from:"Adhi Priharmanto"

Re: [Openstack] non public glance image can seen by all tenant

2018-10-27 Thread Adhi Priharmanto

Great,

Thanks Jeremy for pointing me in the right direction

On Fri, Oct 26, 2018 at 8:26 PM Jeremy Stanley  wrote:

> On 2018-10-26 11:29:27 +0700 (+0700), Adhi Priharmanto wrote:
> > I have setup rocky release at my openstack lab, now all of tenant
> > (user) can see non-public glance image create by another tenant
> > (user)
> [...]
>
> This sounds very similar to https://launchpad.net/bugs/1799588 which
> the Glance team has been asked to look into. See also the rather
> lengthy troubleshooting discussion on the Operators ML starting
> here:
>
>
> http://lists.openstack.org/pipermail/openstack-operators/2018-October/016039.html
>
> --
> Jeremy Stanley
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] non public glance image can seen by all tenant

2018-10-25 Thread Adhi Priharmanto

Hi,
I have setup rocky release at my openstack lab, now all of tenant (user)
can see non-public glance image create by another tenant (user)

here is my glance policy.json :

> {
> "context_is_admin":  "role:admin",
> "default": "role:admin",
> "add_image": "",
> "delete_image": "",
> "get_image": "",
> "get_images": "",
> "modify_image": "",
> "publicize_image": "role:admin",
> "communitize_image": "",
> "copy_from": "",
> "download_image": "",
> "upload_image": "",
> "delete_image_location": "",
> "get_image_location": "",
> "set_image_location": "",
> "add_member": "",
> "delete_member": "",
> "get_member": "",
> "get_members": "",
> "modify_member": "",
> "manage_image_cache": "role:admin",
> "get_task": "",
> "get_tasks": "",
> "add_task": "",
> "modify_task": "",
> "tasks_api_access": "role:admin",
> "deactivate": "",
> "reactivate": "",
> "get_metadef_namespace": "",
> "get_metadef_namespaces":"",
> "modify_metadef_namespace":"",
> "add_metadef_namespace":"",
> "get_metadef_object":"",
> "get_metadef_objects":"",
> "modify_metadef_object":"",
> "add_metadef_object":"",
> "list_metadef_resource_types":"",
> "get_metadef_resource_type":"",
> "add_metadef_resource_type_association":"",
> "get_metadef_property":"",
> "get_metadef_properties":"",
> "modify_metadef_property":"",
> "add_metadef_property":"",
> "get_metadef_tag":"",
> "get_metadef_tags":"",
> "modify_metadef_tag":"",
> "add_metadef_tag":"",
> "add_metadef_tags":""
> }


any advice how to fix this ?


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [nova][ceph] Libvirt Error when add ceph as nova backend

2018-10-11 Thread Adhi Priharmanto

Hi,
This is my ceph node ( using single node ceph) for test only

> [cephdeploy@ceph2 ~]$ cat /etc/ceph/ceph.client.nova.keyring
> [client.nova]
> key = AQBLxr5bbhnGFxAAXAliVJwMU5w5YgFY6jGJIA==
> [cephdeploy@ceph2 ~]$ ceph auth get client.nova
> exported keyring for client.nova
> [client.nova]
> key = AQBLxr5bbhnGFxAAXAliVJwMU5w5YgFY6jGJIA==
> caps mon = "allow r"
> caps osd = "allow class-read object_prefix rbd_children, allow rwx
> pool=vms, allow rx pool=images"
> [cephdeploy@ceph2 ~]$


and this at my compute-node

> [root@cp2 ~]# cat /etc/ceph/ceph.client.nova.keyring
> [client.nova]
> key = AQBLxr5bbhnGFxAAXAliVJwMU5w5YgFY6jGJIA==
> [root@cp2 ~]#

yes both nodes, ceph & nova-compute node was on same network
192.168.26.xx/24 , does any special port need to allow at firewalld ?

On Thu, Oct 11, 2018 at 2:24 PM Eugen Block  wrote:

> Hi,
>
> your nova.conf [libvirt] section seems fine.
>
> Can you paste the output of
>
> ceph auth get client.nova
>
> and does the keyring file exist in /etc/ceph/ (ceph.client.nova.keyring)?
>
> Is the ceph network reachable by your openstack nodes?
>
> Regards,
> Eugen
>
>
> Zitat von Adhi Priharmanto :
>
> > Hi, Im running my openstack environment with rocky release, and I want to
> > integrate ceph as nova-compute backend, so I followed instruction here :
> > http://superuser.openstack.org/articl...
> > <http://superuser.openstack.org/articles/ceph-as-storage-for-openstack/>
> >
> > and this is my nova.conf at my compute node
> >
> > [DEFAULT]
> > ...
> > compute_driver=libvirt.LibvirtDriver
> >
> > [libvirt]
> > images_type = rbd
> > images_rbd_pool = vms
> > images_rbd_ceph_conf = /etc/ceph/ceph.conf
> > rbd_user = nova
> > rbd_secret_uuid = a93824e0-2d45-4196-8918-c8f7d7f35c5d
> > 
> >
> > and this is log when I restarted the nova compute service :
> >
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host
> > [req-f4e2715a-c925-4c12-b8e6-aa550fc588b1 - - - - -] Exception
> > handling connection event: AttributeError: 'NoneType' object has no
> > attribute 'rfind'
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host Traceback
> > (most recent call last):
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host   File
> > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/host.py", line
> > 148, in _dispatch_conn_event
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host handler()
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host   File
> > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/host.py", line
> > 414, in handler
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host return
> > self._conn_event_handler(*args, **kwargs)
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host   File
> > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line
> > 470, in _handle_conn_event
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host
> > self._set_host_enabled(enabled, reason)
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host   File
> > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line
> > 3780, in _set_host_enabled
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host
> > mount.get_manager().host_up(self._host)
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host   File
> > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/volume/mount.py",
> > line 134, in host_up
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host
> > self.state = _HostMountState(host, self.generation)
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host   File
> > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/volume/mount.py",
> > line 229, in __init__
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host
> > mountpoint = os.path.dirname(disk.source_path)
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host   File
> > "/usr/lib64/python2.7/posixpath.py", line 129, in dirname
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host i =
> > p.rfind('/') + 1
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host
> > AttributeError: 'NoneType' object has no attribute 'rfind'
> > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host
> > 2018-10-11 01:59:57.231 5275 WARNING nova.compute.monitors
> > [req-df2559f3-5a01-499a-9ac0-3dd9dc255f77 - - - - -] Excluding
> > nova.compute.monitors.cpu monitor virt_driver. Not i

[Openstack] [nova][ceph] Libvirt Error when add ceph as nova backend

2018-10-11 Thread Adhi Priharmanto

nit__
2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager
self.cluster, self.ioctx = driver._connect_to_rados(pool)
2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager   File
"/usr/lib/python2.7/site-packages/nova/virt/libvirt/storage/rbd_utils.py",
line 133, in _connect_to_rados
2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager client.connect()
2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager   File
"rados.pyx", line 875, in rados.Rados.connect
(/builddir/build/BUILD/ceph-12.2.5/build/src/pybind/rados/pyrex/rados.c:9764)
2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager TimedOut:
[errno 110] error connecting to the cluster
2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager
2018-10-11 02:04:57.316 5275 ERROR oslo.messaging._drivers.impl_rabbit
[-] [bc957cdf-01b6-4d9a-8cb2-87f880f67cf9] AMQP server on
ct.os-srg.adhi:5672 is unreachable: [Errno 104] Connection reset by
peer. Trying again in 1 seconds.: error: [Errno 104] Connection reset
by peer
2018-10-11 02:04:58.353 5275 INFO oslo.messaging._drivers.impl_rabbit
[-] [bc957cdf-01b6-4d9a-8cb2-87f880f67cf9] Reconnected to AMQP server
on ct.os-srg.adhi:5672 via [amqp] client with port 60704.
2018-10-11 02:05:02.347 5275 ERROR oslo.messaging._drivers.impl_rabbit
[-] [2dda91e7-c913-4203-a198-ca53f231dfdc] AMQP server on
ct.os-srg.adhi:5672 is unreachable: [Errno 104] Connection reset by
peer. Trying again in 1 seconds.: error: [Errno 104] Connection reset
by peer
2018-10-11 02:05:03.376 5275 INFO oslo.messaging._drivers.impl_rabbit
[-] [2dda91e7-c913-4203-a198-ca53f231dfdc] Reconnected to AMQP server
on ct.os-srg.adhi:5672 via [amqp] client with port 60706.

does anyone can help me with this problem ?

-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [xenserver][ocata] overcommit vcpu

2017-11-29 Thread Adhi Priharmanto

Hi,

I've been running ocata release with xenserver as hypervisor, my question,
how to overcommit vCPU of xenserver ?

my xenserver have 4 physical core and 8 vcpu. I already add
"cpu_allocation_ratio = 16.0" option into my nova.conf at compute nodes,
but its still read 8 vCPUs by scheduler.


-- 


Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [Ocata] Openstack Tweak & Tuning suggestion

2017-10-10 Thread Adhi Priharmanto

Hi all,

I need some suggestion from all of you about how to tweak & tuning the
openstack performance in HA.

Because my Horizon is often encountered "cannot retrieve instance list"
while accessing "Projects  > Compute > Instances" menu in Horizon


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] FW: [xenserver-ocata] ceilometer compute error Rrd_interface.Internal_error

2017-09-25 Thread Adhi Priharmanto

Hi Jianghua,

Thanks for your response and attention. For the error of  "
Rrd_interface.Internal_error" , I was installed this update on my xenserver
(https://support.citrix.com/article/CTX225676) , and RRD error now was gone
from ceilometer logs.

I'm still at ocata release , here is my openstack package list on my
compute node

> [root@cmp1-oc-srg ceilometer]# rpm -qa |grep openstack
> centos-release-openstack-ocata-1-1.el7.noarch
> openstack-selinux-0.7.13-2.el7.noarch
> openstack-nova-compute-15.0.0-1.el7.noarch
> openstack-neutron-common-10.0.1-1.el7.noarch
> openstack-ceilometer-polling-8.1.0-1.el7.noarch
> openstack-ceilometer-compute-8.1.0-1.el7.noarch
> openstack-neutron-openvswitch-10.0.1-1.el7.noarch
> openstack-neutron-ml2-10.0.1-1.el7.noarch
> openstack-ceilometer-common-8.1.0-1.el7.noarch
> openstack-nova-common-15.0.0-1.el7.noarch
> openstack-neutron-10.0.1-1.el7.noarch


And here's is my logs as your request
https://paste.fedoraproject.org/paste/Yv8DoGbLziE0~luY6qwbhQ

I still find error at ceilometer-compute logs like this one

2017-09-25 14:31:07.041 9048 INFO ceilometer.agent.manager [-] Polling
> pollster disk.device.iops in the context of all_pollsters
> 2017-09-25 14:31:07.042 9048 ERROR ceilometer.agent.manager [-] Prevent
> pollster disk.device.iops from polling [,  mon-srg>, ] on source all_pollsters anymore!
> 2017-09-25 14:31:07.043 9048 INFO ceilometer.agent.manager [-] Polling
> pollster disk.device.latency in the context of all_pollsters
> 2017-09-25 14:31:07.044 9048 ERROR ceilometer.agent.manager [-] Prevent
> pollster disk.device.latency from polling [,  mon-srg>, ] on source all_pollsters anymore!


I think this error maybe make some of measurement won't works at gnocchi,
and also some of gnocchi metric won't show the unit

[root@localhost ~]# gnocchi metric list |grep disk.device.iops
>
> +---+-+-+---++
> | id| archive_policy/name | name
>  | unit  | resource_id|
>
> +---+-+-+---++
>
>> | 0062d222-2874-4a19-be34-a5bee3051d21 | low |
>> disk.device.iops| None  |
>> 7b089e8e-5be7-599a-b279-15a8129f7bdd |
>
> | 3dc249e4-006d-47a3-935c-58e571ba086c | low |
>> disk.device.iops| None  |
>> 0efeccca-8313-5aec-a1e2-955e091419f9 |
>
> | c2c19329-1709-4165-bdea-3bcf81c5d9d4 | low |
>> disk.device.iops| None  |
>> 78aa9c1e-b199-551c-b295-fecb237639fc |
>
> | cfa1c4bf-591e-4229-bb76-7607fcba640e | low |
>> disk.device.iops| None  |
>> bdf98233-442b-5fe4-aa02-ba567e487dcc |
>
>

Any suggest about the last error of ceilometer-compute  ?

On Mon, Sep 25, 2017 at 1:02 PM, Jianghua Wang <jianghua.w...@citrix.com>
wrote:

> Adhi,
>
>   Do you still have this problem?
>
>   The following errors may be caused due to this xvda disk doesn’t exist.
> Did you see any issue from the nova?
>
> Rrd.Invalid_data_source(\\"vbd_xvda_read\\")")
>
>
>
> If you are still suffering from this issue, can you send me the following
> log files:
>
> 1.   Log files for the nova-compute and ceilometer services located
> in nova compute node.
>
> 2.   The /var/log/xensource.log from dom0 where the compute node is
> running on.
>
>
>
> And can you confirm the release version? From the title –
> [xenserver-ocata], it may be ocata. But by checking the code line from the
> log, it’s probably already in pike.
>
>
>
> Regards,
>
> Jianghua
>
>
>
> *From:* wjh_fresh [mailto:wjh_fr...@163.com]
> *Sent:* Monday, September 11, 2017 1:38 PM
> *To:* Jianghua Wang <jianghua.w...@citrix.com>
> *Subject:* Fw: [Openstack] [xenserver-ocata] ceilometer compute error
> Rrd_interface.Internal_error
>
>
>
> 发件人： Adhi Priharmanto <adhi@gmail.com>
>
> 发送日期： 2017年09月08日 21:56
>
> 收件人： openstack <openstack@lists.openstack.org>
>
> 抄送人：
>
> 主题： [Openstack] [xenserver-ocata] ceilometer compute error
> Rrd_interface.Internal_error
>
> Hi all,
>
>
>
> I'm add ceilometer into my compute node, when I watch the ceilometer
> compute log , I found this error .
>
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters [-] Could
> not get disk.device.write.requests.rate events for
> 59277f16-6ccf-4b5a-9204-c75c8a97dff7: ['INTERNAL_ERROR',
> 'Rrd_in

Re: [Openstack] Placement API service is not responding with haproxy

2017-09-21 Thread Adhi Priharmanto

did your nova-placement at your controller node running on port 58778?

On Sep 21, 2017 4:44 PM, "谭 明宵"  wrote:


I had HA setup for placement api to work on high availability enviornment
by using HAproxy on three controller nodes

vim /etc/haproxy/haproxy.cfg

listen nova_placement_cluster
bind 0.0.0.0:8778
http-request del-header X-Forwarded-Proto
server controller01 192.168.105.10:58778 check
inter 2000 rise 2 fall 5
server controller02 192.168.105.11:58778 check
inter 2000 rise 2 fall 5
server controller03 192.168.105.12:58778 check
inter 2000 rise 2 fall 5

but nova-compute.log has some errors like:

2017-09-21 17:08:59.690 14155 WARNING nova.scheduler.client.
report [req-6fefb3b1-fe0b-418e-b76a-2749613a6364 - - - -
 -] Placement API service is not responding.
2017-09-21 17:09:59.697 14155 WARNING nova.scheduler.client.
report [req-6fefb3b1-fe0b-418e-b76a-2749613a6364 - - - -
 -] Placement API service is not responding.
2017-09-21 17:10:59.729 14155 WARNING nova.scheduler.client.
report [req-6fefb3b1-fe0b-418e-b76a-2749613a6364 - - - -
 -] Placement API service is not responding.

what is the correct configuration for placement api in haproxy?

thx


___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [xenserver-ocata] ceilometer compute error Rrd_interface.Internal_error

2017-09-08 Thread Adhi Priharmanto

Hi all,

I'm add ceilometer into my compute node, when I watch the ceilometer
compute log , I found this error .

2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters [-] Could
> not get disk.device.write.requests.rate events for
> 59277f16-6ccf-4b5a-9204-c75c8a97dff7: ['INTERNAL_ERROR',
> 'Rrd_interface.Internal_error("Rrd.Invalid_data_source(\\"vbd_xvda_read\\")")']:
> Failure: ['INTERNAL_ERROR',
> 'Rrd_interface.Internal_error("Rrd.Invalid_data_source(\\"vbd_xvda_read\\")")']
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters Traceback
> (most recent call last):
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters   File
> "/usr/lib/python2.7/site-packages/ceilometer/compute/pollsters/__init__.py",
> line 136, in get_samples
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters
> cache, instance, self._inspection_duration)
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters   File
> "/usr/lib/python2.7/site-packages/ceilometer/compute/pollsters/__init__.py",
> line 100, in _inspect_cached
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters
> result = list(result)
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters   File
> "/usr/lib/python2.7/site-packages/ceilometer/compute/virt/xenapi/inspector.py",
> line 176, in inspect_disk_rates
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters
> vm_ref, "vbd_%s_read" % vbd_rec['device']))
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters   File
> "/usr/lib/python2.7/site-packages/os_xenapi/client/objects.py", line 64, in
> 
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters
> return lambda *params: self._call_method(method_name, *params)
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters   File
> "/usr/lib/python2.7/site-packages/os_xenapi/client/objects.py", line 61, in
> _call_method
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters
> return self.session.call_xenapi(call, *args)
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters   File
> "/usr/lib/python2.7/site-packages/os_xenapi/client/session.py", line 200,
> in call_xenapi
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters
> return session.xenapi_request(method, args)
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters   File
> "/usr/lib/python2.7/site-packages/os_xenapi/client/XenAPI.py", line 130, in
> xenapi_request
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters
> result = _parse_result(getattr(self, methodname)(*full_params))
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters   File
> "/usr/lib/python2.7/site-packages/os_xenapi/client/XenAPI.py", line 212, in
> _parse_result
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters raise
> Failure(result['ErrorDescription'])
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters Failure:
> ['INTERNAL_ERROR',
> 'Rrd_interface.Internal_error("Rrd.Invalid_data_source(\\"vbd_xvda_read\\")")']
> 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters


How to resolve this error ?

The second question, when I check gnocchi metric list, why most of metric
have a none value in unit column ?

...
> | 04df7669-0578-43b6-9e7f-d413e7def0e6 | low |
> memory.usage| MB|
> 59277f16-6ccf-4b5a-9204-c75c8a97dff7 |
> | 135bd162-fc03-4395-9e24-b4709c438808 | low | memory
>  | MB| 59277f16-6ccf-4b5a-9204-c75c8a97dff7 |
> | 1bb63ed1-f1da-4300-9e86-2d6fb902ece6 | low |
> disk.read.requests  | None  |
> 59277f16-6ccf-4b5a-9204-c75c8a97dff7 |
> | 1c422d14-b254-46d8-b3b5-a78a5068592a | low |
> disk.read.requests.rate | None  |
> 59277f16-6ccf-4b5a-9204-c75c8a97dff7 |
> | 1cbc7050-4359-4d55-a3f0-383782223c49 | low |
> disk.ephemeral.size | GB|
> 59277f16-6ccf-4b5a-9204-c75c8a97dff7 |
> | 237c02ae-0759-4ed6-8ec9-d25b06a398c0 | low | cpu
> | None  | 59277f16-6ccf-4b5a-9204-c75c8a97dff7 |
> | 2cddcb76-bfa5-4c5b-b12a-2d3f0d270674 | low | cpu_util
>  | % | 59277f16-6ccf-4b5a-9204-c75c8a97dff7 |
> ...


I truncate the result
-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [Ceilometer][Gnocchi] Ocata - Ceilometer with Gnocchi

2017-09-05 Thread Adhi Priharmanto

Hi all,

I'm trying to add telemetry into my running openstack, as I read at

https://docs.openstack.org/project-install-guide/
telemetry/ocata/get_started.html

ceilometer now using gnocchi as backend, so I dig more reference for easily
installed gnocchi on my openstack environment, and I found about
openstack-gnocchi-* package from the openstack repo .

I'm installed gnocchi & ceilometer services at a node separate from
controller node, this node have IP 192.168.26.10, so I create metric
endpoint using this IP address.

then I'm using gnocchi from openstack repo , and here my gnocchi config

[DEFAULT]
> log_dir = /var/log/gnocchi/
> verbose = true
> transport_url = rabbit://openstack:my_passw...@ct-oc-srg.adhi
> [api]
> auth_mode = keystone
> [archive_policy]
> default_aggregation_methods = mean,min,max,sum,std,median,count,last,95pct
> [cors]
> [cors.subdomain]
> [database]
> connection = mysql+pymysql://gnocchi:my_passw...@ct-oc-srg.adhi/gnocchi
> [healthcheck]
> [incoming]
> [indexer]
> url = mysql+pymysql://gnocchi:my_passw...@ct-oc-srg.adhi/
> gnocchi?charset=utf8
> driver = sqlalchemy
> [metricd]
> [oslo_middleware]
> [oslo_policy]
> [statsd]
> resource_id = 70de8fd2-7619-4c70-bb4e-6628fe1aa68e
> user_id =
> project_id =
> archive_policy_name = low
> [storage]
> driver = file
> file_basepath = /var/lib/gnocchi
> coordination_url = file:///var/lib/gnocchi/locks
> [keystone_authtoken]
> auth_uri = http://ct-oc-srg.adhi:5000
> auth_url = http://ct-oc-srg.adhi:35357/v3
> auth_type = password
> memcached_servers = ct-oc-srg.adhi:11211
> project_domain_name = default
> user_domain_name = default
> project_name = service
> username = gnocchi
> password = MY_PASSWORD
> interface = internalURL
> region_name = RegionOne


according from the guide above, we just using
openstack-ceilometer-notification.service
openstack-ceilometer-central.service openstack-ceilometer-collector.service
, this is my ceilometer config

[DEFAULT]
> verbose = true
> meter_dispatchers = gnocchi
> event_dispatchers = gnocchi
> transport_url = rabbit://openstack:my_passw...@ct-oc-srg.adhi
> [api]
> [collector]
> [compute]
> [coordination]
> [cors]
> [cors.subdomain]
> [database]
> [dispatcher_file]
> [dispatcher_gnocchi]
> url = http://192.168.26.10:8041
> filter_service_activity = true
> archive_policy = low
> resources_definition_file = gnocchi_resources.yaml
> filter_project = service
> [dispatcher_http]
> [event]
> [hardware]
> [ipmi]
> [keystone_authtoken]
> auth_uri = http://ct-oc-srg.adhi:5000
> auth_url = http://ct-oc-srg.adhi:35357
> memcached_servers = ct-oc-srg.adhi:11211
> auth_type = password
> project_domain_name = default
> user_domain_name = default
> project_name = service
> username = ceilometer
> password = MY_PASSWORD
> [matchmaker_redis]
> [meter]
> [notification]
> store_events = false
> [oslo_concurrency]
> [oslo_messaging_amqp]
> [oslo_messaging_kafka]
> [oslo_messaging_notifications]
> [oslo_messaging_rabbit]
> [oslo_messaging_zmq]
> [oslo_middleware]
> [oslo_policy]
> [polling]
> [publisher]
> [publisher_notifier]
> [rgw_admin_credentials]
> [service_credentials]
> auth_type = password
> auth_url = http://ct-oc-srg.adhi:5000
> project_domain_name = default
> user_domain_name = default
> project_name = service
> username = ceilometer
> password = MY_PASSWORD
> interface = internalURL
> region_name = RegionOne
> [service_types]
> [storage]
> [vmware]
> [xenapi]



While doing ceilometer-upgrade --skip-metering-database, it's look no
problem. When I look into the gnocchi database on mysql , I can see some
tables add into the gnocchi database.

the problem comes when I start the ceilometer services, specially with logs
from ceilometer collector, I've got this error :

2017-09-05 16:03:40.808 23012 ERROR ceilometer.dispatcher.gnocchi [-] A
server error occurred.  Please contact the administrator. (HTTP 500)

I also got this error when I reboot an instance. I also can get measure
from the image download like describe in the guide above, can somebody help
me ?

-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Ocata - Ceilometer with Gnocchi

2017-09-05 Thread Adhi Priharmanto

Hi all,

I'm trying to add telemetry into my running openstack, as I read at

https://docs.openstack.org/project-install-guide/telemetry/ocata/get_started.html

ceilometer now using gnocchi as backend, so I dig more reference for easily
installed gnocchi on my openstack environment, and I found about
openstack-gnocchi-* package from the openstack repo .

I'm installed gnocchi & ceilometer services at a node separate from
controller node, this node have IP 192.168.26.10, so I create metric
endpoint using this IP address.

then I'm using gnocchi from openstack repo , and here my gnocchi config

[DEFAULT]
> log_dir = /var/log/gnocchi/
> verbose = true
> transport_url = rabbit://openstack:my_passw...@ct-oc-srg.adhi
> [api]
> auth_mode = keystone
> [archive_policy]
> default_aggregation_methods = mean,min,max,sum,std,median,count,last,95pct
> [cors]
> [cors.subdomain]
> [database]
> connection = mysql+pymysql://gnocchi:my_passw...@ct-oc-srg.adhi/gnocchi
> [healthcheck]
> [incoming]
> [indexer]
> url = mysql+pymysql://gnocchi:my_passw...@ct-oc-srg.adhi
> /gnocchi?charset=utf8
> driver = sqlalchemy
> [metricd]
> [oslo_middleware]
> [oslo_policy]
> [statsd]
> resource_id = 70de8fd2-7619-4c70-bb4e-6628fe1aa68e
> user_id =
> project_id =
> archive_policy_name = low
> [storage]
> driver = file
> file_basepath = /var/lib/gnocchi
> coordination_url = file:///var/lib/gnocchi/locks
> [keystone_authtoken]
> auth_uri = http://ct-oc-srg.adhi:5000
> auth_url = http://ct-oc-srg.adhi:35357/v3
> auth_type = password
> memcached_servers = ct-oc-srg.adhi:11211
> project_domain_name = default
> user_domain_name = default
> project_name = service
> username = gnocchi
> password = MY_PASSWORD
> interface = internalURL
> region_name = RegionOne


according from the guide above, we just
using openstack-ceilometer-notification.service
openstack-ceilometer-central.service openstack-ceilometer-collector.service
, this is my ceilometer config

[DEFAULT]
> verbose = true
> meter_dispatchers = gnocchi
> event_dispatchers = gnocchi
> transport_url = rabbit://openstack:my_passw...@ct-oc-srg.adhi
> [api]
> [collector]
> [compute]
> [coordination]
> [cors]
> [cors.subdomain]
> [database]
> [dispatcher_file]
> [dispatcher_gnocchi]
> url = http://192.168.26.10:8041
> filter_service_activity = true
> archive_policy = low
> resources_definition_file = gnocchi_resources.yaml
> filter_project = service
> [dispatcher_http]
> [event]
> [hardware]
> [ipmi]
> [keystone_authtoken]
> auth_uri = http://ct-oc-srg.adhi:5000
> auth_url = http://ct-oc-srg.adhi:35357
> memcached_servers = ct-oc-srg.adhi:11211
> auth_type = password
> project_domain_name = default
> user_domain_name = default
> project_name = service
> username = ceilometer
> password = MY_PASSWORD
> [matchmaker_redis]
> [meter]
> [notification]
> store_events = false
> [oslo_concurrency]
> [oslo_messaging_amqp]
> [oslo_messaging_kafka]
> [oslo_messaging_notifications]
> [oslo_messaging_rabbit]
> [oslo_messaging_zmq]
> [oslo_middleware]
> [oslo_policy]
> [polling]
> [publisher]
> [publisher_notifier]
> [rgw_admin_credentials]
> [service_credentials]
> auth_type = password
> auth_url = http://ct-oc-srg.adhi:5000
> project_domain_name = default
> user_domain_name = default
> project_name = service
> username = ceilometer
> password = MY_PASSWORD
> interface = internalURL
> region_name = RegionOne
> [service_types]
> [storage]
> [vmware]
> [xenapi]



While doing ceilometer-upgrade --skip-metering-database, it's look no
problem. When I look into the gnocchi database on mysql , I can see some
tables add into the gnocchi database.

the problem comes when I start the ceilometer services, specially with logs
from ceilometer collector, I've got this error :

2017-09-05 16:03:40.808 23012 ERROR ceilometer.dispatcher.gnocchi [-] A
server error occurred.  Please contact the administrator. (HTTP 500)

I also got this error when I reboot an instance. I also can get measure
from the image download like describe in the guide above, can somebody help
me ?

