Re: [Openstack-operators] security groups not working on one compute node

Hi Akshay, Please make sure the value /proc/sys/net/bridge/bridge-nf-call-iptables should be 1. 在 2016/1/12 8:00, Akshay Kumar Sanghai 写道: Hi, I am running a kilo openstack setup with 3 nodes, 1 controller and 2 compute. Suppose i have 2 VMs , vm1 on compute node1 and vm2 on compute node2 .

[Openstack-operators] OpenStack components and configuration options

Hello, I wonder if there is somewhere some precise information on which component a configuration option is for. I'll explain that. I want to separate components on several servers, a controller node, a network node, and compute nodes. Classic. I have nova-api one one node, nova-compute on

[Openstack-operators] How do you orchestrate external tools (private cloud) ?

Hello, I think it will be great to know how operators handle theses kind of orchestration : Add, remove instances and there properties in theses SI tools : - IPAM - CMDB - Monitoring - Backup I understand that this use case is certainly specific to private cloud, not public ones. I will be

Re: [Openstack-operators] How do you orchestrate external tools (private cloud) ?

Le 2016-01-12 11:01, Christian Berendt a écrit : On 01/12/2016 10:47 AM, gilles.mocel...@nuagelibre.org wrote: But I did not find any example where Heat can do these sort of thing. I think Heat is the wrong tool to directly orchestrate external services. Have you tried Mistral? It is a

Re: [Openstack-operators] security groups not working on one compute node

Hi yujie, I checked, it is 1 for both the compute nodes Thanks, Akshay On Tue, Jan 12, 2016 at 2:21 PM, yujie wrote: > Hi Akshay, > Please make sure the value /proc/sys/net/bridge/bridge-nf-call-iptables > should be 1. > > > 在 2016/1/12 8:00, Akshay Kumar Sanghai 写道: > >>

Re: [Openstack-operators] [neutron] Routing to tenant networks

On 01/12/2016 09:42 AM, Matt Kassawara wrote: > Sure, you can use 'neutron router-gateway-set --disable-snat > ' to disable NAT... just add routes where necessary. > > Seems like implementation of RFC 6598 would occur outside of neutron... > maybe on the service provider network between clouds?

Re: [Openstack-operators] [neutron] Routing to tenant networks

Sure, you can use 'neutron router-gateway-set --disable-snat ' to disable NAT... just add routes where necessary. Seems like implementation of RFC 6598 would occur outside of neutron... maybe on the service provider network between clouds? Perhaps someone from a service provider can provide more

Re: [Openstack-operators] security groups not working on one compute node

Hi Akshay, Could you provide the info of iptables (table=filter) before and after removing security group in both compute node? Besides please tell the ip and mac of the two vms. Thanks. Yu 在 2016/1/12 22:29, Akshay Kumar Sanghai 写道: Hi yujie, I checked, it is 1 for both the compute

Re: [Openstack-operators] OpenStack components and configuration options

On 1/12/2016 3:29 AM, gilles.mocel...@nuagelibre.org wrote: Hello, I wonder if there is somewhere some precise information on which component a configuration option is for. I'll explain that. I want to separate components on several servers, a controller node, a network node, and compute

[Openstack-operators] [neutron] Routing to tenant networks

Is there any condition under which a Neutron router will route packets from a provider network to a tenant network with destination address unmolested? E.g., non-RFC1918 addresses on the tenant network? Does Neutron know anything about RFC6598? Thanks, Mike