Hello everyone, I need some help in understanding the working process and how further I can contribute in solving this bug https://bugs.launchpad.net/trove/+bug/1324995 this is related to trove project. thanks in advance, Regards, Khushbu ParakhArya College Of Engineering and ITLinkedin: http://linkedin.com/in/khushbuparakhabout.me/khushbu.parakh
> From: openstack-requ...@lists.openstack.org > Subject: Openstack Digest, Vol 29, Issue 12 > To: openstack@lists.openstack.org > Date: Thu, 12 Nov 2015 12:00:04 +0000 > > Send Openstack mailing list submissions to > openstack@lists.openstack.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > or, via email, send a message with subject or body 'help' to > openstack-requ...@lists.openstack.org > > You can reach the person managing the list at > openstack-ow...@lists.openstack.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Openstack digest..." > > > Today's Topics: > > 1. Re: Keystone Fernet Token (Reza Bakhshayeshi) > 2. Re: Openstack Kilo Vxlan tunnel single NIC setup (Amir Huski?) > 3. Vxlan/gre port is not created in br-tun Kilo (Amir Huski?) > 4. Re: Openstack Kilo Vxlan tunnel single NIC setup > (Andreas Scheuring) > 5. Re: Vxlan/gre port is not created in br-tun Kilo > (Aleksei Stupnikov) > 6. Re: Openstack Kilo Vxlan tunnel single NIC setup (Amir Huski?) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 11 Nov 2015 22:36:45 +0330 > From: Reza Bakhshayeshi <reza.b2...@gmail.com> > To: Adam Young <ayo...@redhat.com> > Cc: openstack <openstack@lists.openstack.org> > Subject: Re: [Openstack] Keystone Fernet Token > Message-ID: > <CAMGoRG2Wnh=urtD5bz+38cnGV-8+jm3ZxCcL=xapohoxb9n...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Dear Adam, > > here is the audit.log content: > > type=AVC msg=audit(1447271600.161:353): avc: denied { write } for > pid=4616 comm="httpd" name="fernet-keys" dev="dm-1" ino=1706000 > scontext=system_u:system_r:httpd_t:s0 > tcontext=unconfined_u:object_r:etc_t:s0 tclass=dir > type=SYSCALL msg=audit(1447271600.161:353): arch=c000003e syscall=21 > success=no exit=-13 a0=7f2ebf240b10 a1=2 a2=7f2ed1d1af88 a3=0 items=0 > ppid=2714 pid=4616 auid=4294967295 uid=163 gid=163 euid=163 suid=163 > fsuid=163 egid=163 sgid=163 fsgid=163 tty=(none) ses=4294967295 > comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 > key=(null) > type=AVC msg=audit(1447271602.313:354): avc: denied { write } for > pid=4648 comm="httpd" name="fernet-keys" dev="dm-1" ino=1706000 > scontext=system_u:system_r:httpd_t:s0 > tcontext=unconfined_u:object_r:etc_t:s0 tclass=dir > type=SYSCALL msg=audit(1447271602.313:354): arch=c000003e syscall=21 > success=no exit=-13 a0=7f2ebf60a4c0 a1=2 a2=7f2ed1d1af88 a3=0 items=0 > ppid=2714 pid=4648 auid=4294967295 uid=163 gid=163 euid=163 suid=163 > fsuid=163 egid=163 sgid=163 fsgid=163 tty=(none) ses=4294967295 > comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 > key=(null) > > > On 9 November 2015 at 18:22, Adam Young <ayo...@redhat.com> wrote: > > > On 11/07/2015 01:08 PM, Reza Bakhshayeshi wrote: > > > > Thanks all, specially Rahul, > > I solved the problem temporarily by disabling selinux. > > > > > > What did you have for an AVC? It sounds like the issue was The Keystone > > WSGI process reading the Keys file? Can you post the relevant sections > > from the audit log? > > > > > > > > On 3 November 2015 at 07:43, ??? <zhan...@awcloud.com> wrote: > > > >> Maybe, you should do like follows: > >> > >> chown -R keystone:keystone /etc/keystone > >> > >> Then, restart the keystone service: > >> > >> systemctl restart openstack-keystone > >> > >> > >> > >> > >> > >> ------------------ > >> Best Regards > >> > >> ZhangJialong > >> > >> > >> > >> ------------------ Original ------------------ > >> *From: * "Adam Young"< <ayo...@redhat.com>ayo...@redhat.com>; > >> *Date: * Tue, Nov 3, 2015 11:01 AM > >> *To: * "openstack"< <openstack@lists.openstack.org> > >> openstack@lists.openstack.org>; > >> *Subject: * Re: [Openstack] Keystone Fernet Token > >> > >> On 10/28/2015 02:23 PM, Reza Bakhshayeshi wrote: > >> > >> Hi all, > >> > >> I'm going to use fernet token on OpenStack Kilo (only Keystone service is > >> installed), > >> I've configured keystone.conf like: > >> > >> [token] > >> provider = keystone.token.providers.fernet.Provider > >> > >> when I'm running: > >> keystone-manage fernet_setup --keystone-user keystone --keystone-group > >> keystone > >> > >> keys creating successfully in /etc/keystone/fernet-keys directory. > >> But when I'm going to creating a token I receive the following error, > >> here is the complete log: > >> > >> 2015-10-28 21:22:14.680 65218 INFO keystone.common.wsgi [-] GET /? > >> 2015-10-28 23:50:25.343 9377 INFO keystone.token.providers.fernet.utils > >> [-] [fernet_tokens] key_repository does not appear to exist; attempting to > >> create it > >> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils > >> [-] Created a new key: /etc/keystone/fernet-keys/0 > >> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils > >> [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0'] > >> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils > >> [-] Current primary key is: 0 > >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils > >> [-] Next primary key will be: 1 > >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils > >> [-] Promoted key 0 to be the primary: 1 > >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils > >> [-] Created a new key: /etc/keystone/fernet-keys/0 > >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils > >> [-] Excess keys to purge: [] > >> 2015-10-28 23:50:52.632 8059 INFO keystone.common.wsgi [-] POST /tokens? > >> 2015-10-28 23:50:52.889 8059 ERROR keystone.token.providers.fernet.utils > >> [-] Either [fernet_tokens] key_repository does not exist or Keystone does > >> not have sufficient permission to access it: /etc/keystone/fernet-keys/ > >> 2015-10-28 23:50:52.890 8059 WARNING keystone.common.wsgi [-] No > >> encryption keys found; run keystone-manage fernet_setup to bootstrap one. > >> > >> while the permissions seem to be correct: > >> > >> # ls -lah /etc/keystone/ > >> total 104K > >> drwxr-x---. 3 root keystone 4.0K Oct 28 23:50 . > >> drwxr-xr-x. 143 root root 12K Oct 28 12:56 .. > >> -rw-r-----. 1 root keystone 1.5K Jul 29 00:21 > >> default_catalog.templates > >> drwx------. 2 keystone keystone 4.0K Oct 28 23:50 fernet-keys > >> -rw-r-----. 1 root keystone 57K Oct 28 23:48 keystone.conf > >> -rw-r-----. 1 root keystone 1.1K Jul 29 00:21 logging.conf > >> -rw-r-----. 1 keystone keystone 8.6K Jul 29 00:21 policy.json > >> -rw-r-----. 1 keystone keystone 665 Jul 29 00:21 > >> sso_callback_template.html > >> > >> What am I missing? > >> > >> > >> No idea. When I get into these situations, I use rpdb; > >> > >> http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/ > >> > >> > >> Is there anything in /etc/keystone/fernet-keys ? > >> > >> > >> > >> > >> > >> _______________________________________________ > >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> Post to : openstack@lists.openstack.org > >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> > >> > >> > >> _______________________________________________ > >> Mailing list: > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> Post to : openstack@lists.openstack.org > >> Unsubscribe : > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >> > >> > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20151111/daf8f2e3/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Thu, 12 Nov 2015 09:36:13 +0100 > From: Amir Huski? <amir.hus...@gmail.com> > To: Akash Gunjal <akgun...@in.ibm.com> > Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org> > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup > Message-ID: > <CAFSgVcyv+=utk-bdqryre-lctxb3abeazvpzya6ygp4mz90...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Thank you all for suggestions and sorry for late answer. Now I have PC with > two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre tunnel > interface. Br-ex is working fine and also I can ping and access VM using > floating IP. But still facing issue with vxlan/gre tunnels. Vxlan/gre port > is not created on br-tun. > > As I already wrote I'm trying to enable L2 connectivity between VMs running > on single node Openstack Kilo instalation (Devstack) and external Linux > host using vxlan/gre tunnel. Since there are now two NICs I'll open new > thread. > > Regards, > Amir > > On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgun...@in.ibm.com> wrote: > > > Hi Amir, > > > > One point to check is the security rules set in your controller. Check if > > you have set the ingress/egress rules set for ICMP protocol (ping) which > > will otherwise block traffic from external hosts to the tenant VM. > > > > Regards, > > Akash > > > > [image: Inactive hide details for yatin kumbhare ---10/19/2015 03:56:22 > > PM---Hi Amir, Not quite sure, as I haven't tried such a thing.]yatin > > kumbhare ---10/19/2015 03:56:22 PM---Hi Amir, Not quite sure, as I haven't > > tried such a thing. > > > > From: yatin kumbhare <yatinkumbh...@gmail.com> > > To: Amir Huski? <amir.hus...@gmail.com> > > Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org> > > Date: 10/19/2015 03:56 PM > > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup > > ------------------------------ > > > > > > > > Hi Amir, > > > > Not quite sure, as I haven't tried such a thing. > > > > but IMHO, you might require l2-gateway. > > > > Kind of this: *https://www.youtube.com/watch?v=74Wfr4myf5k* > > <https://www.youtube.com/watch?v=74Wfr4myf5k> > > > > Regards, > > Yatin > > > > On Mon, Oct 19, 2015 at 4:35 AM, Amir Huski? <*amir.hus...@gmail.com* > > <amir.hus...@gmail.com>> wrote: > > > > Hello James, > > > > I use underscores in ml2 config file as You suggested. Also made some > > changes in config file. Here is available: > > *https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0* > > <https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0> > > > > Summary: > > - can ping from OS host to external gw and external linux host > > - can ping from tenant VM to external gw and external linux host > > - can't ping OS host and tenant VM floating IP from external linux host > > - tcpdump on br-ex and eth0 interface is showing arp request during > > ping request from linux external host using vxlan segment > > > > For additional info please check info from CLI screen here: > > *https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0* > > <https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0> > > > > Accidently I deleted symbolic link in log files pointing to agent log. > > Unfortunately I don't know how to create it again with proper > > permissions. > > I tried with chmod and chown using reference command but without much > > success. > > > > lrwxrwxrwx 1 amir amir 43 Sep 19 15:26 screen-n-sch.log -> > > /opt/stack/logs/n-sch.log.2015-09-19-150746 > > * -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00 screen-q-agt.log* > > lrwxrwxrwx 1 amir amir 44 Sep 19 15:25 screen-q-dhcp.log -> > > /opt/stack/logs/q-dhcp.log.2015-09-19-150746 > > > > > > Thank you for your help and time. > > > > Kind regards, > > Amir > > > > > > On Wed, Oct 14, 2015 at 4:06 PM, James Denton < > > *james.den...@rackspace.com* <james.den...@rackspace.com>> wrote: > > Hi Amir, > > > > A couple of recommendations: > > > > - Your vxlan_group setting has an extra dot at the end that may be > > causing issues: > > [ml2_type_vxlan] > > vxlan_group = 239.0.0.0. > > - Your [OVS] block has some incorrect options. Use underscores rather > > than spaces: > > [ovs] > > bridge_mappings = public:br-ex > > local_ip = 192.168.100.100 > > vxlan_udp_port = 8472 > > tunnel type = vxlan > > tunnel id ranges = 1001:2000 > > tenant network type = vxlan > > enable tunneling = true > > - Same goes for [agent] as well: > > [agent] > > tunnel_types = vxlan > > root_helper_daemon = sudo /usr/local/bin/neutron-rootwrap-daemon > > /etc/neutron/rootwrap.conf > > root_helper = sudo /usr/local/bin/neutron-rootwrap > > /etc/neutron/rootwrap.conf > > #tunnel_types = vxlan > > vxlan_udp_port = 8472 > > l2 population = false > > Start by correcting those issues and restart the OVS agents across > > your hosts. The agent log may be of help here as well. > > > > James > > On Oct 14, 2015, at 2:38 AM, Amir Huski? <*amir.hus...@gmail.com* > > <amir.hus...@gmail.com>> wrote: > > > > Hello, > > > > there is also my ml2_conf.ini file: > > *https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini* > > <https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini> > > > > Could problem be related to single NIC installation? Is it > > possible to have same interface for bridge mappings and also for > > tunnel > > bridge? Example below: > > > > bridge_mappings = public:br-ex > > integration bridge = br-int > > tunnel bridge = br-ex > > > > Thank you. > > Regards, > > Amir > > > > > > On Mon, Oct 12, 2015 at 3:53 PM, Amir Huski? < > > *amir.hus...@gmail.com* <amir.hus...@gmail.com>> wrote: > > Hi all, > > > > I'm trying to setup up Openstack test lab. > > > > I deployed Openstack Kilo (Devstack) on PC running Ubuntu LTS > > 14.02 with single NIC. > > Tenants are isolated with vxlan networks. I can ping from VMs > > to external network PCs, SSH login from external PCs to tenants > > VMs > > floating IP address, etc. > > > > I would like also to connect tenant VMs to external network > > physical Linux host using vxlan tunnel and have L2 connectivity > > between VM > > and physical Linux host over L3 network. > > > > Vxlan interface on Linux physical host is up and running. > > When I am trying to ping from Linux physical host to Openstack > > VM (not > > floating IP) using same subnet L2 address (example ping from > > 192.168.10.10 > > to 192.168.10.11) UDP packets on port 8472 are coming to > > Openstack br-ex > > interface with ARP request. > > > > Problem is that I can't setup vxlan tunnel on Openstack. > > Command "sudo ovs-vsctl show" doesn't show any vxlan tunnels. > > Also when I try to ping from VM to Linux host using L2 IP > > address (ping from 192.168.10.11 to 192.168.10.10) tcpdump on > > br-ex doesn't > > show anything. > > > > My ml2_conf.ini files is configured following this guide: > > *http://www.opencloudblog.com/?p=300* > > <http://www.opencloudblog.com/?p=300> > > > > Thanks in advance for your help, > > > > Regards, > > Amir > > > > _______________________________________________ > > Mailing list: > > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack* > > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> > > Post to : *openstack@lists.openstack.org* > > <openstack@lists.openstack.org> > > Unsubscribe : > > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack* > > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> > > > > > > > > _______________________________________________ > > Mailing list: > > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack* > > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> > > Post to : *openstack@lists.openstack.org* > > <openstack@lists.openstack.org> > > Unsubscribe : > > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack* > > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> > > > > _______________________________________________ > > Mailing list: > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack@lists.openstack.org > > Unsubscribe : > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20151112/1ae61847/attachment-0001.html> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: ecblank.gif > Type: image/gif > Size: 45 bytes > Desc: not available > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20151112/1ae61847/attachment-0002.gif> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: graycol.gif > Type: image/gif > Size: 105 bytes > Desc: not available > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20151112/1ae61847/attachment-0003.gif> > > ------------------------------ > > Message: 3 > Date: Thu, 12 Nov 2015 10:00:12 +0100 > From: Amir Huski? <amir.hus...@gmail.com> > To: Openstack <openstack@lists.openstack.org> > Subject: [Openstack] Vxlan/gre port is not created in br-tun Kilo > Message-ID: > <CAFSgVcxtympHKoP7RxN5uz=ww6f7+5tfvi_h0xcs30ad-hx...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hello, > > vxlan/gre port is not created in br-tun Kilo. I'm using PC with two NICs, > running Ubuntu 14.04 LTS and Devstack skript for Kilo installation (single > node setup). > > My goal is to enable L2 connectivity between VMs (vxlan/gre network) on > Kilo and external Linux host. > Eth0 is used for br-ex and LAN connectivity. That part is fine. I can ping > and ssh to VMs using their floating IP. > Eth1 should be used for vxlan/gre tunnel connection between Kilo node and > Linux external node that have vxlan/gre interfaces. > > eth0: 192.168.123.1 > eth1: 192.168.100.254 > VMs internal: 192.168.10.x > Linux external host vxlan/gre tunnel: 192.168.10.10, eth0 192.168.50.10 > > amir@openstack:~/devstack$ sudo ovs-vsctl show > c2020516-3b76-4b8c-8fa6-110fcb4fd5e3 > Bridge br-tun > fail_mode: secure > Port patch-int > Interface patch-int > type: patch > options: {peer=patch-tun} > Port br-tun > Interface br-tun > type: internal > Bridge br-int > fail_mode: secure > > When I try to ping from VMs to external Linux host using L2 network segment > (192.168.10.5 -> 192.168.10.10) I can see using tcpdump that packets are > coming only to br-int. When I try to ping from Linux external host to VMs > using L2 network segment (192.168.10.10 -> 192.168.10.5) ping packets are > coming to eth1 but not also to br-tun. > > I can add vxlan/gre port to OVS manually but nothing change and also tried > with vxlan and gre but result is the same. > > Here are my configuration files and CLI output (ifconfig, ip a, OVS > bridges/ports status, etc): > https://dl.dropboxusercontent.com/u/4298410/Openstack_vxlan.zip > > What I'm doing wrong? > > Thank you. > Regards, > Amir > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20151112/4bab2926/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Thu, 12 Nov 2015 10:17:32 +0100 > From: Andreas Scheuring <scheu...@linux.vnet.ibm.com> > To: Amir Huski? <amir.hus...@gmail.com> > Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org> > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup > Message-ID: <1447319852.3078.9.camel@scheuran-ThinkPad-W530> > Content-Type: text/plain; charset="UTF-8" > > What you see is the expected behavior. A Tun (vxlan/gre) port is created > for each other Node (that runs the neutron-openvswitch-agent) in your > Openstack Cluster. So if you have a single node - no other Openstack > node - no tun port. > > It's not a use case that an external (non Openstack managed System) Node > is participating in your Openstack internal tunnel network. > > The current ovs implementation knows exactly which vm is reachable via > which mac on which other hypervisor via which tunnel port. All these > logic is implemented via openflow rules, which steer the traffic to the > correct tun device. Traffic that does not match those rules, will be > dropped (I guess). > > You can only achieve this with an external vxlan network. I personally > haven't tried this so far creating it with Openstack. But for a prove of > concept you could create the tun port on your own on br-ex (instead of > plugging your interface into br-ex). > > Hope this helps. > > > > -- > Andreas > (IRC: scheuran) > > > > On Do, 2015-11-12 at 09:36 +0100, Amir Huski? wrote: > > Thank you all for suggestions and sorry for late answer. Now I have PC > > with two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre > > tunnel interface. Br-ex is working fine and also I can ping and access > > VM using floating IP. But still facing issue with vxlan/gre tunnels. > > Vxlan/gre port is not created on br-tun. > > > > > > As I already wrote I'm trying to enable L2 connectivity between VMs > > running on single node Openstack Kilo instalation (Devstack) and > > external Linux host using vxlan/gre tunnel. Since there are now two > > NICs I'll open new thread. > > > > > > Regards, > > Amir > > > > On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgun...@in.ibm.com> > > wrote: > > Hi Amir, > > > > One point to check is the security rules set in your > > controller. Check if you have set the ingress/egress rules set > > for ICMP protocol (ping) which will otherwise block traffic > > from external hosts to the tenant VM. > > > > Regards, > > Akash > > > > Inactive hide details for yatin kumbhare ---10/19/2015 > > 03:56:22 PM---Hi Amir, Not quite sure, as I haven't tried such > > a thing.yatin kumbhare ---10/19/2015 03:56:22 PM---Hi Amir, > > Not quite sure, as I haven't tried such a thing. > > > > From: yatin kumbhare <yatinkumbh...@gmail.com> > > To: Amir Huski? <amir.hus...@gmail.com> > > Cc: "openstack@lists.openstack.org" > > <openstack@lists.openstack.org> > > Date: 10/19/2015 03:56 PM > > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single > > NIC setup > > > > > > > > ______________________________________________________________ > > > > > > > > Hi Amir, > > > > Not quite sure, as I haven't tried such a thing. > > > > but IMHO, you might require l2-gateway. > > > > Kind of this: https://www.youtube.com/watch?v=74Wfr4myf5k > > > > Regards, > > Yatin > > > > On Mon, Oct 19, 2015 at 4:35 AM, Amir Huski? > > <amir.hus...@gmail.com> wrote: > > Hello James, > > > > I use underscores in ml2 config file as You suggested. > > Also made some changes in config file. Here is > > available: > > https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0 > > > > Summary: > > - can ping from OS host to external gw and external > > linux host > > - can ping from tenant VM to external gw and external > > linux host > > - can't ping OS host and tenant VM floating IP from > > external linux host > > - tcpdump on br-ex and eth0 interface is showing arp > > request during ping request from linux external host > > using vxlan segment > > > > For additional info please check info from CLI screen > > here: > > https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0 > > > > Accidently I deleted symbolic link in log files > > pointing to agent log. Unfortunately I don't know how > > to create it again with proper permissions. I tried > > with chmod and chown using reference command but > > without much success. > > > > lrwxrwxrwx 1 amir amir 43 Sep 19 15:26 > > screen-n-sch.log > > -> /opt/stack/logs/n-sch.log.2015-09-19-150746 > > -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00 > > screen-q-agt.log > > lrwxrwxrwx 1 amir amir 44 Sep 19 15:25 > > screen-q-dhcp.log > > -> /opt/stack/logs/q-dhcp.log.2015-09-19-150746 > > > > > > Thank you for your help and time. > > > > Kind regards, > > Amir > > > > On Wed, Oct 14, 2015 at 4:06 PM, James Denton > > <james.den...@rackspace.com> wrote: > > Hi Amir, > > > > A couple of recommendations: > > > > - Your vxlan_group setting has an extra dot at the end > > that may be causing issues: > > [ml2_type_vxlan] > > vxlan_group = 239.0.0.0. > > - Your [OVS] block has some incorrect options. Use > > underscores rather than spaces: > > [ovs] > > bridge_mappings = public:br-ex > > local_ip = 192.168.100.100 > > vxlan_udp_port = 8472 > > tunnel type = vxlan > > tunnel id ranges = 1001:2000 > > tenant network type = vxlan > > enable tunneling = true > > - Same goes for [agent] as well: > > [agent] > > tunnel_types = vxlan > > root_helper_daemon = > > sudo /usr/local/bin/neutron-rootwrap-daemon > > /etc/neutron/rootwrap.conf > > root_helper = > > sudo /usr/local/bin/neutron-rootwrap > > /etc/neutron/rootwrap.conf > > #tunnel_types = vxlan > > vxlan_udp_port = 8472 > > l2 population = false > > Start by correcting those issues and restart the OVS > > agents across your hosts. The agent log may be of help > > here as well. > > > > James > > On Oct 14, 2015, at 2:38 AM, Amir > > Huski? <amir.hus...@gmail.com> wrote: > > > > Hello, > > > > there is also my ml2_conf.ini > > file: > > https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini > > > > Could problem be related to single NIC > > installation? Is it possible to have > > same interface for bridge mappings and > > also for tunnel bridge? Example below: > > > > bridge_mappings = public:br-ex > > integration bridge = br-int > > tunnel bridge = br-ex > > > > Thank you. > > Regards, > > Amir > > > > > > On Mon, Oct 12, 2015 at 3:53 PM, Amir > > Huski? <amir.hus...@gmail.com> wrote: > > Hi all, > > > > I'm trying to setup up > > Openstack test lab. > > > > I deployed Openstack Kilo > > (Devstack) on PC running > > Ubuntu LTS 14.02 with single > > NIC. > > Tenants are isolated with > > vxlan networks. I can ping > > from VMs to external network > > PCs, SSH login from external > > PCs to tenants VMs floating IP > > address, etc. > > > > I would like also to connect > > tenant VMs to external network > > physical Linux host using > > vxlan tunnel and have L2 > > connectivity between VM and > > physical Linux host over L3 > > network. > > > > Vxlan interface on Linux > > physical host is up and > > running. When I am trying to > > ping from Linux physical host > > to Openstack VM (not floating > > IP) using same subnet L2 > > address (example ping from > > 192.168.10.10 to > > 192.168.10.11) UDP packets on > > port 8472 are coming to > > Openstack br-ex interface with > > ARP request. > > > > Problem is that I can't setup > > vxlan tunnel on Openstack. > > Command "sudo ovs-vsctl show" > > doesn't show any vxlan > > tunnels. > > Also when I try to ping from > > VM to Linux host using L2 IP > > address (ping from > > 192.168.10.11 to > > 192.168.10.10) tcpdump on > > br-ex doesn't show anything. > > > > My ml2_conf.ini files is > > configured following this > > guide: > > http://www.opencloudblog.com/?p=300 > > > > Thanks in advance for your > > help, > > > > Regards, > > Amir > > > > > > _______________________________________________ > > Mailing list: > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : > > openstack@lists.openstack.org > > Unsubscribe : > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > > > > _______________________________________________ > > Mailing list: > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack@lists.openstack.org > > Unsubscribe : > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > _______________________________________________ > > Mailing list: > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack@lists.openstack.org > > Unsubscribe : > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > > > > > > > > > > _______________________________________________ > > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack@lists.openstack.org > > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > ------------------------------ > > Message: 5 > Date: Thu, 12 Nov 2015 12:30:45 +0300 > From: Aleksei Stupnikov <astupni...@mirantis.com> > To: Amir Huski? <amir.hus...@gmail.com> > Cc: Openstack <openstack@lists.openstack.org> > Subject: Re: [Openstack] Vxlan/gre port is not created in br-tun Kilo > Message-ID: > <ca+gpt_lk-jwfrbdlpbv91uck7numh8lkgn__tgsgvmoypa2...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hello, Amir. > > I have had exactly the same problem some time ago. Please see a description > and possible solution at > https://ask.openstack.org/en/question/68671/centos7-rdo-vxlan-tcp-segment-losses/ > (you should check statistics at L2 and L3 interfaces using ethtool -S and > ip -s commands before applying proposed WA). > > BR, Alexey Stupnikov. > > On Thu, Nov 12, 2015 at 12:00 PM, Amir Huski? <amir.hus...@gmail.com> wrote: > > > Hello, > > > > vxlan/gre port is not created in br-tun Kilo. I'm using PC with two NICs, > > running Ubuntu 14.04 LTS and Devstack skript for Kilo installation (single > > node setup). > > > > My goal is to enable L2 connectivity between VMs (vxlan/gre network) on > > Kilo and external Linux host. > > Eth0 is used for br-ex and LAN connectivity. That part is fine. I can ping > > and ssh to VMs using their floating IP. > > Eth1 should be used for vxlan/gre tunnel connection between Kilo node and > > Linux external node that have vxlan/gre interfaces. > > > > eth0: 192.168.123.1 > > eth1: 192.168.100.254 > > VMs internal: 192.168.10.x > > Linux external host vxlan/gre tunnel: 192.168.10.10, eth0 192.168.50.10 > > > > amir@openstack:~/devstack$ sudo ovs-vsctl show > > c2020516-3b76-4b8c-8fa6-110fcb4fd5e3 > > Bridge br-tun > > fail_mode: secure > > Port patch-int > > Interface patch-int > > type: patch > > options: {peer=patch-tun} > > Port br-tun > > Interface br-tun > > type: internal > > Bridge br-int > > fail_mode: secure > > > > When I try to ping from VMs to external Linux host using L2 network > > segment (192.168.10.5 -> 192.168.10.10) I can see using tcpdump that > > packets are coming only to br-int. When I try to ping from Linux external > > host to VMs using L2 network segment (192.168.10.10 -> 192.168.10.5) ping > > packets are coming to eth1 but not also to br-tun. > > > > I can add vxlan/gre port to OVS manually but nothing change and also tried > > with vxlan and gre but result is the same. > > > > Here are my configuration files and CLI output (ifconfig, ip a, OVS > > bridges/ports status, etc): > > https://dl.dropboxusercontent.com/u/4298410/Openstack_vxlan.zip > > > > What I'm doing wrong? > > > > Thank you. > > Regards, > > Amir > > > > > > _______________________________________________ > > Mailing list: > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack@lists.openstack.org > > Unsubscribe : > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > > > -- > BR, Alexey Stupnikov. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20151112/de10e15f/attachment-0001.html> > > ------------------------------ > > Message: 6 > Date: Thu, 12 Nov 2015 12:57:23 +0100 > From: Amir Huski? <amir.hus...@gmail.com> > To: Andreas Scheuring <scheu...@linux.vnet.ibm.com> > Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org> > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup > Message-ID: > <CAFSgVczx=_Q5Wy1yn2T89JfffH14JeRQ9MPFBMNFU2cG+qQC=g...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Thank you Andreas. I'll try it. I've opened new thread with additional info > (here: > http://lists.openstack.org/pipermail/openstack/2015-November/014564.html) > and subject: Vxlan/gre port is not created in br-tun Kilo. There are also > config files. > > Regards, > Amir > > On Thu, Nov 12, 2015 at 10:17 AM, Andreas Scheuring < > scheu...@linux.vnet.ibm.com> wrote: > > > What you see is the expected behavior. A Tun (vxlan/gre) port is created > > for each other Node (that runs the neutron-openvswitch-agent) in your > > Openstack Cluster. So if you have a single node - no other Openstack > > node - no tun port. > > > > It's not a use case that an external (non Openstack managed System) Node > > is participating in your Openstack internal tunnel network. > > > > The current ovs implementation knows exactly which vm is reachable via > > which mac on which other hypervisor via which tunnel port. All these > > logic is implemented via openflow rules, which steer the traffic to the > > correct tun device. Traffic that does not match those rules, will be > > dropped (I guess). > > > > You can only achieve this with an external vxlan network. I personally > > haven't tried this so far creating it with Openstack. But for a prove of > > concept you could create the tun port on your own on br-ex (instead of > > plugging your interface into br-ex). > > > > Hope this helps. > > > > > > > > -- > > Andreas > > (IRC: scheuran) > > > > > > > > On Do, 2015-11-12 at 09:36 +0100, Amir Huski? wrote: > > > Thank you all for suggestions and sorry for late answer. Now I have PC > > > with two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre > > > tunnel interface. Br-ex is working fine and also I can ping and access > > > VM using floating IP. But still facing issue with vxlan/gre tunnels. > > > Vxlan/gre port is not created on br-tun. > > > > > > > > > As I already wrote I'm trying to enable L2 connectivity between VMs > > > running on single node Openstack Kilo instalation (Devstack) and > > > external Linux host using vxlan/gre tunnel. Since there are now two > > > NICs I'll open new thread. > > > > > > > > > Regards, > > > Amir > > > > > > On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgun...@in.ibm.com> > > > wrote: > > > Hi Amir, > > > > > > One point to check is the security rules set in your > > > controller. Check if you have set the ingress/egress rules set > > > for ICMP protocol (ping) which will otherwise block traffic > > > from external hosts to the tenant VM. > > > > > > Regards, > > > Akash > > > > > > Inactive hide details for yatin kumbhare ---10/19/2015 > > > 03:56:22 PM---Hi Amir, Not quite sure, as I haven't tried such > > > a thing.yatin kumbhare ---10/19/2015 03:56:22 PM---Hi Amir, > > > Not quite sure, as I haven't tried such a thing. > > > > > > From: yatin kumbhare <yatinkumbh...@gmail.com> > > > To: Amir Huski? <amir.hus...@gmail.com> > > > Cc: "openstack@lists.openstack.org" > > > <openstack@lists.openstack.org> > > > Date: 10/19/2015 03:56 PM > > > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single > > > NIC setup > > > > > > > > > > > > ______________________________________________________________ > > > > > > > > > > > > Hi Amir, > > > > > > Not quite sure, as I haven't tried such a thing. > > > > > > but IMHO, you might require l2-gateway. > > > > > > Kind of this: https://www.youtube.com/watch?v=74Wfr4myf5k > > > > > > Regards, > > > Yatin > > > > > > On Mon, Oct 19, 2015 at 4:35 AM, Amir Huski? > > > <amir.hus...@gmail.com> wrote: > > > Hello James, > > > > > > I use underscores in ml2 config file as You suggested. > > > Also made some changes in config file. Here is > > > available: > > > > > https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0 > > > > > > Summary: > > > - can ping from OS host to external gw and external > > > linux host > > > - can ping from tenant VM to external gw and external > > > linux host > > > - can't ping OS host and tenant VM floating IP from > > > external linux host > > > - tcpdump on br-ex and eth0 interface is showing arp > > > request during ping request from linux external host > > > using vxlan segment > > > > > > For additional info please check info from CLI screen > > > here: > > > > > https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0 > > > > > > Accidently I deleted symbolic link in log files > > > pointing to agent log. Unfortunately I don't know how > > > to create it again with proper permissions. I tried > > > with chmod and chown using reference command but > > > without much success. > > > > > > lrwxrwxrwx 1 amir amir 43 Sep 19 15:26 > > > screen-n-sch.log > > > -> /opt/stack/logs/n-sch.log.2015-09-19-150746 > > > -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00 > > > screen-q-agt.log > > > lrwxrwxrwx 1 amir amir 44 Sep 19 15:25 > > > screen-q-dhcp.log > > > -> /opt/stack/logs/q-dhcp.log.2015-09-19-150746 > > > > > > > > > Thank you for your help and time. > > > > > > Kind regards, > > > Amir > > > > > > On Wed, Oct 14, 2015 at 4:06 PM, James Denton > > > <james.den...