-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [xenserver-ocata] neutron-dhcp/metadata agent on XenServer

2017-08-23 Thread Adhi Priharmanto

hi Huan,

thanks for your suggest, I'll try again, do I need to add physical port to
br-int at compute node (dom-U) ?

I'll paste the dhcp logs later.

On Wed, Aug 23, 2017 at 10:46 AM, Huan Xie <huan@citrix.com> wrote:

> Hi Adhi,
>
> As the link https://docs.openstack.org/ocata/networking-guide/config-
> dhcp-ha.html described, we can add DHCP agent in compute node (DomU) and
> it make sense as VMs just get internal fixed IP, so locating the DHCP in
> compute node should work.
>
> If the VM cannot get IP, I suspect maybe the VM’s DHCP request isn’t
> arrived to that DHCP agent, maybe the  so here are some questions:
>
> 1.   The agent_scheduler isn’t work for the DHCP agent in Nova
> compute node? Could you give some logs of DHCP agent.
>
> 2.   The VM isn’t get correct internal vlan tag? Could you double
> check about the VM’s VIF information in Dom0.
>
> a.   ovs-vsctl show
>
> b.  ovs-ofctl show br-int
>
> c.       ovs-ofctl dump-flows br-int
>
> Thanks,
>
> Huan
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* Wednesday, August 23, 2017 9:32 AM
> *To:* Bob Ball
> *Cc:* openstack; #OpenStack External Email
> *Subject:* Re: [Openstack] [xenserver-ocata] neutron-dhcp/metadata agent
> on XenServer
>
>
>
> hi bob,
>
>
>
> yep, yesterday I try to install neutron-dhcp/metadata agent along with
> nova-compute inside of compute node (domU) , the neutron-dhcp/metadata
> agent was working, I see from the log. but instance can't get the IP
> address from dhcp server.
>
>
>
> the working scenario now, I made 2 network node, on each network node
> contain L3-Agent, DHCP-agent, and metadata-agent.
>
>
>
> On Tue, Aug 22, 2017 at 9:25 PM, Bob Ball <bob.b...@citrix.com> wrote:
>
> Hi Adhi,
>
>
>
> If the Neutron agents would normally run with the nova compute services,
> then they would need to run in the compute VM when deploying with
> XenServer, not in domain 0.
>
>
>
> I would assume that the DHCP agents should also run in the compute VM.
>
>
>
> Also added openst...@citrix.com to include others.
>
>
>
> Bob
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* 22 August 2017 06:58
> *To:* openstack <openstack@lists.openstack.org>
> *Subject:* [Openstack] [xenserver-ocata] neutron-dhcp/metadata agent on
> XenServer
>
>
>
> Hi,
> According to this guide:
>
> https://docs.openstack.org/ocata/networking-guide/config-dhcp-ha.html
>
>
> If I want to add HA on my openstack-xenserver environment , is it possible
> to include neutron-dhcp/metadata agent on Compute-node ?
>
>
>
> or I have to add neutron-dhcp/metadata agent on xenserver dom0 ?
>
> or I have to create more neutron-dhcp/metadata agent on separate node ?
>
>
>
> --
>
> Cheers,
>
>
>
> *Adhi Priharmanto*
>
> about.me/a_dhi
>
>
>
> +62-812-82121584 <+62%20812-8212-1584>
>
>
>
>
>
>
>
> --
>
> Cheers,
>
>
>
> *Adhi Priharmanto*
>
> about.me/a_dhi
>
>
>
> +62-812-82121584 <+62%20812-8212-1584>
>
>
>



-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [xenserver-ocata] neutron-dhcp/metadata agent on XenServer

2017-08-22 Thread Adhi Priharmanto

hi bob,

yep, yesterday I try to install neutron-dhcp/metadata agent along with
nova-compute inside of compute node (domU) , the neutron-dhcp/metadata
agent was working, I see from the log. but instance can't get the IP
address from dhcp server.

the working scenario now, I made 2 network node, on each network node
contain L3-Agent, DHCP-agent, and metadata-agent.

On Tue, Aug 22, 2017 at 9:25 PM, Bob Ball <bob.b...@citrix.com> wrote:

> Hi Adhi,
>
>
>
> If the Neutron agents would normally run with the nova compute services,
> then they would need to run in the compute VM when deploying with
> XenServer, not in domain 0.
>
>
>
> I would assume that the DHCP agents should also run in the compute VM.
>
>
>
> Also added openst...@citrix.com to include others.
>
>
>
> Bob
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* 22 August 2017 06:58
> *To:* openstack <openstack@lists.openstack.org>
> *Subject:* [Openstack] [xenserver-ocata] neutron-dhcp/metadata agent on
> XenServer
>
>
>
> Hi,
> According to this guide:
>
> https://docs.openstack.org/ocata/networking-guide/config-dhcp-ha.html
>
>
> If I want to add HA on my openstack-xenserver environment , is it possible
> to include neutron-dhcp/metadata agent on Compute-node ?
>
>
>
> or I have to add neutron-dhcp/metadata agent on xenserver dom0 ?
>
> or I have to create more neutron-dhcp/metadata agent on separate node ?
>
>
>
> --
>
> Cheers,
>
>
>
> *Adhi Priharmanto*
>
> about.me/a_dhi
>
>
>
> +62-812-82121584 <+62%20812-8212-1584>
>
>
>



-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [xenserver-ocata] neutron-dhcp/metadata agent on XenServer

2017-08-22 Thread Adhi Priharmanto

Hi,
According to this guide:
https://docs.openstack.org/ocata/networking-guide/config-dhcp-ha.html

If I want to add HA on my openstack-xenserver environment , is it possible
to include neutron-dhcp/metadata agent on Compute-node ?

or I have to add neutron-dhcp/metadata agent on xenserver dom0 ?

or I have to create more neutron-dhcp/metadata agent on separate node ?

-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Cinder - Could not start Cinder Volume service-Ocata

2017-06-21 Thread Adhi Priharmanto

;, line 235, in
> __init__
> 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume *args, **kwargs)
> 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume   File
> "/usr/lib/python2.7/dist-packages/cinder/manager.py", line 156, in
> __init__
> 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume
> self.scheduler_rpcapi = scheduler_rpcapi.SchedulerAPI()
> 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume   File
> "/usr/lib/python2.7/dist-packages/cinder/rpc.py", line 188, in __init__
> 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume serializer =
> base.CinderObjectSerializer(obj_version_cap)
> 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume   File
> "/usr/lib/python2.7/dist-packages/cinder/objects/base.py", line 412, in
> __init__
> 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume raise exception.
> CappedVersionUnknown(version=version_cap)
> 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume CappedVersionUnknown:
> Unrecoverable Error: Versioned Objects in DB are capped to unknown version
> 1.21.
> 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume
> 2017-06-18 05:11:51.360 5230 ERROR cinder.cmd.volume
> [req-85789cbc-b26c-47c5-be34-035fae86e504 - - - - -] No volume service(s)
> started successfully, terminating.
> root@cloud1:/etc/cinder#
>
>
>
>
>
> --
> *From: *"SGopinath s.gopinath" <s.gopin...@gov.in>
> *To: *"openstack" <openstack@lists.openstack.org>
> *Sent: *Thursday, June 15, 2017 9:07:19 AM
> *Subject: *[Openstack] nova - Error in cells
>
> Hi ,
>
>
> I'm trying to install Openstack Ocata in
> Ubuntu 16.04.2 LTS.
>
> I could able to start nova services and successfully
> could get the output on executing
>
> openstack hypervisor list ...
>
> No issues...
>
>
> But when I execute
>
>  su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
>
> I get the error
>
>  ProgrammingError: (pymysql.err.ProgrammingError) (1146, u"Table
> 'nova_api.compute_nodes' doesn't exist")
>
> I could not find compute_nodes table in the database nova_api.
> However the compute_nodes table is in nova_api_cell0 database and it
> does not contain any rows.
>
>
> I think there is only a minor issue in assuming where the table is in which
> database.
>
> Could anyone suggest a solution for this.
>
> Thanks,
> S.Gopinath
>
>
>
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>
>
> --
> Arne Wiebalck
> CERN IT
>
>
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>
>


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start

2017-05-30 Thread Adhi Priharmanto

Hi Bob,

Thanks for share this update, I'll try to patch my nova and reproduce the
problem again.



On Tue, May 30, 2017 at 5:25 PM, Bob Ball <bob.b...@citrix.com> wrote:

> Hi Adhi,
>
>
>
> Please see bug report at https://bugs.launchpad.net/nova/+bug/1693147
> which I believe covers your issue.
>
>
>
> Huan is working on a fix at https://review.openstack.org/#/c/467926
>
>
>
> Thanks,
>
>
>
> Bob
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* 18 May 2017 17:52
>
> *To:* Bob Ball <bob.b...@citrix.com>
> *Cc:* openstack <openstack@lists.openstack.org>; #OpenStack External
> Email <openst...@citrix.com>
> *Subject:* Re: [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start
>
>
>
> Hi bob,
>
> Thanks for your suggest, because it's non production use, I decide to
> hardcoded clean up instance record from nova table, and finally
> nova-compute service was running again. :)
>
>
>
> On Thu, May 18, 2017 at 10:53 PM, Bob Ball <bob.b...@citrix.com> wrote:
>
> Hi Adhi,
>
>
>
> The point is that there is a mismatch between what Nova believes exists,
> and what really exists on the hypervisor.  How were the instances deleted?
>
>
>
> Check the hypervisors that each server Nova knows about - I suspect at
> least one is expected to exist on the XenServer for which the compute will
> not start.
>
>
>
> Bob
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* 18 May 2017 16:40
> *To:* Bob Ball <bob.b...@citrix.com>
> *Cc:* openstack <openstack@lists.openstack.org>; #OpenStack External
> Email <openst...@citrix.com>
> *Subject:* Re: [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start
>
>
>
> hi Bob,
>
> I don't have any vm/instance on that compute/xenserver , I'm deleted all
> vm since last week.
>
>
>
> On Thu, May 18, 2017 at 6:03 PM, Bob Ball <bob.b...@citrix.com> wrote:
>
> Hi Adhi,
>
>
>
> Very interesting.  I suspect that  self._get_vif_ref, below, is returning
> None.  This appears to be when the VM does not exist on the host - perhaps
> the VM was renamed, deleted, or it has been migrated to a different host
> and Nova’s records didn’t get updated?
>
>
>
> I believe the issue is most likely occurring at
> http://git.openstack.org/cgit/openstack/nova/tree/nova/virt/
> xenapi/vif.py?h=15.0.4#n246 where we attempt to detect the VM based on
> the instance’s name in Nova’s database.
>
> Do you have VMs on this host? They don’t have to be running (for example
> if the host rebooted then the VMs may exist but in a shutdown state)
>
>
>
> Could you check that the VMs that are on the host still have the name
> associated with them according to Nova?
>
> For example:
>
> root@host~/openrc# openstack server show 3662f9b8-1303-496a-8c21-
> 97bba312432c
>
> …
>
> | OS-EXT-SRV-ATTR:instance_name| instance-914e
>
>
> |
>
> …
>
> | name | dsvm-devstack-citrix-mia-
> nodepool-683420
>
>  |
>
>
>
> In this case, the server has the name dsvm-devstack-citrix-mia-nodepool-683420
> but on the hypervisor the VM itself has the name  instance-914e
>
>
>
> Thanks,
>
>
>
> Bob
>
>
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* 18 May 2017 10:34
> *To:* openstack <openstack@lists.openstack.org>
> *Subject:* [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start
>
>
>
> Hi all,
>
> I have openstack RDO ocata using xenserver as Hypervisor, setup manually.
> It works fine about 2 weeks, today my nova-compute wouldn't start and when
> I check the nova-compute log :
>
> 2017-05-18 16:29:24.769 10764 INFO nova.service [-] Starting compute node
> (version 15.0.0-1.el7)
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
> [req-f29142ce-c68a-4d0a-b6ff-ba5b0a67ec6a - - - - -] Error starting
> thread.
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service Traceback (most
> recent call last):
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 722, in
> run_service
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
> service.start()
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/nova/service.py", line 144, in start
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
> self.manager.init_host()
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
>

Re: [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start

2017-05-18 Thread Adhi Priharmanto

hi Bob,

I don't have any vm/instance on that compute/xenserver , I'm deleted all vm
since last week.

On Thu, May 18, 2017 at 6:03 PM, Bob Ball <bob.b...@citrix.com> wrote:

> Hi Adhi,
>
>
>
> Very interesting.  I suspect that  self._get_vif_ref, below, is returning
> None.  This appears to be when the VM does not exist on the host - perhaps
> the VM was renamed, deleted, or it has been migrated to a different host
> and Nova’s records didn’t get updated?
>
>
>
> I believe the issue is most likely occurring at
> http://git.openstack.org/cgit/openstack/nova/tree/nova/virt/
> xenapi/vif.py?h=15.0.4#n246 where we attempt to detect the VM based on
> the instance’s name in Nova’s database.
>
> Do you have VMs on this host? They don’t have to be running (for example
> if the host rebooted then the VMs may exist but in a shutdown state)
>
>
>
> Could you check that the VMs that are on the host still have the name
> associated with them according to Nova?
>
> For example:
>
> root@host~/openrc# openstack server show 3662f9b8-1303-496a-8c21-
> 97bba312432c
>
> …
>
> | OS-EXT-SRV-ATTR:instance_name| instance-914e
>
>
> |
>
> …
>
> | name | dsvm-devstack-citrix-mia-
> nodepool-683420
>
>  |
>
>
>
> In this case, the server has the name dsvm-devstack-citrix-mia-nodepool-683420
> but on the hypervisor the VM itself has the name  instance-914e
>
>
>
> Thanks,
>
>
>
> Bob
>
>
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* 18 May 2017 10:34
> *To:* openstack <openstack@lists.openstack.org>
> *Subject:* [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start
>
>
>
> Hi all,
>
> I have openstack RDO ocata using xenserver as Hypervisor, setup manually.
> It works fine about 2 weeks, today my nova-compute wouldn't start and when
> I check the nova-compute log :
>
> 2017-05-18 16:29:24.769 10764 INFO nova.service [-] Starting compute node
> (version 15.0.0-1.el7)
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
> [req-f29142ce-c68a-4d0a-b6ff-ba5b0a67ec6a - - - - -] Error starting
> thread.
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service Traceback (most
> recent call last):
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 722, in
> run_service
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
> service.start()
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/nova/service.py", line 144, in start
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
> self.manager.init_host()
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1152, in
> init_host
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
> self._init_instance(context, instance)
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 949, in
> _init_instance
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
> self.driver.plug_vifs(instance, net_info)
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/nova/virt/xenapi/driver.py", line 309,
> in plug_vifs
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
> self._vmops.plug_vifs(instance, network_info)
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/nova/virt/xenapi/vmops.py", line 1959,
> in plug_vifs
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
> self.vif_driver.plug(instance, vif, device=device)
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/nova/virt/xenapi/vif.py", line 250, in
> plug
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service vif_ref =
> self._get_vif_ref(vif, vm_ref)
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/nova/virt/xenapi/vif.py", line 42, in
> _get_vif_ref
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service vif_refs =
> self._session.call_xenapi("VM.get_VIFs", vm_ref)
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
> "/usr/lib/python2.7/site-packages/os_xenapi/client/session.py", line 200,
> in call_xenapi
> 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service return
> session.xenapi_request(method, args)
>

[Openstack] [Ocata-Xenserver] Nova-compute wouldn't start

2017-05-18 Thread Adhi Priharmanto

Hi all,

I have openstack RDO ocata using xenserver as Hypervisor, setup manually.
It works fine about 2 weeks, today my nova-compute wouldn't start and when
I check the nova-compute log :

2017-05-18 16:29:24.769 10764 INFO nova.service [-] Starting compute node
(version 15.0.0-1.el7)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
[req-f29142ce-c68a-4d0a-b6ff-ba5b0a67ec6a - - - - -] Error starting thread.
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service Traceback (most
recent call last):
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib/python2.7/site-packages/oslo_service/service.py", line 722, in
run_service
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service service.start()
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib/python2.7/site-packages/nova/service.py", line 144, in start
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
self.manager.init_host()
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1152, in
init_host
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
self._init_instance(context, instance)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 949, in
_init_instance
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
self.driver.plug_vifs(instance, net_info)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib/python2.7/site-packages/nova/virt/xenapi/driver.py", line 309, in
plug_vifs
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
self._vmops.plug_vifs(instance, network_info)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib/python2.7/site-packages/nova/virt/xenapi/vmops.py", line 1959, in
plug_vifs
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
self.vif_driver.plug(instance, vif, device=device)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib/python2.7/site-packages/nova/virt/xenapi/vif.py", line 250, in
plug
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service vif_ref =
self._get_vif_ref(vif, vm_ref)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib/python2.7/site-packages/nova/virt/xenapi/vif.py", line 42, in
_get_vif_ref
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service vif_refs =
self._session.call_xenapi("VM.get_VIFs", vm_ref)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib/python2.7/site-packages/os_xenapi/client/session.py", line 200,
in call_xenapi
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service return
session.xenapi_request(method, args)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib/python2.7/site-packages/os_xenapi/client/XenAPI.py", line 130, in
xenapi_request
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service result =
_parse_result(getattr(self, methodname)(*full_params))
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service return
self.__send(self.__name, args)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib64/python2.7/xmlrpclib.py", line 1581, in __request
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service
allow_none=self.__allow_none)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib64/python2.7/xmlrpclib.py", line 1086, in dumps
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service data =
m.dumps(params)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib64/python2.7/xmlrpclib.py", line 633, in dumps
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service dump(v, write)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib64/python2.7/xmlrpclib.py", line 655, in __dump
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service f(self, value,
write)
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service   File
"/usr/lib64/python2.7/xmlrpclib.py", line 659, in dump_nil
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service raise
TypeError, "cannot marshal None unless allow_none is enabled"
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service TypeError: cannot
marshal None unless allow_none is enabled
2017-05-18 16:29:24.847 10764 ERROR oslo_service.service

Anyone can help me with this problem ?

-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] cloud-init not start ini ubuntu 17.04

2017-05-05 Thread Adhi Priharmanto

Hi Eugen,

Based on this guide, just install and reconfigure datasource of cloud-init
if needed.

https://docs.openstack.org/image-guide/ubuntu-image.html

my problem is while I build the based image, cloud-init process won't run
while based image booting, there is no log record in /var/log/syslog (in
this case ubuntu), and its just happend in 17.04.

I had build custom image with 16.04 and 16.10, and it's fine, just install
the cloud-init package needed.



On Fri, May 5, 2017 at 1:26 PM, Eugen Block <ebl...@nde.ag> wrote:

> You have to make sure that cloud-init is enabled and running in your base
> instance. Then snapshot that VM and launch another instance from the new
> image, provide some user-data to test it.
> Cloud-init is a tool for initial configuration of new instances, that's
> why you would have to execute these steps manually if you configure your
> first VM to be a new base image. So all the magic will be (hopefully)
> visible if you launch a new VM.
>
>
> Regards,
> Eugen
>
>
> Zitat von Adhi Priharmanto <adhi@gmail.com>:
>
> Hi Bob,
>>
>> yes I'm following those tutorial, creating glance image from existing vm
>> xenserver.
>>
>>- build from scratch VM using "16.04 template" and "other installation
>>media"
>>- update & upgrade the VM OS
>>- installing cloud-init package, no change of cloud-init configuration
>>and using the default setting of cloud-init
>>- reboot the VM for testing the cloud-init and no output showing
>>cloud-init activity, there is no process associated with cloud-init in
>>"/var/log/syslog"
>>- export the vdi, compress the VHD, upload to glance
>>- start instance using the custom image, just get the IP address. To
>>gather instance metadata, "cloud-init init" must be executed manually
>> after
>>instance completely booting.
>>
>>
>> On Thu, May 4, 2017 at 11:32 PM, Bob Ball <bob.b...@citrix.com> wrote:
>>
>> Hi Adhi,
>>>
>>>
>>>
>>> Did you follow a guide, such as http://citrix-openstack.
>>> siteleaf.net/posts/generating-images-for-xenserver-in-openstack/ for
>>> generating the image?  If not, how was the image generated?
>>>
>>>
>>>
>>> What exactly is the output from the 17.04 image you’re using?
>>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> Bob
>>>
>>>
>>>
>>> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
>>> *Sent:* 03 May 2017 16:36
>>> *To:* openstack <openstack@lists.openstack.org>
>>> *Subject:* [Openstack] cloud-init not start ini ubuntu 17.04
>>>
>>>
>>>
>>> hi all,
>>>
>>> I just created ubuntu 17.04 custom image for working with openstack
>>> xenserver, after installing & update+upgrade ubuntu 17.04 base OS, I
>>> installed cloud-init, then reboot it to test cloud-init, but I can't see
>>> cloud-init process during the ubuntu 17.04 OS boot.
>>>
>>> Is there anyone can help or give a suggest for me ?
>>>
>>>
>>> --
>>>
>>> Cheers,
>>>
>>>
>>>
>>>
>>>
>>> *Adhi Priharmanto*
>>>
>>> about.me/a_dhi
>>>
>>> [image: http://d13pix9kaak6wt.cloudfront.net/signature/colorbar.png]
>>>
>>>
>>>
>>> +62-812-82121584 <+62%20812-8212-1584>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Cheers,
>>
>>
>>
>> [image: --]
>> Adhi Priharmanto
>> [image: http://]about.me/a_dhi
>> <http://about.me/a_dhi?promo=email_sig>
>> +62-812-82121584
>>
>
>
>
> --
> Eugen Block voice   : +49-40-559 51 75
> NDE Netzdesign und -entwicklung AG  fax : +49-40-559 51 77
> Postfach 61 03 15
> D-22423 Hamburg e-mail  : ebl...@nde.ag
>
> Vorsitzende des Aufsichtsrates: Angelika Mozdzen
>   Sitz und Registergericht: Hamburg, HRB 90934
>   Vorstand: Jens-U. Mozdzen
>USt-IdNr. DE 814 013 983
>
>
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac
> k
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac
> k
>



-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] cloud-init not start ini ubuntu 17.04

2017-05-04 Thread Adhi Priharmanto

Hi Bob,

yes I'm following those tutorial, creating glance image from existing vm
xenserver.

   - build from scratch VM using "16.04 template" and "other installation
   media"
   - update & upgrade the VM OS
   - installing cloud-init package, no change of cloud-init configuration
   and using the default setting of cloud-init
   - reboot the VM for testing the cloud-init and no output showing
   cloud-init activity, there is no process associated with cloud-init in
   "/var/log/syslog"
   - export the vdi, compress the VHD, upload to glance
   - start instance using the custom image, just get the IP address. To
   gather instance metadata, "cloud-init init" must be executed manually after
   instance completely booting.


On Thu, May 4, 2017 at 11:32 PM, Bob Ball <bob.b...@citrix.com> wrote:

> Hi Adhi,
>
>
>
> Did you follow a guide, such as http://citrix-openstack.
> siteleaf.net/posts/generating-images-for-xenserver-in-openstack/ for
> generating the image?  If not, how was the image generated?
>
>
>
> What exactly is the output from the 17.04 image you’re using?
>
>
>
> Thanks,
>
>
>
> Bob
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* 03 May 2017 16:36
> *To:* openstack <openstack@lists.openstack.org>
> *Subject:* [Openstack] cloud-init not start ini ubuntu 17.04
>
>
>
> hi all,
>
> I just created ubuntu 17.04 custom image for working with openstack
> xenserver, after installing & update+upgrade ubuntu 17.04 base OS, I
> installed cloud-init, then reboot it to test cloud-init, but I can't see
> cloud-init process during the ubuntu 17.04 OS boot.
>
> Is there anyone can help or give a suggest for me ?
>
>
> --
>
> Cheers,
>
>
>
>
>
> *Adhi Priharmanto*
>
> about.me/a_dhi
>
> [image: http://d13pix9kaak6wt.cloudfront.net/signature/colorbar.png]
>
>
>
> +62-812-82121584 <+62%20812-8212-1584>
>
>
>



-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] cloud-init not start ini ubuntu 17.04

2017-05-03 Thread Adhi Priharmanto

hi all,

I just created ubuntu 17.04 custom image for working with openstack
xenserver, after installing & update+upgrade ubuntu 17.04 base OS, I
installed cloud-init, then reboot it to test cloud-init, but I can't see
cloud-init process during the ubuntu 17.04 OS boot.

Is there anyone can help or give a suggest for me ?

-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Limit Summary not update

2017-04-24 Thread Adhi Priharmanto

Hi, Bartłomiej Solarz-Niesłuchowski

your script work for all projects , thanks for share

On Fri, Apr 21, 2017 at 4:04 PM, Adhi Priharmanto <adhi@gmail.com>
wrote:

> Hi, Bartłomiej Solarz-Niesłuchowski
>
>
> Thanks for suggestion, it works, does it any fixed setting in nova.conf
> may be to set the automatic quota update ?
>
> I'm still test your script in admin project, and it works, does it works
> to reset other project(tenant) too ?
>
> On Fri, Apr 21, 2017 at 3:00 PM, Bartłomiej Solarz-Niesłuchowski <
> bartlomiej.solarz-niesluchow...@wit.edu.pl> wrote:
>
>> W dniu 2017-04-21 o 09:33, Adhi Priharmanto pisze:
>>
>>
>> Hi All,
>>
>> I'm in ocata release, had 2 running instance
>> (openstack) server list
>> +--+++--
>> -++
>> | ID   | Name   | Status |
>> Networks  | Image Name |
>> +--+++--
>> -++
>> | 94d63b55-1dd8-4e9e-a471-58c14defccd1 | test13 | ACTIVE |
>> public119=119.x.x.x | Cirros-3-5-xen |
>> | 40d68c6e-6678-4a64-9309-2302a201bc09 | test11 | ACTIVE |
>> admin-int=15.15.1.13  | Cirros-3-5-xen |
>> +--+++--
>> -++
>>
>> but why when I open in the horizon at "Project / Compute / Overview" page
>> it's show
>>
>> *"Instances Used 3 of 10" *
>> and when I check from usage list it show 4 instance used ?
>> (openstack) usage list
>> Usage from 2017-03-24 to 2017-04-22:
>> +-+-+--+---+---+
>> | Project | Servers | RAM MB-Hours | CPU Hours | Disk GB-Hours |
>> +-+-+--+---+---+
>> | admin   |   4 | 52560.71 |102.66 |102.66 |
>> +-+-+--+---+---+
>>
>> even I deleted all instance, the value in  "Project / Compute /
>> Overview" page horizon won't be refresh/update.
>>
>> any suggestion for this case ?
>>
>> http://www.deadunicornz.org/blog/2015/02/13/openstack-icehou
>> se-reset-incorrect-quota-count-for-nova
>>
>>
>>
>> --
>> Bartłomiej Solarz-Niesłuchowski, Administrator WSISiZ
>> e-mail: bartlomiej.solarz-niesluchow...@wit.edu.pl
>> tel. 223486547, fax 223486501
>> JID: sol...@jabber.wit.edu.pl
>> 01-447 Warszawa, ul. Newelska 6, pokój 404, pon.-pt. 8-16
>> Motto - Jak sobie pościelisz tak sie wyśpisz
>>
>>
>> ___
>> Mailing list: http://lists.openstack.org/cgi
>> -bin/mailman/listinfo/openstack
>> Post to : openstack@lists.openstack.org
>> Unsubscribe : http://lists.openstack.org/cgi
>> -bin/mailman/listinfo/openstack
>>
>>
>
>
> --
> Cheers,
>
>
>
> [image: --]
> Adhi Priharmanto
> [image: http://]about.me/a_dhi
> <http://about.me/a_dhi?promo=email_sig>
> +62-812-82121584 <+62%20812-8212-1584>
>
>


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Hello

2017-04-21 Thread Adhi Priharmanto

welcome aboard

On Fri, Apr 21, 2017 at 6:29 PM, TanXin <746534...@qq.com> wrote:

> I want to know if I subscribe successfully.
>
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>



-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Limit Summary not update

2017-04-21 Thread Adhi Priharmanto

Hi, Bartłomiej Solarz-Niesłuchowski


Thanks for suggestion, it works, does it any fixed setting in nova.conf may
be to set the automatic quota update ?

I'm still test your script in admin project, and it works, does it works to
reset other project(tenant) too ?

On Fri, Apr 21, 2017 at 3:00 PM, Bartłomiej Solarz-Niesłuchowski <
bartlomiej.solarz-niesluchow...@wit.edu.pl> wrote:

> W dniu 2017-04-21 o 09:33, Adhi Priharmanto pisze:
>
>
> Hi All,
>
> I'm in ocata release, had 2 running instance
> (openstack) server list
> +--+++--
> -++
> | ID   | Name   | Status |
> Networks  | Image Name |
> +--+++--
> -++
> | 94d63b55-1dd8-4e9e-a471-58c14defccd1 | test13 | ACTIVE |
> public119=119.x.x.x | Cirros-3-5-xen |
> | 40d68c6e-6678-4a64-9309-2302a201bc09 | test11 | ACTIVE |
> admin-int=15.15.1.13  | Cirros-3-5-xen |
> +--+++--
> -++
>
> but why when I open in the horizon at "Project / Compute / Overview" page
> it's show
>
> *"Instances Used 3 of 10" *
> and when I check from usage list it show 4 instance used ?
> (openstack) usage list
> Usage from 2017-03-24 to 2017-04-22:
> +-+-+--+---+---+
> | Project | Servers | RAM MB-Hours | CPU Hours | Disk GB-Hours |
> +-+-+--+---+---+
> | admin   |   4 | 52560.71 |102.66 |102.66 |
> +-+-+--+---+---+
>
> even I deleted all instance, the value in  "Project / Compute / Overview"
> page horizon won't be refresh/update.
>
> any suggestion for this case ?
>
> http://www.deadunicornz.org/blog/2015/02/13/openstack-
> icehouse-reset-incorrect-quota-count-for-nova
>
>
>
> --
> Bartłomiej Solarz-Niesłuchowski, Administrator WSISiZ
> e-mail: bartlomiej.solarz-niesluchow...@wit.edu.pl
> tel. 223486547, fax 223486501
> JID: sol...@jabber.wit.edu.pl
> 01-447 Warszawa, ul. Newelska 6, pokój 404, pon.-pt. 8-16
> Motto - Jak sobie pościelisz tak sie wyśpisz
>
>
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>
>


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Limit Summary not update

2017-04-21 Thread Adhi Priharmanto

hi, Warad, Manjunath

I think it's happen when failed instance build reached. Deleting failed
instance wasn't update the quota count.

On Fri, Apr 21, 2017 at 2:58 PM, Warad, Manjunath (Nokia - SG/Singapore) <
manjunath.wa...@nokia.com> wrote:

> Are all the project / tenant same in these cases?
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* Friday, 21 April, 2017 3:33 PM
> *To:* openstack <openstack@lists.openstack.org>
> *Subject:* [Openstack] Limit Summary not update
>
>
>
>
> Hi All,
>
> I'm in ocata release, had 2 running instance
>
> (openstack) server list
> +--+++--
> -++
> | ID   | Name   | Status |
> Networks  | Image Name |
> +--+++--
> -++
> | 94d63b55-1dd8-4e9e-a471-58c14defccd1 | test13 | ACTIVE |
> public119=119.x.x.x | Cirros-3-5-xen |
> | 40d68c6e-6678-4a64-9309-2302a201bc09 | test11 | ACTIVE |
> admin-int=15.15.1.13  | Cirros-3-5-xen |
> +--+++--
> -++
>
>
>
> but why when I open in the horizon at "Project / Compute / Overview" page
> it's show *"Instances Used 3 of 10"*
>
> and when I check from usage list it show 4 instance used ?
>
> (openstack) usage list
> Usage from 2017-03-24 to 2017-04-22:
> +-+-+--+---+---+
> | Project | Servers | RAM MB-Hours | CPU Hours | Disk GB-Hours |
> +-+-+--+---+---+
> | admin   |   4 | 52560.71 |102.66 |102.66 |
> +-+-+--+---+---+
>
>
>
> even I deleted all instance, the value in  "Project / Compute / Overview"
> page horizon won't be refresh/update.
>
> any suggestion for this case ?
>
>
>
>
> --
>
> Cheers,
>
>
>
> *Error! Filename not specified.*
>
> *Adhi Priharmanto*
>
> *Error! Filename not specified.*about.me/a_dhi
>
> [image: Image removed by sender.]
>
>
>
> +62-812-82121584 <+62%20812-8212-1584>
>
>
>



-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Limit Summary not update

2017-04-21 Thread Adhi Priharmanto

Hi All,

I'm in ocata release, had 2 running instance
(openstack) server list
+--+++---++
| ID   | Name   | Status |
Networks  | Image Name |
+--+++---++
| 94d63b55-1dd8-4e9e-a471-58c14defccd1 | test13 | ACTIVE |
public119=119.x.x.x | Cirros-3-5-xen |
| 40d68c6e-6678-4a64-9309-2302a201bc09 | test11 | ACTIVE |
admin-int=15.15.1.13  | Cirros-3-5-xen |
+--+++---++

but why when I open in the horizon at "Project / Compute / Overview" page
it's show

*"Instances Used 3 of 10"*
and when I check from usage list it show 4 instance used ?
(openstack) usage list
Usage from 2017-03-24 to 2017-04-22:
+-+-+--+---+---+
| Project | Servers | RAM MB-Hours | CPU Hours | Disk GB-Hours |
+-+-+--+---+---+
| admin   |   4 | 52560.71 |102.66 |102.66 |
+-+-+--+---+---+

even I deleted all instance, the value in  "Project / Compute / Overview"
page horizon won't be refresh/update.

any suggestion for this case ?


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Ocata-Xenserver] failed to start instance

2017-04-18 Thread Adhi Priharmanto

Hi,

great its working now, thanks for your response and suggestion. My fault
didn't read the documentation carefully 

Once again thanks Michal Adamczyk


On Mon, Apr 17, 2017 at 5:17 PM, Michal Adamczyk <vandit...@gmail.com>
wrote:

> Hi,
>
> I had this issue. Since Newton you have to do one extra thing[1] on the
> XenServer (Dom0):
>
> rm /etc/modprobe.d/blacklist-bridge*
>
>
> 1. https://docs.openstack.org/ocata/config-reference/
> compute/hypervisor-xen-api.html
>
> I hope all will works!
>
> On pon., 17.04.2017 at 11:02, Adhi Priharmanto <adhi@gmail.com> wrote:
>
>> Hi All,
>>
>> I'm testing openstack ocata using xenserver 7.1 as hypervisor, set up
>> networking using neutron and tenant network VLAN.
>>
>> Instance failed to launch and nova-compute.log give an error like :
>>
>> 2017-04-17 16:44:09.274 14109 ERROR nova.compute.manager [instance:
>> bb27957e-ab1a-4915-b01d-9557fd00ff8b] Failure: ['XENAPI_PLUGIN_FAILURE',
>> 'network_config', 'PluginError', 'add bridge failed: Package not
>> installed\n']
>>
>>
>> it's look like neutron want to create bridge network even the default
>> backend switch of xenserver set to be openvswitch .
>>
>>
>> Anyone can help me with this problem ?
>>
>> Thanks for any suggest
>>
>> --
>> Cheers,
>>
>>
>>
>> [image: --]
>> Adhi Priharmanto
>> [image: http://]about.me/a_dhi
>> <http://about.me/a_dhi?promo=email_sig>
>> +62-812-82121584 <+62%20812-8212-1584>
>>
>> ___
>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
>> openstack
>> Post to : openstack@lists.openstack.org
>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
>> openstack
>>
> --
> Kind regards,
>
> Michal Adamczyk
>



-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [Ocata-Xenserver] failed to start instance

2017-04-17 Thread Adhi Priharmanto

Hi All,

I'm testing openstack ocata using xenserver 7.1 as hypervisor, set up
networking using neutron and tenant network VLAN.

Instance failed to launch and nova-compute.log give an error like :

2017-04-17 16:44:09.274 14109 ERROR nova.compute.manager [instance:
bb27957e-ab1a-4915-b01d-9557fd00ff8b] Failure: ['XENAPI_PLUGIN_FAILURE',
'network_config', 'PluginError', 'add bridge failed: Package not
installed\n']


it's look like neutron want to create bridge network even the default
backend switch of xenserver set to be openvswitch .


Anyone can help me with this problem ?

Thanks for any suggest

-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Failed to list network agent for the computer nodes

2016-12-30 Thread Adhi Priharmanto

Nice :)

On Fri, Dec 30, 2016 at 5:45 PM, don...@ahope.com.cn <don...@ahope.com.cn>
wrote:

> Sorry, it's working now, just a typo in the configuration file.
>
> [root@controller ~]# openstack network agent list
> +---++---+---+--
> -+---+--+
> | ID| Agent Type | Host  | Availability Zone
> | Alive | State | Binary   |
> +---++---+---+--
> -+---+--+
> | 3d236f92  | Linux  | computer1 | None
> | True  | UP| neutron- |
> | -211a-4ce | bridge |   |   |
>  |   | linuxbridge- |
> | c-a393-30 | agent  |   |   |
>  |   | agent|
> | b7272280d ||   |   |
>  |   |  |
> | e ||   |   |
>  |   |  |
> | 3fd6aa96- | DHCP agent | controlle | nova
> | True  | UP| neutron- |
> | 79c5-4887 || r |   |
>  |   | dhcp-agent   |
> | -b893-b92 ||   |   |
>  |   |  |
> | 1383f5d98 ||   |   |
>  |   |  |
> | c2acea10- | Linux  | controlle | None
> | True  | UP| neutron- |
> | e30a-4644 | bridge | r |   |
>  |   | linuxbridge- |
> | -afd6-8ff | agent  |   |   |
>  |   | agent|
> | d42d54b64 ||   |   |
>  |   |  |
> | d7c66d5c- | Metadata   | controlle | None
> | True  | UP| neutron- |
> | 2a44  | agent  | r |   |
>  |   | metadata-|
> | -437e-ac2 ||   |   |
>  |   | agent|
> | 0-c95aa3f ||   |   |
>  |   |  |
> | 3e698 ||   |   |
>  |   |  |
> | e90641e1- | Linux  | computer2 | None
> | True  | UP| neutron- |
> | 48b3-4bad | bridge |   |   |
>  |   | linuxbridge- |
> | -9012-a4c | agent  |   |   |
>  |   | agent|
> | 28be635f8 ||   |   |
>  |   |  |
> | f74249f7- | L3 agent   | controlle | nova
> | True  | UP| neutron-l3-a |
> | 5005-4df5 || r |   |
>  |   | gent |
> | -87f6-8ec ||   |   |
>  |   |  |
> | 377edaeb9 ||   |   |
>  |   |  |
> +---++---+---+--
> -+---+--+
> --
> =
> 董 建 华
> 地址：杭州滨江区南环路3766号新世纪办公楼
> 邮编：310053
> 手机：13857132818 <(385)%20713-2818>
> 总机：0571-28996000
> 传真：0571-28996001
> 热线：4006728686
> 网址：www.ahope.com.cn
> Email：don...@ahope.com.cn
>
>
> *From:* don...@ahope.com.cn
> *Date:* 2016-12-30 18:38
> *To:* adhi.pri <adhi@gmail.com>
> *CC:* openstack <openstack@lists.openstack.org>
> *Subject:* Re: Re: [Openstack] Failed to list network agent for the
> computer nodes
> Now the service is running. but still the same issue.
>
> ------
> =
> 董 建 华
> 地址：杭州滨江区南环路3766号新世纪办公楼
> 邮编：310053
> 手机：13857132818 <(385)%20713-2818>
> 总机：0571-28996000
> 传真：0571-28996001
> 热线：4006728686
> 网址：www.ahope.com.cn
> Email：don...@ahope.com.cn
>
>
> *From:* Adhi Priharmanto <adhi@gmail.com>
> *Date:* 2016-12-30 17:55
> *To:* don...@ahope.com.cn
> *CC:* openstack <openstack@lists.openstack.org>
> *Subject:* Re: [Openstack] Failed to list network agent for the computer
> nodes
> Check neutron network-agent services status on your compute node
>
> On Fri, Dec 30, 2016 at 3:39 PM, don...@ahope.com.cn <don...@ahope.com.cn>
> wrote:
>
>> *Hi,*
>>
>> *I have a question for neutron installation. after configuring the
>> control node and computer nodes, it failed to list the computer node
>> network agent, what is the problem?*
>>
>> [admin@controller ~]$ openstack network agent list
>> +---++---+---+--
>> -+---+--+
>> | ID| Agent Type | Host  | Availability Zone |

Re: [Openstack] Failed to list network agent for the computer nodes

2016-12-30 Thread Adhi Priharmanto

Check neutron network-agent services status on your compute node

On Fri, Dec 30, 2016 at 3:39 PM, don...@ahope.com.cn <don...@ahope.com.cn>
wrote:

> *Hi,*
>
> *I have a question for neutron installation. after configuring the control
> node and computer nodes, it failed to list the computer node network agent,
> what is the problem?*
>
> [admin@controller ~]$ openstack network agent list
> +---++---+---+--
> -+---+--+
> | ID| Agent Type | Host  | Availability Zone
> | Alive | State | Binary   |
> +---++---+---+--
> -+---+--+
> | 3fd6aa96- | DHCP agent | controlle | nova
> | True  | UP| neutron- |
> | 79c5-4887 || r |   |
>  |   | dhcp-agent   |
> | -b893-b92 ||   |   |
>  |   |  |
> | 1383f5d98 ||   |   |
>  |   |  |
> | c2acea10- | Linux  | controlle | None
> | True  | UP| neutron- |
> | e30a-4644 | bridge | r |   |
>  |   | linuxbridge- |
> | -afd6-8ff | agent  |   |   |
>  |   | agent|
> | d42d54b64 ||   |   |
>  |   |  |
> | d7c66d5c- | Metadata   | controlle | None
> | True  | UP| neutron- |
> | 2a44  | agent  | r |   |
>  |   | metadata-|
> | -437e-ac2 ||   |   |
>  |   | agent|
> | 0-c95aa3f ||   |   |
>  |   |  |
> | 3e698 ||   |   |
>  |   |  |
> | f74249f7- | L3 agent   | controlle | nova
> | True  | UP| neutron-l3-a |
> | 5005-4df5 || r |   |
>  |   | gent |
> | -87f6-8ec ||   |   |
>  |   |  |
> | 377edaeb9 ||   |   |
>  |   |  |
> +---++---+---+--
> -+---+--+
>
> --
> =
> 董 建 华
> 地址：杭州滨江区南环路3766号新世纪办公楼
> 邮编：310053
> 手机：13857132818 <(385)%20713-2818>
> 总机：0571-28996000
> 传真：0571-28996001
> 热线：4006728686
> 网址：www.ahope.com.cn
> Email：don...@ahope.com.cn
>
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>
>


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Error with neutron install

2016-12-30 Thread Adhi Priharmanto

check your /etc/hosts make sure your controller IP address pointing to your
controller hostname, next also check your firewall/iptables.

On Fri, Dec 30, 2016 at 3:02 PM, don...@ahope.com.cn <don...@ahope.com.cn>
wrote:

> *Hi everybody,*
>
> *Have you seen the following issue?*
>
> [admin@controller ~]$ neutron ext-list
> Unable to establish connection to http://controller:9696/v2.0/
> extensions.json: HTTPConnectionPool(host='controller', port=9696): Max
> retries exceeded with url: /v2.0/extensions.json (Caused
> by NewConnectionError(' connection.HTTPConnection object at 0x2480990>: Failed
> to establish a new connection: [Errno 111] Connection refused',))
>
> --
> =
> 董 建 华
> 地址：杭州滨江区南环路3766号新世纪办公楼
> 邮编：310053
> 手机：13857132818 <(385)%20713-2818>
> 总机：0571-28996000
> 传真：0571-28996001
> 热线：4006728686
> 网址：www.ahope.com.cn
> Email：don...@ahope.com.cn
>
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>
>


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Snapshot change to DELETED after Queued

2016-10-03 Thread Adhi Priharmanto

Hi,

My openstack suddenly cannot created of instance snapshot, everytime I
create snapshot after Queue status it will be change to DELETED status
immediately .

here is my :
- Nova Compute log : http://pastebin.com/B7rPyZXg
- Glance Api log : http://pastebin.com/Qmq3nxHi

Does any one can help me ?

-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer

2016-09-23 Thread Adhi Priharmanto

Hi,

Here we go, my instance property (include nova security group list):
http://pastebin.com/etZ51g31

and here is my iptables of,
xenserver : http://pastebin.com/skURDdaM
Compute node (nova) : http://pastebin.com/fnnugbZj
Network node : http://pastebin.com/WXrEKWB6




On Fri, Sep 23, 2016 at 2:04 PM, Huan Xie <huan@citrix.com> wrote:

> Hi,
>
> There are several parts to check,
>
> 1.   When you empty security group rules, was this security group
> used for the instances you were testing?
>
> 2.   Can you double check the iptables rules or paste them somewhere
> then we can check those rules?
>
>
>
> Thanks,
>
> Huan
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* Thursday, September 22, 2016 11:47 AM
>
> *To:* Huan Xie
> *Cc:* openstack@lists.openstack.org
> *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with
> Neutron & XenServer
>
>
>
> Hi,
>
>
>
> an update from my-test , why even I empty group rule with no rule defined,
> I still can reach (ping & ssh) my instance from outside ?
>
>
>
> On Wed, Sep 21, 2016 at 5:18 PM, Adhi Priharmanto <adhi@gmail.com>
> wrote:
>
> Hi Huan Xie,
>
>
>
>
>
> Thanks for your fast response, I applied those patch into my Dom0 and DomU
> (nova-compute) , then restarting neutron-openvswitch-agent and nova-compute
> service.
>
>
>
> the error on neutron-openvswitch-agent doesn't appear anymore, now I'm
> still try Security Group Rules variation for instance, I'll update results
> as soon .
>
>
>
>
>
>
>
> On Wed, Sep 21, 2016 at 2:11 PM, Huan Xie <huan@citrix.com> wrote:
>
> Hi Adhi,
>
>
>
> 1.   From http://pastebin.com/gwf1wdEb, we can see you have set
> “conntrack” command in netwrap, but seems the whole patch is not applied, I
> mean you need apply the whole patch https://review.openstack.org/#
> /c/341304/ in neutron.
>
> netwrap locates in Dom0 /etc/xapi.d/plugins
>
> neutron-rootwrap-xen-dom0 locates in DomU, maybe 
> /usr/local/bin/neutron-rootwrap-xen-dom0
> or other path like that, depends on how you install it, you maybe need to
> apply the patch to the source file
>
>1. With this rule, I'm still able to ping instance
>2. Also please check neutron-openvswitch-agent error list when I
>remove rule and terminate instance.
>
> ð  For the two, since the patch seems not applied completely, so you
> maybe can still ping the VM. Also you need to install conntrack-tools in
> Dom0 because the command “conntrack” in netwrap is send to Dom0, otherwise
> the real “conntrack” command is not take effect.
>
>
>
> Hope these checks can help you.
>
>
>
> Thanks,
>
> Huan
>
>
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* Wednesday, September 21, 2016 1:59 PM
>
>
> *To:* Huan Xie
> *Cc:* openstack@lists.openstack.org
> *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with
> Neutron & XenServer
>
>
>
> Hi All
>
>
>
> Sorry for my late reply..
>
>
>
> @Bob, I Installed liberty manually, not using devstack, packstack, etc
>
>
>
> Here Is my node service configuration.
>
>
>
>
>
>
>
> =
>
> NETWORK-NODE
>
> =
>
> Configuration : http://pastebin.com/6DLqUbjU
>
>
>
>
>
> =
>
> COMPUTE-NODE
>
> =
>
> Configuration : http://pastebin.com/RhGBvNbA
>
> Error list : http://pastebin.com/xHQSb625
>
>
>
> =
>
> XENSERVER-NODE
>
> =
>
> Configuration : http://pastebin.com/gwf1wdEb
>
> Error list : http://pastebin.com/wNzbhcPi
>
>
>
> for Xenserver,
>
>- I also setup of Multi Tenancy Networking Protections in XenServer,
>following this guide https://github.com/openstack/nova/blob/master/
>plugins/xenserver/doc/networking.rst
>
> <https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst>
>- I also setup sysctl.conf (see config at xenserver-node pastebin),
>but it's like no br_netfilter module available at xenserver.
>
> =
>
> neutron security-group-rule-list
>
> =
>
>  # neutron security-group-rule-list
>
> +--++---
> +---+---+-+
>
> | id   | security_group | direction |
> ethertype |

Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer

2016-09-21 Thread Adhi Priharmanto

Hi,

an update from my-test , why even I empty group rule with no rule defined,
I still can reach (ping & ssh) my instance from outside ?

On Wed, Sep 21, 2016 at 5:18 PM, Adhi Priharmanto <adhi@gmail.com>
wrote:

> Hi Huan Xie,
>
>
> Thanks for your fast response, I applied those patch into my Dom0 and DomU
> (nova-compute) , then restarting neutron-openvswitch-agent and nova-compute
> service.
>
> the error on neutron-openvswitch-agent doesn't appear anymore, now I'm
> still try Security Group Rules variation for instance, I'll update results
> as soon .
>
>
>
> On Wed, Sep 21, 2016 at 2:11 PM, Huan Xie <huan@citrix.com> wrote:
>
>> Hi Adhi,
>>
>>
>>
>> 1.   From http://pastebin.com/gwf1wdEb, we can see you have set
>> “conntrack” command in netwrap, but seems the whole patch is not applied, I
>> mean you need apply the whole patch https://review.openstack.org/#
>> /c/341304/ in neutron.
>>
>> netwrap locates in Dom0 /etc/xapi.d/plugins
>>
>> neutron-rootwrap-xen-dom0 locates in DomU, maybe
>> /usr/local/bin/neutron-rootwrap-xen-dom0 or other path like that,
>> depends on how you install it, you maybe need to apply the patch to the
>> source file
>>
>>1. With this rule, I'm still able to ping instance
>>2. Also please check neutron-openvswitch-agent error list when I
>>remove rule and terminate instance.
>>
>> ð  For the two, since the patch seems not applied completely, so you
>> maybe can still ping the VM. Also you need to install conntrack-tools in
>> Dom0 because the command “conntrack” in netwrap is send to Dom0, otherwise
>> the real “conntrack” command is not take effect.
>>
>>
>>
>> Hope these checks can help you.
>>
>>
>>
>> Thanks,
>>
>> Huan
>>
>>
>>
>>
>>
>> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
>> *Sent:* Wednesday, September 21, 2016 1:59 PM
>>
>> *To:* Huan Xie
>> *Cc:* openstack@lists.openstack.org
>> *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with
>> Neutron & XenServer
>>
>>
>>
>> Hi All
>>
>>
>>
>> Sorry for my late reply..
>>
>>
>>
>> @Bob, I Installed liberty manually, not using devstack, packstack, etc
>>
>>
>>
>> Here Is my node service configuration.
>>
>>
>>
>>
>>
>>
>>
>> =
>>
>> NETWORK-NODE
>>
>> =
>>
>> Configuration : http://pastebin.com/6DLqUbjU
>>
>>
>>
>>
>>
>> =
>>
>> COMPUTE-NODE
>>
>> =
>>
>> Configuration : http://pastebin.com/RhGBvNbA
>>
>> Error list : http://pastebin.com/xHQSb625
>>
>>
>>
>> =
>>
>> XENSERVER-NODE
>>
>> =
>>
>> Configuration : http://pastebin.com/gwf1wdEb
>>
>> Error list : http://pastebin.com/wNzbhcPi
>>
>>
>>
>> for Xenserver,
>>
>>- I also setup of Multi Tenancy Networking Protections in XenServer,
>>following this guide https://github.com/opens
>>tack/nova/blob/master/plugins/xenserver/doc/networking.rst
>>
>> <https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst>
>>- I also setup sysctl.conf (see config at xenserver-node pastebin),
>>but it's like no br_netfilter module available at xenserver.
>>
>> =
>>
>> neutron security-group-rule-list
>>
>> =
>>
>>  # neutron security-group-rule-list
>>
>> +--++---
>> +---+---+-+
>>
>> | id   | security_group | direction |
>> ethertype | protocol/port | remote  |
>>
>> +--++---
>> +---+---+-+
>>
>> | 310fb8eb-bcf7-4425-83a3-f2f3f1335958 | default| egress|
>> IPv6  | any   | any |
>>
>> | 42e8b7e8-1262-4673-8547-55fa6b33d4f1 | default| egress|
>> IPv4  | any   | any |
>>
>> | 4e8bde5b-344a-4c6a-b09d-223d9fec72bf | default| ingress   |
>> IPv4  | any   | defa

Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer

2016-09-21 Thread Adhi Priharmanto

Hi Huan Xie,


Thanks for your fast response, I applied those patch into my Dom0 and DomU
(nova-compute) , then restarting neutron-openvswitch-agent and nova-compute
service.

the error on neutron-openvswitch-agent doesn't appear anymore, now I'm
still try Security Group Rules variation for instance, I'll update results
as soon .



On Wed, Sep 21, 2016 at 2:11 PM, Huan Xie <huan@citrix.com> wrote:

> Hi Adhi,
>
>
>
> 1.   From http://pastebin.com/gwf1wdEb, we can see you have set
> “conntrack” command in netwrap, but seems the whole patch is not applied, I
> mean you need apply the whole patch https://review.openstack.org/#
> /c/341304/ in neutron.
>
> netwrap locates in Dom0 /etc/xapi.d/plugins
>
> neutron-rootwrap-xen-dom0 locates in DomU, maybe 
> /usr/local/bin/neutron-rootwrap-xen-dom0
> or other path like that, depends on how you install it, you maybe need to
> apply the patch to the source file
>
>1. With this rule, I'm still able to ping instance
>2. Also please check neutron-openvswitch-agent error list when I
>remove rule and terminate instance.
>
> ð  For the two, since the patch seems not applied completely, so you
> maybe can still ping the VM. Also you need to install conntrack-tools in
> Dom0 because the command “conntrack” in netwrap is send to Dom0, otherwise
> the real “conntrack” command is not take effect.
>
>
>
> Hope these checks can help you.
>
>
>
> Thanks,
>
> Huan
>
>
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* Wednesday, September 21, 2016 1:59 PM
>
> *To:* Huan Xie
> *Cc:* openstack@lists.openstack.org
> *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with
> Neutron & XenServer
>
>
>
> Hi All
>
>
>
> Sorry for my late reply..
>
>
>
> @Bob, I Installed liberty manually, not using devstack, packstack, etc
>
>
>
> Here Is my node service configuration.
>
>
>
>
>
>
>
> =
>
> NETWORK-NODE
>
> =
>
> Configuration : http://pastebin.com/6DLqUbjU
>
>
>
>
>
> =
>
> COMPUTE-NODE
>
> =
>
> Configuration : http://pastebin.com/RhGBvNbA
>
> Error list : http://pastebin.com/xHQSb625
>
>
>
> =
>
> XENSERVER-NODE
>
> =
>
> Configuration : http://pastebin.com/gwf1wdEb
>
> Error list : http://pastebin.com/wNzbhcPi
>
>
>
> for Xenserver,
>
>- I also setup of Multi Tenancy Networking Protections in XenServer,
>following this guide https://github.com/openstack/nova/blob/master/
>plugins/xenserver/doc/networking.rst
>
> <https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst>
>- I also setup sysctl.conf (see config at xenserver-node pastebin),
>but it's like no br_netfilter module available at xenserver.
>
> =
>
> neutron security-group-rule-list
>
> =
>
>  # neutron security-group-rule-list
>
> +--++---
> +---+---+-+
>
> | id   | security_group | direction |
> ethertype | protocol/port | remote  |
>
> +--++---
> +---+---+-+
>
> | 310fb8eb-bcf7-4425-83a3-f2f3f1335958 | default| egress|
> IPv6  | any   | any |
>
> | 42e8b7e8-1262-4673-8547-55fa6b33d4f1 | default| egress|
> IPv4  | any   | any |
>
> | 4e8bde5b-344a-4c6a-b09d-223d9fec72bf | default| ingress   |
> IPv4  | any   | default (group) |
>
> | cd8f3aaa-9882-42a0-b713-87489cfff22c | default| ingress   |
> IPv6  | any   | default (group) |
>
> | d884ff2f-71e8-4647-b45d-e8f92ad87261 | default| egress|
> IPv4  | any   | any |
>
> | f4f85fae-6a15-4a85-ae51-5f34536bb72e | default| ingress   |
> IPv6  | any   | default (group) |
>
> | f6e3929a-3df4-4209-8486-7ce0b0047771 | default| egress|
> IPv6  | any   | any |
>
> | fbb2a744-de01-49c7-b875-8cdfbc4fdd7f | default| ingress   |
> IPv4  | any   | default (group) |
>
> +--++---
> +---+---+-+
>
>- With this rule, I'm still able to pin

Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer

2016-09-21 Thread Adhi Priharmanto

Hi All

Sorry for my late reply..

@Bob, I Installed liberty manually, not using devstack, packstack, etc

Here Is my node service configuration.



=
NETWORK-NODE
=
Configuration : http://pastebin.com/6DLqUbjU


=
COMPUTE-NODE
=
Configuration : http://pastebin.com/RhGBvNbA
Error list : http://pastebin.com/xHQSb625

=
XENSERVER-NODE
=
Configuration : http://pastebin.com/gwf1wdEb
Error list : http://pastebin.com/wNzbhcPi

for Xenserver,

   - I also setup of Multi Tenancy Networking Protections in XenServer,
   following this guide https://github.com/openstack/nova/blob/master/
   plugins/xenserver/doc/networking.rst
   
<https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst>
   - I also setup sysctl.conf (see config at xenserver-node pastebin), but
   it's like no br_netfilter module available at xenserver.

=
neutron security-group-rule-list
=
 # neutron security-group-rule-list
+--++---+---+---+-+
| id   | security_group | direction |
ethertype | protocol/port | remote  |
+--++---+---+---+-+
| 310fb8eb-bcf7-4425-83a3-f2f3f1335958 | default| egress| IPv6
 | any   | any |
| 42e8b7e8-1262-4673-8547-55fa6b33d4f1 | default| egress| IPv4
 | any   | any |
| 4e8bde5b-344a-4c6a-b09d-223d9fec72bf | default| ingress   | IPv4
 | any   | default (group) |
| cd8f3aaa-9882-42a0-b713-87489cfff22c | default| ingress   | IPv6
 | any   | default (group) |
| d884ff2f-71e8-4647-b45d-e8f92ad87261 | default| egress| IPv4
 | any   | any |
| f4f85fae-6a15-4a85-ae51-5f34536bb72e | default| ingress   | IPv6
 | any   | default (group) |
| f6e3929a-3df4-4209-8486-7ce0b0047771 | default| egress| IPv6
 | any   | any |
| fbb2a744-de01-49c7-b875-8cdfbc4fdd7f | default| ingress   | IPv4
 | any   | default (group) |
+--++---+---+---+-+

   - With this rule, I'm still able to ping instance
   - Also please check neutron-openvswitch-agent error list when I remove
   rule and terminate instance.


I hope anyone can guide me with this problem, thanks before.


On Sun, Sep 18, 2016 at 8:16 AM, Huan Xie <huan@citrix.com> wrote:

> Hi,
>
>
>
> After applied these change, is your neutron ml2 configuration correct?
> Mainly the below parts:
>
> If still cannot work, could you please describe the errors?
>
> Beside these, we find xenserver dom0 lacks of conntrack support for
> neutron-ovs-agent in compute node, there is a fix waiting for review
> https://review.openstack.org/#/c/341304/
>
> 1.   In nova.conf, two configurations should be set
>
> [DEFAULT]
>
> firewall_driver = nova.virt.firewall.NoopFirewallDriver
>
> security_group_api=neutron
>
> use_neutron = True
>
> [xenserver]
>
> ovs_integration_bridge =
>
> vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
>
>  2.   In neutron,  check configurations ml2_conf.ini in compute node
> which is used for neutron L2 agent
>
> [agent]
>
> minimize_polling = False
>
> root_helper_daemon =
>
> root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0
> /etc/neutron/rootwrap.conf
>
> [ovs]
>
> integration_bridge =
>
> bridge_mappings =
>
> Thanks,
>
> Huan
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* Thursday, September 15, 2016 3:48 PM
>
> *To:* Huan Xie
> *Cc:* openstack@lists.openstack.org
> *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with
> Neutron & XenServer
>
>
>
> Hi, I still no luck for this problem, even I using liberty release,
> Security groups still not applied on network. can you help me again ?
>
>
>
> On Thu, Mar 17, 2016 at 10:55 AM, Adhi Priharmanto <adhi@gmail.com>
> wrote:
>
> Ok, 'll try to patched my neutron
>
>
>
> On Tue, Mar 15, 2016 at 8:52 AM, Huan Xie <huan@citrix.com> wrote:
>
> Hi,
>
> For apply the patch, you need to download the changed file with this
> https://review.openstack.org/#/c/251271/ and its dependent changes, you
> can find its dependent changes in the right corner(Related Changes) in you
> open the link.
>
> Fo

Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer

2016-09-15 Thread Adhi Priharmanto

Hi, I still no luck for this problem, even I using liberty release,
Security groups still not applied on network. can you help me again ?

On Thu, Mar 17, 2016 at 10:55 AM, Adhi Priharmanto <adhi@gmail.com>
wrote:

> Ok, 'll try to patched my neutron
>
> On Tue, Mar 15, 2016 at 8:52 AM, Huan Xie <huan@citrix.com> wrote:
>
>> Hi,
>>
>> For apply the patch, you need to download the changed file with this
>> https://review.openstack.org/#/c/251271/ and its dependent changes, you
>> can find its dependent changes in the right corner(Related Changes) in you
>> open the link.
>>
>> For files that you need edit, in the middle of the code review page, you
>> can find a section called “Files”, this part shows you which files are
>> changed.
>>
>>
>>
>> Best Regards//Huan
>>
>>
>>
>> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
>> *Sent:* Monday, March 14, 2016 6:21 PM
>> *To:* Huan Xie
>> *Cc:* openstack@lists.openstack.org
>> *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with
>> Neutron & XenServer
>>
>>
>>
>> Hi Xie,
>>
>>
>>
>> I also commented on your post at blog.citrix :) , for step 1 - 3 was
>> clear for me. I still confused about patched code in
>> https://review.openstack.org/#/c/251271/ for some file, could you more
>> explain how to, which file that I should edit ?
>>
>>
>>
>> Thanks before
>>
>>
>>
>> On Mon, Mar 14, 2016 at 3:34 PM, Huan Xie <huan@citrix.com> wrote:
>>
>> Hi Adhi,
>>
>>
>>
>> Do you use devstack to deploy XenServer + Kilo or manually?
>>
>> Current Kilo release does not support XenServer + Neutron security group,
>> because security group is implemented via iptables on Linux bridge,
>> however, there is no Linux bridge created when booting a new instance.
>>
>> But we now have a new fix to support neutron security group, we have
>> tested that it can work, this will be implemented as a blue print
>> https://review.openstack.org/#/c/251271/
>>
>> So, if you want to use neutron security group in Kilo, you should add
>> some patch for your code and also please make the configurations as below:
>>
>>
>>
>> 1.   In nova.conf, two configurations should be set
>>
>> [DEFAULT]
>>
>> firewall_driver = nova.virt.firewall.NoopFirewallDriver
>>
>> security_group_api=neutron
>>
>>
>>
>> [xenserver]
>>
>> ovs_integration_bridge =
>>
>> vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
>>
>>
>>
>> If you don’t know how to configure
>> ovs_integration_bridge, then you can refer this blog
>> https://www.citrix.com/blogs/2015/11/30/integrating-
>> xenserver-rdo-and-neutron/
>>
>>
>>
>> 2.   In neutron,  check configurations ml2_conf.ini in compute node
>> which is used for neutron L2 agent
>>
>> [agent]
>>
>> minimize_polling = False
>>
>> root_helper_daemon =
>>
>> root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0
>> /etc/neutron/rootwrap.conf
>>
>>
>>
>> [ovs]
>>
>> integration_bridge =
>>
>> bridge_mappings =
>>
>>
>>
>> Also for ovs configuration items, if you don’t clear on
>> how to configure them, refer the blog
>>
>>
>>
>> 3.   In neutron, check configurations /etc/neutron/rootwrap.conf in
>> compute node
>>
>> [xenapi]
>>
>> # XenAPI configuration is only required by the L2 agent if it is to
>>
>> # target a XenServer/XCP compute host's dom0.
>>
>> xenapi_connection_url=
>>
>> xenapi_connection_username=
>>
>> xenapi_connection_password=
>>
>>
>>
>> Best Regards//Huan
>>
>>
>>
>>  Original Message 
>> Subject: [Openstack] Security Groups Can't Apply in Kilo with Neutron &
>> XenServer
>> From: Adhi Priharmanto
>> To: openstack@lists.openstack.org
>> CC:
>>
>> Hi all,
>>
>> I had Openstack Kilo installed on my lab, for Compute Hypervisor I use
>> XenServer 6.5, and networking Using Neutron OVS. For Controller, Network,
>> and Compute node I'm using Ubuntu 14.04.
>>
>>
>>
>> My problem was Security Groups rules doesn't applied to the instance that
>> created. For example, there is no rule for SSH port 22 in security group i
&g

Re: [Openstack] Installing Mitaka with Openvswitch support

2016-06-29 Thread Adhi Priharmanto

Hi Daniel,

I have never tried to install mitaka, but in my experience installing
liberty release using neutron & openvswitch which is in liberty document
also doesn't contain guide for neutron & openswitch.
Then I follow "kilo" release guide
http://docs.openstack.org/kilo/install-guide/install/yum/content/ to adjust
neutron & openvswitch configuration.

Cheers.

On Tue, Jun 28, 2016 at 4:02 PM, Daniel Ruiz Molina <daniel.r...@caos.uab.es
> wrote:

> Hello,
>
> I'm reading http://docs.openstack.org/mitaka/install-guide-rdo/ and I
> would like to install a small test cloud (one controller that would act as
> network too, and two computes). I'm executing all commands that are in that
> manual, but when I get "Networking" chapter, I don't know how configure
> with Openvswitch (and not linuxbridge). I have read, also, this
> http://docs.openstack.org/mitaka/networking-guide/scenario-classic-ovs.html,
> but I think I have missed something in configuration because VMs don't
> receive DHCP IP offer...
>
> In my scenario, servers have this configuration:
> server: network+controller --> 3 nics --> 1 with public IP and for
> OpenStack management, 1 with private IP for VM data from OpenStack and 1
> with no IP for external network (floating IPs)
> computes: 2 nics --> 1 with public IP and for OpenStack management and 1
> with private IP for VM data from OpenStack.
>
> After trying to do an step-by-step from the manual, I have launched som
> VMs but no one reveives IP address from controller... It seems there is a
> problem in networking configuration (maybe eth0<-->eth1 are swapped...
>
> Help please!
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>



-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [neutron] ICMP host unreachable - admin prohibited

2016-06-28 Thread Adhi Priharmanto

Hi Andreas,

Yes you're right, those blocking rule appears on my iptables

# iptables -S |grep icmp-host-prohibited
> -A INPUT -j REJECT --reject-with icmp-host-prohibited


Then after I delete those rule, everything works fine. Thank you so much
Andreas.


On Tue, Jun 28, 2016 at 2:11 PM, Andreas Scheuring <
scheu...@linux.vnet.ibm.com> wrote:

> Hi Adhi,
> yeah this seems to be iptables blocking you're traffic.
> Calling
> # iptables-save
> gives you an easy to read output of all your rules.
>
> Probably you'll find some rule like
> # -A INPUT -j REJECT --reject-with icmp-host-prohibited
>
> Now the problem with the 2 rules you added is, that you are appending
> your rules with -A. Iptables-save should show, that they are processed
> after the blocking rule (means never).
> So what you need to do is to insert your 2 rules before the blocking
> rule. You can do that using -I instead of -A.
>
> Alternatively you could just delete the blocking rule using:
> # iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
>
>
> Note:
> The commands just add/delete the rules on your running system. After a
> reboot the rule will be gone again. You need to persist them.
> How to do that depends on if you're using firewalld or iptables-service.
> I think the www will help you there.
>
> Hope that helps
>
>
>
> --
> -
> Andreas
> IRC: andreas_s (formerly scheuran)
>
>
>
> On Di, 2016-06-28 at 13:14 +0700, Adhi Priharmanto wrote:
> > Hi, all I've setup liberty release with neutron-openvswitch using gre
> > tunnel at Centos. I've an problems when iptables service started at
> > network and compute node.
> > Instance couldn't get the internal IP address(DHCP) when it boot, if
> > dump the packet using tcpdump on both of tunnel interface it says like
> > this :
> >
> > 13:03:08.164944 IP 10.24.0.23 > opstcomp1-srg.dev.jcamp.net: ICMP host
> > 10.24.0.23 unreachable - admin prohibited, length 106
> >
> >
> >
> > 10.24.0.0/24 is my tunnel IP network. I've already add this rule on
> > both node but its no luck
> >
> >
> > iptables -A INPUT -p gre -j ACCEPT
> >
> > iptables -A FORWARD -p gre -j ACCEPT
> >
> >
> >
> > Can someone help me to solve this problem ?
> >
> >
> > --
> > Cheers,
> >
> >
> > Adhi Priharmanto
> > about.me/a_dhi
> >
> >
> >
> > +62-812-82121584
> >
> >
> >
> > ___
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack@lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>



-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [neutron] ICMP host unreachable - admin prohibited

2016-06-28 Thread Adhi Priharmanto

Hi, all I've setup liberty release with neutron-openvswitch using gre
tunnel at Centos. I've an problems when iptables service started at network
and compute node.
Instance couldn't get the internal IP address(DHCP) when it boot, if dump
the packet using tcpdump on both of tunnel interface it says like this :

13:03:08.164944 IP 10.24.0.23 > opstcomp1-srg.dev.jcamp.net: ICMP host
10.24.0.23 unreachable - admin prohibited, length 106

10.24.0.0/24 is my tunnel IP network. I've already add this rule on both
node but its no luck

iptables -A INPUT -p gre -j ACCEPT
iptables -A FORWARD -p gre -j ACCEPT

Can someone help me to solve this problem ?

-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer

2016-03-19 Thread Adhi Priharmanto

Ok, 'll try to patched my neutron

On Tue, Mar 15, 2016 at 8:52 AM, Huan Xie <huan@citrix.com> wrote:

> Hi,
>
> For apply the patch, you need to download the changed file with this
> https://review.openstack.org/#/c/251271/ and its dependent changes, you
> can find its dependent changes in the right corner(Related Changes) in you
> open the link.
>
> For files that you need edit, in the middle of the code review page, you
> can find a section called “Files”, this part shows you which files are
> changed.
>
>
>
> Best Regards//Huan
>
>
>
> *From:* Adhi Priharmanto [mailto:adhi@gmail.com]
> *Sent:* Monday, March 14, 2016 6:21 PM
> *To:* Huan Xie
> *Cc:* openstack@lists.openstack.org
> *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with
> Neutron & XenServer
>
>
>
> Hi Xie,
>
>
>
> I also commented on your post at blog.citrix :) , for step 1 - 3 was clear
> for me. I still confused about patched code in
> https://review.openstack.org/#/c/251271/ for some file, could you more
> explain how to, which file that I should edit ?
>
>
>
> Thanks before
>
>
>
> On Mon, Mar 14, 2016 at 3:34 PM, Huan Xie <huan@citrix.com> wrote:
>
> Hi Adhi,
>
>
>
> Do you use devstack to deploy XenServer + Kilo or manually?
>
> Current Kilo release does not support XenServer + Neutron security group,
> because security group is implemented via iptables on Linux bridge,
> however, there is no Linux bridge created when booting a new instance.
>
> But we now have a new fix to support neutron security group, we have
> tested that it can work, this will be implemented as a blue print
> https://review.openstack.org/#/c/251271/
>
> So, if you want to use neutron security group in Kilo, you should add some
> patch for your code and also please make the configurations as below:
>
>
>
> 1.   In nova.conf, two configurations should be set
>
> [DEFAULT]
>
> firewall_driver = nova.virt.firewall.NoopFirewallDriver
>
> security_group_api=neutron
>
>
>
> [xenserver]
>
> ovs_integration_bridge =
>
> vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
>
>
>
> If you don’t know how to configure ovs_integration_bridge,
> then you can refer this blog
> https://www.citrix.com/blogs/2015/11/30/integrating-xenserver-rdo-and-neutron/
>
>
>
> 2.   In neutron,  check configurations ml2_conf.ini in compute node
> which is used for neutron L2 agent
>
> [agent]
>
> minimize_polling = False
>
> root_helper_daemon =
>
> root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0
> /etc/neutron/rootwrap.conf
>
>
>
> [ovs]
>
> integration_bridge =
>
> bridge_mappings =
>
>
>
> Also for ovs configuration items, if you don’t clear on
> how to configure them, refer the blog
>
>
>
> 3.   In neutron, check configurations /etc/neutron/rootwrap.conf in
> compute node
>
> [xenapi]
>
> # XenAPI configuration is only required by the L2 agent if it is to
>
> # target a XenServer/XCP compute host's dom0.
>
> xenapi_connection_url=
>
> xenapi_connection_username=
>
> xenapi_connection_password=
>
>
>
> Best Regards//Huan
>
>
>
>  Original Message 
> Subject: [Openstack] Security Groups Can't Apply in Kilo with Neutron &
> XenServer
> From: Adhi Priharmanto
> To: openstack@lists.openstack.org
> CC:
>
> Hi all,
>
> I had Openstack Kilo installed on my lab, for Compute Hypervisor I use
> XenServer 6.5, and networking Using Neutron OVS. For Controller, Network,
> and Compute node I'm using Ubuntu 14.04.
>
>
>
> My problem was Security Groups rules doesn't applied to the instance that
> created. For example, there is no rule for SSH port 22 in security group i
> defined to the instance, but instance with floating IP able to login by ssh
> from external network.
>
>
> I've already add this option on my nova.conf
>
>
>
> firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver
>
>
>
> and also defined firewall_driver on my ml2_conf.ini at Controller,
> Network, and Compute node
>
>
>
> [ovs]
>
> enable_security_group = True
>
> enable_ipset = True
>
> firewall_driver =
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>
>
>
> can somebody help me with this problem ?
>
>
>
>
>
> --
>
> Cheers,
>
>
>
> *Adhi Priharmanto*
>
> about.me/a_dhi
>
>
>
>
>
>
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
>
>
> --
>
> Cheers,
>
>
>
> *Adhi Priharmanto*
>
> about.me/a_dhi
>
>
>
> +62-812-82121584
>
>
>



-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer

2016-03-14 Thread Adhi Priharmanto

here's my security groups list

#  neutron security-group-rule-list
+--++---+--+--+--+
| id   | security_group | direction |
protocol | remote_ip_prefix | remote_group |
+--++---+--+--+--+
| 0d814f8a-fd79-4a86-8fb4-4d769fc8b28e | default| egress|
   |  |  |
| 12d1c7ea-1b42-417b-a620-e5a0bb10e7fd | default| egress|
   |  |  |
| 25de2b38-503b-47e1-8d73-a52e87425eba | default| ingress   |
   |  | default  |
| 43fc5af3-1dd5-4276-8d05-9f79ce6c3743 | default| egress|
   |  |  |
| 5157d898-5cd4-48b8-8290-2159aebb82bf | default| ingress   | icmp
| 0.0.0.0/0|  |
| 7403a747-23cc-4a05-bec1-9f1fc0e56b78 | default| ingress   |
   |  | default  |
| 968d51f4-b506-47bd-b450-9fb58f26979b | adhi   | egress|
   |  |  |
| bda9e450-3560-449e-bf2b-22202eb8baf8 | adhi   | ingress   | icmp
| 0.0.0.0/0|  |
| d24d311c-c6b8-4b94-9919-155e0e106dee | adhi   | egress|
   |  |  |
| da9237b6-769d-4c0c-82be-1ee14e88a2c3 | default| ingress   |
   |  | default  |
| f66c3883-b32e-4871-a5f2-a3b2bfc468bc | default| ingress   |
   |  | default  |
| fd041a73-8c5b-4e14-8053-1ed7beabf448 | default| egress|
   |  |  |
+--++---+--+--+--+

On Tue, Mar 15, 2016 at 2:17 AM, Remo Mattei <r...@italy1.com> wrote:

> can you share your security groups rules?
>
> On Mar 13, 2016, at 20:56, Adhi Priharmanto <adhi@gmail.com> wrote:
>
> Hi all,
>
> I had Openstack Kilo installed on my lab, for Compute Hypervisor I use
> XenServer 6.5, and networking Using Neutron OVS. For Controller, Network,
> and Compute node I'm using Ubuntu 14.04.
>
> My problem was Security Groups rules doesn't applied to the instance that
> created. For example, there is no rule for SSH port 22 in security group i
> defined to the instance, but instance with floating IP able to login by ssh
> from external network.
>
> I've already add this option on my nova.conf
>
> firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver
>
> and also defined firewall_driver on my ml2_conf.ini at Controller,
> Network, and Compute node
>
> [ovs]
> enable_security_group = True
> enable_ipset = True
> firewall_driver =
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>
> can somebody help me with this problem ?
>
>
> --
> Cheers,
>
>
>
> [image: --]
> Adhi Priharmanto
> [image: http://]about.me/a_dhi
> <http://about.me/a_dhi?promo=email_sig>
>
>
> !DSPAM:1,56e639a818092205511520!
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,56e639a818092205511520!
>
>
>


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer

2016-03-14 Thread Adhi Priharmanto

Oh I forgot, I deployed openstack from Ubuntu package following of
openstack docs here
http://docs.openstack.org/kilo/install-guide/install/apt/content/
On Mar 14, 2016 3:47 PM, "Huan Xie" <huan@citrix.com> wrote:

> Hi Adhi,
>
>
>
> Do you use devstack to deploy XenServer + Kilo or manually?
>
> Current Kilo release does not support XenServer + Neutron security group,
> because security group is implemented via iptables on Linux bridge,
> however, there is no Linux bridge created when booting a new instance.
>
> But we now have a new fix to support neutron security group, we have
> tested that it can work, this will be implemented as a blue print
> https://review.openstack.org/#/c/251271/
>
> So, if you want to use neutron security group in Kilo, you should add some
> patch for your code and also please make the configurations as below:
>
>
>
> 1.   In nova.conf, two configurations should be set
>
> [DEFAULT]
>
> firewall_driver = nova.virt.firewall.NoopFirewallDriver
>
> security_group_api=neutron
>
>
>
> [xenserver]
>
> ovs_integration_bridge =
>
> vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
>
>
>
> If you don’t know how to configure ovs_integration_bridge,
> then you can refer this blog
> https://www.citrix.com/blogs/2015/11/30/integrating-xenserver-rdo-and-neutron/
>
>
>
> 2.   In neutron,  check configurations ml2_conf.ini in compute node
> which is used for neutron L2 agent
>
> [agent]
>
> minimize_polling = False
>
> root_helper_daemon =
>
> root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0
> /etc/neutron/rootwrap.conf
>
>
>
> [ovs]
>
> integration_bridge =
>
> bridge_mappings =
>
>
>
> Also for ovs configuration items, if you don’t clear on
> how to configure them, refer the blog
>
>
>
> 3.   In neutron, check configurations /etc/neutron/rootwrap.conf in
> compute node
>
> [xenapi]
>
> # XenAPI configuration is only required by the L2 agent if it is to
>
> # target a XenServer/XCP compute host's dom0.
>
> xenapi_connection_url=
>
> xenapi_connection_username=
>
> xenapi_connection_password=
>
>
>
> Best Regards//Huan
>
>
>
>  Original Message 
> Subject: [Openstack] Security Groups Can't Apply in Kilo with Neutron &
> XenServer
> From: Adhi Priharmanto
> To: openstack@lists.openstack.org
> CC:
>
> Hi all,
>
> I had Openstack Kilo installed on my lab, for Compute Hypervisor I use
> XenServer 6.5, and networking Using Neutron OVS. For Controller, Network,
> and Compute node I'm using Ubuntu 14.04.
>
>
>
> My problem was Security Groups rules doesn't applied to the instance that
> created. For example, there is no rule for SSH port 22 in security group i
> defined to the instance, but instance with floating IP able to login by ssh
> from external network.
>
>
> I've already add this option on my nova.conf
>
>
>
> firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver
>
>
>
> and also defined firewall_driver on my ml2_conf.ini at Controller,
> Network, and Compute node
>
>
>
> [ovs]
>
> enable_security_group = True
>
> enable_ipset = True
>
> firewall_driver =
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>
>
>
> can somebody help me with this problem ?
>
>
>
>
>
> --
>
> Cheers,
>
>
>
> *Adhi Priharmanto*
>
> about.me/a_dhi
>
>
>
>
>
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer

2016-03-14 Thread Adhi Priharmanto

Hi Xie,

I also commented on your post at blog.citrix :) , for step 1 - 3 was clear
for me. I still confused about patched code in
https://review.openstack.org/#/c/251271/ for some file, could you more
explain how to, which file that I should edit ?

Thanks before

On Mon, Mar 14, 2016 at 3:34 PM, Huan Xie <huan@citrix.com> wrote:

> Hi Adhi,
>
>
>
> Do you use devstack to deploy XenServer + Kilo or manually?
>
> Current Kilo release does not support XenServer + Neutron security group,
> because security group is implemented via iptables on Linux bridge,
> however, there is no Linux bridge created when booting a new instance.
>
> But we now have a new fix to support neutron security group, we have
> tested that it can work, this will be implemented as a blue print
> https://review.openstack.org/#/c/251271/
>
> So, if you want to use neutron security group in Kilo, you should add some
> patch for your code and also please make the configurations as below:
>
>
>
> 1.   In nova.conf, two configurations should be set
>
> [DEFAULT]
>
> firewall_driver = nova.virt.firewall.NoopFirewallDriver
>
> security_group_api=neutron
>
>
>
> [xenserver]
>
> ovs_integration_bridge =
>
> vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
>
>
>
> If you don’t know how to configure ovs_integration_bridge,
> then you can refer this blog
> https://www.citrix.com/blogs/2015/11/30/integrating-xenserver-rdo-and-neutron/
>
>
>
> 2.   In neutron,  check configurations ml2_conf.ini in compute node
> which is used for neutron L2 agent
>
> [agent]
>
> minimize_polling = False
>
> root_helper_daemon =
>
> root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0
> /etc/neutron/rootwrap.conf
>
>
>
> [ovs]
>
> integration_bridge =
>
> bridge_mappings =
>
>
>
> Also for ovs configuration items, if you don’t clear on
> how to configure them, refer the blog
>
>
>
> 3.   In neutron, check configurations /etc/neutron/rootwrap.conf in
> compute node
>
> [xenapi]
>
> # XenAPI configuration is only required by the L2 agent if it is to
>
> # target a XenServer/XCP compute host's dom0.
>
> xenapi_connection_url=
>
> xenapi_connection_username=
>
> xenapi_connection_password=
>
>
>
> Best Regards//Huan
>
>
>
>  Original Message 
> Subject: [Openstack] Security Groups Can't Apply in Kilo with Neutron &
> XenServer
> From: Adhi Priharmanto
> To: openstack@lists.openstack.org
> CC:
>
> Hi all,
>
> I had Openstack Kilo installed on my lab, for Compute Hypervisor I use
> XenServer 6.5, and networking Using Neutron OVS. For Controller, Network,
> and Compute node I'm using Ubuntu 14.04.
>
>
>
> My problem was Security Groups rules doesn't applied to the instance that
> created. For example, there is no rule for SSH port 22 in security group i
> defined to the instance, but instance with floating IP able to login by ssh
> from external network.
>
>
> I've already add this option on my nova.conf
>
>
>
> firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver
>
>
>
> and also defined firewall_driver on my ml2_conf.ini at Controller,
> Network, and Compute node
>
>
>
> [ovs]
>
> enable_security_group = True
>
> enable_ipset = True
>
> firewall_driver =
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>
>
>
> can somebody help me with this problem ?
>
>
>
>
>
> --
>
> Cheers,
>
>
>
> *Adhi Priharmanto*
>
> about.me/a_dhi
>
>
>
>
>
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer

2016-03-13 Thread Adhi Priharmanto

Hi all,

I had Openstack Kilo installed on my lab, for Compute Hypervisor I use
XenServer 6.5, and networking Using Neutron OVS. For Controller, Network,
and Compute node I'm using Ubuntu 14.04.

My problem was Security Groups rules doesn't applied to the instance that
created. For example, there is no rule for SSH port 22 in security group i
defined to the instance, but instance with floating IP able to login by ssh
from external network.

I've already add this option on my nova.conf

firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver

and also defined firewall_driver on my ml2_conf.ini at Controller, Network,
and Compute node

[ovs]
enable_security_group = True
enable_ipset = True
firewall_driver =
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

can somebody help me with this problem ?


-- 
Cheers,



[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

45 matches

Mail list logo