allow the updates from
# Example: ALLOW_FROM = ["192.168.10.0/24", "::1/128"]
ALLOW_FROM = []
# Force re-registration. Overwrites the already existing acme-dns accounts.
FORCE_REGISTER = False
Thanks for any help you can provide.
If you don't wish to maintain your own acme DNS server, I built and use this script to automatically renew NameCheap wildcard certs with certbot. I hope it helps:
https://github.com/scribe777/letsencrypt-namecheap-dns-auth
I'm currently trying to access the kafka cluster(bitnami) from my local machine, however the problem is that even after exposing the required host and ports in server.properties and adding firewall rules to allow 9092 port it just doesn't connect.
I'm running 2 broker and 1 zookeeper configuration.
Expected Output: Producer.bootstrap_connected() should return True.
Actual Output: False
server.properties
listeners=SASL_PLAINTEXT://:9092
advertised.listeners=SASL_PLAINTEXT://gcp-cluster-name:9092
sasl.mechanism.inter.broker.protocol=PLAIN`
sasl.enabled.mechanisms=PLAIN
security.inter.broker.protocol=SASL_PLAINTEXT
Consumer.py
from kafka import KafkaConsumer
import json
sasl_mechanism = 'PLAIN'
security_protocol = 'SASL_PLAINTEXT'
# Create a new context using system defaults, disable all but TLS1.2
context = ssl.create_default_context()
context.options &= ssl.OP_NO_TLSv1
context.options &= ssl.OP_NO_TLSv1_1
consumer = KafkaConsumer('organic-sense',
bootstrap_servers='<server-ip>:9092',
value_deserializer=lambda x: json.loads(x.decode('utf-8')),
ssl_context=context,
sasl_plain_username='user',
sasl_plain_password='<password>',
sasl_mechanism=sasl_mechanism,
security_protocol = security_protocol,
)
print(consumer.bootstrap_connected())
for data in consumer:
print(data)
Following https://coreos.com/kubernetes/docs/latest/getting-started.html , i wanted to generate my TLS assets for my kubernetes cluster.
My plan to push those keys via cloud-config to the aws-api to create EC2 instances won't work, because i won't know the public and private IPs of those instances in advance.
I though about moving the ca cert to the instances via the cloud-config, where i then, generate those assets from a script run by a systemd unit file. Biggest concern here is that i don't want to put a ca root cert into a cloud config.
Does anyone have a solution to this situation?
According to how kube-aws does it, I can set my api-server conf like this:
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = #alt_names
[alt_names]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.cluster.local
DNS.5 = kubernetes.mydomain.de
IP.1 = 10.3.0.1
to the "minimal config file" i added
My public DNS DNS.5 = kubernetes.mydomain.de
I omit the MASTER_HOST IP address because I can instead use the FQDN (kubernetes.mydomain.de) to get to that IP
The "K8S_SERVICE_IP", which should be the first IP of my internal IP range (10.3.0.0/24): IP.2 = 10.3.0.1
The worker conf looks like this:
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = #alt_names
[alt_names]
DNS.1 = *.*.cluster.internal
The trick here is to set the SAN as a wildcard *.*.cluster.internal. This way all the workers verify with that cert on the internal network and I don't have to set the specific IP address.
I have a simulation where two modules UDPBasicApp (a client and a server) are connected together via an Ethernet link. Instead, I want that they be connected together through a wireless channel. The network is defined by the following NED file:
package udpbasic;
import inet.networklayer.autorouting.ipv4.IPv4NetworkConfigurator;
import inet.nodes.ethernet.Eth10M;
import inet.nodes.inet.StandardHost;
network ClientServer
{
#display("bgb=380,247");
submodules:
client: StandardHost
{
#display("p=84,100");
}
server: StandardHost
{
#display("p=278,100");
}
configurator: IPv4NetworkConfigurator
{
#display("p=181,188");
}
connections:
client.ethg++ <--> Eth10M <--> server.ethg++;
}
I know that I have to change the line
client.ethg++ <--> Eth10M <--> server.ethg++;
where the Ethernet link is defined. Can I connect the client and the server trough
a wireless link? Obviously, I am looking for the most basic configuration.
I am new in OMNeT++ and INET; I have searched the INET API reference, and it doesn't
help so much. I would thank any suggestion.
I recommend reading the wireless tutorial in INET 3.0.
https://github.com/inet-framework/inet/blob/master/tutorials/wireless/omnetpp.ini
Ini file:
[General]
# Some global configuration to make the model simpler
# At this point you should take a look at the NED files corresponding to this Ini file.
# They are rather simple. The only interesting thing is that they are using parametrized types
# (i.e. like) so we will be able to change the type of the different modules from the Ini file.
# This allows us go through the tutorial only by changing parameter values in this file.
# Limit the simulation to 25s
sim-time-limit = 25s
# Let's configure ARP
# ARP in the real world is used to figure out the MAC address of a node from its IPv4 address.
# We do not want to use it in this wireless tutorial as it just adds some uninteresting
# message exchanges before the real communication between the nodes can start. We will use
# the GlobalARP module instead that can automatically provide all the MAC-IP assocoations
# for the nodes out of band.
**.arpType = "GlobalARP"
# Now we are ready to jump into the tutorial
[Config Wireless01]
description = Two nodes communicating via UDP
network = WirelessA
# Configure an application for hostA that sends a constant
# UDP traffic around 800Kbps (+ protocol overhead)
*.hostA.numUdpApps = 1
*.hostA.udpApp[0].typename = "UDPBasicApp"
*.hostA.udpApp[0].destAddresses = "hostB"
*.hostA.udpApp[0].destPort = 5000
*.hostA.udpApp[0].messageLength = 1000B
*.hostA.udpApp[0].sendInterval = exponential(10ms)
# Configure an app that receives the USP traffic (and simply drops the data)
*.hostB.numUdpApps = 1
*.hostB.udpApp[0].typename = "UDPSink"
*.hostB.udpApp[0].localPort = 5000
# Configure the hosts to have a single "ideal" wireless NIC. An IdealWirelessNic
# can be configured with a maximum communication range. All packets withing range
# are always received successfully while out of range messages are never received.
# This is useful if we are not interested how the actual messages get to their destination,
# we just want to be sure that they get there once the nodes are in range.
*.host*.wlan[*].typename = "IdealWirelessNic"
# All radios and MACs should run on 1Mbps in our examples
**.bitrate = 1Mbps
# Mandatory physical layer parameters
*.host*.wlan[*].radio.transmitter.maxCommunicationRange = 500m
# Simplify the IdealWirelessNic even further. We do not care even if there are
# transmission collisions. Any number of nodes in range can transmit at the same time
# and the packets will be still successfully delivered.
*.host*.wlan[*].radio.receiver.ignoreInterference = true
# Result: HostA can send data to hostB using almost the whole 1Mbps bandwidth.
Corresponding NED file:
package inet.tutorials.wireless;
import inet.networklayer.configurator.ipv4.IPv4NetworkConfigurator;
import inet.node.inet.INetworkNode;
import inet.physicallayer.contract.packetlevel.IRadioMedium;
// - create a network and specify the size to 500x500
// - drop an IPv4NetworkConfigurator and rename it to "configurator"
// - drop an IdealRadioMedium module and rename to "radioMedium"
// - drop two standardhosts at the 100,100 and 400,400 position and
// rename them to hostA and hostB
network WirelessA
{
#display("bgb=500,500");
#figure[thruputInstrument](type=gauge; pos=370,90; size=120,120; maxValue=2500; tickSize=500; colorStrip=green 0.75 yellow 0.9 red;label=Number of packets received; moduleName=hostB.udpApp[0]; signalName=rcvdPk);
string hostType = default("WirelessHost");
string mediumType = default("IdealRadioMedium");
submodules:
configurator: IPv4NetworkConfigurator {
#display("p=149,29");
}
radioMedium: <mediumType> like IRadioMedium {
#display("p=309,24");
}
hostA: <hostType> like INetworkNode {
#display("p=50,250");
}
hostB: <hostType> like INetworkNode {
#display("p=450,250");
}
}