@rackspace.com> wrote: > > > Hi Amir, > > > > > > A couple of recommendations: > > > > > > - Your vxlan_group setting has an extra dot at the end > > > that may be causing issues: > > > [ml2_type_vxlan] > > > vxlan_group = 239.0.0.0. > > > - Your [OVS] block has some incorrect options. Use > > > underscores rather than spaces: > > > [ovs] > > > bridge_mappings = public:br-ex > > > local_ip = 192.168.100.100 > > > vxlan_udp_port = 8472 > > > tunnel type = vxlan > > > tunnel id ranges = 1001:2000 > > > tenant network type = vxlan > > > enable tunneling = true > > > - Same goes for [agent] as well: > > > [agent] > > > tunnel_types = vxlan > > > root_helper_daemon = > > > sudo /usr/local/bin/neutron-rootwrap-daemon > > /etc/neutron/rootwrap.conf > > > root_helper = > > > sudo /usr/local/bin/neutron-rootwrap > > /etc/neutron/rootwrap.conf > > > #tunnel_types = vxlan > > > vxlan_udp_port = 8472 > > > l2 population = false > > > Start by correcting those issues and restart the OVS > > > agents across your hosts. The agent log may be of help > > > here as well. > > > > > > James > > > On Oct 14, 2015, at 2:38 AM, Amir > > > Huski? <amir.hus...@gmail.com> wrote: > > > > > > Hello, > > > > > > there is also my ml2_conf.ini > > > file: > > https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini > > > > > > Could problem be related to single NIC > > > installation? Is it possible to have > > > same interface for bridge mappings and > > > also for tunnel bridge? Example below: > > > > > > bridge_mappings = public:br-ex > > > integration bridge = br-int > > > tunnel bridge = br-ex > > > > > > Thank you. > > > Regards, > > > Amir > > > > > > > > > On Mon, Oct 12, 2015 at 3:53 PM, Amir > > > Huski? <amir.hus...@gmail.com> wrote: > > > Hi all, > > > > > > I'm trying to setup up > > > Openstack test lab. > > > > > > I deployed Openstack Kilo > > > (Devstack) on PC running > > > Ubuntu LTS 14.02 with single > > > NIC. > > > Tenants are isolated with > > > vxlan networks. I can ping > > > from VMs to external network > > > PCs, SSH login from external > > > PCs to tenants VMs floating IP > > > address, etc. > > > > > > I would like also to connect > > > tenant VMs to external network > > > physical Linux host using > > > vxlan tunnel and have L2 > > > connectivity between VM and > > > physical Linux host over L3 > > > network. > > > > > > Vxlan interface on Linux > > > physical host is up and > > > running. When I am trying to > > > ping from Linux physical host > > > to Openstack VM (not floating > > > IP) using same subnet L2 > > > address (example ping from > > > 192.168.10.10 to > > > 192.168.10.11) UDP packets on > > > port 8472 are coming to > > > Openstack br-ex interface with > > > ARP request. > > > > > > Problem is that I can't setup > > > vxlan tunnel on Openstack. > > > Command "sudo ovs-vsctl show" > > > doesn't show any vxlan > > > tunnels. > > > Also when I try to ping from > > > VM to Linux host using L2 IP > > > address (ping from > > > 192.168.10.11 to > > > 192.168.10.10) tcpdump on > > > br-ex doesn't show anything. > > > > > > My ml2_conf.ini files is > > > configured following this > > > guide: > > > > > http://www.opencloudblog.com/?p=300 > > > > > > Thanks in advance for your > > > help, > > > > > > Regards, > > > Amir > > > > > > > > _______________________________________________ > > > Mailing list: > > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > Post to : > > > openstack@lists.openstack.org > > > Unsubscribe : > > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > > > > > > > > _______________________________________________ > > > Mailing list: > > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > Post to : openstack@lists.openstack.org > > > Unsubscribe : > > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > _______________________________________________ > > > Mailing list: > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > Post to : openstack@lists.openstack.org > > > Unsubscribe : > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Mailing list: > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > Post to : openstack@lists.openstack.org > > > Unsubscribe : > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.openstack.org/pipermail/openstack/attachments/20151112/f3d59fb6/attachment-0001.html> > > ------------------------------ > > _______________________________________________ > Openstack mailing list > openstack@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > End of Openstack Digest, Vol 29, Issue 12 > *****************************************
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack