[openstack-dev] [Nova][Glance_store][VMware] Different glance store for Nova snapshot in VMware
Hi all, In our production environment, we enables glance_store for VMware datastore. Configuration in glance-api.conf: [DEFAULT] show_image_direct_url = True [glance_store] stores= glance.store.vmware_datastore.Store default_store = vsphere vmware_server_host= 172.18.6.22 vmware_server_username = administrator@vsphere.local vmware_server_password = 1qaz!QAZ vmware_datastores = ICT Test:F7-HPP9500-SAS-ICTHPCLUSTER03-LUN06 Firstly we boot an instance, make online snapshot for the VM, we see the image stores on local file system: direct_url file:///var/lib/glance/images/8cf7ba51-31d8-4282-89db-06957d609691 Then we poweroff the VM, make offline snapshot, the image stores on VMware datastore: direct_urlvsphere:// 172.20.2.38/folder/openstack_glance/52825a70-f645-46b5-80ec-7a430dcd13cf?dcPath=IDC_Test&dsName=LUN03-00 In Nova VCDriver, make snapshot will upload VM disk file to Glance image server. But why different behaviour for the VM poweron and poweroff? Hopes for your reply. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Neutron][VPNaaS]IPSec Pluto is not running
Hi, all I want to install vpnaas in mitaka, but failed to create ipsec-connection. OS version: Centos 7 Libreswan version: 3.10.0-327.18.2.el7.x86_64 In /etc/neutron/vpn_agent.ini, vpn_device_driver is neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver. Before running neutron-vpn-agent, I had checked ipsec status, it seems normal: # ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Libreswan 3.15 (netkey) on 3.10.0-327.18.2.el7.x86_64 Checking for IPsec support in kernel [OK] SAref kernel support [N/A] NETKEY: Testing XFRM related proc values [OK] [OK] [OK] Hardware RNG detected, testing if used properly [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [FAILED] Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking /bin/sh is not /bin/dash [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] After create ikepolicy, ipsecpolicy and vpn service, create a ipsec-site-connection failed, status code in vpn-agent.log returns 1 : # ip netns exec qrouter-5758220e-5c35-429a-975f-39375db70efe ipsec whack --ctlbase /var/lib/neutron/ipsec/5758220e-5c35-429a-975f-39375db70efe/var/run/pluto --status whack: Pluto is not running (no "/var/lib/neutron/ipsec/5758220e-5c35-429a-975f-39375db70efe/var/run/pluto.ctl") By the way, ipsec checknss had already run, but I had not seen any db files in the /etc/pki/nssdb directory: root 14087 0.0 0.0 113252 912 ?S23:21 0:00 /bin/sh /sbin/ipsec checknss /var/lib/neutron/ipsec/5758220e-5c35-429a-975f-39375db70efe/etc __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Neutron][QoS] Question about QoS bandwidth limit rule
Hi, all I had tested Neutron QoS function, we can apply the bandwidth limit rule for instance's port, but router ports are excluded from bandwidth policy. In Neutron ovs agent, we can see the ovs-vsctl command set ingress_policing_rate and ingress_policing_burst, instance apply to "qvo" device, router port apply to "qr" device. They are both interfaces of OVS, why the bandwidth policy can't take effect in "qr" device? __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev