“An error occurred during a connection to nuzleaf.home.younglogic.net. You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.”
Many years ago I battled this problem and had different solutions. Today, I got one that worked for Firefox on Fedora 32.
Continue readingBuildah is a valuable tool in the container ecosystem. As an effort to get more familiar with it, and to finally get my hand-rolled version of Keystone to deploy on Kubernetes, I decided to work through building a couple of Keystone based containers with Buildah.
Continue readingLast time I showed how to recreate a WebUI-generated MariaDB deployment from the command line. But how should you really generate it in the first place? Let’s walk through:
Continue readingMy eventual goal is to deploy Keystone using Kubernetes. However, I want to understand things from the lowest level on up. Since Kubernetes will be driving Docker for my deployment, I wanted to get things working for a single node Docker deployment before I move on to Kubernetes. As such, you’ll notice I took a few short cuts. Mostly, these involve configuration changes. Since I will need to use Kubernetes for deployment and configuration, I’ll postpone doing it right until I get to that layer. With that caveat, let’s begin.
Continue reading
We don’t include the postgres or Mysql drivers inside the virtual env for Keystone, so you need to explicitly install them in order to run the unit tests.
It looks like the access model for MySQL has changed between F17 and F18.
openstack-db fails with a permission on the root user. However, the following works:
su - keystone mysql
create user 'keystone'@'localhost' identified by 'keystone'; grant all PRIVILEGES on *.* to 'keystone'@'localhost';
exit mysql and log in as that user:
mysql --user=keystone --password=keystone
Create the keystone database:
create database keystone;
Log out and run the dbsync
keystone-manage db_sync
Obviously, this leaves the DB User with too many permissions, but it is a start.
If I now try to run the command
openstack-db --service glance --init Please enter the password for the 'root' MySQL user:
Even setting the password in MySQL doesn’t work
UPDATE mysql.user SET Password=PASSWORD('keystone') WHERE User='root' AND Host='localhost';
[root@f18-keystone mysql]# openstack-db --service glance --init Please enter the password for the 'root' MySQL user: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) Failed to connect to the MySQL server. Please check your root user credentials.
I tried it with the unix password as well.
Note that I can connect using the following SQL Alchemy URL:
connection = mysql://keystone:keystone@localhost/keystone?unix_socket=/var/lib/mysql/mysql.sock
I think this is preferable to exposing TCP sockets around in the case that the Keystone server and MySQL server are co-located.
One undervalued aspect of Data modeling is that you actually get time to consider the form of the data before you get the data. In a Map reduce job, you kow that your map phase is going to get the data, and that it is not going to be normalized . I could have said, not likely to be normalized, but the reality is that if you are using Map-Reduced, you are not going to get structured data.
Say you want to set up postgres for use with a web application. If you are running on the same server here’s what you need to do:
If we are to follow the advice of Joshua Bloch in Effective Java, we should minimize the mutability of our objects. How does this apply to data access layers, and databases in general?
A good rule of thumb for databases is that if it is important enough to record in a database, it is important enough not to delete from your database…at least, not in the normal course of events. If Databases tables are primarily read only, then then the action of reading the current item will be “select * from table where key = max (key)”. Deletes indicate an error made. And so on. Business objects are then required to provide the rule to select which is the current record for a given entity.
A good example is the Physical fitness test given in the Army (the APFT). A soldier takes this test at least once per year, probably more. In order to be considered “in good standing” they have to score more than the minimum in push ups and sit-ups, and run two miles in less than the maximum time, all scored according to age. The interesting thing is that the active record for a soldier may not be the latest record, but merely the highest score inside of a time range. Failing an APFT only puts a solider in bad standing if they do not have another test scored in the same time period that is above the minimum standards. A soldier might take the APFT for some reason beyond just minimum qualifications, such as for entry into a school or for a competition.
As an aside, notice that the tests are scored based on age. Age should not be recorded, rather calculated from the date of the test and the soldiers birth date.  Never record what you can calculate, especially if the result of the calculation will change over time. Although in this case, it would be OK to record the Age of the soldier at the time of the test as a performance optimization, providing said calculation was done by the computer and not the person entering the scores. Note, however, that doing so will prevent adjustments like recalculating the scores if we find out a soldier lied about his birthday.
Relations are tricky in this regard. for instance, should removing an item from a shopping cart in an eCommerce application be recorded directly or IAW the “No-delete” rule? If possible, go with the no-delete, as it allows you to track the addto, remove from cart actions of the shopper, something that the marketing side probably wants to know. For a performance optimization, you can delete the relation, but make sure you send the events to some other backing store as well.
“Since I’m dreaming, I’d like a pony” –Susie, in Calvin and Hobbes.
“I’m not just the President of the Hair Club for Men, I’m also a client.” –President of the Hair Club for Men
Not only do I write software, I use it. A whole bunch. I am a Linux guy, and when ever I end up in a situation where I have to work around a proprietary solution that just doesn’t make sense for what I am trying to do, it ads a point or two to my Diastolic. So here is my dream setup: