Re: [Openstack] [openstack-dev][neutron] Neutron firewall

2017-02-01 Thread Jose Manuel Ferrer Mosteiro 
 

Hi 

Firewall policies can be implemented with security groups. 

You can create as many isolated networks and routers as you want so an
instance can be isolated in its own network ... but I prefer using
security groups and creating a network for service (kubernetes: master
network, minion project1 network, minion project2 network ...). 

When a server with ip 192.168.56.11 and MAC FA:16:3E:0F:67:90 is
created, this rule is added automatically with default kvm hypervisor: 

Chain neutron-openvswi-sbd739c19-e (1 references)
target prot opt source destination 
RETURN all -- 192.168.56.11 anywhere MAC FA:16:3E:0F:67:90 /* Allow
traffic from defined IP/MAC pairs. */
DROP all -- anywhere anywhere /* Drop traffic without an IP/MAC allow
rule. */

So you cannot set other ip address in port unless you set it with
something like: 

neutron port-update 37f2d07e-4133-478c-b50d-39068adc8c3f
--allowed-address-pairs type=dict list=true
ip_address=192.168.56.11,ip_address=192.168.56.22 

It can be useful to deploy a pacemaker cluster with a cluster IP
address. 

What other feature do you need? 

Jose Manuel 

El 2017-01-31 16:20, Cesar Benito Hernández escribió: 

> We currently have a cloud infrastructure meeting our own requirements. Let's 
> focus on some Networking features (firewall, instances isolation, spoofing 
> control). We are thinking about moving to OpenStack and when we focus on 
> these Networking features, Neutron comes into play. We are currently using 
> Vyattas for these networking features (firewall, instance isolation, spoofing 
> control) and we would like to keep it as it is right now. Therefore, if we 
> move to OpenStack we would like Neutron to orchestrate these Vyattas but 
> these Vyattas would be installed/configured in an outter layer, out of 
> OpenStack. A good comparison we find is Cinder. In Cinder you can configure 
> your storage backend (this storage backend is an external "agent" to 
> OpenStack) and the idea with this networking features would be the same 
> (being able to configure in Neutron our firewall backend).
> 
> This is our desired scenario, and these are the questions that we arise. We 
> would appreciate very much your feedback:
> 
> - We believe the current Neutron FWaaS does not meet our requirement. It's 
> not able to "talk" to an external firewall "backend". Are we right?
> - In case FWaaS does not meet our requirements, we can think of 
> implementing/modifying the Neutron source code. I don't know exactly what 
> this implies, but if we are in the right direction, a new Neutron API set of 
> methods would be needed. Do you think the OpenStack community would accept 
> this change?
> - Again, if we are right, apart from changing the Neutron source code to make 
> it able to "talk" to an external firewall, we would also need to implement 
> the firewall driver that matches the new API set of methods with the 
> corresponding methods of the vendor's API (in our case Vyatta). Are we right?
> 
> If you think this is a wrong forum to discuss all these questions, please, 
> could you tell us another place to discuss all this?
> 
> Thank you very much for your help and attention. We appreciate it.
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [1]
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [1]
 

Links:
--
[1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Setting up another compute node

2017-01-24 Thread Jose Manuel Ferrer Mosteiro 
 

Hi 

Some months ago I found this bug:
https://bugs.launchpad.net/nova/+bug/1467734/comments/2 [6] 

I wordarounded the bug setting in nova.conf of compute nodes
vif_plugging_is_fatal=false . 

Look for the string WTF here:
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/master/etc_ansible/roles/kvm-hypervisor/templates/nova.conf_centos7.j2
[7] 

Maybe this can help. 

Jose Manuel 

El 2017-01-23 21:32, Peter Kirby escribió: 

> I agree. But I can't figure out why the port isn't getting created. Those 
> lines are the only ones that show up in neutron logs.
> 
> Here's what shows up in the nova logs:
> 
> Jan 23 14:09:21 vhost2 nova-compute[8936]: Traceback (most recent call last):
> Jan 23 14:09:21 vhost2 nova-compute[8936]: File 
> "/usr/lib/python2.7/site-packages/eventlet/hubs/poll.py", line 115, in wait
> Jan 23 14:09:21 vhost2 nova-compute[8936]: listener.cb(fileno)
> Jan 23 14:09:21 vhost2 nova-compute[8936]: File 
> "/usr/lib/python2.7/site-packages/eventlet/greenthread.py", line 214, in main
> Jan 23 14:09:21 vhost2 nova-compute[8936]: result = function(*args, **kwargs)
> Jan 23 14:09:21 vhost2 nova-compute[8936]: File 
> "/usr/lib/python2.7/site-packages/nova/utils.py", line 1159, in 
> context_wrapper
> Jan 23 14:09:21 vhost2 nova-compute[8936]: return func(*args, **kwargs)
> Jan 23 14:09:21 vhost2 nova-compute[8936]: File 
> "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1587, in 
> _allocate_network_async
> Jan 23 14:09:21 vhost2 nova-compute[8936]: six.reraise(*exc_info)
> Jan 23 14:09:21 vhost2 nova-compute[8936]: File 
> "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1570, in 
> _allocate_network_async
> Jan 23 14:09:21 vhost2 nova-compute[8936]: bind_host_id=bind_host_id)
> Jan 23 14:09:21 vhost2 nova-compute[8936]: File 
> "/usr/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 685, 
> in allocate_for_instance
> Jan 23 14:09:21 vhost2 nova-compute[8936]: self._delete_ports(neutron, 
> instance, created_port_ids)
> Jan 23 14:09:21 vhost2 nova-compute[8936]: File 
> "/usr/lib/python2.7/site-packages/oslo_utils/excutils.py", line 220, in 
> __exit__
> Jan 23 14:09:21 vhost2 nova-compute[8936]: self.force_reraise()
> Jan 23 14:09:21 vhost2 nova-compute[8936]: File 
> "/usr/lib/python2.7/site-packages/oslo_utils/excutils.py", line 196, in 
> force_reraise
> Jan 23 14:09:21 vhost2 nova-compute[8936]: six.reraise(self.type_, 
> self.value, self.tb)
> Jan 23 14:09:21 vhost2 nova-compute[8936]: File 
> "/usr/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 674, 
> in allocate_for_instance
> Jan 23 14:09:21 vhost2 nova-compute[8936]: security_group_ids, 
> available_macs, dhcp_opts)
> Jan 23 14:09:21 vhost2 nova-compute[8936]: File 
> "/usr/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 261, 
> in _create_port
> Jan 23 14:09:21 vhost2 nova-compute[8936]: raise 
> exception.PortBindingFailed(port_id=port_id)
> Jan 23 14:09:21 vhost2 nova-compute[8936]: PortBindingFailed: Binding failed 
> for port e1058d22-9a7b-4988-9644-d0f476a01015, please check neutron logs for 
> more information.
> Jan 23 14:09:21 vhost2 nova-compute[8936]: Removing descriptor: 21
> 
> Peter Kirby / Infrastructure and Build Engineer
> Magento Certified Developer Plus [1]
> peter.ki...@objectstream.com
> OBJECTSTREAM, INC. 
> Office: 405-942-4477 [2] / Fax: 866-814-0174 [3] 
> 7725 W Reno Avenue, Suite 307 Oklahoma City, OK 73127 
> http://www.objectstream.com/ [4] 
> 
> On Mon, Jan 23, 2017 at 2:21 PM, Trinath Somanchi  
> wrote:
> 
> The port doesn't exists at all. 
> 
> Port e1058d22-9a7b-4988-9644-d0f476a01015 not present in bridge br-int
> 
> Get Outlook for iOS [5] 
> -
> 
> FROM: Peter Kirby 
> SENT: Tuesday, January 24, 2017 1:43:36 AM 
> 
> TO: Trinath Somanchi
> CC: OpenStack
> SUBJECT: Re: [Openstack] Setting up another compute node 
> 
> I just did another attempt at this so I'd have fresh logs.
> 
> There are all the lines produced in the neutron openvswitch-agent.log file 
> when I attempt that previous command.
> 
> 2017-01-23 14:09:20.918 8097 INFO neutron.agent.securitygroups_rpc 
> [req-a9ab1e05-cf41-44ce-8762-d7f0f72e7ba3 582643be48c04603a09250a1be6e6cf3 
> 1dd7b6481aa34ef7ba105a7336845369 - - -] Security group member updated 
> [u'a52a5f37-e0dd-4810-a719-2555f348bc1c']
> 2017-01-23 14:09:21.132 8097 INFO neutron.agent.securitygroups_rpc 
> [req-b8cc3ab8-d4f3-4c96-820d-148ae6fd47af 582643be48c04603a09250a1be6e6cf3 
> 1dd7b6481aa34ef7ba105a7336845369 - - -] Security group member updated 
> [u'a52a5f37-e0dd-4810-a719-2555f348bc1c']
> 2017-01-23 14:09:22.057 8097 INFO neutron.agent.common.ovs_lib 
> [req-d4d61032-5071-4792-a2a1-3d645d44ccfa - - - - -] Port 
> e1058d22-9a7b-4988-9644-d0f476a01015 not present in bridge br-int
> 2017-01-23 14:09:22.058 8097 INFO 
> neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent 
>

Re: [Openstack] (no subject)

2016-12-21 Thread Jose Manuel Ferrer Mosteiro 
 

Double check you have closed all ' and " in vars you changed. 

