Showing posts from March, 2018

Open Source MANO VNF onboarding tool

If you're working in the telco industry, you may realize an exciting race what is happening. It's the NFV Orchestration and Management (MANO) system. The origin of that is ETSI's work on the NFV MANO specification. After ETSI released the spec, many organizations have been trying to implement its own NFV MANO system including OpenStack Tacker, OPNFV, ONAP, and ETSI itself also adopted an open source project called Open Source MANO (OSM). I will explore a tool called VNF Descriptor Generator of OSM in this blog post.

What is VNF Descriptor Generator?

It's a web interface that helps you to generate VNF and NS Descriptor packages ready for launch (onboarding). By filling out all the information of your VNFs in the web form, the tool will provide you a VNFD package and an NSD package for you to download. This helps you to avoid typos and misconfiguration when you have to prepare the package manually.

1. In your OSM web interface, go to launchpad, VNF Descriptor generator, fi…

How to renew a standalone Let's Encrypt cert

If you deployed Let's Encrypt SSL certificate independently with nginx (standalone), you can't renew that cert while nginx is running. The only way is to stop nginx and proceed the renewal than start nginx again. Here is a bash script that you can use as crontab (e.g. /opt/my_scripts/

Note: the script requires ssl-cert-check package so install it using this:

sudo apt install ssl-cert-check

Set the crontab as following:

0 */12 * * * /opt/myh_scripts/ > /var/log/renew_cert.log 2>&1

Make function keys work on putty's ssh session

When you ssh to a Linux machine using putty and running tmux or byobu, by default, you can not use function keys to switch between sessions (F3, F4) or create a new session (F2). By setting putty as below, you will "fix" that:

1. Go to Putty settings, Terminal section, Keyboard, The Function keys and keypad, select Xterm R6

2. Apply and close.

Another SSH tunneling trick - to get you ssh into your blocked server from the outside world

I wrote a blog post about SSH tunneling 4 years ago at this. Today I will show you another trick that gets you into the server behind firewalls.

Normally, corporate's firewalls will block all the incoming ports except port 80 and 443 which are using for accessing the web servers. So, here are how to can get access to the servers from outside (assuming you have access to the server you want to connect to from inside the corporate network):

1. If the server you want to connect to doesn't have anything web or anything running on port 80/443, you just need to change its's ssh config to let sshd runs on port 80/443.

sudo nano /etc/ssh/sshd_config

Port 80
sudo systemctl restart ssh

2. If your server already has a web or a server that runs on port 80/443, use another server that you can access from inside the network and free of port 80/443. 

Then establish the tunnel, assuming: the server that I have access from inside the the server that I wan…

How to dev a new Horizon dashboard without devstack/fullstack OpenStack

Everybody knows the easiest way to build a new Horizon dashboard is to use devstack. But, devstack requires a number of resources (16GB of RAM for a workable devstack in my experience). So what can you do if you only have a laptop with 4-8GB RAM? Easy, easy, follow these setups:

1. Install keystone (the minimum requirement of Horizon):

Follow this official instruction:

Read these blog posts to fix some issues:

2. Install Horizon:

Follow this official instruction to install Horizon on your computer:

3. Building your own dashboard:

Using this document:…

Fix error "AttributeError: 'module' object has no attribute 'Cryptography_HAS_SSL_ST'" when installing keystone on Ubuntu 16.04

I followed the keystone's official docs to install it but got this error on Ubuntu 16.04:

AttributeError:'module' object has no attribute 'Cryptography_HAS_SSL_ST'
Then I added this below ppa and I can install keystone successfully:

sudo add-apt-repository ppa:ubuntu-cloud-archive/queens-staging
sudo apt-get update
sudo apt install keystone apache2 libapache2-mod-wsgi

Fix "ImportError: cannot import name deploy" when running keystone

When trying to access keystone's address, for example http://localhost:5000/v3, I got this apache2's error:

2018-03-09 01:51:42.468036 mod_wsgi (pid=21691): Target WSGI script '/usr/bin/keystone-wsgi-public' cannot be loaded as Python module.
2018-03-09 01:51:42.468106 mod_wsgi (pid=21691): Exception occurred processing WSGI script '/usr/bin/keystone-wsgi-public'.
2018-03-09 01:51:42.468137 Traceback (most recent call last):
2018-03-09 01:51:42.468164   File "/usr/bin/keystone-wsgi-public", line 6, in <module>
2018-03-09 01:51:42.468248     from keystone.server.wsgi import initialize_public_application
2018-03-09 01:51:42.468262   File "/usr/lib/python2.7/dist-packages/keystone/server/", line 30, in <module>
2018-03-09 01:51:42.468336     from keystone.version import service as keystone_service
2018-03-09 01:51:42.468349   File "/usr/lib/python2.7/dist-packages/keystone/version/", line 19, in <module>

How to fix "Index column size too large" error when doing keystone db_sync

I was trying to deploy the keystone service manually on my Ubuntu 16.04 desktop:

# su -s /bin/sh -c "keystone-manage db_sync" keystone

and couldn't make it work. I got this error:

DBError: (pymysql.err.InternalError) (1709, u'Index column size too large. The maximum column size is 767 
bytes.') [SQL: u'\nCREATE TABLE migrate_version (\n\trepository_id VARCHAR(250) NOT NULL, \n\trepository_path TEXT, \n\tversion INTEGER, \n\tPRIMARY KE
Y (repository_id)\n)\n\n'] (Background on this error at:

Then I figured out that the new release of mariadb/mysql  (10.0.33-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04) uses utf8mb4 as the character encoding which uses more bytes per character than utf8. And the length used for the column or key repository_id is 250 VARCHAR and 4 bytes per character makes it longer than the limit allowed by InnoDB, which is 767.

So to fix it follow these steps:

1. Change character-set-server and collation-server values of all…

"Database returned an invalid value in QuerySet.datetimes()" error when add a new language in Open edX

I was trying to add another language to my Open edX site in the Django's admin dashboard and this is what I got:

Internal Server Error: /admin/dark_lang/darklangconfig/

  File "/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/db/models/", line 927, in convert_value
    "Database returned an invalid value in QuerySet.datetimes(). "
ValueError: Database returned an invalid value in QuerySet.datetimes(). Are time zone definitions for your database and pytz installed?

Oh crap... what's that?

Turns out it's an error of MySQL and Django. So, do the following to fix:

1. Populate the timezone definitions in the 'mysql' table

mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

2. Flush tables

mysql -u root -p -e "flush tables;" mysql