Re: [Openstack] Multinode setup?
hi Dmitry Cinder service is not managed by nova-manage service list Mq is only needed to be installed once You can do the following to check whether multi node works 1.check MySQL db cinder database , there should be a table named service which record all the available cinder services. If not please check your cinder config file,make sure the service record is created and do step2 2. tail -f /var/log/cinder/cinder-volume in all of your cinder scheduler service host And then create as many empty cinder volume as you can A log will be generated when a cinder-volume works 发自我的 iPhone 在 2013-4-20,3:18,Dmitry Makovey dmako...@yahoo.com 写道: # cinder-manage host list hostzone primary.bar.com nova foo.bar.com nova however # nova-manage service list only shows nova services on primary node (since that's the only place that has it installed) -- *From:* Dmitry Mescheryakov dmescherya...@mirantis.com *To:* Dmitry Makovey dmako...@yahoo.com *Cc:* openstack@lists.launchpad.net openstack@lists.launchpad.net *Sent:* Friday, April 19, 2013 11:41 AM *Subject:* Re: [Openstack] Multinode setup? Did you try running nova-manage service list ? It should show services status relatively to node on which you run that command. 2013/4/19 Dmitry Makovey dmako...@yahoo.com played with --availability-zone, so after specifying: # cinder create --availability-zone nova:foo.bar.com 10 I get: # cinder show c1e4bcc1-c8aa-4bc6-93a8-88e362028f9a +-+--+ | Property |Value | +-+--+ | attachments | [] | | availability_zone | nova:foo.bar.com | | created_at | 2013-04-19T17:06:40.00 | | display_description | None | | display_name| None | | id | c1e4bcc1-c8aa-4bc6-93a8-88e362028f9a | | metadata | {} | | size| 10 | | snapshot_id | None | |status |error | | volume_type | None | +-+--+ I can create volumes just fine without --availability-zone, however they are always created on primary cinder node that runs cinder-api, cinder-scheduler and cinder-volume and not on secondary that runs cinder-api and cinder-volume. I have added to /etc/cinder/cinder.conf: iscsi_ip_prefix= 1.1.1.2 and iscsi_ip_prefix= 1.1.1.3 on both hosts but I get nothing. creation with availability zone specified fails every time. from /var/log/cinder/scheduler.log on primary node I get: 2013-04-19 11:06:40 13525 ERROR cinder.openstack.common.rpc.amqp [-] Exception during message handling 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp Traceback (most recent call last): 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp File /usr/lib/python2.6/site-packages/cinder/openstack/common/rpc/amqp.py, line 276, in _process_data 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp rval = self.proxy.dispatch(ctxt, version, method, **args) 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp File /usr/lib/python2.6/site-packages/cinder/openstack/common/rpc/dispatcher.py, line 145, in dispatch 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp return getattr(proxyobj, method)(ctxt, **kwargs) 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp File /usr/lib/python2.6/site-packages/cinder/scheduler/manager.py, line 98, in _schedule 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp db.volume_update(context, volume_id, {'status': 'error'}) 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp File /usr/lib64/python2.6/contextlib.py, line 23, in __exit__ 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp self.gen.next() 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp File /usr/lib/python2.6/site-packages/cinder/scheduler/manager.py, line 94, in _schedule 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp return driver_method(*args, **kwargs) 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp File /usr/lib/python2.6/site-packages/cinder/scheduler/simple.py, line 59, in schedule_create_volume 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp raise exception.WillNotSchedule(host=host) 2013-04-19 11:06:40 13525 TRACE cinder.openstack.common.rpc.amqp WillNotSchedule: Host foo.bar.com is not up or doesn't exist. does that mean I have to run Qpid on secondary as well?
Re: [Openstack] ANNOUNCE: Ultimate OpenStack Grizzly Guide, with super easy Quantum!
Hi Paras The log says your dhcp works fine while metadata is not Check the following steps 1.Make sure nova API enables metadata service 2. A virtual router should be created for your subnet and this router is binding with a l3 agent 3.in the l3 agent metadata proxy service should be works fine Metadata service config file should contains nova API host and keystone auth info 4. Ovs bridge br-ex is needed in your l3 agent server even you don't need floating ip Daniels Cai http://dnscai.com 在 2013-4-19,23:42,Paras pradhan pradhanpa...@gmail.com 写道: Any idea why I could not hit http://169.254.169.254/20090404/instanceid ? Here is what I am seeing in cirros . -- Sending discover... Sending select for 192.168.122.98... Lease of 192.168.122.98 obtained, lease time 120 deleting routers route: SIOCDELRT: No such process route: SIOCADDRT: No such process adding dns 192.168.122.1 adding dns 8.8.8.8 cirrosds 'net' up at 4.62 checking http://169.254.169.254/20090404/instanceid failed 1/20: up 4.79. request failed failed 2/20: up 6.97. request failed failed 3/20: up 9.03. request failed failed 4/20: up 11.08. request fa .. -- Thanks Paras. On Thu, Apr 11, 2013 at 7:22 AM, Martinx - ジェームズ thiagocmarti...@gmail.comwrote: Guys! I just update the *Ultimate OpenStack Grizzly Guide*https://gist.github.com/tmartinx/d36536b7b62a48f859c2 ! You guys will note that this environment works with *echo 0 /proc/sys/net/ipv4/ip_forward*, on *both* controller *AND* compute nodes! Take a look! I didn't touch the /etc/sysctl.conf file and it is working! I'll ask for the help of this community to finish my guide. On my `TODO list' I have: enable Metadata, Spice and Ceilometer. Volunteers?! Best! Thiago On 20 March 2013 19:51, Martinx - ジェームズ thiagocmarti...@gmail.com wrote: Hi! I'm working with Grizzly G3+RC1 on top of Ubuntu 12.04.2 and here is the guide I wrote: Ultimate OpenStack Grizzly Guidehttps://gist.github.com/tmartinx/d36536b7b62a48f859c2 It covers: * Ubuntu 12.04.2 * Basic Ubuntu setup * KVM * OpenvSwitch * Name Resolution for OpenStack components; * LVM for Instances * Keystone * Glance * Quantum - Single Flat, Super Green!! * Nova * Cinder / tgt * Dashboard It is still a draft but, every time I deploy Ubuntu and Grizzly, I follow this little guide... I would like some help to improve this guide... If I'm doing something wrong, tell me! Please! Probably I'm doing something wrong, I don't know yet, but I'm seeing some errors on the logs, already reported here on this list. Like for example: nova-novncproxy conflicts with novnc (no VNC console for now), dhcp-agent.log / auth.log points to some problems with `sudo' or the `rootwarp' subsystem when dealing with metadata (so it isn't working)... But in general, it works great!! Best! Thiago ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Quantum] Query regarding floating IP configuration
Anil It is not necessarily to not configur an IP address for l3 agent , 2 nics can work in this scenario .config an IP address as you like Daniels Cai http://dnscai.com 在 2013-4-24,1:48,Edgar Magana emag...@plumgrid.com 写道: Anil, If you are testing multiple vNICs I will recommend you to use the following image: IMAGE_URLS=http://www.openvswitch.org/tty-quantum.tgz In your localrc add the above string and you are all set up! Thanks, Edgar From: Anil Vishnoi vishnoia...@gmail.com Date: Wednesday, April 17, 2013 1:29 PM To: openstack@lists.launchpad.net openstack@lists.launchpad.net Subject: [Openstack] [Quantum] Query regarding floating IP configuration Hi All, I am trying to setup openstack in my lab, where i have a plan to run Controller+Network node on one physical machine and two compute node. Controller/Network physical machine has 2 NIc, one connected to externet network (internet) and second nic is on private network. OS Network Administrator Guide says The node running quantum-l3-agent should not have an IP address manually configured on the NIC connected to the external network. Rather, you must have a range of IP addresses from the external network that can be used by OpenStack Networking for routers that uplink to the external network.. So my confusion is, if i want to send any REST API call to my controller/network node from external network, i obviously need public IP address. But instruction i quoted says that we should not have manual IP address on the NIC. Does it mean we can't create floating IP pool in this kind of setup? Or we need 3 NIC, 1 for private network, 1 for floating ip pool creation and 1 for external access to the machine? OR is it that we can assign the public ip address to the br-ex, and remove it from physical NIC? Please let me know if my query is not clear. -- Thanks Anil ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.netUnsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] (no subject)
hi community i create a port which contains two subnet and quantum returns the following json. { port: { status: DOWN, name: , admin_state_up: true, network_id: f9d3bd8e-377b-4f21-bfc6-64ae4257e44d, tenant_id: 82da519b676d400ab24e9ee38d138c3c, binding:vif_type: ovs, device_owner: , binding:capabilities: { port_filter: false }, mac_address: fa:16:3e:e8:0c:75, fixed_ips: [ { subnet_id: 3a6c08b6-cb0e-4949-9e3f-dae76fc98741, ip_address: 20.20.1.1 }, { subnet_id: dfe2a150-5a87-4256-80c7-fd88b9dae113, ip_address: 20.20.2.20 } ], id: 843cb8da-ccac-4550-b777-fa1455ee02fe, device_id: } } when i try to boot a vm with this port (command showed below) nova boot --nic port-id=f9d3bd8e-377b-4f21-bfc6-64ae4257e44d --key-name hi --flavor 1 --block_device_mapping vda=21f4dfc5-9752-4f5e-8133-0540a1dc3eb5:::0 vm7 the vm's network doesn't work , dhcp doesn't work and only one nic showed . ( if only one subnet specified, dhcp and other plugins works fine) any one can help? Daniels Cai http://dnscai.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] list all volumes attached to a vm
hi community i am trying to list all volumes which attached to a vm, with a vm id specified . i am not sure whether there is any command line filter to achieve this ,i use api instead here is the ref http://api.openstack.org/api-ref.html invoked api is v2/{tenant_id}/servers/{server_id}/os-volume_attachments but , this api seems not work properly , it returns a 404 error openstack response: '404 Not Found#012#012The resource could not be found.#012#012 ' in cinder's log file '/var/log/cinder/cinder-api.log' 2013-04-26 11:18:11DEBUG [routes.middleware] No route matched for GET /82da519b676d400ab24e9ee38d138c3c/servers/cb75bb55-e9ef-4d05-af9f-3ad346fa3eb4/os-volume_attachments any help is welcomed , thanks for advance Daniels Cai http://dnscai.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Announce] OpenStack Grizzly Multi Node Install Guide by Msekni Bilel
thanks for your guide , Bilel , it really helps. Daniels Cai http://dnscai.com On Fri, Apr 26, 2013 at 6:49 PM, skible.openst...@gmail.com skible.openst...@gmail.com wrote: Hi, So I have been working on this with a couple of OpenStackers from all over the world (Tokyo, US, Germany, ..) and we are happy to present our guide to deploy OpenStack Grizzly in Multi Node/Single node. https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_MultiNode/OpenStack_Grizzly_Install_Guide.rst This is well tested to work on Ubuntu 12.04 and 13.04 64bits ! This is the readme https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guidefile of the guide if you want to know more :) P.S: if you ever happen to hear of an open cloud operator position, you might wana contact me about it ! I am going homeless by the end of the month :p Kind regards, Bilel MSEKNIhttp://www.linkedin.com/profile/view?id=136237741trk=tab_pro ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] How to decommission a compute node
nova didn't provide a interface to do it I delete the host directly from nova db after disable it. Daniels Cai http://dnscai.com 在 2013-5-1,2:40,Greg Chavez greg.cha...@gmail.com 写道: I'm just getting up and running with Folsom on Ubuntu 12.10. Of two compute nodes I have running, one of them died (some kind of grub corruption). So my next step is to re-kick it, but I don't know how to remove the compute node from Nova. I can do this: root@kcon-gen-01i:~# nova-manage service disable --host=kvm-sn-10i --service=nova-compute root@kcon-gen-01i:~# nova-manage service list Binary Host Zone Status State Updated_At nova-certkcon-gen-01i nova enabled :-) 2013-04-30 18:32:56 nova-consoleauth kcon-gen-01i nova enabled :-) 2013-04-30 18:32:56 nova-scheduler kcon-gen-01i nova enabled :-) 2013-04-30 18:32:52 nova-compute kvm-sn-10inova disabled :-) 2013-04-30 18:32:54 nova-compute kvm-sn-14inova enabled :-) 2013-04-30 18:32:55 But the host itself is still there! root@kcon-gen-01i:~# nova-manage host list | sed 's/cs-//' host zone kcon-gen-01i nova kvm-sn-10inova kvm-sn-14inova My concern is that when I bring kvm-sn-10i back to life, my controller node won't be able to authorize it. So what is the proper way to delete/remove/decommission a compute node? Thanks. -- \*..+.- --Greg Chavez +//..;}; ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] I release naming (calling APAC community)
+1 for Ichang Daniels Cai http://dnscai.com 在 2013-5-5,10:57,Yaguang Tang heut2...@gmail.com 写道: +1 for Ichang which is a street name in HK and also a city name in China. 2013/5/5 beyounn beyo...@gmail.com +1 ** ** ** ** *From:* Openstack [mailto:openstack-bounces+beyounn= gmail@lists.launchpad.net] *On Behalf Of *Ray Sun *Sent:* Friday, May 3, 2013 8:53 PM *To:* Haitao Jiang *Cc:* thie...@openstack.org; OpenStack Maillist *Subject:* Re: [Openstack] I release naming (calling APAC community) ** ** I-Ching +1 Best Regards -- Ray ** ** On Sat, May 4, 2013 at 11:48 AM, Haitao Jiang jianghai...@gmail.com wrote: I like I-Ching most among proposed ones. +1 ** ** Haitao ** ** On Thu, May 2, 2013 at 10:16 PM, yoyochi...@itri.org.tw wrote: How about I-Ching? One of the oldest of the Chinese classic texts, can be referred to the influence of OpenStack to cloud computing. See Wikipedia page here : http://en.wikipedia.org/wiki/I_Ching Yoyo -Original Message- From: Openstack [mailto:openstack-bounces+yoyochiang= itri.org...@lists.launchpad.net] On Behalf Of Thierry Carrez Sent: Thursday, May 02, 2013 10:02 PM To: openstack@lists.launchpad.net Subject: [Openstack] I release naming (calling APAC community) Hi everyone, As you may know, we name our release cycles after cities or counties in the state/country where the corresponding design summit is held. That creates an interesting problem for the I release, since there is no word starting with i in classic transliteration of Chinese words... so not so many candidates. We'll have to get a bit creative and be willing to bend the rules a little. Feel free to suggest names on this thread, or on the wiki page at: https://wiki.openstack.org/wiki/Release_Naming I am especially interested by the input of our APAC community in general and our Chinese members in particular, which are probably the best to let us know which transliteration crime could be acceptable or which name they would particularly like. Cheers, -- Thierry Carrez (ttx) Release Manager, OpenStack ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp 本信件可能包含工研院機密資訊,非指定之收件者,請勿使用或揭露本信件內容,並請銷毀此信件。 This email may contain confidential information. Please do not use or disclose it in any way and delete it if you are not the intended recipient. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ** ** ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ** ** ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Tang Yaguang Canonical Ltd. | www.ubuntu.com | www.canonical.com Mobile: +86 152 1094 6968 gpg key: 0x187F664F ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Unable to ping VM using OpenStack and Quantum(openvswitch plugin)
Is your physical nic whiched used for vm communication can ping each other? Check your GRE tunnel if you are in GRE mode or check your vlan setting in physical switch if in vlan mode Daniels Cai http://dnscai.com 在 2013-5-7,14:56,zengshan2008 zengshan2...@gmail.com 写道: Hi, I've installed openstack using quantum by the guide https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/blob/master/OpenStack_Folsom_Install_Guide_WebVersion.rst everything works fine, but I can't ping vm from the outside world, neither from the network node.The following is some of my configration. 1) root@networknode:/etc# ip netns qrouter-8f5f3c17-a00e-4382-a403-181dfbb9d189 qdhcp-e58739ff-16dc-4289-8110-242f7818d314 2) qrouter and qdhcp server is up root@networknode:/etc# ip netns exec qrouter-8f5f3c17-a00e-4382-a403-181dfbb9d189 ifconfig loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:85 errors:0 dropped:0 overruns:0 frame:0 TX packets:85 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9224 (9.2 KB) TX bytes:9224 (9.2 KB) qg-daf2c037-cc Link encap:Ethernet HWaddr fa:16:3e:ea:f6:c3 inet addr:192.168.23.102 Bcast:192.168.23.255 Mask:255.255.255.0 inet6 addr: 2401:de00::f816:3eff:feea:f6c3/64 Scope:Global inet6 addr: fe80::f816:3eff:feea:f6c3/64 Scope:Link inet6 addr: 2401:de00::6066:acc0:66e3:7434/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5392 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:406572 (406.5 KB) TX bytes:846 (846.0 B) qr-d9cb6d6d-5e Link encap:Ethernet HWaddr fa:16:3e:6d:5a:3a inet addr:202.122.38.1 Bcast:202.122.38.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe6d:5a3a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:24 errors:0 dropped:0 overruns:0 frame:0 TX packets:108 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2184 (2.1 KB) TX bytes:5928 (5.9 KB) root@networknode:/etc# ip netns exec qdhcp-e58739ff-16dc-4289-8110-242f7818d314 ifconfig loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:840 (840.0 B) TX bytes:840 (840.0 B) tape10a4f07-60 Link encap:Ethernet HWaddr fa:16:3e:db:8f:23 inet addr:202.122.38.14 Bcast:202.122.38.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fedb:8f23/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:106 errors:0 dropped:0 overruns:0 frame:0 TX packets:30 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5760 (5.7 KB) TX bytes:2652 (2.6 KB) 3) qrouter can ping the dhcp server from the network node root@networknode:/etc# ip netns exec qrouter-8f5f3c17-a00e-4382-a403-181dfbb9d189 ping 202.122.38.14 PING 202.122.38.14 (202.122.38.14) 56(84) bytes of data. 64 bytes from 202.122.38.14: icmp_req=1 ttl=64 time=0.325 ms 64 bytes from 202.122.38.14: icmp_req=2 ttl=64 time=0.023 ms 64 bytes from 202.122.38.14: icmp_req=3 ttl=64 time=0.024 ms ^C --- 202.122.38.14 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.023/0.124/0.325/0.142 ms 4) virtual machine is up quantum floatingip-list +--+--+-+--+ | id | fixed_ip_address | floating_ip_address | port_id | +--+--+-+--+ | 88398dd1-7256-49c7-b1ad-719903125501 | 202.122.38.15| 192.168.23.103 | ce7c1eff-afcb-4908-b399-0e6e07d2791e | +--+--+-+--+ 5) virtual machine eth0 is up 6)ssh or ping to vm is failed root@networknode:/etc# ip netns exec qrouter-8f5f3c17-a00e-4382-a403-181dfbb9d189 ping 202.122.38.15 PING 202.122.38.15 (202.122.38.15) 56(84) bytes of data. From 202.122.38.1 icmp_seq=1 Destination Host Unreachable From 202.122.38.1 icmp_seq=2 Destination Host Unreachable From 202.122.38.1 icmp_seq=3 Destination Host Unreachable From 202.122.38.1 icmp_seq=4
Re: [Openstack] quantum l2 networks
hi Aaron i set the following in nova.conf security_group_api=quantum firewall_driver=nova.virt.firewall.NoopFirewallDriver it works, but when i try to attach a security group to an exist vm , api throw an error : Network requires port_security_enabled and subnet associated in order to apply security groups. the i add port_security_enabled in quantum.conf in all nodes. port_security_enabled=True with no luck, it still doesn't work . Any advice ? does quantum security group support this feature? Daniels Cai http://dnscai.com 2013/6/8 Aaron Rosen aro...@nicira.com Hi Joe, I thought setting firewall_driver = quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs plugin does not do any mac spoof filtering at the OVS level. Those are all done in iptables. Aaron On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu joseph.b...@rackspace.comwrote: Hello, Is there a way to create a quantum l2 network using OVS that does not have MAC and IP spoofing enabled either in iptables or OVS? One workaround that we found was to set the OVS plugin firewall_driver = quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova however this is far from ideal and doesn't solve the problem of MAC spoof filtering at the OVS level. Thanks for any help ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] quantum l2 networks
Aaron , thanks for you answers, i see it. we are not useing nvp in our environemnt yet. my vm is boot with a subnet_id specified . i am sure about it . here is more info: vm has an ip 192.168.6.100 , this ip belongs to subnet 83afd693-7e36-41e9-b896-9d8b0d89d255 , this subnet belongs to network iaas-net, network id is 5332f0f7-3156-4961-aa67-0b8507265fa5 # nova list | 24891d97-8d0e-4e99-9537-c8f8291913d0 | ubuntu-1304-server-amd64 | ACTIVE | iaas-net=192.168.6.100 here is quantum network info : # quantum net-list +--+--+---+ | id | name | subnets | +--+--+---+ | 5332f0f7-3156-4961-aa67-0b8507265fa5 | iaas-net | 329ca377-6193-4a0c-9320-471cd5ff762f 192.168.202.0/24 | | | | 83afd693-7e36-41e9-b896-9d8b0d89d255 192.168.6.0/24 | | | | bb1afb2d-ab59-4ba4-8a76-8b5b426b8e33 192.168.7.0/24 | | | | d59794df-bb49-4924-a19f-cbdec0ce24df 192.168.188.0/24 | | | | dca45033-e506-42e4-bf05-aaccd0591c55 192.168.193.0/24 | | | | e8a9be74-2f39-4d7e-9287-c5b85b573cca 192.168.192.0/24 | i enabled the following features in quantum 1. namespace 2. overlap ips if any more info needed for debug, i will attach Daniels Cai http://dnscai.com 2013/6/8 Aaron Rosen aro...@nicira.com There is no port_security_enabled config option. This is an attribute on a port that is used if the plugin you are using implements the port_security_extension (which is only nvp at the time). I'm guessing your issue is the network you are trying to boot an instance on does not have a subnet associated with it. Aaron On Sat, Jun 8, 2013 at 12:37 AM, daniels cai danx...@gmail.com wrote: hi Aaron i set the following in nova.conf security_group_api=quantum firewall_driver=nova.virt.firewall.NoopFirewallDriver it works, but when i try to attach a security group to an exist vm , api throw an error : Network requires port_security_enabled and subnet associated in order to apply security groups. the i add port_security_enabled in quantum.conf in all nodes. port_security_enabled=True with no luck, it still doesn't work . Any advice ? does quantum security group support this feature? Daniels Cai http://dnscai.com 2013/6/8 Aaron Rosen aro...@nicira.com Hi Joe, I thought setting firewall_driver = quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs plugin does not do any mac spoof filtering at the OVS level. Those are all done in iptables. Aaron On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu joseph.b...@rackspace.com wrote: Hello, Is there a way to create a quantum l2 network using OVS that does not have MAC and IP spoofing enabled either in iptables or OVS? One workaround that we found was to set the OVS plugin firewall_driver = quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova however this is far from ideal and doesn't solve the problem of MAC spoof filtering at the OVS level. Thanks for any help ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] quantum l2 networks
nova add-secgroup 24891d97-8d0e-4e99-9537-c8f8291913d0 d11 ERROR: Network requires port_security_enabled and subnet associated in order to apply security groups. (HTTP 400) (Request-ID: req-94cb2d54-858b-4843-af53-b373c88bcdc0) security group is exists # quantum security-group-list +--+-+--+ | id | name| description | +--+-+--+ | 0acc8258-bd9f-4f87-b051-a94dbc1504eb | default | default | | 5902febc-e793-4b09-8073-567226d83d79 | d11 | des for firewall | +--+-+--+ Daniels Cai http://dnscai.com 2013/6/8 Aaron Rosen aro...@nicira.com You said: it works, but when i try to attach a security group to an exist vm , api throw an error :Network requires port_security_enabled and subnet associated in order to apply security groups. What command are you running to generate that error? On Sat, Jun 8, 2013 at 1:45 AM, daniels cai danx...@gmail.com wrote: Aaron , thanks for you answers, i see it. we are not useing nvp in our environemnt yet. my vm is boot with a subnet_id specified . i am sure about it . here is more info: vm has an ip 192.168.6.100 , this ip belongs to subnet 83afd693-7e36-41e9-b896-9d8b0d89d255 , this subnet belongs to network iaas-net, network id is 5332f0f7-3156-4961-aa67-0b8507265fa5 # nova list | 24891d97-8d0e-4e99-9537-c8f8291913d0 | ubuntu-1304-server-amd64 | ACTIVE | iaas-net=192.168.6.100 here is quantum network info : # quantum net-list +--+--+---+ | id | name | subnets | +--+--+---+ | 5332f0f7-3156-4961-aa67-0b8507265fa5 | iaas-net | 329ca377-6193-4a0c-9320-471cd5ff762f 192.168.202.0/24 | | | | 83afd693-7e36-41e9-b896-9d8b0d89d255 192.168.6.0/24 | | | | bb1afb2d-ab59-4ba4-8a76-8b5b426b8e33 192.168.7.0/24 | | | | d59794df-bb49-4924-a19f-cbdec0ce24df 192.168.188.0/24 | | | | dca45033-e506-42e4-bf05-aaccd0591c55 192.168.193.0/24 | | | | e8a9be74-2f39-4d7e-9287-c5b85b573cca 192.168.192.0/24 | i enabled the following features in quantum 1. namespace 2. overlap ips if any more info needed for debug, i will attach Daniels Cai http://dnscai.com 2013/6/8 Aaron Rosen aro...@nicira.com There is no port_security_enabled config option. This is an attribute on a port that is used if the plugin you are using implements the port_security_extension (which is only nvp at the time). I'm guessing your issue is the network you are trying to boot an instance on does not have a subnet associated with it. Aaron On Sat, Jun 8, 2013 at 12:37 AM, daniels cai danx...@gmail.com wrote: hi Aaron i set the following in nova.conf security_group_api=quantum firewall_driver=nova.virt.firewall.NoopFirewallDriver it works, but when i try to attach a security group to an exist vm , api throw an error : Network requires port_security_enabled and subnet associated in order to apply security groups. the i add port_security_enabled in quantum.conf in all nodes. port_security_enabled=True with no luck, it still doesn't work . Any advice ? does quantum security group support this feature? Daniels Cai http://dnscai.com 2013/6/8 Aaron Rosen aro...@nicira.com Hi Joe, I thought setting firewall_driver = quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs plugin does not do any mac spoof filtering at the OVS level. Those are all done in iptables. Aaron On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu joseph.b...@rackspace.com wrote: Hello, Is there a way to create a quantum l2 network using OVS that does not have MAC and IP spoofing enabled either in iptables or OVS? One workaround that we found was to set the OVS plugin firewall_driver = quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova however this is far from ideal and doesn't solve the problem of MAC spoof filtering at the OVS level. Thanks for any help ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list