<div dir="ltr">Hi sir,<div><br></div><div>I will provide more details for reproduce the issue.</div><div><br></div><div>cheers</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 10, 2014 at 12:02 PM, Rasanjaya Subasinghe <span dir="ltr"><<a href="mailto:rasaposha@gmail.com" target="_blank">rasaposha@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Kashyap,<div><br></div><div>this is the configuration i have made for integrate with LDAP,</div><div><br></div><div>1. keystone.conf</div><div><br></div><div><p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">url = ldap://<a href="http://192.168.16.100" target="_blank">192.168.16.100</a></p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user = cn=admin,dc=example,dc=org</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">password = 123</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">suffix = dc=example,dc=org</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0);min-height:21px"><br></p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user_tree_dn = ou=Users,dc=example,dc=org</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user_objectclass = inetOrgPerson</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user_id_attribute = cn</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user_name_attribute = cn</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user_pass_attribute = userPassword</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user_enabled_emulation = True</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user_enabled_emulation_dn = cn=enabled_users,ou=Users,dc=example,dc=org</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user_allow_create = False</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user_allow_update = False</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">user_allow_delete = False</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0);min-height:21px"><br></p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">tenant_tree_dn = ou=Groups,dc=example,dc=org</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">tenant_objectclass = groupOfNames</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">tenant_id_attribute = cn</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">#tenant_domain_id_attribute = businessCategory</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">#tenant_domain_id_attribute = cn</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">tenant_member_attribute = member</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">tenant_name_attribute = cn</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">tenant_domain_id_attribute = None</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">tenant_allow_create = False</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">tenant_allow_update = False</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">tenant_allow_delete = False</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0);min-height:21px"><br></p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0);min-height:21px"><br></p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">role_tree_dn = ou=Roles,dc=example,dc=org</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">role_objectclass = organizationalRole</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">role_member_attribute = roleOccupant</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">role_id_attribute = cn</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">role_name_attribute = cn</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">role_allow_create = False</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">role_allow_update = False</p>
<p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(245,245,245);background-color:rgb(0,0,0)">role_allow_delete = False</p></div><div><br></div><div><b>2.neutron.conf</b></div><div><br></div><div><div>[DEFAULT]</div><div># Print more verbose output (set logging level to INFO instead of default WARNING level).</div><div># verbose = True</div><div>verbose = True</div><div><br></div><div># Print debugging output (set logging level to DEBUG instead of default WARNING level).</div><div># debug = False</div><div>debug = True </div><div><br></div><div># Where to store Neutron state files. This directory must be writable by the</div><div># user executing the agent.</div><div># state_path = /var/lib/neutron</div><div><br></div><div># Where to store lock files</div><div># lock_path = $state_path/lock</div><div><br></div><div># log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s</div><div># log_date_format = %Y-%m-%d %H:%M:%S</div><div><br></div><div># use_syslog -> syslog</div><div># log_file and log_dir -> log_dir/log_file</div><div># (not log_file) and log_dir -> log_dir/{binary_name}.log</div><div># use_stderr -> stderr</div><div># (not user_stderr) and (not log_file) -> stdout</div><div># publish_errors -> notification system</div><div><br></div><div># use_syslog = False</div><div>use_syslog = False</div><div># syslog_log_facility = LOG_USER</div><div><br></div><div># use_stderr = False</div><div># log_file =</div><div># log_dir =</div><div>log_dir =/var/log/neutron</div><div><br></div><div># publish_errors = False</div><div><br></div><div># Address to bind the API server to</div><div># bind_host = 0.0.0.0</div><div>bind_host = 0.0.0.0</div><div><br></div><div># Port the bind the API server to</div><div># bind_port = 9696</div><div>bind_port = 9696</div><div><br></div><div># Path to the extensions. Note that this can be a colon-separated list of</div><div># paths. For example:</div><div># api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions</div><div># The __path__ of neutron.extensions is appended to this, so if your</div><div># extensions are in there you don't need to specify them here</div><div># api_extensions_path =</div><div><br></div><div># (StrOpt) Neutron core plugin entrypoint to be loaded from the</div><div># neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the</div><div># plugins included in the neutron source distribution. For compatibility with</div><div># previous versions, the class name of a plugin can be specified instead of its</div><div># entrypoint name.</div><div>#</div><div># core_plugin =</div><div>core_plugin =neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</div><div># Example: core_plugin = ml2</div><div><br></div><div># (ListOpt) List of service plugin entrypoints to be loaded from the</div><div># neutron.service_plugins namespace. See setup.cfg for the entrypoint names of</div><div># the plugins included in the neutron source distribution. For compatibility</div><div># with previous versions, the class name of a plugin can be specified instead</div><div># of its entrypoint name.</div><div>#</div><div># service_plugins =</div><div>service_plugins =neutron.services.firewall.fwaas_plugin.FirewallPlugin</div><div># Example: service_plugins = router,firewall,lbaas,vpnaas,metering</div><div><br></div><div># Paste configuration file</div><div># api_paste_config = /usr/share/neutron/api-paste.ini</div><div><br></div><div># The strategy to be used for auth.</div><div># Supported values are 'keystone'(default), 'noauth'.</div><div># auth_strategy = noauth</div><div>auth_strategy = keystone</div><div><br></div><div># Base MAC address. The first 3 octets will remain unchanged. If the</div><div># 4h octet is not 00, it will also be used. The others will be</div><div># randomly generated.</div><div># 3 octet</div><div># base_mac = fa:16:3e:00:00:00</div><div>base_mac = fa:16:3e:00:00:00</div><div># 4 octet</div><div># base_mac = fa:16:3e:4f:00:00</div><div><br></div><div># Maximum amount of retries to generate a unique MAC address</div><div># mac_generation_retries = 16</div><div>mac_generation_retries = 16</div><div><br></div><div># DHCP Lease duration (in seconds)</div><div># dhcp_lease_duration = 86400</div><div>dhcp_lease_duration = 86400</div><div><br></div><div># Allow sending resource operation notification to DHCP agent</div><div># dhcp_agent_notification = True</div><div><br></div><div># Enable or disable bulk create/update/delete operations</div><div># allow_bulk = True</div><div>allow_bulk = True</div><div># Enable or disable pagination</div><div># allow_pagination = False</div><div>allow_pagination = False</div><div># Enable or disable sorting</div><div># allow_sorting = False</div><div>allow_sorting = False</div><div># Enable or disable overlapping IPs for subnets</div><div># Attention: the following parameter MUST be set to False if Neutron is</div><div># being used in conjunction with nova security groups</div><div># allow_overlapping_ips = True</div><div>allow_overlapping_ips = True</div><div># Ensure that configured gateway is on subnet</div><div># force_gateway_on_subnet = False</div><div><br></div><div><br></div><div># RPC configuration options. Defined in rpc __init__</div><div># The messaging module to use, defaults to kombu.</div><div># rpc_backend = neutron.openstack.common.rpc.impl_kombu</div><div>rpc_backend = neutron.openstack.common.rpc.impl_kombu</div><div># Size of RPC thread pool</div><div># rpc_thread_pool_size = 64</div><div># Size of RPC connection pool</div><div># rpc_conn_pool_size = 30</div><div># Seconds to wait for a response from call or multicall</div><div># rpc_response_timeout = 60</div><div># Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.</div><div># rpc_cast_timeout = 30</div><div># Modules of exceptions that are permitted to be recreated</div><div># upon receiving exception data from an rpc call.</div><div># allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception</div><div># AMQP exchange to connect to if using RabbitMQ or QPID</div><div># control_exchange = neutron</div><div>control_exchange = neutron</div><div><br></div><div># If passed, use a fake RabbitMQ provider</div><div># fake_rabbit = False</div><div><br></div><div># Configuration options if sending notifications via kombu rpc (these are</div><div># the defaults)</div><div># SSL version to use (valid only if SSL enabled)</div><div># kombu_ssl_version =</div><div># SSL key file (valid only if SSL enabled)</div><div># kombu_ssl_keyfile =</div><div># SSL cert file (valid only if SSL enabled)</div><div># kombu_ssl_certfile =</div><div># SSL certification authority file (valid only if SSL enabled)</div><div># kombu_ssl_ca_certs =</div><div># IP address of the RabbitMQ installation</div><div># rabbit_host = localhost</div><div>rabbit_host = 192.168.32.20</div><div># Password of the RabbitMQ server</div><div># rabbit_password = guest</div><div>rabbit_password = guest</div><div># Port where RabbitMQ server is running/listening</div><div># rabbit_port = 5672</div><div>rabbit_port = 5672</div><div># RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)</div><div># rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'</div><div># rabbit_hosts = localhost:5672</div><div>rabbit_hosts = <a href="http://192.168.32.20:5672" target="_blank">192.168.32.20:5672</a></div><div># User ID used for RabbitMQ connections</div><div># rabbit_userid = guest</div><div>rabbit_userid = guest</div><div># Location of a virtual RabbitMQ installation.</div><div># rabbit_virtual_host = /</div><div>rabbit_virtual_host = /</div><div># Maximum retries with trying to connect to RabbitMQ</div><div># (the default of 0 implies an infinite retry count)</div><div># rabbit_max_retries = 0</div><div># RabbitMQ connection retry interval</div><div># rabbit_retry_interval = 1</div><div># Use HA queues in RabbitMQ (x-ha-policy: all). You need to</div><div># wipe RabbitMQ database when changing this option. (boolean value)</div><div># rabbit_ha_queues = false</div><div>rabbit_ha_queues = False</div><div><br></div><div># QPID</div><div># rpc_backend=neutron.openstack.common.rpc.impl_qpid</div><div># Qpid broker hostname</div><div># qpid_hostname = localhost</div><div># Qpid broker port</div><div># qpid_port = 5672</div><div># Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)</div><div># qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'</div><div># qpid_hosts = localhost:5672</div><div># Username for qpid connection</div><div># qpid_username = ''</div><div># Password for qpid connection</div><div># qpid_password = ''</div><div># Space separated list of SASL mechanisms to use for auth</div><div># qpid_sasl_mechanisms = ''</div><div># Seconds between connection keepalive heartbeats</div><div># qpid_heartbeat = 60</div><div># Transport to use, either 'tcp' or 'ssl'</div><div># qpid_protocol = tcp</div><div># Disable Nagle algorithm</div><div># qpid_tcp_nodelay = True</div><div><br></div><div># ZMQ</div><div># rpc_backend=neutron.openstack.common.rpc.impl_zmq</div><div># ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.</div><div># The "host" option should point or resolve to this address.</div><div># rpc_zmq_bind_address = *</div><div><br></div><div># ============ Notification System Options =====================</div><div><br></div><div># Notifications can be sent when network/subnet/port are created, updated or deleted.</div><div># There are three methods of sending notifications: logging (via the</div><div># log_file directive), rpc (via a message queue) and</div><div># noop (no notifications sent, the default)</div><div><br></div><div># Notification_driver can be defined multiple times</div><div># Do nothing driver</div><div># notification_driver = neutron.openstack.common.notifier.no_op_notifier</div><div># Logging driver</div><div># notification_driver = neutron.openstack.common.notifier.log_notifier</div><div># RPC driver.</div><div># notification_driver = neutron.openstack.common.notifier.rpc_notifier</div><div><br></div><div># default_notification_level is used to form actual topic name(s) or to set logging level</div><div># default_notification_level = INFO</div><div><br></div><div># default_publisher_id is a part of the notification payload</div><div># host = <a href="http://myhost.com" target="_blank">myhost.com</a></div><div># default_publisher_id = $host</div><div><br></div><div># Defined in rpc_notifier, can be comma separated values.</div><div># The actual topic names will be %s.%(default_notification_level)s</div><div># notification_topics = notifications</div><div><br></div><div># Default maximum number of items returned in a single response,</div><div># value == infinite and value < 0 means no max limit, and value must</div><div># be greater than 0. If the number of items requested is greater than</div><div># pagination_max_limit, server will just return pagination_max_limit</div><div># of number of items.</div><div># pagination_max_limit = -1</div><div><br></div><div># Maximum number of DNS nameservers per subnet</div><div># max_dns_nameservers = 5</div><div><br></div><div># Maximum number of host routes per subnet</div><div># max_subnet_host_routes = 20</div><div><br></div><div># Maximum number of fixed ips per port</div><div># max_fixed_ips_per_port = 5</div><div><br></div><div># =========== items for agent management extension =============</div><div># Seconds to regard the agent as down; should be at least twice</div><div># report_interval, to be sure the agent is down for good</div><div># agent_down_time = 75</div><div>agent_down_time = 75</div><div># =========== end of items for agent management extension =====</div><div><br></div><div># =========== items for agent scheduler extension =============</div><div># Driver to use for scheduling network to DHCP agent</div><div># network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler</div><div># Driver to use for scheduling router to a default L3 agent</div><div># router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler</div><div>router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler</div><div># Driver to use for scheduling a loadbalancer pool to an lbaas agent</div><div># loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler</div><div><br></div><div># Allow auto scheduling networks to DHCP agent. It will schedule non-hosted</div><div># networks to first DHCP agent which sends get_active_networks message to</div><div># neutron server</div><div># network_auto_schedule = True</div><div><br></div><div># Allow auto scheduling routers to L3 agent. It will schedule non-hosted</div><div># routers to first L3 agent which sends sync_routers message to neutron server</div><div># router_auto_schedule = True</div><div><br></div><div># Number of DHCP agents scheduled to host a network. This enables redundant</div><div># DHCP agents for configured networks.</div><div># dhcp_agents_per_network = 1</div><div>dhcp_agents_per_network = 1</div><div><br></div><div># =========== end of items for agent scheduler extension =====</div><div><br></div><div># =========== WSGI parameters related to the API server ==============</div><div># Number of separate worker processes to spawn. The default, 0, runs the</div><div># worker thread in the current process. Greater than 0 launches that number of</div><div># child processes as workers. The parent process manages them.</div><div># api_workers = 0</div><div>api_workers = 0</div><div><br></div><div># Number of separate RPC worker processes to spawn. The default, 0, runs the</div><div># worker thread in the current process. Greater than 0 launches that number of</div><div># child processes as RPC workers. The parent process manages them.</div><div># This feature is experimental until issues are addressed and testing has been</div><div># enabled for various plugins for compatibility.</div><div># rpc_workers = 0</div><div><br></div><div># Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when</div><div># starting API server. Not supported on OS X.</div><div># tcp_keepidle = 600</div><div><br></div><div># Number of seconds to keep retrying to listen</div><div># retry_until_window = 30</div><div><br></div><div># Number of backlog requests to configure the socket with.</div><div># backlog = 4096</div><div><br></div><div># Max header line to accommodate large tokens</div><div># max_header_line = 16384</div><div><br></div><div># Enable SSL on the API server</div><div># use_ssl = False</div><div>use_ssl = False</div><div><br></div><div># Certificate file to use when starting API server securely</div><div># ssl_cert_file = /path/to/certfile</div><div><br></div><div># Private key file to use when starting API server securely</div><div># ssl_key_file = /path/to/keyfile</div><div><br></div><div># CA certificate file to use when starting API server securely to</div><div># verify connecting clients. This is an optional parameter only required if</div><div># API clients need to authenticate to the API server using SSL certificates</div><div># signed by a trusted CA</div><div># ssl_ca_file = /path/to/cafile</div><div># ======== end of WSGI parameters related to the API server ==========</div><div><br></div><div><br></div><div># ======== neutron nova interactions ==========</div><div># Send notification to nova when port status is active.</div><div># notify_nova_on_port_status_changes = False</div><div>notify_nova_on_port_status_changes = True</div><div><br></div><div># Send notifications to nova when port data (fixed_ips/floatingips) change</div><div># so nova can update it's cache.</div><div># notify_nova_on_port_data_changes = False</div><div>notify_nova_on_port_data_changes = True</div><div><br></div><div># URL for connection to nova (Only supports one nova region currently).</div><div># nova_url = <a href="http://127.0.0.1:8774/v2" target="_blank">http://127.0.0.1:8774/v2</a></div><div>nova_url = <a href="http://192.168.32.20:8774/v2" target="_blank">http://192.168.32.20:8774/v2</a></div><div><br></div><div># Name of nova region to use. Useful if keystone manages more than one region</div><div># nova_region_name =</div><div>nova_region_name =RegionOne</div><div><br></div><div># Username for connection to nova in admin context</div><div># nova_admin_username =</div><div>nova_admin_username =nova</div><div><br></div><div># The uuid of the admin nova tenant</div><div># nova_admin_tenant_id =</div><div>nova_admin_tenant_id =d3e2355e31b449cca9dd57fa5073ec2f</div><div><br></div><div># Password for connection to nova in admin context.</div><div># nova_admin_password =</div><div>nova_admin_password =secret</div><div><br></div><div># Authorization URL for connection to nova in admin context.</div><div># nova_admin_auth_url =</div><div>nova_admin_auth_url =<a href="http://192.168.32.20:35357/v2.0" target="_blank">http://192.168.32.20:35357/v2.0</a></div><div><br></div><div># Number of seconds between sending events to nova if there are any events to send</div><div># send_events_interval = 2</div><div>send_events_interval = 2</div><div><br></div><div># ======== end of neutron nova interactions ==========</div><div>rabbit_use_ssl=False</div><div><br></div><div>[quotas]</div><div># Default driver to use for quota checks</div><div># quota_driver = neutron.db.quota_db.DbQuotaDriver</div><div><br></div><div># Resource name(s) that are supported in quota features</div><div># quota_items = network,subnet,port</div><div><br></div><div># Default number of resource allowed per tenant. A negative value means</div><div># unlimited.</div><div># default_quota = -1</div><div><br></div><div># Number of networks allowed per tenant. A negative value means unlimited.</div><div># quota_network = 10</div><div><br></div><div># Number of subnets allowed per tenant. A negative value means unlimited.</div><div># quota_subnet = 10</div><div><br></div><div># Number of ports allowed per tenant. A negative value means unlimited.</div><div># quota_port = 50</div><div><br></div><div># Number of security groups allowed per tenant. A negative value means</div><div># unlimited.</div><div># quota_security_group = 10</div><div><br></div><div># Number of security group rules allowed per tenant. A negative value means</div><div># unlimited.</div><div># quota_security_group_rule = 100</div><div><br></div><div># Number of vips allowed per tenant. A negative value means unlimited.</div><div># quota_vip = 10</div><div><br></div><div># Number of pools allowed per tenant. A negative value means unlimited.</div><div># quota_pool = 10</div><div><br></div><div># Number of pool members allowed per tenant. A negative value means unlimited.</div><div># The default is unlimited because a member is not a real resource consumer</div><div># on Openstack. However, on back-end, a member is a resource consumer</div><div># and that is the reason why quota is possible.</div><div># quota_member = -1</div><div><br></div><div># Number of health monitors allowed per tenant. A negative value means</div><div># unlimited.</div><div># The default is unlimited because a health monitor is not a real resource</div><div># consumer on Openstack. However, on back-end, a member is a resource consumer</div><div># and that is the reason why quota is possible.</div><div># quota_health_monitors = -1</div><div><br></div><div># Number of routers allowed per tenant. A negative value means unlimited.</div><div># quota_router = 10</div><div><br></div><div># Number of floating IPs allowed per tenant. A negative value means unlimited.</div><div># quota_floatingip = 50</div><div><br></div><div>[agent]</div><div># Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real</div><div># root filter facility.</div><div># Change to "sudo" to skip the filtering and just run the comand directly</div><div># root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf</div><div>root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf</div><div><br></div><div># =========== items for agent management extension =============</div><div># seconds between nodes reporting state to server; should be less than</div><div># agent_down_time, best if it is half or less than agent_down_time</div><div># report_interval = 30</div><div>report_interval = 30</div><div><br></div><div># =========== end of items for agent management extension =====</div><div><br></div><div>[keystone_authtoken]</div><div># auth_host = 127.0.0.1</div><div>auth_host = 192.168.32.20</div><div># auth_port = 35357</div><div>auth_port = 35357</div><div># auth_protocol = http</div><div>auth_protocol = http</div><div># admin_tenant_name = %SERVICE_TENANT_NAME%</div><div>admin_tenant_name = services</div><div># admin_user = %SERVICE_USER%</div><div>admin_user = neutron</div><div># admin_password = %SERVICE_PASSWORD%</div><div>admin_password = secret</div><div>auth_uri=<a href="http://192.168.32.20:5000/" target="_blank">http://192.168.32.20:5000/</a></div><div><br></div><div>[database]</div><div># This line MUST be changed to actually run the plugin.</div><div># Example:</div><div># connection = mysql://<a href="http://root:pass@127.0.0.1:3306/neutron" target="_blank">root:pass@127.0.0.1:3306/neutron</a></div><div>connection = mysql://<a href="http://neutron:secret@192.168.32.20/ovs_neutron" target="_blank">neutron:secret@192.168.32.20/ovs_neutron</a></div><div># Replace 127.0.0.1 above with the IP address of the database used by the</div><div># main neutron server. (Leave it as is if the database runs on this host.)</div><div># connection = sqlite://</div><div><br></div><div># The SQLAlchemy connection string used to connect to the slave database</div><div># slave_connection =</div><div><br></div><div># Database reconnection retry times - in event connectivity is lost</div><div># set to -1 implies an infinite retry count</div><div># max_retries = 10</div><div>max_retries = 10</div><div><br></div><div># Database reconnection interval in seconds - if the initial connection to the</div><div># database fails</div><div># retry_interval = 10</div><div>retry_interval = 10</div><div><br></div><div># Minimum number of SQL connections to keep open in a pool</div><div># min_pool_size = 1</div><div><br></div><div># Maximum number of SQL connections to keep open in a pool</div><div># max_pool_size = 10</div><div><br></div><div># Timeout in seconds before idle sql connections are reaped</div><div># idle_timeout = 3600</div><div>idle_timeout = 3600</div><div><br></div><div># If set, use this value for max_overflow with sqlalchemy</div><div># max_overflow = 20</div><div><br></div><div># Verbosity of SQL debugging information. 0=None, 100=Everything</div><div># connection_debug = 0</div><div><br></div><div># Add python stack traces to SQL as comment strings</div><div># connection_trace = False</div><div><br></div><div># If set, use this value for pool_timeout with sqlalchemy</div><div># pool_timeout = 10</div><div><br></div><div>[service_providers]</div><div># Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.</div><div># Must be in form:</div><div># service_provider=<service_type>:<name>:<driver>[:default]</div><div># List of allowed service types includes LOADBALANCER, FIREWALL, VPN</div><div># Combination of <service type> and <name> must be unique; <driver> must also be unique</div><div># This is multiline option, example for default provider:</div><div># service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default</div><div># example of non-default provider:</div><div># service_provider=FIREWALL:name2:firewall_driver_path</div><div># --- Reference implementations ---</div><div># service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default</div><div>service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default</div><div># In order to activate Radware's lbaas driver you need to uncomment the next line.</div><div># If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.</div><div># Otherwise comment the HA Proxy line</div><div># service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default</div><div># uncomment the following line to make the 'netscaler' LBaaS provider available.</div><div># service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver</div><div># Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.</div><div># service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default</div><div># Uncomment the line below to use Embrane heleos as Load Balancer service provider.</div><div># service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default</div></div><div><br></div><div><b>3.Ldif.file for openLDAP</b></div><div><div># extended LDIF</div><div>#</div><div># LDAPv3</div><div># base <dc=example,dc=org> with scope subtree</div><div># filter: (objectclass=*)</div><div># requesting: ALL</div><div>#</div><div><br></div><div># <a href="http://example.org" target="_blank">example.org</a></div><div>dn: dc=example,dc=org</div><div>objectClass: top</div><div>objectClass: dcObject</div><div>objectClass: organization</div><div>o: example Inc</div><div>dc: example</div><div><br></div><div># Groups, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: ou=Groups,dc=example,dc=org</div><div>ou: Groups</div><div>objectClass: organizationalUnit</div><div><br></div><div># Users, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: ou=Users,dc=example,dc=org</div><div>ou: users</div><div>objectClass: organizationalUnit</div><div><br></div><div># Roles, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: ou=Roles,dc=example,dc=org</div><div>ou: roles</div><div>objectClass: organizationalUnit</div><div><br></div><div># admin, Users, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=admin,ou=Users,dc=example,dc=org</div><div>cn: admin</div><div>objectClass: inetOrgPerson</div><div>objectClass: top</div><div>sn: admin</div><div>uid: admin</div><div>userPassword: secret</div><div><br></div><div># demo, Users, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=demo,ou=Users,dc=example,dc=org</div><div>cn: demo</div><div>objectClass: inetOrgPerson</div><div>objectClass: top</div><div>sn: demo</div><div>uid: demo</div><div>userPassword: demo</div><div><br></div><div># cinder, Users, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=cinder,ou=Users,dc=example,dc=org</div><div>cn: cinder</div><div>objectClass: inetOrgPerson</div><div>objectClass: top</div><div>sn: cinder</div><div>uid: cinder</div><div>userPassword: secret</div><div><br></div><div># glance, Users, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=glance,ou=Users,dc=example,dc=org</div><div>cn: glance</div><div>objectClass: inetOrgPerson</div><div>objectClass: top</div><div>sn: glance</div><div>uid: glance</div><div>userPassword: secret</div><div><br></div><div># nova, Users, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=nova,ou=Users,dc=example,dc=org</div><div>cn: nova</div><div>objectClass: inetOrgPerson</div><div>objectClass: top</div><div>sn: nova</div><div>uid: nova</div><div>userPassword: secret</div><div><br></div><div># neutron, Users, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=neutron,ou=Users,dc=example,dc=org</div><div>cn: neutron</div><div>objectClass: inetOrgPerson</div><div>objectClass: top</div><div>sn: neutron</div><div>uid: neutron</div><div>userPassword: secret</div><div><br></div><div># enabled_users, Users, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=enabled_users,ou=Users,dc=example,dc=org</div><div>cn: enabled_users</div><div>member: cn=admin,ou=Users,dc=example,dc=org</div><div>member: cn=demo,ou=Users,dc=example,dc=org</div><div>member: cn=nova,ou=Users,dc=example,dc=org</div><div>member: cn=glance,ou=Users,dc=example,dc=org</div><div>member: cn=cinder,ou=Users,dc=example,dc=org</div><div>member: cn=neutron,ou=Users,dc=example,dc=org</div><div>objectClass: groupOfNames</div><div><br></div><div># demo, Groups, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=demo,ou=Groups,dc=example,dc=org</div><div>cn: demo</div><div>objectClass: groupOfNames</div><div>member: cn=admin,ou=Users,dc=example,dc=org</div><div>member: cn=demo,ou=Users,dc=example,dc=org</div><div>member: cn=nova,ou=Users,dc=example,dc=org</div><div>member: cn=glance,ou=Users,dc=example,dc=org</div><div>member: cn=cinder,ou=Users,dc=example,dc=org</div><div>member: cn=neutron,ou=Users,dc=example,dc=org</div><div><br></div><div><br></div><div># Member, demo, Groups, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=Member,cn=demo,ou=Groups,dc=example,dc=org</div><div>cn: member</div><div>description: Role associated with openstack users</div><div>objectClass: organizationalRole</div><div>roleOccupant: cn=demo,ou=Users,dc=example,dc=org</div><div><br></div><div># admin, demo, Groups, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=admin,cn=demo,ou=Groups,dc=example,dc=org</div><div>cn: admin</div><div>description: Role associated with openstack users</div><div>objectClass: organizationalRole</div><div>roleOccupant: cn=admin,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=nova,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=glance,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=cinder,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=neutron,ou=Users,dc=example,dc=org</div><div><br></div><div><br></div><div># services, Groups, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=services,ou=Groups,dc=example,dc=org</div><div>cn: services</div><div>objectClass: groupOfNames</div><div>member: cn=admin,ou=Users,dc=example,dc=org</div><div>member: cn=demo,ou=Users,dc=example,dc=org</div><div>member: cn=nova,ou=Users,dc=example,dc=org</div><div>member: cn=glance,ou=Users,dc=example,dc=org</div><div>member: cn=cinder,ou=Users,dc=example,dc=org</div><div>member: cn=neutron,ou=Users,dc=example,dc=org</div><div><br></div><div># admin, services, Groups, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=admin,cn=services,ou=Groups,dc=example,dc=org</div><div>cn: admin</div><div>description: Role associated with openstack users</div><div>objectClass: organizationalRole</div><div>roleOccupant: cn=admin,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=nova,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=glance,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=cinder,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=neutron,ou=Users,dc=example,dc=org</div><div><br></div><div># admin, Groups, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=admin,ou=Groups,dc=example,dc=org</div><div>cn: admin</div><div>objectClass: groupOfNames</div><div>member: cn=admin,ou=Users,dc=example,dc=org</div><div>member: cn=demo,ou=Users,dc=example,dc=org</div><div>member: cn=nova,ou=Users,dc=example,dc=org</div><div>member: cn=glance,ou=Users,dc=example,dc=org</div><div>member: cn=cinder,ou=Users,dc=example,dc=org</div><div>member: cn=neutron,ou=Users,dc=example,dc=org</div><div><br></div><div># admin, admin, Groups, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=admin,cn=admin,ou=Groups,dc=example,dc=org</div><div>cn: admin</div><div>description: Role associated with openstack users</div><div>objectClass: organizationalRole</div><div>roleOccupant: cn=admin,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=nova,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=glance,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=cinder,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=neutron,ou=Users,dc=example,dc=org</div><div><br></div><div># Member, Roles, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=Member,ou=Roles,dc=example,dc=org</div><div>cn: member</div><div>description: Role associated with openstack users</div><div>objectClass: organizationalRole</div><div>roleOccupant: cn=demo,ou=Users,dc=example,dc=org</div><div><br></div><div># admin, Roles, <a href="http://example.org" target="_blank">example.org</a></div><div>dn: cn=admin,ou=Roles,dc=example,dc=org</div><div>cn: admin</div><div>description: Role associated with openstack users</div><div>objectClass: organizationalRole</div><div>roleOccupant: cn=admin,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=nova,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=glance,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=cinder,ou=Users,dc=example,dc=org</div><div>roleOccupant: cn=neutron,ou=Users,dc=example,dc=org</div></div><div><br></div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Wed, Sep 10, 2014 at 11:56 AM, Rasanjaya Subasinghe <span dir="ltr"><<a href="mailto:rasaposha@gmail.com" target="_blank">rasaposha@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><blockquote type="cite" style="font-family:arial,sans-serif;font-size:13px"><div><div><div style="word-wrap:break-word"><br></div></div></div></blockquote><div style="font-family:arial,sans-serif;font-size:13px;word-wrap:break-word">Hi,</div><div style="font-family:arial,sans-serif;font-size:13px;word-wrap:break-word">Sorry for the inconvenience sir,I herewith attached the keystone.conf,neutron.conf and LDAP ldif file.<span><br><div>Its Centos6.5 and control and 3 compute node setup in-house cloud and without LDAP keystone settings(<span style="background-color:rgb(0,0,0);color:rgb(245,245,245);font-family:Monaco;font-size:16px">driver=keystone.identity.backends.ldap.Identity</span>) everything working fine. those are,</div><div><span style="white-space:pre-wrap"> </span>1.Instance spawn perfectly,</div><div><span style="white-space:pre-wrap"> </span>2.live migration work perfectly.</div><div><span style="white-space:pre-wrap"> </span>then try to configure keystone with LDAP driver gives that error on neutron server.log.</div><div> 3.This setup up is tested on without ml2 and even ml2 test end with same issue.</div><div>I will attached the LDAP file and neutron file.</div><div>*keystone version 0.9.0</div><div><br></div><div><br></div><div></div></span></div><br style="font-family:arial,sans-serif;font-size:13px"><div style="font-family:arial,sans-serif;font-size:13px;word-wrap:break-word"><div></div></div><br style="font-family:arial,sans-serif;font-size:13px"><span><div style="font-family:arial,sans-serif;font-size:13px;word-wrap:break-word"><div></div></div><br style="font-family:arial,sans-serif;font-size:13px"><div style="font-family:arial,sans-serif;font-size:13px;word-wrap:break-word"><div></div><div>below shows the neutron error show on compute.log</div></div></span></div><div class="gmail_extra"><div><div><br><div class="gmail_quote">On Wed, Sep 10, 2014 at 11:52 AM, Rasanjaya Subasinghe <span dir="ltr"><<a href="mailto:rasaposha@gmail.com" target="_blank">rasaposha@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><br><div><div><div><div>On Sep 9, 2014, at 8:09 PM, Rasanjaya Subasinghe <<a href="mailto:Rasaposha@gmail.com" target="_blank">Rasaposha@gmail.com</a>> wrote:</div><br></div></div><blockquote type="cite"><div><div><div style="word-wrap:break-word"><div><br></div>Hi Kashyap,<div>Its Centos6.5 and control and 3 compute node setup in-house cloud and without LDAP keystone settings(<span style="background-color:rgb(0,0,0);color:rgb(245,245,245);font-family:Monaco;font-size:16px">driver=keystone.identity.backends.ldap.Identity</span>) everything working fine. those are,</div><div><span style="white-space:pre-wrap"> </span>1.Instance spawn perfectly,</div><div><span style="white-space:pre-wrap"> </span>2.live migration work perfectly.</div><div><span style="white-space:pre-wrap"> </span>then try to configure keystone with LDAP driver gives that error on neutron server.log.</div><div> 3.This setup up is tested on without ml2 and even ml2 test end with same issue.</div><div>I will attached the LDAP file and neutron file.</div><div>*keystone version 0.9.0</div><div></div></div></div></div><span><keystone.conf></span><div style="word-wrap:break-word"><div></div></div><span><neutron.conf></span><div style="word-wrap:break-word"><div></div></div><span><staging.ldif></span><span><div style="word-wrap:break-word"><div></div><div>below shows the neutron error show on compute.log</div><div><br></div><div></div></div></span><span><Screen Shot 2014-09-09 at 8.08.25 PM.png></span><div style="word-wrap:break-word"><div></div><div><div><br></div><div>cheers,</div><div>thanks<br><div>Begin forwarded message:</div><br><blockquote type="cite"><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><span style="font-family:Helvetica"><b>From: </b></span><span style="font-family:'Helvetica'">Kashyap Chamarthy <<a href="mailto:kchamart@redhat.com" target="_blank">kchamart@redhat.com</a>><br></span></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><span style="font-family:Helvetica"><b>Subject: </b></span><span style="font-family:'Helvetica'"><b>Re: [Rdo-list] icehouse ldap integration</b><br></span></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><span style="font-family:Helvetica"><b>Date: </b></span><span style="font-family:'Helvetica'">September 9, 2014 at 7:27:59 PM GMT+5:30<br></span></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><span style="font-family:Helvetica"><b>To: </b></span><span style="font-family:'Helvetica'">Rasanjaya Subasinghe <<a href="mailto:rasaposha@gmail.com" target="_blank">rasaposha@gmail.com</a>><br></span></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><span style="font-family:Helvetica"><b>Cc: </b></span><span style="font-family:'Helvetica'"><a href="mailto:rdo-list@redhat.com" target="_blank">rdo-list@redhat.com</a><br></span></div><div><div><br><div>On Tue, Sep 09, 2014 at 06:19:56PM +0530, Rasanjaya Subasinghe wrote:<br><blockquote type="cite"><br>Hi,<br>I tried to configure openstack ice house with LDAP and all things are<br>goes well execp neutron issue, this is the issue which appears on the<br>server.log file of neutron service.<br><br>Can you guide me for this matter? thanks for the help.<br></blockquote><br>This information you've provided is not sufficient to give any<br>meaningful response.<br><br>At a minimum, if anyone have to help you diagnose your issue, you need<br>to provide:<br><br> - Describe in more detail what you mean by "configure <br> openstack ice house with LDAP".<br> - What is the test you're trying to perform? An exact reproducer would<br> be very useful.<br> - What is the exact error message you see? Contextual logs/errors from<br> Keystone/Nova.<br> - Exact versions of Keystone, and other relevant packages.<br> - What OS? Fedora? CentOS? Something else?<br> - Probably, provide config files for /etc/keystone/keystone.conf and<br> relevant Neutron config files (preferably uploaded somewhere in<br> *plain text*).<br><br><br>--<br>/kashyap<br></div></div></div></blockquote></div><br></div></div></blockquote></div><br></div></blockquote></div><br><br clear="all"><div><br></div></div></div><span><font color="#888888">-- <br><div dir="ltr">Rasanjaya Subasinghe<br></div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br><div dir="ltr">Rasanjaya Subasinghe<br></div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Rasanjaya Subasinghe<br></div>
</div>