Maybe the problem could en in values of
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN, CACHES['default']['LOCATION'],
OPENSTACK_HOST or TIME_ZONE ? 

You can use meld to compare original configuration file and your
configuration file. 

Regards,
 Jose Manuel 

El 2016-12-21 12:57, Neil Jerram escribió: 

> Hi Atif,
> 
> There is incorrect Python indentation in the local_settings file, 
> /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py.
> 
> From the perspective of the vanilla Horizon project, I believe 
> local_settings.py is a file that the user can create and/or modify in order 
> to influence how their own web UI looks. So it could be that you created that 
> file yourself, or it could be that it was created by the install method that 
> you are using.
> 
> But either way, you can just open the file yourself and see if you can see 
> and fix the indentation problem.
> 
> Regards, Neil
> 
> On Wed, Dec 21, 2016 at 11:45 AM Atif Munir  wrote: 
> 
>> After successful installation of openstack. I am getting this error while I 
>> was going to open http://controller/horizon [1]. The error message is for 
>> Apache2 erro logs. Please advise. Thanks 
>> 
>> Atif 
>> 
>> [Wed Dec 21 16:30:36.170646 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] mod_wsgi (pid=5302): Target 
>> WSGI script 
>> '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' cannot 
>> be loaded as Python module. 
>> [Wed Dec 21 16:30:36.170708 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] mod_wsgi (pid=5302): 
>> Exception occurred processing WSGI script 
>> '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi'. 
>> [Wed Dec 21 16:30:36.170734 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] Traceback (most recent call 
>> last): 
>> [Wed Dec 21 16:30:36.170757 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] File 
>> "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi", line 
>> 16, in  
>> [Wed Dec 21 16:30:36.170790 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] application = 
>> get_wsgi_application() 
>> [Wed Dec 21 16:30:36.170803 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] File 
>> "/usr/lib/python2.7/dist-packages/django/core/wsgi.py", line 14, in 
>> get_wsgi_application 
>> [Wed Dec 21 16:30:36.170820 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] django.setup() 
>> [Wed Dec 21 16:30:36.170830 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] File 
>> "/usr/lib/python2.7/dist-packages/django/__init__.py", line 17, in setup 
>> [Wed Dec 21 16:30:36.170844 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] 
>> configure_logging(settings.LOGGING_CONFIG, settings.LOGGING) 
>> [Wed Dec 21 16:30:36.170853 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] File 
>> "/usr/lib/python2.7/dist-packages/django/conf/__init__.py", line 48, in 
>> __getattr__ 
>> [Wed Dec 21 16:30:36.170868 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] self._setup(name) 
>> [Wed Dec 21 16:30:36.170894 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] File 
>> "/usr/lib/python2.7/dist-packages/django/conf/__init__.py", line 44, in 
>> _setup 
>> [Wed Dec 21 16:30:36.170910 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] self._wrapped = 
>> Settings(settings_module) 
>> [Wed Dec 21 16:30:36.170920 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] File 
>> "/usr/lib/python2.7/dist-packages/django/conf/__init__.py", line 92, in 
>> __init__ 
>> [Wed Dec 21 16:30:36.170933 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] mod = 
>> importlib.import_module(self.SETTINGS_MODULE) 
>> [Wed Dec 21 16:30:36.170943 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] File 
>> "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module 
>> [Wed Dec 21 16:30:36.170957 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] __import__(name) 
>> [Wed Dec 21 16:30:36.170973 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] File 
>> "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/settings.py",
>>  line 317, in  
>> [Wed Dec 21 16:30:36.170991 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856] [remote 172.16.72.2:40754 [2]] from local.local_settings 
>> import * # noqa 
>> [Wed Dec 21 16:30:36.171047 2016] [wsgi:error] [pid 5302:tid 
>> 140489127257856]

Re: [Openstack] Max open files limit for nova-api

2016-12-20 Thread Jose Manuel Ferrer Mosteiro 
 

You cannot modify /proc/3070/limits without root permissions.

Try: 

###
sudo su -
echo -n "Max open files=8192:unlimited" > /proc/3070/limits
### 

El 2016-12-19 19:21, John Petrini escribió: 

> Hi Prashant, 
> 
> On second thought that trick might only work on CentOS. You might have 
> success using prlimit instead. 
> 
> ___ 
> 
> John Petrini 
> 
> NOC Systems Administrator // COREDIAL, LLC // coredial.com [1] // [2] [3] [4] 
> [5] 
> Hillcrest I, 751 Arbor Way, Suite 150, Blue Bell PA, 19422 
> P: 215.297.4400 x232 // F: 215.297.4401 // E: jpetr...@coredial.com 
> 
> [6] 
> 
> The information transmitted is intended only for the person or entity to 
> which it is addressed and may contain confidential and/or privileged 
> material. Any review, retransmission, dissemination or other use of, or 
> taking of any action in reliance upon, this information by persons or 
> entities other than the intended recipient is prohibited. If you received 
> this in error, please contact the sender and delete the material from any 
> computer. 
> 
> On Mon, Dec 19, 2016 at 1:13 PM, Prashant Shetty 
>  wrote:
> 
> Hi John,
> 
> Echo option doesnt seems to work on below controller.
> 
> stack@devstackvm:~$ cat /etc/lsb-release 
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=14.04
> DISTRIB_CODENAME=trusty
> DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"
> stack@devstackvm:~$ 
> 
> stack@devstackvm:~$ ps aux | grep nova-api
> stack 3070 1.1 0.1 271576 121092 pts/9 S+ Dec16 50:29 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3079 0.3 0.8 1045308 881676 pts/9 S+ Dec16 14:32 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3080 0.2 0.1 324808 161096 pts/9 S+ Dec16 9:25 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3081 0.2 0.7 980172 816468 pts/9 S+ Dec16 10:37 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3082 0.3 0.1 336824 173288 pts/9 S+ Dec16 16:11 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3083 0.4 0.1 338788 175264 pts/9 S+ Dec16 19:05 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3084 0.4 0.1 336616 172912 pts/9 S+ Dec16 17:41 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3085 0.2 0.8 1054900 891272 pts/9 S+ Dec16 10:09 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3086 0.2 0.1 325088 161228 pts/9 S+ Dec16 9:59 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3097 0.2 0.1 308088 151828 pts/9 S+ Dec16 11:10 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3098 0.2 0.1 308296 152360 pts/9 S+ Dec16 11:15 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3099 0.2 0.1 308708 152544 pts/9 S+ Dec16 11:42 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3100 0.2 0.1 309588 153624 pts/9 S+ Dec16 11:06 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3101 0.2 0.1 308372 152396 pts/9 S+ Dec16 11:14 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3102 0.2 0.1 308084 152052 pts/9 S+ Dec16 11:10 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3103 0.2 0.1 308380 152416 pts/9 S+ Dec16 11:09 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 3104 0.2 0.1 307652 151560 pts/9 S+ Dec16 10:29 /usr/bin/python 
> /usr/local/bin/nova-api
> stack 8087 0.0 0.0 11752 2044 pts/21 S+ 10:07 0:00 grep --color=auto nova-api
> stack@devstackvm:~$
> 
> stack@devstackvm:~$ cat /proc/3070/limits | grep "Max open files"
> Max open files 1024 4096 files 
> stack@devstackvm:~$
> stack@devstackvm:~$ echo -n "Max open files=8192:unlimited" > 
> /proc/3070/limits 
> -bash: /proc/3070/limits: Permission denied
> stack@devstackvm:~$ sudo echo -n "Max open files=8192:unlimited" > 
> /proc/3070/limits 
> -bash: /proc/3070/limits: Permission denied
> stack@devstackvm:~$ 
> 
> root@devstackvm:/home/stack# echo -n "Max open files=8192:unlimited" > 
> /proc/3070/limits
> bash: echo: write error: Invalid argument
> root@devstackvm:/home/stack# 
> 
> On Mon, Dec 19, 2016 at 11:27 PM, John Petrini  wrote:
> 
> Hi Preshant, 
> 
> You can change the open file limit of the running process by echoing the 
> value to it. For example... 
> 
> echo -n "Max open files=8192:unlimited" > /proc//limits
> 
> ___
> 
> John Petrini 
> 
> On Mon, Dec 19, 2016 at 12:21 PM, Prashant Shetty 
>  wrote:
> 
> Hi Arne, 
> Thanks for your reply. Currently all these services are running on ubuntu 
> controller under screen. Do we have any option to set the file limit option 
> for n-api service in this case?. I am not using systemd in my setup to run 
> these services.
> 
> Thanks, Prashant 
> 
> On Mon, Dec 19, 2016 at 10:19 PM, Arne Wiebalck  wrote:
> 
> Prashant, 
> 
> If this is for systemd, how about changing the nova-api unit file? 
> 
> Something like 
> 
> --> 
> 
> [Service] 
> ... 
> LimitNOFILE=65536 
> <-- 
> 
> should do it. 
> 
> Cheers, 
> Arne 
> 
> On 19 Dec 2016, at 17:23, Prashant Shetty  
> wrote: 
> 
> Team,
> 
> I have scale setup and metadata requests are seems to fail from instance. 
>

Re: [Openstack] Reverse proxy component

2016-10-19 Thread Jose Manuel Ferrer Mosteiro 

You are right. This is the schema:
 
+--+
 |   
   |
 |OPENSTACK  
   |
+--+  +---+  |   
   |
|  |  |   |  |  +-+  
   |
| internet +->+ reverse_proxy +>| floating_ip |  
   |
|  |  |   |  |  +---+-+  
   |
+--+  +---+  |  |
   |
 |  |
   |
 |  v
   |
 |  +---+
   |
 |  |lb_vip |
   |
 |  ++--+
   |
 |   |   
   |
 |   |   
   |
 |   v   
   |
 |  ++   
   |
 |  |servers |   
   |
 |  ||-+ 
   |
 |  ++ | 
   |
 ||| 
   |
 |++ 
   |
 
+--+


A lot of enterprises use only a ip address to expose al the websites so 
they use a reverse proxy as "router" using "virtualhosts".


lbaas works inside openstack very well. I want more or less the same 
outside openstack.


With Designate and Heat I can create a register with the floating ip of 
the balanced service vip:


  webpage_record:
type: OS::Designate::Record
properties:
  name: webpage.example.com.
  type: A
  domain: example.com.
  data: { get_attr: [webpage_lb_vip_floating_ip, 
floating_ip_address] }


I want to add a route in the reverse_proxy so I want something like:

  webpage_reverse_proxy:
type: OS::ReverseProxy::VirtualHost
properties:
  external_name: webpage.example.com.
  internal_name: webpage.example.com.
  external_protocol: HTTPS
  internal_protocol: HTTP


Is there any way to do this?

Thank you,

Jose Manuel



El 2016-10-19 10:50, Federico M. Facca escribió:


Let me add a bit,
By default lbaas manage ha proxy instances in your openstack, but it's 
just a matter of creating a proper driver if not existing, to manage a 
physical lb or an external service providing that. But an external 
service to your network will need anyhow a public ip on your VMs. So it 
will be hard to not have external visibility and use, for example 
amazon lb.


Federico

Fede's mobile edition

DR. FEDERICO MICHELE FACCA
_Head of Martel Lab_

MARTEL INNOVATE
Dorfstrasse 73 - 3073 Gümligen [1] (Switzerland)
0041 78 807 58 38 [2]
0041 31 994 25 25 [3]
martel-innovate.com [4]

Il giorno 19 ott 2016, alle ore 10:40, Jose Manuel Ferrer Mosteiro 
<jmferrer.paradigmatecnolog...@gmail.com> ha scritto:


Hi,

Yes, I can, but I want something with an api, integrated with keystone, 
... an openstack component.


Designate manages external DNS servers. I mean the same for managing 
external reverse proxy servers.


Jose Manuel

El 2016-10-19 08:21, Federico M. Facca escribió:
Hi,
You can use a load balancer for that, no?

Federico

Fede's mobile edition

DR. FEDERICO MICHELE FACCA
_Head of Martel Lab_

MARTEL INNOVATE
Dorfstrasse 73 - 3073 Gümligen [1] (Switzerland)
0041 78 807 58 38 [2]
0041 31 994 25 25 [3]
martel-innovate.com [4]

Il giorno 19 ott 2016, alle ore 07:49, Jose Manuel Ferrer Mosteiro 
<jmferrer.paradigmatecnolog...@gmail.com> ha scritto:


Hi

I wonder if there is some kind of reverse proxy module for OpenStack.

In some cases the OpenStack deployment is in an internal network 
without external visibility. When I want to expose a server to outside 
I use a nginx or an apache with this configuration:


+++

ProxyPass / http://webpage/ [5]
ProxyPassReverse / http://webpage/ [5]

+++

It is more or less the same functionality that we would make with a F5, 
ceryx or the OpenShift router.


Is there any "reverse proxy" component for OpenStack?

I cannot find it.

Thank you,

Jose Manuel
___
Mailing list: 
http://lists.openstack.org/cgi-bin/mai

Re: [Openstack] Reverse proxy component

2016-10-19 Thread Jose Manuel Ferrer Mosteiro 
 

Hi, 

Yes, I can, but I want something with an api, integrated with keystone,
... an openstack component. 

Designate manages external DNS servers. I mean the same for managing
external reverse proxy servers. 

Jose Manuel 

El 2016-10-19 08:21, Federico M. Facca escribió: 

> Hi, 
> You can use a load balancer for that, no? 
> 
> Federico 
> 
> Fede's mobile edition 
> 
> DR. FEDERICO MICHELE FACCA
> _Head of Martel Lab_ 
> 
> MARTEL INNOVATE
> Dorfstrasse 73 - 3073 Gümligen [3] (Switzerland)
> 0041 78 807 58 38 [4]
> 0041 31 994 25 25 [5]
> martel-innovate.com [6] 
> 
> Il giorno 19 ott 2016, alle ore 07:49, Jose Manuel Ferrer Mosteiro 
> <jmferrer.paradigmatecnolog...@gmail.com> ha scritto:
> 
>> Hi 
>> 
>> I wonder if there is some kind of reverse proxy module for OpenStack. 
>> 
>> In some cases the OpenStack deployment is in an internal network without 
>> external visibility. When I want to expose a server to outside I use a nginx 
>> or an apache with this configuration: 
>> 
>> +++ 
>> 
>> ProxyPass / http://webpage/ [1]
>> ProxyPassReverse / http://webpage/ [1] 
>> 
>> +++ 
>> 
>> It is more or less the same functionality that we would make with a F5, 
>> ceryx or the OpenShift router. 
>> 
>> Is there any "reverse proxy" component for OpenStack? 
>> 
>> I cannot find it. 
>> 
>> Thank you, 
>> 
>> Jose Manuel
> 
>> ___
>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
>> [2]
>> Post to : openstack@lists.openstack.org
>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
>> [2]
 

Links:
--
[1] http://webpage/
[2] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[3] x-apple-data-detectors://1/0
[4] tel:0041%2078%20807%2058%2038
[5] tel:0041%2031%20994%2025%2025
[6] http://martel-innovate.com/
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Reverse proxy component

2016-10-19 Thread Jose Manuel Ferrer Mosteiro 
 

Hi 

I wonder if there is some kind of reverse proxy module for OpenStack. 

In some cases the OpenStack deployment is in an internal network without
external visibility. When I want to expose a server to outside I use a
nginx or an apache with this configuration: 

+++ 

ProxyPass / http://webpage/
ProxyPassReverse / http://webpage/ 

+++ 

It is more or less the same functionality that we would make with a F5,
ceryx or the OpenShift router. 

Is there any "reverse proxy" component for OpenStack? 

I cannot find it. 

Thank you, 

Jose Manuel ___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Help for replacing linux bridging with OpenVswitch

2016-10-17 Thread Jose Manuel Ferrer Mosteiro 
 

I want to expand my cloud to outside my datacenter using this procedure:


* buy a cheap server in other place ... or ten servers
* connect it to my datacenter using a VPN (with openvpn)
* add it as compute node using openvswitch and gre tunnels to join the
virtual network 

Tomorrow I don't need this physical servers so I destroy them. 

If I really need this compute servers, I have some time to buy them,
rack, do the networking, ... migrate all virtual servers and destroy
external hardware that I don't need. 

This is the way I found to be a bit more "elastic". 

Can I do the same with linuxbridge? 

El 2016-10-17 11:57, sinh@verizondigitalmedia.com escribió: 

> I'm curious as to why you're switching from linuxbridge to ovs. 
> 
> FROM: Jose Manuel Ferrer Mosteiro
> SENT: Monday, October 17, 2016 2:55 AM
> TO: openstack@lists.openstack.org
> SUBJECT: Re: [Openstack] Help for replacing linux bridging with OpenVswitch 
> 
> I also like openvswitch. 
> 
> My configuration with mitaka ... 
> 
> in controller node: 
> 
> https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/networking-compute-controller/templates/ml2_conf.ini.j2
>  [1] 
> 
> https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/networking-compute-controller/templates/l3_agent.ini.j2
>  
> 
> https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/networking-compute-controller/templates/openvswitch_agent.ini.j2
>  [2] 
> 
> in compute nodes: 
> 
> https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/kvm-hypervisor/templates/ml2_conf.ini.j2
>  [3] 
> 
> https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/kvm-hypervisor/templates/openvswitch_agent.ini.j2
>  [4] 
> 
> I don't know if this is the perfect configuration but works for my. 
> 
> Have a nice day. 
> 
> El 2016-10-13 15:53, Gaurav Goyal escribió: 
> 
> Awaiting your response please! 
> 
> Can i use management interface as tunneling interface? 
> 
> Regards 
> 
> Gaurav Goyal 
> 
> On Thu, Oct 13, 2016 at 6:52 AM, Gaurav Goyal <er.gauravgo...@gmail.com> 
> wrote: 
> 
> Dear Team, 
> 
> I am working on liberty version of openstack environment. 
> 
> As per generic liberty openstack guide, i was using linux bridging with 
> vxlan, but want to move to ovs. 
> 
> I need your help to configure my platform as per OVS requirement. 
> 
> My architecture is 
> 
> Node 1 - controller + network + compute1 
> 
> Node 2 --> compute2 
> 
> As a classic installation guide , using 2 interfaces on each node 
> 
> p5p1 -- management 
> 
> p5p2 -- unnumbered (external) 
> 
> Please help me to configure ml1_conf.ini and openvswitch_agent.ini file. 
> 
> I do not find standard doc on openstack page. 
> 
> Here is my configuration setup following kilo guide 
> 
> * [root@OSKVM1 ~]# grep -v "^#" /etc/neutron/plugins/ml2/ml2_conf.ini|grep -v 
> ^$
> * [ml2]
> * type_drivers = flat,vlan,vxlan
> * tenant_network_types = vxlan
> * mechanism_drivers = openvswitch,l2population
> * extension_drivers = port_security
> * [ml2_type_flat]
> * flat_networks = public
> * [ml2_type_vlan]
> * [ml2_type_gre]
> * [ml2_type_vxlan]
> * vni_ranges = 1:1000
> * [ml2_type_geneve]
> * [securitygroup]
> * [root@OSKVM1 ~]# grep -v "^#" 
> /etc/neutron/plugins/ml2/openvswitch_agent.ini|grep -v ^$
> * [ovs]
> * integration_bridge = br-int
> * tunnel_bridge = br-tun
> * local_ip = 10.24.0.4
> * [agent]
> * tunnel_types = vxlan
> * [securitygroup]
> * [root@OSKVM1 ~]# grep -v "^#" /etc/neutron/dhcp_agent.ini|grep -v ^$
> * [DEFAULT]
> * interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
> * dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
> * enable_isolated_metadata = True
> * dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
> * [AGENT]
> * [root@OSKVM1 ~]# history|grep ovs-vsctl add
> * grep: add: No such file or directory
> * [root@OSKVM1 ~]# history|grep ovs-vsctl 
> * 846 ovs-vsctl show
> * 922 ovs-vsctl show
> * 924 ovs-vsctl-show
> * 925 ovs-vsctl show
> * 931 ovs-vsctl show
> * 933 ovs-vsctl add-br br-ex
> * 934 ovs-vsctl add-port br-ex p5p2
> * 935 ovs-vsctl show
> 
> [root@OSKVM1 neutron]# ovs-vsctl show 
> 
> 602ca311-4ebe-4773-8d58-00d1a0161294 
> 
> Bridge br-ex 
> 
> Port br-ex 
> 
> Interface br-ex 
> 
> type: internal 
> 
> Port "p5p2" 
> 
> Interface "p5p2" 
> 
> Bridge br-int 
> 
> fail_mode: secure 
> 
> Port patch-tun 
&g

Re: [Openstack] Help for replacing linux bridging with OpenVswitch

2016-10-17 Thread Jose Manuel Ferrer Mosteiro 
 

I also like openvswitch. 

My configuration with mitaka ... 

in controller node: 

https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/networking-compute-controller/templates/ml2_conf.ini.j2
[1] 

https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/networking-compute-controller/templates/l3_agent.ini.j2


https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/networking-compute-controller/templates/openvswitch_agent.ini.j2
[2] 

in compute nodes: 

https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/kvm-hypervisor/templates/ml2_conf.ini.j2
[3] 

https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/kvm-hypervisor/templates/openvswitch_agent.ini.j2
[4] 

I don't know if this is the perfect configuration but works for my. 

Have a nice day. 

El 2016-10-13 15:53, Gaurav Goyal escribió: 

> Awaiting your response please! 
> 
> Can i use management interface as tunneling interface? 
> 
> Regards 
> Gaurav Goyal 
> 
> On Thu, Oct 13, 2016 at 6:52 AM, Gaurav Goyal  
> wrote:
> 
> Dear Team, 
> 
> I am working on liberty version of openstack environment. 
> 
> As per generic liberty openstack guide, i was using linux bridging with 
> vxlan, but want to move to ovs. 
> 
> I need your help to configure my platform as per OVS requirement. 
> 
> My architecture is 
> 
> Node 1 - controller + network + compute1 
> Node 2 --> compute2 
> 
> As a classic installation guide , using 2 interfaces on each node 
> p5p1 -- management 
> p5p2 -- unnumbered (external) 
> 
> Please help me to configure ml1_conf.ini and openvswitch_agent.ini file. 
> 
> I do not find standard doc on openstack page. 
> 
> Here is my configuration setup following kilo guide 
> 
> * [root@OSKVM1 ~]# grep -v "^#" /etc/neutron/plugins/ml2/ml2_conf.ini|grep -v 
> ^$
> * [ml2]
> * type_drivers = flat,vlan,vxlan
> * tenant_network_types = vxlan
> * mechanism_drivers = openvswitch,l2population
> * extension_drivers = port_security
> * [ml2_type_flat]
> * flat_networks = public
> * [ml2_type_vlan]
> * [ml2_type_gre]
> * [ml2_type_vxlan]
> * vni_ranges = 1:1000
> * [ml2_type_geneve]
> * [securitygroup]
> * [root@OSKVM1 ~]# grep -v "^#" 
> /etc/neutron/plugins/ml2/openvswitch_agent.ini|grep -v ^$
> * [ovs]
> * integration_bridge = br-int
> * tunnel_bridge = br-tun
> * local_ip = 10.24.0.4
> * [agent]
> * tunnel_types = vxlan
> * [securitygroup]
> * [root@OSKVM1 ~]# grep -v "^#" /etc/neutron/dhcp_agent.ini|grep -v ^$
> * [DEFAULT]
> * interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
> * dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
> * enable_isolated_metadata = True
> * dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
> * [AGENT]
> * [root@OSKVM1 ~]# history|grep ovs-vsctl add
> * grep: add: No such file or directory
> * [root@OSKVM1 ~]# history|grep ovs-vsctl 
> * 846 ovs-vsctl show
> * 922 ovs-vsctl show
> * 924 ovs-vsctl-show
> * 925 ovs-vsctl show
> * 931 ovs-vsctl show
> * 933 ovs-vsctl add-br br-ex
> * 934 ovs-vsctl add-port br-ex p5p2
> * 935 ovs-vsctl show
> 
> [root@OSKVM1 neutron]# ovs-vsctl show 
> 602ca311-4ebe-4773-8d58-00d1a0161294 
> 
> Bridge br-ex 
> 
> Port br-ex 
> 
> Interface br-ex 
> 
> type: internal 
> 
> Port "p5p2" 
> 
> Interface "p5p2" 
> 
> Bridge br-int 
> 
> fail_mode: secure 
> 
> Port patch-tun 
> 
> Interface patch-tun 
> 
> type: patch 
> 
> options: {peer=patch-int} 
> 
> Port br-int 
> 
> Interface br-int 
> 
> type: internal 
> 
> Port "tap33501010-4d" 
> 
> Interface "tap33501010-4d" 
> 
> type: internal 
> 
> Bridge br-tun 
> 
> fail_mode: secure 
> 
> Port "vxlan-0a180005" 
> 
> Interface "vxlan-0a180005" 
> 
> type: vxlan 
> 
> options: {df_default="true", in_key=flow, local_ip="10.24.0.4", out_key=flow, 
> remote_ip="10.24.0.5"} 
> 
> Port br-tun 
> 
> Interface br-tun 
> 
> type: internal 
> 
> Port patch-int 
> 
> Interface patch-int 
> 
> type: patch 
> 
> options: {peer=patch-tun} 
> 
> ovs_version: "2.5.0" 
> 
> [root@OSKVM1 neutron]# ovs-vsctl list-ports br-ex 
> 
> p5p2 
> 
> [root@OSKVM1 neutron]# ovs-vsctl list-ports br-int 
> 
> patch-tun 
> 
> tap33501010-4d 
> 
> [root@OSKVM1 neutron]# ifconfig -a 
> 
> br-ex: flags=4098 mtu 1500 
> 
> ether a0:36:9f:87:f7:d5 txqueuelen 0 (Ethernet) 
> 
> RX packets 0 bytes 0 (0.0 B) 
> 
> RX errors 0 dropped 12573 overruns 0 frame 0 
> 
> TX packets 0 bytes 0 (0.0 B) 
> 
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 
> 
> br-int: flags=4098 mtu 1500 
> 
> ether f2:fd:fb:5c:96:43 txqueuelen 0 (Ethernet) 
> 
> RX packets 0 bytes 0 (0.0 B) 
> 
> RX errors 0 dropped 8 overruns 0 frame 0 
> 
> TX packets 0 bytes 0 (0.0 B) 
> 
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 
> 
> br-tun: flags=4098 mtu 1500 
> 
> ether 6e:06:ab:85:70:46

Re: [Openstack] How to use "floating_ip" under "OS::Nova::Server", Mitaka ?

2016-10-17 Thread Jose Manuel Ferrer Mosteiro 
 

Hi 

Here is a template that creates a server and publish it: 

https://github.com/jmferrer/openstack-openshift-workshop/blob/master/openstack/nfs-server-heat-template.yaml
[3] 

Maybe it could help you. 

Have a nice day, 

Jose Manuel 

El 2016-10-14 00:01, Martinx - ジェームズ escribió: 

> On 13 October 2016 at 17:26, Martinx - ジェームズ  
> wrote:
> 
> On 13 October 2016 at 17:21, Martinx - ジェームズ  
> wrote:
> 
> Guys, 
> 
> I'm trying to launch a stack via Heat, by using the following template (I'm 
> copying just part of it here): 
> 
> --- 
> 
> demosrv: 
> type: OS::Nova::Server 
> depends_on: ctrl_subnet 
> properties: 
> name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } 
> }, template: '$stack_name-demosrv' } } 
> key_name: { get_param: 'ssh_key' } 
> image: { get_param: 'demosrv_image' } 
> flavor: "m1.small" 
> networks: 
> - network: { get_resource: ctrl_net } 
> --- 
> 
> This works! 
> 
> However, I want to associate a Floating IP to it, then, I added: 
> 
> --- 
>  
> 
> FLOATING_IP_1: 
> TYPE: OS::NEUTRON::FLOATINGIP 
> DEPENDS_ON: ROUTER-0-PORT-1 
> PROPERTIES: 
> FLOATING_NETWORK: { GET_PARAM: PUBLIC_NETWORK } 
>  
> 
> demosrv: 
> type: OS::Nova::Server 
> depends_on: ctrl_subnet 
> properties: 
> name: { str_replace: { params: { $stack_name: { get_param: 'OS::stack_name' } 
> }, template: '$stack_name-demosrv' } } 
> key_name: { get_param: 'ssh_key' } 
> image: { get_param: 'demosrv_image' } 
> flavor: "m1.small" 
> networks: 
> - network: { get_resource: ctrl_net } 
> - FLOATING_IP: { GET_RESOURCE: FLOATING_IP_1 } 
> --- 
> 
> Then, it does't work anymore! 
> 
> heat stack-create fails with: 
> 
> - 
> 
> ERROR: One of the properties "network", "port" or "subnet" should be set for 
> the specified network of server "demosrv". 
> - 
> 
> So, how to use it? 
> 
> If I use "OS::Neutron::Port" and "OS::Neutron::FloatingIPAssociation", then, 
> it works but, damn, I want a simpler Heat template, without fixed ips, 
> without Port definitions, something like this: 
> 
> https://specs.openstack.org/openstack/heat-specs/specs/kilo/rich-network-prop.html
>  [1] 
> 
> Is it supported on Mitaka? If yes, how to do it? 
> 
> Thanks! 
> Thiago 
> Also, according to the following doc: 
> 
> http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Nova::Server-prop-networks
>  [2] 
> 
> The "networks" section supports "floating_ip", starting with Mitaka...

BTW, I'll be happy to first, get rid of
"OS::Neutron::FloatingIPAssociation" AND the fixed_ips, then, later, if
possobe, I'll get rid of "OS::Neutron::Port" as well... 

___
 Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [4]
 Post to : openstack@lists.openstack.org
 Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [4] 

Links:
--
[1]
https://specs.openstack.org/openstack/heat-specs/specs/kilo/rich-network-prop.html
[2]
http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Nova::Server-prop-networks
[3]
https://github.com/jmferrer/openstack-openshift-workshop/blob/master/openstack/nfs-server-heat-template.yaml
[4] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Horizon missing loadbalance UI button

2016-09-01 Thread Jose Manuel Ferrer Mosteiro 
 

I choose v1 LBaaS because users prefer to use a graphic interface. 

Having a worse service that uses a lot of people is better than have a
better service that uses nobody. ;-) 

On 2016-08-31 14:13, Turbo Fredriksson wrote: 

> On Aug 31, 2016, at 12:34 PM, Satish Patel wrote:
> 
>> Need help here. Anyone else who has same problem?
> 
> Yes, everyone on Mitaka. You'll either have to upgrade or
> use v1 LBaaS. Or do it from the shell.
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [1]
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [1]
 

Links:
--
[1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Openstack Mitaka Neutron LBaaS Question

2016-07-18 Thread Jose Manuel Ferrer Mosteiro 
 

There are lbaas packages in Ubuntu 16.04 so you don't need to pipinstall
anything. 

I tried to install lbaasv2 but horizon does not manage it so I finally
installed lbaasv1. 

I use OpenVSwitch. Look for "lbaas" in this file:
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/mitaka-lbaas/etc_ansible/roles/networking-compute-controller/tasks/main.yml
[4] 

This is the agent config:
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/mitaka-lbaas/etc_ansible/roles/networking-compute-controller/templates/neutron_lbaas.conf.j2
[5] 

On 2016-07-02 00:24, zhihao wang wrote: 

> Dear OpenStack Dev member: 
> 
> May I ask you some question about neutron lbaaS? 
> 
> How to install the neutron LBaaS with Octavia in Mitaka? 
> I followed these two guide ,but which one I should use? (My openstack is 
> Mitaka , 1 controller, 2 compute nodes) 
> 
> https://wiki.openstack.org/wiki/Neutron/LBaaS/HowToRun [1] -- Ubuntu Packages 
> Setup 
> http://docs.openstack.org/mitaka/networking-guide/adv-config-lbaas.html [2] 
> -- Configuring LBaaS v2 with Octavia 
> 
> Here is what I did: 
> 
> pip install octavia 
> 
> and then : 
> vim /etc/neutron/neutron.conf
> 
> service_plugins = 
> router,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 
> 
> [service_providers] 
> service_provider = 
> LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default
>  
> 
> /etc/openstack-dashboard/local_settings.py
> 
> OPENSTACK_NEUTRON_NETWORK = {
> 'enable_lb': True
> }
> 
> And then I restart all the neutron service and apache server 
> 
> service neutron-server restart 
> service neutron-dhcp-agent restart 
> service neutron-metadata-agent restart 
> service neutron-l3-agent restart 
> but and then i ran the command neutron agent-list, it return this. I am 
> wondering what is wrong with this? how can I install Neutron LaaS? 
> 
> root@controller:~# neutron agent-list 
> Unable to establish connection to http://controller:9696/v2.0/agents.json 
> 
> Please help 
> 
> Thanks so much 
> 
> Thanks 
> Wally 
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [3]
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [3]
 

Links:
--
[1] https://wiki.openstack.org/wiki/Neutron/LBaaS/HowToRun
[2]
http://docs.openstack.org/mitaka/networking-guide/adv-config-lbaas.html
[3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[4]
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/mitaka-lbaas/etc_ansible/roles/networking-compute-controller/tasks/main.yml
[5]
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/mitaka-lbaas/etc_ansible/roles/networking-compute-controller/templates/neutron_lbaas.conf.j2___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [openstack-dev] [Openstack] Openstack Mitaka Neutron LBaaS Question

2016-07-18 Thread Jose Manuel Ferrer Mosteiro 
 

There are lbaas packages in Ubuntu 16.04 so you don't need to pipinstall
anything. 

I tried to install lbaasv2 but horizon does not manage it so I finally
installed lbaasv1. 

I use OpenVSwitch. Look for "lbaas" in this file:
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/mitaka-lbaas/etc_ansible/roles/networking-compute-controller/tasks/main.yml
[4] 

This is the agent config:
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/mitaka-lbaas/etc_ansible/roles/networking-compute-controller/templates/neutron_lbaas.conf.j2
[5] 

On 2016-07-02 00:24, zhihao wang wrote: 

> Dear OpenStack Dev member: 
> 
> May I ask you some question about neutron lbaaS? 
> 
> How to install the neutron LBaaS with Octavia in Mitaka? 
> I followed these two guide ,but which one I should use? (My openstack is 
> Mitaka , 1 controller, 2 compute nodes) 
> 
> https://wiki.openstack.org/wiki/Neutron/LBaaS/HowToRun [1] -- Ubuntu Packages 
> Setup 
> http://docs.openstack.org/mitaka/networking-guide/adv-config-lbaas.html [2] 
> -- Configuring LBaaS v2 with Octavia 
> 
> Here is what I did: 
> 
> pip install octavia 
> 
> and then : 
> vim /etc/neutron/neutron.conf
> 
> service_plugins = 
> router,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 
> 
> [service_providers] 
> service_provider = 
> LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default
>  
> 
> /etc/openstack-dashboard/local_settings.py
> 
> OPENSTACK_NEUTRON_NETWORK = {
> 'enable_lb': True
> }
> 
> And then I restart all the neutron service and apache server 
> 
> service neutron-server restart 
> service neutron-dhcp-agent restart 
> service neutron-metadata-agent restart 
> service neutron-l3-agent restart 
> but and then i ran the command neutron agent-list, it return this. I am 
> wondering what is wrong with this? how can I install Neutron LaaS? 
> 
> root@controller:~# neutron agent-list 
> Unable to establish connection to http://controller:9696/v2.0/agents.json 
> 
> Please help 
> 
> Thanks so much 
> 
> Thanks 
> Wally 
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [3]
> Post to : openst...@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [3]
 

Links:
--
[1] https://wiki.openstack.org/wiki/Neutron/LBaaS/HowToRun
[2]
http://docs.openstack.org/mitaka/networking-guide/adv-config-lbaas.html
[3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[4]
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/mitaka-lbaas/etc_ansible/roles/networking-compute-controller/tasks/main.yml
[5]
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/mitaka-lbaas/etc_ansible/roles/networking-compute-controller/templates/neutron_lbaas.conf.j2__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [Openstack] Installing Openstack Liberty with Openvswitch support

2016-07-18 Thread Jose Manuel Ferrer Mosteiro 
 

I had the same problem and I solved it creating bridges . 

I have the Management bridge (osm) and the External bridge (ose) .
local_ip is the tunnel interface ip. Management bridge could be used:
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/networking-compute-controller/templates/openvswitch_agent.ini.j2
[3] 

The compute node has two bridges with ip addresses configured and
attached to eth0 (osm) and eth1(ose). 

The network+controller server is a kvm virtual machine in the compute
node. eth1 (ose) linked to compute ose and eth0 (osm) linked to compute
osm. ose does not have ip configuration but osm has it. All
communication between network+controller and compute nodes uses osm
network interface. 

How to acces to api and horizon? I use an apache reverse proxy in the
compute node. 

On 2016-07-06 13:50, Daniel Ruiz Molina wrote: 

> Hello,
> 
> I'm getting some problems after installing a small test cloud (one controller 
> that acts as network too and two computes).
> 
> I'm executing all commands that are in 
> http://docs.openstack.org/liberty/install-guide-rdo [1], but when I run an 
> instance, it doesn't receive DHCP IP offer (however, controller+network 
> server show at dashboard that an IP address has been assigned to the instance 
> that is in creating process)
> 
> In my scenario, servers have this configuration:
> server: network+controller --> 3 nics --> 1 with public IP (and for OpenStack 
> management), 1 with private IP for VM data from OpenStack (GRE tunnels) and 1 
> with no IP for external network (floating IPs)
> computes: 2 nics --> 1 with public IP (and for OpenStack management) and 1 
> with private IP for VM data from OpenStack (GRE tunnels).
> 
> Now, I'm confused because I don't know if "local_ip" in 
> /etc/neutron/plugins/ml2/openvswitch_conf.ini must have public IP (from mgmt 
> nic) or private IP (from data nic).
> 
> What I want to get is that all communitations between hypervisors run in eth0 
> (public IP), like schedulers, conductors, nova... and all communitations for 
> the running instances (all traffic from/to br-tun and br-int and all 
> openvswitch data and internal communication between running instances) run in 
> eth1 (private IP)
> 
> I don't know if this scenario could be possible... but I suppose...
> 
> My computers NEED to have an eth0 nic with public IP and an eth1 nic with 
> private IP, so with that nics, I need to configure my cloud (in other words, 
> I can't have a nic with no IP configuration...)
> 
> Anybody could help me?
> 
> Thanks!
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [2]
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [2]
 

Links:
--
[1] http://docs.openstack.org/liberty/install-guide-rdo
[2] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[3]
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/develop/etc_ansible/roles/networking-compute-controller/templates/openvswitch_agent.ini.j2___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] LBaasv2 in Mirantis Openstack 8.0

2016-03-03 Thread Jose Manuel Ferrer Mosteiro 
 

I have LBaasv1 with haproxy enabled. 

Look for lbaas in this page:
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/master/etc_ansible/roles/networking-compute-controller/tasks/main.yml
[2] 

In Ubuntu with OVS: 

* install neutron-lbaas-agent
* in lbaas_agent.ini set interface_driver and device_driver
* in neutron_lbaas.conf uncomment your service_provider
* reboot ;-) 

I use it to deploy OpenShift clusters and it works like a charm. 

Enjoy! 

On 2016-03-03 15:48, magicb...@hotmail.com wrote: 

> I think I got it: I need to re-run "neutron-db-management"
> 
> "neutron-db-manage --service lbaas --config-file /etc/neutron/neutron.conf 
> --config-file /etc/neutron/plugin.ini upgrade head"
> 
> Can anoyone else confirm please?
> 
> Thanks in advance.
> J
> 
> On 03/03/16 14:34, Shake Chen wrote: 
> Horizon not support lbaas v2 in liberty. 
> 
> On Thu, Mar 3, 2016 at 8:13 PM, magicb...@hotmail.com  
> wrote:
> Hi, is it possible to enable LBaaSv2 in MOS8.0 (based on Liberty)?
> 
> after a fuel deployment, i have:
> - installed neutron-lbaasv2-agent package (with apt) on each controller,
> - configured neutron.conf adding 
> neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 to 
> service_plugins option list
> - configured neutron_lbaas.conf to include 
> "service_provider=LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
> - modified /etc/init/neutron-lbaasv2-agent.conf to include 
> "--config=/etc/neutron/metadata_agent.ini"
> - modified lbaas_agent.ini to include
> - corrert "device_driver = 
> neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver"
> - correct "interface_driver = 
> neutron.agent.linux.interface.OVSInterfaceDriver"
> - restarted neutron-server and neutron-lbaasv2-agent services
> 
> but now, I'm getting this message, which is to hard for me:
> 
> ERROR neutron ProgrammingError: (_mysql_exceptions.ProgrammingError) (1146, 
> "Table 'neutron.lbaas_loadbalancers' doesn't exist")
> 
> Any ideas?
> 
> Thanks in advance.
> J
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [1]
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [1] 
> 
> -- 
> 
> Shake Chen

___
 Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1]
 Post to : openstack@lists.openstack.org
 Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1] 

Links:
--
[1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[2]
https://github.com/paradigmadigital/ansible-openstack-vcenter/blob/master/etc_ansible/roles/networking-compute-controller/tasks/main.yml___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [openstack-dev] [Openstack] [ANN] OpenStack Kilo on Ubuntu fully automated with Ansible! Ready for NFV L2 Bridges via Heat!

2015-09-04 Thread Jose Manuel Ferrer Mosteiro 
 

Hi 

It is a pre pre pre pre pre pre pre alpha version that just installs the
juno ubuntu guide until dashboard included. Block Storage Service is
very important but does not work now. 

vCenter will be always the operating system that makes my life easyer.
Today is Ubuntu. 

The hypervisor is also Ubuntu but it will be Ubuntu, CentOs and Debian. 

I will announce the project when the project is more advanced. 

Thanks 

On 2015-08-31 15:08, Sabrina Bajorat wrote: 

> That is great !!! Can it be use with Debian 7 too? 
> 
> Thanks 
> 
> On Mon, Aug 31, 2015 at 2:54 PM, Jose Manuel Ferrer Mosteiro 
> <jmferrer.paradigmatecnolog...@gmail.com> wrote:
> 
> Nice job. I am doing a vmware vcenter like in 
> https://github.com/elmanytas/ansible-openstack-vcenter [1] and I solved the 
> problem of duplicate endpoints in line 106 of 
> https://github.com/elmanytas/ansible-openstack-vcenter/blob/master/etc_ansible/roles/keystone/tasks/main.yml
>  [2] . This makes playbooks idempotents. 
> 
> Maybe you could be interested. 
> 
> On 2015-08-26 00:30, Martinx - ジェームズ wrote: 
> Hello Stackers!
> 
> I'm proud to announce an Ansible Playbook to deploy OpenStack on Ubuntu!
> 
> Check it out!
> 
> * https://github.com/sandvine/os-ansible-deployment-lite [3]
> 
> Powered by Sandvine! ;-)
> 
> Basically, this is the automation of what we have documented here:
> 
> * http://docs.openstack.org/kilo/install-guide/install/apt/content/ [4]
> 
> Instructions:
> 
> 1- Install Ubuntu 14.04, fully upgraded (with
> "linux-generic-lts-vivid" installed), plus "/etc/hostname" and
> "/etc/hosts" configured according.
> 
> 2- Deploy OpenStack with 1 command:
> 
> * Open vSwtich (default):
> 
> bash <(curl -s
> https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install.sh
>  [5])
> 
> * Linux Bridges (alternative):
> 
> bash <(curl -s
> https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install-lbr.sh
>  [6])
> 
> 3- Launch a NFV L2 Stack:
> 
> heat stack-create demo -f
> ~/os-ansible-deployment-lite/misc/os-heat-templates/nfv-l2-bridge-basic-stack-ubuntu-little.yaml
> 
> IMPORTANT NOTES:
> 
> Only runs the "step 2" on top of a fresh installed Ubuntu 14.04! Can
> be a Server or Desktop but, fresh installed. Do not pre-install MySQL,
> RabbitMQ, Keystone, etc... Let Ansible to its magic!
> 
> Also, make sure you can use "sudo" without password.
> 
> Some features of our Ansible Playbook:
> 
> 1- Deploys OpenStack with one single command, in one physical box
> (all-in-one), helper script (./os-deploy.sh) available;
> 
> 2- Supports NFV instances that can act as a L2 Bridge between two
> VXLAN Networks;
> 
> 3- Plenty of Heat Templates;
> 
> 4- 100% Ubuntu based;
> 
> 5- Very simple setup (simpler topology; dummy interfaces for both
> "br-ex" and "vxlan"; no containers for each service (yet));
> 
> 6- Ubuntu PPA available, with a few OpenStack patches backported from
> Liberty, to Kilo (to add "port_security_enabled" Heat support);
> 
> https://launchpad.net/~sandvine/+archive/ubuntu/cloud-archive-kilo/ [7]
> 
> 7- Only requires one physical ethernet card;
> 
> 8- Both "Linux Bridges" and "Open vSwitch" deployments are supported;
> 
> 9- Planning to add DPDK support;
> 
> 10- Multi-node support under development;
> 
> 11- IPv6 support comming...
> 
> * Notes about Vagrant support:
> 
> Under development (it doesn't work yet).
> 
> There is a preliminary Vagrant support (there is still a bug on MySQL
> startup, pull requests are welcome).
> 
> Just "git clone" our Ansible playbooks and run "vagrant up" (or
> ./os-deploy-vagrant.sh to auto-config your Ansible vars / files for
> you).
> 
> We tried it only with Mac / VirtualBox but, it does not support
> VT-in-VT (nested virtualization), so, we're looking for KVM / Libvirt
> on Ubuntu Desktop instead. But it would be nice to, at least, launch
> OpenStack in a VirtualBox on you Mac... =)
> 
> Hope you guys enjoy it!
> 
> Cheers!
> Thiago
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [8]
> Post to : openst...@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [8]
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [8]
> Post to : openst...@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/

Re: [Openstack] [ANN] OpenStack Kilo on Ubuntu fully automated with Ansible! Ready for NFV L2 Bridges via Heat!

2015-09-04 Thread Jose Manuel Ferrer Mosteiro 
 

Hi 

It is a pre pre pre pre pre pre pre alpha version that just installs the
juno ubuntu guide until dashboard included. Block Storage Service is
very important but does not work now. 

vCenter will be always the operating system that makes my life easyer.
Today is Ubuntu. 

The hypervisor is also Ubuntu but it will be Ubuntu, CentOs and Debian. 

I will announce the project when the project is more advanced. 

Thanks 

On 2015-08-31 15:08, Sabrina Bajorat wrote: 

> That is great !!! Can it be use with Debian 7 too? 
> 
> Thanks 
> 
> On Mon, Aug 31, 2015 at 2:54 PM, Jose Manuel Ferrer Mosteiro 
> <jmferrer.paradigmatecnolog...@gmail.com> wrote:
> 
> Nice job. I am doing a vmware vcenter like in 
> https://github.com/elmanytas/ansible-openstack-vcenter [1] and I solved the 
> problem of duplicate endpoints in line 106 of 
> https://github.com/elmanytas/ansible-openstack-vcenter/blob/master/etc_ansible/roles/keystone/tasks/main.yml
>  [2] . This makes playbooks idempotents. 
> 
> Maybe you could be interested. 
> 
> On 2015-08-26 00:30, Martinx - ジェームズ wrote: 
> Hello Stackers!
> 
> I'm proud to announce an Ansible Playbook to deploy OpenStack on Ubuntu!
> 
> Check it out!
> 
> * https://github.com/sandvine/os-ansible-deployment-lite [3]
> 
> Powered by Sandvine! ;-)
> 
> Basically, this is the automation of what we have documented here:
> 
> * http://docs.openstack.org/kilo/install-guide/install/apt/content/ [4]
> 
> Instructions:
> 
> 1- Install Ubuntu 14.04, fully upgraded (with
> "linux-generic-lts-vivid" installed), plus "/etc/hostname" and
> "/etc/hosts" configured according.
> 
> 2- Deploy OpenStack with 1 command:
> 
> * Open vSwtich (default):
> 
> bash <(curl -s
> https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install.sh
>  [5])
> 
> * Linux Bridges (alternative):
> 
> bash <(curl -s
> https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install-lbr.sh
>  [6])
> 
> 3- Launch a NFV L2 Stack:
> 
> heat stack-create demo -f
> ~/os-ansible-deployment-lite/misc/os-heat-templates/nfv-l2-bridge-basic-stack-ubuntu-little.yaml
> 
> IMPORTANT NOTES:
> 
> Only runs the "step 2" on top of a fresh installed Ubuntu 14.04! Can
> be a Server or Desktop but, fresh installed. Do not pre-install MySQL,
> RabbitMQ, Keystone, etc... Let Ansible to its magic!
> 
> Also, make sure you can use "sudo" without password.
> 
> Some features of our Ansible Playbook:
> 
> 1- Deploys OpenStack with one single command, in one physical box
> (all-in-one), helper script (./os-deploy.sh) available;
> 
> 2- Supports NFV instances that can act as a L2 Bridge between two
> VXLAN Networks;
> 
> 3- Plenty of Heat Templates;
> 
> 4- 100% Ubuntu based;
> 
> 5- Very simple setup (simpler topology; dummy interfaces for both
> "br-ex" and "vxlan"; no containers for each service (yet));
> 
> 6- Ubuntu PPA available, with a few OpenStack patches backported from
> Liberty, to Kilo (to add "port_security_enabled" Heat support);
> 
> https://launchpad.net/~sandvine/+archive/ubuntu/cloud-archive-kilo/ [7]
> 
> 7- Only requires one physical ethernet card;
> 
> 8- Both "Linux Bridges" and "Open vSwitch" deployments are supported;
> 
> 9- Planning to add DPDK support;
> 
> 10- Multi-node support under development;
> 
> 11- IPv6 support comming...
> 
> * Notes about Vagrant support:
> 
> Under development (it doesn't work yet).
> 
> There is a preliminary Vagrant support (there is still a bug on MySQL
> startup, pull requests are welcome).
> 
> Just "git clone" our Ansible playbooks and run "vagrant up" (or
> ./os-deploy-vagrant.sh to auto-config your Ansible vars / files for
> you).
> 
> We tried it only with Mac / VirtualBox but, it does not support
> VT-in-VT (nested virtualization), so, we're looking for KVM / Libvirt
> on Ubuntu Desktop instead. But it would be nice to, at least, launch
> OpenStack in a VirtualBox on you Mac... =)
> 
> Hope you guys enjoy it!
> 
> Cheers!
> Thiago
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [8]
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [8]
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [8]
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/

Re: [openstack-dev] [Openstack] [ANN] OpenStack Kilo on Ubuntu fully automated with Ansible! Ready for NFV L2 Bridges via Heat!

2015-08-31 Thread Jose Manuel Ferrer Mosteiro 
 

Nice job. I am doing a vmware vcenter like in
https://github.com/elmanytas/ansible-openstack-vcenter [7] and I solved
the problem of duplicate endpoints in line 106 of
https://github.com/elmanytas/ansible-openstack-vcenter/blob/master/etc_ansible/roles/keystone/tasks/main.yml
[8] . This makes playbooks idempotents. 

Maybe you could be interested. 

On 2015-08-26 00:30, Martinx - ジェームズ wrote: 

> Hello Stackers!
> 
> I'm proud to announce an Ansible Playbook to deploy OpenStack on Ubuntu!
> 
> Check it out!
> 
> * https://github.com/sandvine/os-ansible-deployment-lite [1]
> 
> Powered by Sandvine! ;-)
> 
> Basically, this is the automation of what we have documented here:
> 
> * http://docs.openstack.org/kilo/install-guide/install/apt/content/ [2]
> 
> Instructions:
> 
> 1- Install Ubuntu 14.04, fully upgraded (with
> "linux-generic-lts-vivid" installed), plus "/etc/hostname" and
> "/etc/hosts" configured according.
> 
> 2- Deploy OpenStack with 1 command:
> 
> * Open vSwtich (default):
> 
> bash <(curl -s
> https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install.sh
>  [3])
> 
> * Linux Bridges (alternative):
> 
> bash <(curl -s
> https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install-lbr.sh
>  [4])
> 
> 3- Launch a NFV L2 Stack:
> 
> heat stack-create demo -f
> ~/os-ansible-deployment-lite/misc/os-heat-templates/nfv-l2-bridge-basic-stack-ubuntu-little.yaml
> 
> IMPORTANT NOTES:
> 
> Only runs the "step 2" on top of a fresh installed Ubuntu 14.04! Can
> be a Server or Desktop but, fresh installed. Do not pre-install MySQL,
> RabbitMQ, Keystone, etc... Let Ansible to its magic!
> 
> Also, make sure you can use "sudo" without password.
> 
> Some features of our Ansible Playbook:
> 
> 1- Deploys OpenStack with one single command, in one physical box
> (all-in-one), helper script (./os-deploy.sh) available;
> 
> 2- Supports NFV instances that can act as a L2 Bridge between two
> VXLAN Networks;
> 
> 3- Plenty of Heat Templates;
> 
> 4- 100% Ubuntu based;
> 
> 5- Very simple setup (simpler topology; dummy interfaces for both
> "br-ex" and "vxlan"; no containers for each service (yet));
> 
> 6- Ubuntu PPA available, with a few OpenStack patches backported from
> Liberty, to Kilo (to add "port_security_enabled" Heat support);
> 
> https://launchpad.net/~sandvine/+archive/ubuntu/cloud-archive-kilo/ [5]
> 
> 7- Only requires one physical ethernet card;
> 
> 8- Both "Linux Bridges" and "Open vSwitch" deployments are supported;
> 
> 9- Planning to add DPDK support;
> 
> 10- Multi-node support under development;
> 
> 11- IPv6 support comming...
> 
> * Notes about Vagrant support:
> 
> Under development (it doesn't work yet).
> 
> There is a preliminary Vagrant support (there is still a bug on MySQL
> startup, pull requests are welcome).
> 
> Just "git clone" our Ansible playbooks and run "vagrant up" (or
> ./os-deploy-vagrant.sh to auto-config your Ansible vars / files for
> you).
> 
> We tried it only with Mac / VirtualBox but, it does not support
> VT-in-VT (nested virtualization), so, we're looking for KVM / Libvirt
> on Ubuntu Desktop instead. But it would be nice to, at least, launch
> OpenStack in a VirtualBox on you Mac... =)
> 
> Hope you guys enjoy it!
> 
> Cheers!
> Thiago
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [6]
> Post to : openst...@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [6]
 

Links:
--
[1] https://github.com/sandvine/os-ansible-deployment-lite
[2] http://docs.openstack.org/kilo/install-guide/install/apt/content/
[3]
https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install.sh
[4]
https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install-lbr.sh
[5] https://launchpad.net/~sandvine/+archive/ubuntu/cloud-archive-kilo/
[6] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[7] https://github.com/elmanytas/ansible-openstack-vcenter
[8]
https://github.com/elmanytas/ansible-openstack-vcenter/blob/master/etc_ansible/roles/keystone/tasks/main.yml__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [Openstack] [ANN] OpenStack Kilo on Ubuntu fully automated with Ansible! Ready for NFV L2 Bridges via Heat!

2015-08-31 Thread Jose Manuel Ferrer Mosteiro 
 

Nice job. I am doing a vmware vcenter like in
https://github.com/elmanytas/ansible-openstack-vcenter [7] and I solved
the problem of duplicate endpoints in line 106 of
https://github.com/elmanytas/ansible-openstack-vcenter/blob/master/etc_ansible/roles/keystone/tasks/main.yml
[8] . This makes playbooks idempotents. 

Maybe you could be interested. 

On 2015-08-26 00:30, Martinx - ジェームズ wrote: 

> Hello Stackers!
> 
> I'm proud to announce an Ansible Playbook to deploy OpenStack on Ubuntu!
> 
> Check it out!
> 
> * https://github.com/sandvine/os-ansible-deployment-lite [1]
> 
> Powered by Sandvine! ;-)
> 
> Basically, this is the automation of what we have documented here:
> 
> * http://docs.openstack.org/kilo/install-guide/install/apt/content/ [2]
> 
> Instructions:
> 
> 1- Install Ubuntu 14.04, fully upgraded (with
> "linux-generic-lts-vivid" installed), plus "/etc/hostname" and
> "/etc/hosts" configured according.
> 
> 2- Deploy OpenStack with 1 command:
> 
> * Open vSwtich (default):
> 
> bash <(curl -s
> https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install.sh
>  [3])
> 
> * Linux Bridges (alternative):
> 
> bash <(curl -s
> https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install-lbr.sh
>  [4])
> 
> 3- Launch a NFV L2 Stack:
> 
> heat stack-create demo -f
> ~/os-ansible-deployment-lite/misc/os-heat-templates/nfv-l2-bridge-basic-stack-ubuntu-little.yaml
> 
> IMPORTANT NOTES:
> 
> Only runs the "step 2" on top of a fresh installed Ubuntu 14.04! Can
> be a Server or Desktop but, fresh installed. Do not pre-install MySQL,
> RabbitMQ, Keystone, etc... Let Ansible to its magic!
> 
> Also, make sure you can use "sudo" without password.
> 
> Some features of our Ansible Playbook:
> 
> 1- Deploys OpenStack with one single command, in one physical box
> (all-in-one), helper script (./os-deploy.sh) available;
> 
> 2- Supports NFV instances that can act as a L2 Bridge between two
> VXLAN Networks;
> 
> 3- Plenty of Heat Templates;
> 
> 4- 100% Ubuntu based;
> 
> 5- Very simple setup (simpler topology; dummy interfaces for both
> "br-ex" and "vxlan"; no containers for each service (yet));
> 
> 6- Ubuntu PPA available, with a few OpenStack patches backported from
> Liberty, to Kilo (to add "port_security_enabled" Heat support);
> 
> https://launchpad.net/~sandvine/+archive/ubuntu/cloud-archive-kilo/ [5]
> 
> 7- Only requires one physical ethernet card;
> 
> 8- Both "Linux Bridges" and "Open vSwitch" deployments are supported;
> 
> 9- Planning to add DPDK support;
> 
> 10- Multi-node support under development;
> 
> 11- IPv6 support comming...
> 
> * Notes about Vagrant support:
> 
> Under development (it doesn't work yet).
> 
> There is a preliminary Vagrant support (there is still a bug on MySQL
> startup, pull requests are welcome).
> 
> Just "git clone" our Ansible playbooks and run "vagrant up" (or
> ./os-deploy-vagrant.sh to auto-config your Ansible vars / files for
> you).
> 
> We tried it only with Mac / VirtualBox but, it does not support
> VT-in-VT (nested virtualization), so, we're looking for KVM / Libvirt
> on Ubuntu Desktop instead. But it would be nice to, at least, launch
> OpenStack in a VirtualBox on you Mac... =)
> 
> Hope you guys enjoy it!
> 
> Cheers!
> Thiago
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [6]
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
> [6]
 

Links:
--
[1] https://github.com/sandvine/os-ansible-deployment-lite
[2] http://docs.openstack.org/kilo/install-guide/install/apt/content/
[3]
https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install.sh
[4]
https://raw.githubusercontent.com/sandvine/os-ansible-deployment-lite/kilo/misc/os-install-lbr.sh
[5] https://launchpad.net/~sandvine/+archive/ubuntu/cloud-archive-kilo/
[6] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[7] https://github.com/elmanytas/ansible-openstack-vcenter
[8]
https://github.com/elmanytas/ansible-openstack-vcenter/blob/master/etc_ansible/roles/keystone/tasks/main.yml___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Cannot ping tenant router

2015-07-08 Thread Jose Manuel Ferrer Mosteiro 

Hi

This is my first message. I'm trying to install openstack basic 
environment on vmware virtual machines. If it works I will try to 
install it in physical machines.


I have followed the Openstack installation guide for ubuntu 14.04 but 
when I try to ping the tenant router gateway 
(http://docs.openstack.org/juno/install-guide/install/apt/content/neutron_initial-networks-verify.html) 
it does not work.


The external network interface is br-vlan :
+++
# OpenStack Networking VLAN bridge
auto br-vlan
iface br-vlan inet manual
bridge_stp off
bridge_waitport 0
bridge_fd 0
# Bridge port references untagged interface
bridge_ports eth2
+++

Before creating networks this is the configuration of openvswitch in 
network node:

+++
root@openstack-network:~# ovs-vsctl show
4c8ae948-9661-4094-ae4f-48b7dc916be3
Bridge br-int
fail_mode: secure
Port int-br-vlan
Interface int-br-vlan
type: patch
options: {peer=phy-br-vlan}
Port br-int
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Bridge br-vlan
Port br-vlan
Interface br-vlan
type: internal
Port phy-br-vlan
Interface phy-br-vlan
type: patch
options: {peer=int-br-vlan}
Bridge br-tun
fail_mode: secure
Port gre-0a0b2105
Interface gre-0a0b2105
type: gre
options: {df_default=true, in_key=flow, 
local_ip=10.11.33.2, out_key=flow, remote_ip=10.11.33.5}

Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
ovs_version: 2.0.2
root@openstack-network:~#
+++

In controller I begin with nothing:
+++
root@openstack-controller:~# neutron net-list

root@openstack-controller:~# neutron subnet-list

root@openstack-controller:~# neutron router-list

root@openstack-controller:~#
+++

Creating external net:
+++
root@openstack-controller:~# neutron net-create ext-net 
--router:external True --provider:physical_network external 
--provider:network_type flat

Created a new network:
+---+--+
| Field | Value|
+---+--+
| admin_state_up| True |
| id| 432e632b-3b44-4aef-be75-ac463aa10568 |
| name  | ext-net  |
| provider:network_type | flat |
| provider:physical_network | external |
| provider:segmentation_id  |  |
| router:external   | True |
| shared| False|
| status| ACTIVE   |
| subnets   |  |
| tenant_id | a677265953784079af424a389a0d5c2d |
+---+--+
root@openstack-controller:~#
+++
Created external subnet:
+++
root@openstack-controller:~# neutron subnet-create ext-net --name 
ext-subnet --allocation-pool start=192.168.32.21,end=192.168.32.42 
--disable-dhcp --gateway 192.168.32.1 192.168.32.0/24

Created a new subnet:
+---++
| Field | Value  
|

+---++
| allocation_pools  | {start: 192.168.32.21, end: 192.168.32.42} 
|
| cidr  | 192.168.32.0/24
|
| dns_nameservers   |
|
| enable_dhcp   | False  
|
| gateway_ip| 192.168.32.1   
|
| host_routes   |
|
| id| b68541b3-bf57-472d-a095-fb186596a06d   
|
| ip_version| 4  
|
| ipv6_address_mode |
|
| ipv6_ra_mode  |
|
| name  | ext-subnet 
|
| network_id| 432e632b-3b44-4aef-be75-ac463aa10568   
|
| tenant_id | a677265953784079af424a389a0d5c2d   
|

+---++
root@openstack-controller:~#