[openstack-dev] [Neutron][QoS] Question about QoS bandwidth limit rule

2016-08-23 Thread dongcan ye
Hi, all

I had tested Neutron QoS function, we can apply the bandwidth limit rule
for instance's port, but router ports are excluded from bandwidth policy.

In Neutron ovs agent, we can see the ovs-vsctl command set
ingress_policing_rate and ingress_policing_burst, instance apply to "qvo"
device, router port apply to "qr" device.

They are both interfaces of OVS, why the bandwidth policy can't take effect
in "qr" device?
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


[openstack-dev] [Neutron][VPNaaS]IPSec Pluto is not running

2016-07-19 Thread dongcan ye
Hi, all

I want to install vpnaas in mitaka, but failed to create ipsec-connection.

OS version: Centos 7
Libreswan version: 3.10.0-327.18.2.el7.x86_64


In /etc/neutron/vpn_agent.ini, vpn_device_driver is
neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver.

Before running neutron-vpn-agent, I had checked ipsec status, it seems
normal:
# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Libreswan 3.15 (netkey) on 3.10.0-327.18.2.el7.x86_64
Checking for IPsec support in kernel [OK]
 SAref kernel support   [N/A]
 NETKEY:  Testing XFRM related proc values   [OK]
[OK]
[OK]
Hardware RNG detected, testing if used properly [OK]
Checking that pluto is running   [OK]
 Pluto listening for IKE on udp 500 [OK]
 Pluto listening for NAT-T on udp 4500   [OK]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking NAT and MASQUERADEing   [OK]
Checking for 'ip' command   [OK]
Checking /bin/sh is not /bin/dash   [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]


After create ikepolicy, ipsecpolicy and vpn service, create a
ipsec-site-connection failed,
status code in vpn-agent.log returns 1 :
# ip netns exec qrouter-5758220e-5c35-429a-975f-39375db70efe ipsec whack
--ctlbase
/var/lib/neutron/ipsec/5758220e-5c35-429a-975f-39375db70efe/var/run/pluto
--status
whack: Pluto is not running (no
"/var/lib/neutron/ipsec/5758220e-5c35-429a-975f-39375db70efe/var/run/pluto.ctl")

By the way, ipsec checknss had already run, but I had not seen any db files
in the /etc/pki/nssdb directory:
root 14087  0.0  0.0 113252   912 ?S23:21   0:00 /bin/sh
/sbin/ipsec checknss
/var/lib/neutron/ipsec/5758220e-5c35-429a-975f-39375db70efe/etc
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


[openstack-dev] [Nova][Glance_store][VMware] Different glance store for Nova snapshot in VMware

2016-03-13 Thread dongcan ye
Hi all,

In our production environment, we enables glance_store for VMware datastore.
Configuration in glance-api.conf:

[DEFAULT]
show_image_direct_url = True
[glance_store]
stores= glance.store.vmware_datastore.Store
default_store = vsphere
vmware_server_host= 172.18.6.22
vmware_server_username = administrator@vsphere.local
vmware_server_password = 1qaz!QAZ
vmware_datastores = ICT Test:F7-HPP9500-SAS-ICTHPCLUSTER03-LUN06


Firstly we boot an instance, make online snapshot for the VM, we see the
image stores on local file system:
direct_url
file:///var/lib/glance/images/8cf7ba51-31d8-4282-89db-06957d609691

Then we poweroff the VM, make offline snapshot, the image stores on VMware
datastore:
direct_urlvsphere://
172.20.2.38/folder/openstack_glance/52825a70-f645-46b5-80ec-7a430dcd13cf?dcPath=IDC_Test=LUN03-00

In Nova VCDriver, make snapshot will upload VM disk file to Glance image
server. But why different behaviour for the VM poweron and poweroff?

Hopes for your reply.
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev