Re: [Openstack] non public glance image can seen by all tenant
Great, Thanks Jeremy for pointing me in the right direction On Fri, Oct 26, 2018 at 8:26 PM Jeremy Stanley wrote: > On 2018-10-26 11:29:27 +0700 (+0700), Adhi Priharmanto wrote: > > I have setup rocky release at my openstack lab, now all of tenant > > (user) can see non-public glance image create by another tenant > > (user) > [...] > > This sounds very similar to https://launchpad.net/bugs/1799588 which > the Glance team has been asked to look into. See also the rather > lengthy troubleshooting discussion on the Operators ML starting > here: > > > http://lists.openstack.org/pipermail/openstack-operators/2018-October/016039.html > > -- > Jeremy Stanley > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] non public glance image can seen by all tenant
Hi, I have setup rocky release at my openstack lab, now all of tenant (user) can see non-public glance image create by another tenant (user) here is my glance policy.json : > { > "context_is_admin": "role:admin", > "default": "role:admin", > "add_image": "", > "delete_image": "", > "get_image": "", > "get_images": "", > "modify_image": "", > "publicize_image": "role:admin", > "communitize_image": "", > "copy_from": "", > "download_image": "", > "upload_image": "", > "delete_image_location": "", > "get_image_location": "", > "set_image_location": "", > "add_member": "", > "delete_member": "", > "get_member": "", > "get_members": "", > "modify_member": "", > "manage_image_cache": "role:admin", > "get_task": "", > "get_tasks": "", > "add_task": "", > "modify_task": "", > "tasks_api_access": "role:admin", > "deactivate": "", > "reactivate": "", > "get_metadef_namespace": "", > "get_metadef_namespaces":"", > "modify_metadef_namespace":"", > "add_metadef_namespace":"", > "get_metadef_object":"", > "get_metadef_objects":"", > "modify_metadef_object":"", > "add_metadef_object":"", > "list_metadef_resource_types":"", > "get_metadef_resource_type":"", > "add_metadef_resource_type_association":"", > "get_metadef_property":"", > "get_metadef_properties":"", > "modify_metadef_property":"", > "add_metadef_property":"", > "get_metadef_tag":"", > "get_metadef_tags":"", > "modify_metadef_tag":"", > "add_metadef_tag":"", > "add_metadef_tags":"" > } any advice how to fix this ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [nova][ceph] Libvirt Error when add ceph as nova backend
Hi, This is my ceph node ( using single node ceph) for test only > [cephdeploy@ceph2 ~]$ cat /etc/ceph/ceph.client.nova.keyring > [client.nova] > key = AQBLxr5bbhnGFxAAXAliVJwMU5w5YgFY6jGJIA== > [cephdeploy@ceph2 ~]$ ceph auth get client.nova > exported keyring for client.nova > [client.nova] > key = AQBLxr5bbhnGFxAAXAliVJwMU5w5YgFY6jGJIA== > caps mon = "allow r" > caps osd = "allow class-read object_prefix rbd_children, allow rwx > pool=vms, allow rx pool=images" > [cephdeploy@ceph2 ~]$ and this at my compute-node > [root@cp2 ~]# cat /etc/ceph/ceph.client.nova.keyring > [client.nova] > key = AQBLxr5bbhnGFxAAXAliVJwMU5w5YgFY6jGJIA== > [root@cp2 ~]# yes both nodes, ceph & nova-compute node was on same network 192.168.26.xx/24 , does any special port need to allow at firewalld ? On Thu, Oct 11, 2018 at 2:24 PM Eugen Block wrote: > Hi, > > your nova.conf [libvirt] section seems fine. > > Can you paste the output of > > ceph auth get client.nova > > and does the keyring file exist in /etc/ceph/ (ceph.client.nova.keyring)? > > Is the ceph network reachable by your openstack nodes? > > Regards, > Eugen > > > Zitat von Adhi Priharmanto : > > > Hi, Im running my openstack environment with rocky release, and I want to > > integrate ceph as nova-compute backend, so I followed instruction here : > > http://superuser.openstack.org/articl... > > <http://superuser.openstack.org/articles/ceph-as-storage-for-openstack/> > > > > and this is my nova.conf at my compute node > > > > [DEFAULT] > > ... > > compute_driver=libvirt.LibvirtDriver > > > > [libvirt] > > images_type = rbd > > images_rbd_pool = vms > > images_rbd_ceph_conf = /etc/ceph/ceph.conf > > rbd_user = nova > > rbd_secret_uuid = a93824e0-2d45-4196-8918-c8f7d7f35c5d > > > > > > and this is log when I restarted the nova compute service : > > > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host > > [req-f4e2715a-c925-4c12-b8e6-aa550fc588b1 - - - - -] Exception > > handling connection event: AttributeError: 'NoneType' object has no > > attribute 'rfind' > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host Traceback > > (most recent call last): > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host File > > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/host.py", line > > 148, in _dispatch_conn_event > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host handler() > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host File > > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/host.py", line > > 414, in handler > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host return > > self._conn_event_handler(*args, **kwargs) > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host File > > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line > > 470, in _handle_conn_event > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host > > self._set_host_enabled(enabled, reason) > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host File > > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/driver.py", line > > 3780, in _set_host_enabled > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host > > mount.get_manager().host_up(self._host) > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host File > > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/volume/mount.py", > > line 134, in host_up > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host > > self.state = _HostMountState(host, self.generation) > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host File > > "/usr/lib/python2.7/site-packages/nova/virt/libvirt/volume/mount.py", > > line 229, in __init__ > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host > > mountpoint = os.path.dirname(disk.source_path) > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host File > > "/usr/lib64/python2.7/posixpath.py", line 129, in dirname > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host i = > > p.rfind('/') + 1 > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host > > AttributeError: 'NoneType' object has no attribute 'rfind' > > 2018-10-11 01:59:57.123 5275 ERROR nova.virt.libvirt.host > > 2018-10-11 01:59:57.231 5275 WARNING nova.compute.monitors > > [req-df2559f3-5a01-499a-9ac0-3dd9dc255f77 - - - - -] Excluding > > no
[Openstack] [nova][ceph] Libvirt Error when add ceph as nova backend
bvirt/storage/rbd_utils.py", line 102, in __init__ 2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager self.cluster, self.ioctx = driver._connect_to_rados(pool) 2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/nova/virt/libvirt/storage/rbd_utils.py", line 133, in _connect_to_rados 2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager client.connect() 2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager File "rados.pyx", line 875, in rados.Rados.connect (/builddir/build/BUILD/ceph-12.2.5/build/src/pybind/rados/pyrex/rados.c:9764) 2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager TimedOut: [errno 110] error connecting to the cluster 2018-10-11 02:04:57.279 5275 ERROR nova.compute.manager 2018-10-11 02:04:57.316 5275 ERROR oslo.messaging._drivers.impl_rabbit [-] [bc957cdf-01b6-4d9a-8cb2-87f880f67cf9] AMQP server on ct.os-srg.adhi:5672 is unreachable: [Errno 104] Connection reset by peer. Trying again in 1 seconds.: error: [Errno 104] Connection reset by peer 2018-10-11 02:04:58.353 5275 INFO oslo.messaging._drivers.impl_rabbit [-] [bc957cdf-01b6-4d9a-8cb2-87f880f67cf9] Reconnected to AMQP server on ct.os-srg.adhi:5672 via [amqp] client with port 60704. 2018-10-11 02:05:02.347 5275 ERROR oslo.messaging._drivers.impl_rabbit [-] [2dda91e7-c913-4203-a198-ca53f231dfdc] AMQP server on ct.os-srg.adhi:5672 is unreachable: [Errno 104] Connection reset by peer. Trying again in 1 seconds.: error: [Errno 104] Connection reset by peer 2018-10-11 02:05:03.376 5275 INFO oslo.messaging._drivers.impl_rabbit [-] [2dda91e7-c913-4203-a198-ca53f231dfdc] Reconnected to AMQP server on ct.os-srg.adhi:5672 via [amqp] client with port 60706. does anyone can help me with this problem ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [xenserver][ocata] overcommit vcpu
Hi, I've been running ocata release with xenserver as hypervisor, my question, how to overcommit vCPU of xenserver ? my xenserver have 4 physical core and 8 vcpu. I already add "cpu_allocation_ratio = 16.0" option into my nova.conf at compute nodes, but its still read 8 vCPUs by scheduler. -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [Ocata] Openstack Tweak & Tuning suggestion
Hi all, I need some suggestion from all of you about how to tweak & tuning the openstack performance in HA. Because my Horizon is often encountered "cannot retrieve instance list" while accessing "Projects > Compute > Instances" menu in Horizon -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] FW: [xenserver-ocata] ceilometer compute error Rrd_interface.Internal_error
Hi Jianghua, Thanks for your response and attention. For the error of " Rrd_interface.Internal_error" , I was installed this update on my xenserver (https://support.citrix.com/article/CTX225676) , and RRD error now was gone from ceilometer logs. I'm still at ocata release , here is my openstack package list on my compute node > [root@cmp1-oc-srg ceilometer]# rpm -qa |grep openstack > centos-release-openstack-ocata-1-1.el7.noarch > openstack-selinux-0.7.13-2.el7.noarch > openstack-nova-compute-15.0.0-1.el7.noarch > openstack-neutron-common-10.0.1-1.el7.noarch > openstack-ceilometer-polling-8.1.0-1.el7.noarch > openstack-ceilometer-compute-8.1.0-1.el7.noarch > openstack-neutron-openvswitch-10.0.1-1.el7.noarch > openstack-neutron-ml2-10.0.1-1.el7.noarch > openstack-ceilometer-common-8.1.0-1.el7.noarch > openstack-nova-common-15.0.0-1.el7.noarch > openstack-neutron-10.0.1-1.el7.noarch And here's is my logs as your request https://paste.fedoraproject.org/paste/Yv8DoGbLziE0~luY6qwbhQ I still find error at ceilometer-compute logs like this one 2017-09-25 14:31:07.041 9048 INFO ceilometer.agent.manager [-] Polling > pollster disk.device.iops in the context of all_pollsters > 2017-09-25 14:31:07.042 9048 ERROR ceilometer.agent.manager [-] Prevent > pollster disk.device.iops from polling [, mon-srg>, ] on source all_pollsters anymore! > 2017-09-25 14:31:07.043 9048 INFO ceilometer.agent.manager [-] Polling > pollster disk.device.latency in the context of all_pollsters > 2017-09-25 14:31:07.044 9048 ERROR ceilometer.agent.manager [-] Prevent > pollster disk.device.latency from polling [, mon-srg>, ] on source all_pollsters anymore! I think this error maybe make some of measurement won't works at gnocchi, and also some of gnocchi metric won't show the unit [root@localhost ~]# gnocchi metric list |grep disk.device.iops > > +---+-+-+---++ > | id| archive_policy/name | name > | unit | resource_id| > > +---+-+-+---++ > >> | 0062d222-2874-4a19-be34-a5bee3051d21 | low | >> disk.device.iops| None | >> 7b089e8e-5be7-599a-b279-15a8129f7bdd | > > | 3dc249e4-006d-47a3-935c-58e571ba086c | low | >> disk.device.iops| None | >> 0efeccca-8313-5aec-a1e2-955e091419f9 | > > | c2c19329-1709-4165-bdea-3bcf81c5d9d4 | low | >> disk.device.iops| None | >> 78aa9c1e-b199-551c-b295-fecb237639fc | > > | cfa1c4bf-591e-4229-bb76-7607fcba640e | low | >> disk.device.iops| None | >> bdf98233-442b-5fe4-aa02-ba567e487dcc | > > Any suggest about the last error of ceilometer-compute ? On Mon, Sep 25, 2017 at 1:02 PM, Jianghua Wang wrote: > Adhi, > > Do you still have this problem? > > The following errors may be caused due to this xvda disk doesn’t exist. > Did you see any issue from the nova? > > Rrd.Invalid_data_source(\\"vbd_xvda_read\\")") > > > > If you are still suffering from this issue, can you send me the following > log files: > > 1. Log files for the nova-compute and ceilometer services located > in nova compute node. > > 2. The /var/log/xensource.log from dom0 where the compute node is > running on. > > > > And can you confirm the release version? From the title – > [xenserver-ocata], it may be ocata. But by checking the code line from the > log, it’s probably already in pike. > > > > Regards, > > Jianghua > > > > *From:* wjh_fresh [mailto:wjh_fr...@163.com] > *Sent:* Monday, September 11, 2017 1:38 PM > *To:* Jianghua Wang > *Subject:* Fw: [Openstack] [xenserver-ocata] ceilometer compute error > Rrd_interface.Internal_error > > > > 发件人: Adhi Priharmanto > > 发送日期: 2017年09月08日 21:56 > > 收件人: openstack > > 抄送人: > > 主题: [Openstack] [xenserver-ocata] ceilometer compute error > Rrd_interface.Internal_error > > Hi all, > > > > I'm add ceilometer into my compute node, when I watch the ceilometer > compute log , I found this error . > > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters [-] Could > not get disk.device.write.requests.rate events for > 59277f16-6ccf-4b5a-9204-c75c8a97dff7: ['INTERNAL_ERROR', > 'Rrd_interface.Internal_error("Rrd.Invalid_data_source(\\" > vbd_xvda_read\\")&qu
Re: [Openstack] Placement API service is not responding with haproxy
did your nova-placement at your controller node running on port 58778? On Sep 21, 2017 4:44 PM, "谭 明宵" wrote: I had HA setup for placement api to work on high availability enviornment by using HAproxy on three controller nodes vim /etc/haproxy/haproxy.cfg listen nova_placement_cluster bind 0.0.0.0:8778 http-request del-header X-Forwarded-Proto server controller01 192.168.105.10:58778 check inter 2000 rise 2 fall 5 server controller02 192.168.105.11:58778 check inter 2000 rise 2 fall 5 server controller03 192.168.105.12:58778 check inter 2000 rise 2 fall 5 but nova-compute.log has some errors like: 2017-09-21 17:08:59.690 14155 WARNING nova.scheduler.client. report [req-6fefb3b1-fe0b-418e-b76a-2749613a6364 - - - - -] Placement API service is not responding. 2017-09-21 17:09:59.697 14155 WARNING nova.scheduler.client. report [req-6fefb3b1-fe0b-418e-b76a-2749613a6364 - - - - -] Placement API service is not responding. 2017-09-21 17:10:59.729 14155 WARNING nova.scheduler.client. report [req-6fefb3b1-fe0b-418e-b76a-2749613a6364 - - - - -] Placement API service is not responding. what is the correct configuration for placement api in haproxy? thx ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [xenserver-ocata] ceilometer compute error Rrd_interface.Internal_error
Hi all, I'm add ceilometer into my compute node, when I watch the ceilometer compute log , I found this error . 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters [-] Could > not get disk.device.write.requests.rate events for > 59277f16-6ccf-4b5a-9204-c75c8a97dff7: ['INTERNAL_ERROR', > 'Rrd_interface.Internal_error("Rrd.Invalid_data_source(\\"vbd_xvda_read\\")")']: > Failure: ['INTERNAL_ERROR', > 'Rrd_interface.Internal_error("Rrd.Invalid_data_source(\\"vbd_xvda_read\\")")'] > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters Traceback > (most recent call last): > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters File > "/usr/lib/python2.7/site-packages/ceilometer/compute/pollsters/__init__.py", > line 136, in get_samples > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters > cache, instance, self._inspection_duration) > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters File > "/usr/lib/python2.7/site-packages/ceilometer/compute/pollsters/__init__.py", > line 100, in _inspect_cached > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters > result = list(result) > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters File > "/usr/lib/python2.7/site-packages/ceilometer/compute/virt/xenapi/inspector.py", > line 176, in inspect_disk_rates > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters > vm_ref, "vbd_%s_read" % vbd_rec['device'])) > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters File > "/usr/lib/python2.7/site-packages/os_xenapi/client/objects.py", line 64, in > > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters > return lambda *params: self._call_method(method_name, *params) > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters File > "/usr/lib/python2.7/site-packages/os_xenapi/client/objects.py", line 61, in > _call_method > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters > return self.session.call_xenapi(call, *args) > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters File > "/usr/lib/python2.7/site-packages/os_xenapi/client/session.py", line 200, > in call_xenapi > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters > return session.xenapi_request(method, args) > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters File > "/usr/lib/python2.7/site-packages/os_xenapi/client/XenAPI.py", line 130, in > xenapi_request > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters > result = _parse_result(getattr(self, methodname)(*full_params)) > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters File > "/usr/lib/python2.7/site-packages/os_xenapi/client/XenAPI.py", line 212, in > _parse_result > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters raise > Failure(result['ErrorDescription']) > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters Failure: > ['INTERNAL_ERROR', > 'Rrd_interface.Internal_error("Rrd.Invalid_data_source(\\"vbd_xvda_read\\")")'] > 2017-09-08 20:21:59.214 14826 ERROR ceilometer.compute.pollsters How to resolve this error ? The second question, when I check gnocchi metric list, why most of metric have a none value in unit column ? ... > | 04df7669-0578-43b6-9e7f-d413e7def0e6 | low | > memory.usage| MB| > 59277f16-6ccf-4b5a-9204-c75c8a97dff7 | > | 135bd162-fc03-4395-9e24-b4709c438808 | low | memory > | MB| 59277f16-6ccf-4b5a-9204-c75c8a97dff7 | > | 1bb63ed1-f1da-4300-9e86-2d6fb902ece6 | low | > disk.read.requests | None | > 59277f16-6ccf-4b5a-9204-c75c8a97dff7 | > | 1c422d14-b254-46d8-b3b5-a78a5068592a | low | > disk.read.requests.rate | None | > 59277f16-6ccf-4b5a-9204-c75c8a97dff7 | > | 1cbc7050-4359-4d55-a3f0-383782223c49 | low | > disk.ephemeral.size | GB| > 59277f16-6ccf-4b5a-9204-c75c8a97dff7 | > | 237c02ae-0759-4ed6-8ec9-d25b06a398c0 | low | cpu > | None | 59277f16-6ccf-4b5a-9204-c75c8a97dff7 | > | 2cddcb76-bfa5-4c5b-b12a-2d3f0d270674 | low | cpu_util > | % | 59277f16-6ccf-4b5a-9204-c75c8a97dff7 | > ... I truncate the result -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [Ceilometer][Gnocchi] Ocata - Ceilometer with Gnocchi
Hi all, I'm trying to add telemetry into my running openstack, as I read at https://docs.openstack.org/project-install-guide/ telemetry/ocata/get_started.html ceilometer now using gnocchi as backend, so I dig more reference for easily installed gnocchi on my openstack environment, and I found about openstack-gnocchi-* package from the openstack repo . I'm installed gnocchi & ceilometer services at a node separate from controller node, this node have IP 192.168.26.10, so I create metric endpoint using this IP address. then I'm using gnocchi from openstack repo , and here my gnocchi config [DEFAULT] > log_dir = /var/log/gnocchi/ > verbose = true > transport_url = rabbit://openstack:my_passw...@ct-oc-srg.adhi > [api] > auth_mode = keystone > [archive_policy] > default_aggregation_methods = mean,min,max,sum,std,median,count,last,95pct > [cors] > [cors.subdomain] > [database] > connection = mysql+pymysql://gnocchi:my_passw...@ct-oc-srg.adhi/gnocchi > [healthcheck] > [incoming] > [indexer] > url = mysql+pymysql://gnocchi:my_passw...@ct-oc-srg.adhi/ > gnocchi?charset=utf8 > driver = sqlalchemy > [metricd] > [oslo_middleware] > [oslo_policy] > [statsd] > resource_id = 70de8fd2-7619-4c70-bb4e-6628fe1aa68e > user_id = > project_id = > archive_policy_name = low > [storage] > driver = file > file_basepath = /var/lib/gnocchi > coordination_url = file:///var/lib/gnocchi/locks > [keystone_authtoken] > auth_uri = http://ct-oc-srg.adhi:5000 > auth_url = http://ct-oc-srg.adhi:35357/v3 > auth_type = password > memcached_servers = ct-oc-srg.adhi:11211 > project_domain_name = default > user_domain_name = default > project_name = service > username = gnocchi > password = MY_PASSWORD > interface = internalURL > region_name = RegionOne according from the guide above, we just using openstack-ceilometer-notification.service openstack-ceilometer-central.service openstack-ceilometer-collector.service , this is my ceilometer config [DEFAULT] > verbose = true > meter_dispatchers = gnocchi > event_dispatchers = gnocchi > transport_url = rabbit://openstack:my_passw...@ct-oc-srg.adhi > [api] > [collector] > [compute] > [coordination] > [cors] > [cors.subdomain] > [database] > [dispatcher_file] > [dispatcher_gnocchi] > url = http://192.168.26.10:8041 > filter_service_activity = true > archive_policy = low > resources_definition_file = gnocchi_resources.yaml > filter_project = service > [dispatcher_http] > [event] > [hardware] > [ipmi] > [keystone_authtoken] > auth_uri = http://ct-oc-srg.adhi:5000 > auth_url = http://ct-oc-srg.adhi:35357 > memcached_servers = ct-oc-srg.adhi:11211 > auth_type = password > project_domain_name = default > user_domain_name = default > project_name = service > username = ceilometer > password = MY_PASSWORD > [matchmaker_redis] > [meter] > [notification] > store_events = false > [oslo_concurrency] > [oslo_messaging_amqp] > [oslo_messaging_kafka] > [oslo_messaging_notifications] > [oslo_messaging_rabbit] > [oslo_messaging_zmq] > [oslo_middleware] > [oslo_policy] > [polling] > [publisher] > [publisher_notifier] > [rgw_admin_credentials] > [service_credentials] > auth_type = password > auth_url = http://ct-oc-srg.adhi:5000 > project_domain_name = default > user_domain_name = default > project_name = service > username = ceilometer > password = MY_PASSWORD > interface = internalURL > region_name = RegionOne > [service_types] > [storage] > [vmware] > [xenapi] While doing ceilometer-upgrade --skip-metering-database, it's look no problem. When I look into the gnocchi database on mysql , I can see some tables add into the gnocchi database. the problem comes when I start the ceilometer services, specially with logs from ceilometer collector, I've got this error : 2017-09-05 16:03:40.808 23012 ERROR ceilometer.dispatcher.gnocchi [-] A server error occurred. Please contact the administrator. (HTTP 500) I also got this error when I reboot an instance. I also can get measure from the image download like describe in the guide above, can somebody help me ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Ocata - Ceilometer with Gnocchi
Hi all, I'm trying to add telemetry into my running openstack, as I read at https://docs.openstack.org/project-install-guide/telemetry/ocata/get_started.html ceilometer now using gnocchi as backend, so I dig more reference for easily installed gnocchi on my openstack environment, and I found about openstack-gnocchi-* package from the openstack repo . I'm installed gnocchi & ceilometer services at a node separate from controller node, this node have IP 192.168.26.10, so I create metric endpoint using this IP address. then I'm using gnocchi from openstack repo , and here my gnocchi config [DEFAULT] > log_dir = /var/log/gnocchi/ > verbose = true > transport_url = rabbit://openstack:my_passw...@ct-oc-srg.adhi > [api] > auth_mode = keystone > [archive_policy] > default_aggregation_methods = mean,min,max,sum,std,median,count,last,95pct > [cors] > [cors.subdomain] > [database] > connection = mysql+pymysql://gnocchi:my_passw...@ct-oc-srg.adhi/gnocchi > [healthcheck] > [incoming] > [indexer] > url = mysql+pymysql://gnocchi:my_passw...@ct-oc-srg.adhi > /gnocchi?charset=utf8 > driver = sqlalchemy > [metricd] > [oslo_middleware] > [oslo_policy] > [statsd] > resource_id = 70de8fd2-7619-4c70-bb4e-6628fe1aa68e > user_id = > project_id = > archive_policy_name = low > [storage] > driver = file > file_basepath = /var/lib/gnocchi > coordination_url = file:///var/lib/gnocchi/locks > [keystone_authtoken] > auth_uri = http://ct-oc-srg.adhi:5000 > auth_url = http://ct-oc-srg.adhi:35357/v3 > auth_type = password > memcached_servers = ct-oc-srg.adhi:11211 > project_domain_name = default > user_domain_name = default > project_name = service > username = gnocchi > password = MY_PASSWORD > interface = internalURL > region_name = RegionOne according from the guide above, we just using openstack-ceilometer-notification.service openstack-ceilometer-central.service openstack-ceilometer-collector.service , this is my ceilometer config [DEFAULT] > verbose = true > meter_dispatchers = gnocchi > event_dispatchers = gnocchi > transport_url = rabbit://openstack:my_passw...@ct-oc-srg.adhi > [api] > [collector] > [compute] > [coordination] > [cors] > [cors.subdomain] > [database] > [dispatcher_file] > [dispatcher_gnocchi] > url = http://192.168.26.10:8041 > filter_service_activity = true > archive_policy = low > resources_definition_file = gnocchi_resources.yaml > filter_project = service > [dispatcher_http] > [event] > [hardware] > [ipmi] > [keystone_authtoken] > auth_uri = http://ct-oc-srg.adhi:5000 > auth_url = http://ct-oc-srg.adhi:35357 > memcached_servers = ct-oc-srg.adhi:11211 > auth_type = password > project_domain_name = default > user_domain_name = default > project_name = service > username = ceilometer > password = MY_PASSWORD > [matchmaker_redis] > [meter] > [notification] > store_events = false > [oslo_concurrency] > [oslo_messaging_amqp] > [oslo_messaging_kafka] > [oslo_messaging_notifications] > [oslo_messaging_rabbit] > [oslo_messaging_zmq] > [oslo_middleware] > [oslo_policy] > [polling] > [publisher] > [publisher_notifier] > [rgw_admin_credentials] > [service_credentials] > auth_type = password > auth_url = http://ct-oc-srg.adhi:5000 > project_domain_name = default > user_domain_name = default > project_name = service > username = ceilometer > password = MY_PASSWORD > interface = internalURL > region_name = RegionOne > [service_types] > [storage] > [vmware] > [xenapi] While doing ceilometer-upgrade --skip-metering-database, it's look no problem. When I look into the gnocchi database on mysql , I can see some tables add into the gnocchi database. the problem comes when I start the ceilometer services, specially with logs from ceilometer collector, I've got this error : 2017-09-05 16:03:40.808 23012 ERROR ceilometer.dispatcher.gnocchi [-] A server error occurred. Please contact the administrator. (HTTP 500) I also got this error when I reboot an instance. I also can get measure from the image download like describe in the guide above, can somebody help me ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [xenserver-ocata] neutron-dhcp/metadata agent on XenServer
hi Huan, thanks for your suggest, I'll try again, do I need to add physical port to br-int at compute node (dom-U) ? I'll paste the dhcp logs later. On Wed, Aug 23, 2017 at 10:46 AM, Huan Xie wrote: > Hi Adhi, > > As the link https://docs.openstack.org/ocata/networking-guide/config- > dhcp-ha.html described, we can add DHCP agent in compute node (DomU) and > it make sense as VMs just get internal fixed IP, so locating the DHCP in > compute node should work. > > If the VM cannot get IP, I suspect maybe the VM’s DHCP request isn’t > arrived to that DHCP agent, maybe the so here are some questions: > > 1. The agent_scheduler isn’t work for the DHCP agent in Nova > compute node? Could you give some logs of DHCP agent. > > 2. The VM isn’t get correct internal vlan tag? Could you double > check about the VM’s VIF information in Dom0. > > a. ovs-vsctl show > > b. ovs-ofctl show br-int > > c. ovs-ofctl dump-flows br-int > > Thanks, > > Huan > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* Wednesday, August 23, 2017 9:32 AM > *To:* Bob Ball > *Cc:* openstack; #OpenStack External Email > *Subject:* Re: [Openstack] [xenserver-ocata] neutron-dhcp/metadata agent > on XenServer > > > > hi bob, > > > > yep, yesterday I try to install neutron-dhcp/metadata agent along with > nova-compute inside of compute node (domU) , the neutron-dhcp/metadata > agent was working, I see from the log. but instance can't get the IP > address from dhcp server. > > > > the working scenario now, I made 2 network node, on each network node > contain L3-Agent, DHCP-agent, and metadata-agent. > > > > On Tue, Aug 22, 2017 at 9:25 PM, Bob Ball wrote: > > Hi Adhi, > > > > If the Neutron agents would normally run with the nova compute services, > then they would need to run in the compute VM when deploying with > XenServer, not in domain 0. > > > > I would assume that the DHCP agents should also run in the compute VM. > > > > Also added openst...@citrix.com to include others. > > > > Bob > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* 22 August 2017 06:58 > *To:* openstack > *Subject:* [Openstack] [xenserver-ocata] neutron-dhcp/metadata agent on > XenServer > > > > Hi, > According to this guide: > > https://docs.openstack.org/ocata/networking-guide/config-dhcp-ha.html > > > If I want to add HA on my openstack-xenserver environment , is it possible > to include neutron-dhcp/metadata agent on Compute-node ? > > > > or I have to add neutron-dhcp/metadata agent on xenserver dom0 ? > > or I have to create more neutron-dhcp/metadata agent on separate node ? > > > > -- > > Cheers, > > > > *Adhi Priharmanto* > > about.me/a_dhi > > > > +62-812-82121584 <+62%20812-8212-1584> > > > > > > > > -- > > Cheers, > > > > *Adhi Priharmanto* > > about.me/a_dhi > > > > +62-812-82121584 <+62%20812-8212-1584> > > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [xenserver-ocata] neutron-dhcp/metadata agent on XenServer
hi bob, yep, yesterday I try to install neutron-dhcp/metadata agent along with nova-compute inside of compute node (domU) , the neutron-dhcp/metadata agent was working, I see from the log. but instance can't get the IP address from dhcp server. the working scenario now, I made 2 network node, on each network node contain L3-Agent, DHCP-agent, and metadata-agent. On Tue, Aug 22, 2017 at 9:25 PM, Bob Ball wrote: > Hi Adhi, > > > > If the Neutron agents would normally run with the nova compute services, > then they would need to run in the compute VM when deploying with > XenServer, not in domain 0. > > > > I would assume that the DHCP agents should also run in the compute VM. > > > > Also added openst...@citrix.com to include others. > > > > Bob > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* 22 August 2017 06:58 > *To:* openstack > *Subject:* [Openstack] [xenserver-ocata] neutron-dhcp/metadata agent on > XenServer > > > > Hi, > According to this guide: > > https://docs.openstack.org/ocata/networking-guide/config-dhcp-ha.html > > > If I want to add HA on my openstack-xenserver environment , is it possible > to include neutron-dhcp/metadata agent on Compute-node ? > > > > or I have to add neutron-dhcp/metadata agent on xenserver dom0 ? > > or I have to create more neutron-dhcp/metadata agent on separate node ? > > > > -- > > Cheers, > > > > *Adhi Priharmanto* > > about.me/a_dhi > > > > +62-812-82121584 <+62%20812-8212-1584> > > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [xenserver-ocata] neutron-dhcp/metadata agent on XenServer
Hi, According to this guide: https://docs.openstack.org/ocata/networking-guide/config-dhcp-ha.html If I want to add HA on my openstack-xenserver environment , is it possible to include neutron-dhcp/metadata agent on Compute-node ? or I have to add neutron-dhcp/metadata agent on xenserver dom0 ? or I have to create more neutron-dhcp/metadata agent on separate node ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Cinder - Could not start Cinder Volume service-Ocata
__init__ > 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume *args, **kwargs) > 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume File > "/usr/lib/python2.7/dist-packages/cinder/manager.py", line 156, in > __init__ > 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume > self.scheduler_rpcapi = scheduler_rpcapi.SchedulerAPI() > 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume File > "/usr/lib/python2.7/dist-packages/cinder/rpc.py", line 188, in __init__ > 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume serializer = > base.CinderObjectSerializer(obj_version_cap) > 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume File > "/usr/lib/python2.7/dist-packages/cinder/objects/base.py", line 412, in > __init__ > 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume raise exception. > CappedVersionUnknown(version=version_cap) > 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume CappedVersionUnknown: > Unrecoverable Error: Versioned Objects in DB are capped to unknown version > 1.21. > 2017-06-18 05:11:51.358 5230 ERROR cinder.cmd.volume > 2017-06-18 05:11:51.360 5230 ERROR cinder.cmd.volume > [req-85789cbc-b26c-47c5-be34-035fae86e504 - - - - -] No volume service(s) > started successfully, terminating. > root@cloud1:/etc/cinder# > > > > > > -- > *From: *"SGopinath s.gopinath" > *To: *"openstack" > *Sent: *Thursday, June 15, 2017 9:07:19 AM > *Subject: *[Openstack] nova - Error in cells > > Hi , > > > I'm trying to install Openstack Ocata in > Ubuntu 16.04.2 LTS. > > I could able to start nova services and successfully > could get the output on executing > > openstack hypervisor list ... > > No issues... > > > But when I execute > > su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova > > I get the error > > ProgrammingError: (pymysql.err.ProgrammingError) (1146, u"Table > 'nova_api.compute_nodes' doesn't exist") > > I could not find compute_nodes table in the database nova_api. > However the compute_nodes table is in nova_api_cell0 database and it > does not contain any rows. > > > I think there is only a minor issue in assuming where the table is in which > database. > > Could anyone suggest a solution for this. > > Thanks, > S.Gopinath > > > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > > -- > Arne Wiebalck > CERN IT > > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start
Hi Bob, Thanks for share this update, I'll try to patch my nova and reproduce the problem again. On Tue, May 30, 2017 at 5:25 PM, Bob Ball wrote: > Hi Adhi, > > > > Please see bug report at https://bugs.launchpad.net/nova/+bug/1693147 > which I believe covers your issue. > > > > Huan is working on a fix at https://review.openstack.org/#/c/467926 > > > > Thanks, > > > > Bob > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* 18 May 2017 17:52 > > *To:* Bob Ball > *Cc:* openstack ; #OpenStack External > Email > *Subject:* Re: [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start > > > > Hi bob, > > Thanks for your suggest, because it's non production use, I decide to > hardcoded clean up instance record from nova table, and finally > nova-compute service was running again. :) > > > > On Thu, May 18, 2017 at 10:53 PM, Bob Ball wrote: > > Hi Adhi, > > > > The point is that there is a mismatch between what Nova believes exists, > and what really exists on the hypervisor. How were the instances deleted? > > > > Check the hypervisors that each server Nova knows about - I suspect at > least one is expected to exist on the XenServer for which the compute will > not start. > > > > Bob > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* 18 May 2017 16:40 > *To:* Bob Ball > *Cc:* openstack ; #OpenStack External > Email > *Subject:* Re: [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start > > > > hi Bob, > > I don't have any vm/instance on that compute/xenserver , I'm deleted all > vm since last week. > > > > On Thu, May 18, 2017 at 6:03 PM, Bob Ball wrote: > > Hi Adhi, > > > > Very interesting. I suspect that self._get_vif_ref, below, is returning > None. This appears to be when the VM does not exist on the host - perhaps > the VM was renamed, deleted, or it has been migrated to a different host > and Nova’s records didn’t get updated? > > > > I believe the issue is most likely occurring at > http://git.openstack.org/cgit/openstack/nova/tree/nova/virt/ > xenapi/vif.py?h=15.0.4#n246 where we attempt to detect the VM based on > the instance’s name in Nova’s database. > > Do you have VMs on this host? They don’t have to be running (for example > if the host rebooted then the VMs may exist but in a shutdown state) > > > > Could you check that the VMs that are on the host still have the name > associated with them according to Nova? > > For example: > > root@host~/openrc# openstack server show 3662f9b8-1303-496a-8c21- > 97bba312432c > > … > > | OS-EXT-SRV-ATTR:instance_name | instance-914e > > > | > > … > > | name | dsvm-devstack-citrix-mia- > nodepool-683420 > > | > > > > In this case, the server has the name dsvm-devstack-citrix-mia-nodepool-683420 > but on the hypervisor the VM itself has the name instance-914e > > > > Thanks, > > > > Bob > > > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* 18 May 2017 10:34 > *To:* openstack > *Subject:* [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start > > > > Hi all, > > I have openstack RDO ocata using xenserver as Hypervisor, setup manually. > It works fine about 2 weeks, today my nova-compute wouldn't start and when > I check the nova-compute log : > > 2017-05-18 16:29:24.769 10764 INFO nova.service [-] Starting compute node > (version 15.0.0-1.el7) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > [req-f29142ce-c68a-4d0a-b6ff-ba5b0a67ec6a - - - - -] Error starting > thread. > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service Traceback (most > recent call last): > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 722, in > run_service > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > service.start() > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/service.py", line 144, in start > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self.manager.init_host() > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1152, in > init_host > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self._init_instance(context, instance) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service F
Re: [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start
Hi bob, Thanks for your suggest, because it's non production use, I decide to hardcoded clean up instance record from nova table, and finally nova-compute service was running again. :) On Thu, May 18, 2017 at 10:53 PM, Bob Ball wrote: > Hi Adhi, > > > > The point is that there is a mismatch between what Nova believes exists, > and what really exists on the hypervisor. How were the instances deleted? > > > > Check the hypervisors that each server Nova knows about - I suspect at > least one is expected to exist on the XenServer for which the compute will > not start. > > > > Bob > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* 18 May 2017 16:40 > *To:* Bob Ball > *Cc:* openstack ; #OpenStack External > Email > *Subject:* Re: [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start > > > > hi Bob, > > I don't have any vm/instance on that compute/xenserver , I'm deleted all > vm since last week. > > > > On Thu, May 18, 2017 at 6:03 PM, Bob Ball wrote: > > Hi Adhi, > > > > Very interesting. I suspect that self._get_vif_ref, below, is returning > None. This appears to be when the VM does not exist on the host - perhaps > the VM was renamed, deleted, or it has been migrated to a different host > and Nova’s records didn’t get updated? > > > > I believe the issue is most likely occurring at > http://git.openstack.org/cgit/openstack/nova/tree/nova/virt/ > xenapi/vif.py?h=15.0.4#n246 where we attempt to detect the VM based on > the instance’s name in Nova’s database. > > Do you have VMs on this host? They don’t have to be running (for example > if the host rebooted then the VMs may exist but in a shutdown state) > > > > Could you check that the VMs that are on the host still have the name > associated with them according to Nova? > > For example: > > root@host~/openrc# openstack server show 3662f9b8-1303-496a-8c21- > 97bba312432c > > … > > | OS-EXT-SRV-ATTR:instance_name| instance-914e > > > | > > … > > | name | dsvm-devstack-citrix-mia- > nodepool-683420 > > | > > > > In this case, the server has the name dsvm-devstack-citrix-mia-nodepool-683420 > but on the hypervisor the VM itself has the name instance-914e > > > > Thanks, > > > > Bob > > > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* 18 May 2017 10:34 > *To:* openstack > *Subject:* [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start > > > > Hi all, > > I have openstack RDO ocata using xenserver as Hypervisor, setup manually. > It works fine about 2 weeks, today my nova-compute wouldn't start and when > I check the nova-compute log : > > 2017-05-18 16:29:24.769 10764 INFO nova.service [-] Starting compute node > (version 15.0.0-1.el7) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > [req-f29142ce-c68a-4d0a-b6ff-ba5b0a67ec6a - - - - -] Error starting > thread. > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service Traceback (most > recent call last): > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 722, in > run_service > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > service.start() > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/service.py", line 144, in start > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self.manager.init_host() > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1152, in > init_host > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self._init_instance(context, instance) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 949, in > _init_instance > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self.driver.plug_vifs(instance, net_info) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/virt/xenapi/driver.py", line 309, > in plug_vifs > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self._vmops.plug_vifs(instance, network_info) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/virt/xenapi/vmops.py", line 1959, > in plug_vifs > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self.vif_dri
Re: [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start
hi Bob, I don't have any vm/instance on that compute/xenserver , I'm deleted all vm since last week. On Thu, May 18, 2017 at 6:03 PM, Bob Ball wrote: > Hi Adhi, > > > > Very interesting. I suspect that self._get_vif_ref, below, is returning > None. This appears to be when the VM does not exist on the host - perhaps > the VM was renamed, deleted, or it has been migrated to a different host > and Nova’s records didn’t get updated? > > > > I believe the issue is most likely occurring at > http://git.openstack.org/cgit/openstack/nova/tree/nova/virt/ > xenapi/vif.py?h=15.0.4#n246 where we attempt to detect the VM based on > the instance’s name in Nova’s database. > > Do you have VMs on this host? They don’t have to be running (for example > if the host rebooted then the VMs may exist but in a shutdown state) > > > > Could you check that the VMs that are on the host still have the name > associated with them according to Nova? > > For example: > > root@host~/openrc# openstack server show 3662f9b8-1303-496a-8c21- > 97bba312432c > > … > > | OS-EXT-SRV-ATTR:instance_name| instance-914e > > > | > > … > > | name | dsvm-devstack-citrix-mia- > nodepool-683420 > > | > > > > In this case, the server has the name dsvm-devstack-citrix-mia-nodepool-683420 > but on the hypervisor the VM itself has the name instance-914e > > > > Thanks, > > > > Bob > > > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* 18 May 2017 10:34 > *To:* openstack > *Subject:* [Openstack] [Ocata-Xenserver] Nova-compute wouldn't start > > > > Hi all, > > I have openstack RDO ocata using xenserver as Hypervisor, setup manually. > It works fine about 2 weeks, today my nova-compute wouldn't start and when > I check the nova-compute log : > > 2017-05-18 16:29:24.769 10764 INFO nova.service [-] Starting compute node > (version 15.0.0-1.el7) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > [req-f29142ce-c68a-4d0a-b6ff-ba5b0a67ec6a - - - - -] Error starting > thread. > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service Traceback (most > recent call last): > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 722, in > run_service > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > service.start() > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/service.py", line 144, in start > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self.manager.init_host() > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1152, in > init_host > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self._init_instance(context, instance) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 949, in > _init_instance > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self.driver.plug_vifs(instance, net_info) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/virt/xenapi/driver.py", line 309, > in plug_vifs > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self._vmops.plug_vifs(instance, network_info) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/virt/xenapi/vmops.py", line 1959, > in plug_vifs > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service > self.vif_driver.plug(instance, vif, device=device) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/virt/xenapi/vif.py", line 250, in > plug > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service vif_ref = > self._get_vif_ref(vif, vm_ref) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/nova/virt/xenapi/vif.py", line 42, in > _get_vif_ref > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service vif_refs = > self._session.call_xenapi("VM.get_VIFs", vm_ref) > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File > "/usr/lib/python2.7/site-packages/os_xenapi/client/session.py", line 200, > in call_xenapi > 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service return > session.xenapi_request(method, args) > 2017-05-18 16:29:24.847 10764 ERROR oslo_s
[Openstack] [Ocata-Xenserver] Nova-compute wouldn't start
Hi all, I have openstack RDO ocata using xenserver as Hypervisor, setup manually. It works fine about 2 weeks, today my nova-compute wouldn't start and when I check the nova-compute log : 2017-05-18 16:29:24.769 10764 INFO nova.service [-] Starting compute node (version 15.0.0-1.el7) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service [req-f29142ce-c68a-4d0a-b6ff-ba5b0a67ec6a - - - - -] Error starting thread. 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service Traceback (most recent call last): 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib/python2.7/site-packages/oslo_service/service.py", line 722, in run_service 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service service.start() 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib/python2.7/site-packages/nova/service.py", line 144, in start 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service self.manager.init_host() 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 1152, in init_host 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service self._init_instance(context, instance) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 949, in _init_instance 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service self.driver.plug_vifs(instance, net_info) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib/python2.7/site-packages/nova/virt/xenapi/driver.py", line 309, in plug_vifs 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service self._vmops.plug_vifs(instance, network_info) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib/python2.7/site-packages/nova/virt/xenapi/vmops.py", line 1959, in plug_vifs 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service self.vif_driver.plug(instance, vif, device=device) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib/python2.7/site-packages/nova/virt/xenapi/vif.py", line 250, in plug 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service vif_ref = self._get_vif_ref(vif, vm_ref) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib/python2.7/site-packages/nova/virt/xenapi/vif.py", line 42, in _get_vif_ref 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service vif_refs = self._session.call_xenapi("VM.get_VIFs", vm_ref) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib/python2.7/site-packages/os_xenapi/client/session.py", line 200, in call_xenapi 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service return session.xenapi_request(method, args) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib/python2.7/site-packages/os_xenapi/client/XenAPI.py", line 130, in xenapi_request 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service result = _parse_result(getattr(self, methodname)(*full_params)) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__ 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service return self.__send(self.__name, args) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib64/python2.7/xmlrpclib.py", line 1581, in __request 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service allow_none=self.__allow_none) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib64/python2.7/xmlrpclib.py", line 1086, in dumps 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service data = m.dumps(params) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib64/python2.7/xmlrpclib.py", line 633, in dumps 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service dump(v, write) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib64/python2.7/xmlrpclib.py", line 655, in __dump 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service f(self, value, write) 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service File "/usr/lib64/python2.7/xmlrpclib.py", line 659, in dump_nil 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service raise TypeError, "cannot marshal None unless allow_none is enabled" 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service TypeError: cannot marshal None unless allow_none is enabled 2017-05-18 16:29:24.847 10764 ERROR oslo_service.service Anyone can help me with this problem ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] cloud-init not start ini ubuntu 17.04
Hi Eugen, Based on this guide, just install and reconfigure datasource of cloud-init if needed. https://docs.openstack.org/image-guide/ubuntu-image.html my problem is while I build the based image, cloud-init process won't run while based image booting, there is no log record in /var/log/syslog (in this case ubuntu), and its just happend in 17.04. I had build custom image with 16.04 and 16.10, and it's fine, just install the cloud-init package needed. On Fri, May 5, 2017 at 1:26 PM, Eugen Block wrote: > You have to make sure that cloud-init is enabled and running in your base > instance. Then snapshot that VM and launch another instance from the new > image, provide some user-data to test it. > Cloud-init is a tool for initial configuration of new instances, that's > why you would have to execute these steps manually if you configure your > first VM to be a new base image. So all the magic will be (hopefully) > visible if you launch a new VM. > > > Regards, > Eugen > > > Zitat von Adhi Priharmanto : > > Hi Bob, >> >> yes I'm following those tutorial, creating glance image from existing vm >> xenserver. >> >>- build from scratch VM using "16.04 template" and "other installation >>media" >>- update & upgrade the VM OS >>- installing cloud-init package, no change of cloud-init configuration >>and using the default setting of cloud-init >>- reboot the VM for testing the cloud-init and no output showing >>cloud-init activity, there is no process associated with cloud-init in >>"/var/log/syslog" >>- export the vdi, compress the VHD, upload to glance >>- start instance using the custom image, just get the IP address. To >>gather instance metadata, "cloud-init init" must be executed manually >> after >>instance completely booting. >> >> >> On Thu, May 4, 2017 at 11:32 PM, Bob Ball wrote: >> >> Hi Adhi, >>> >>> >>> >>> Did you follow a guide, such as http://citrix-openstack. >>> siteleaf.net/posts/generating-images-for-xenserver-in-openstack/ for >>> generating the image? If not, how was the image generated? >>> >>> >>> >>> What exactly is the output from the 17.04 image you’re using? >>> >>> >>> >>> Thanks, >>> >>> >>> >>> Bob >>> >>> >>> >>> *From:* Adhi Priharmanto [mailto:adhi@gmail.com] >>> *Sent:* 03 May 2017 16:36 >>> *To:* openstack >>> *Subject:* [Openstack] cloud-init not start ini ubuntu 17.04 >>> >>> >>> >>> hi all, >>> >>> I just created ubuntu 17.04 custom image for working with openstack >>> xenserver, after installing & update+upgrade ubuntu 17.04 base OS, I >>> installed cloud-init, then reboot it to test cloud-init, but I can't see >>> cloud-init process during the ubuntu 17.04 OS boot. >>> >>> Is there anyone can help or give a suggest for me ? >>> >>> >>> -- >>> >>> Cheers, >>> >>> >>> >>> >>> >>> *Adhi Priharmanto* >>> >>> about.me/a_dhi >>> >>> [image: http://d13pix9kaak6wt.cloudfront.net/signature/colorbar.png] >>> >>> >>> >>> +62-812-82121584 <+62%20812-8212-1584> >>> >>> >>> >>> >> >> >> -- >> Cheers, >> >> >> >> [image: --] >> Adhi Priharmanto >> [image: http://]about.me/a_dhi >> <http://about.me/a_dhi?promo=email_sig> >> +62-812-82121584 >> > > > > -- > Eugen Block voice : +49-40-559 51 75 > NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 > Postfach 61 03 15 > D-22423 Hamburg e-mail : ebl...@nde.ag > > Vorsitzende des Aufsichtsrates: Angelika Mozdzen > Sitz und Registergericht: Hamburg, HRB 90934 > Vorstand: Jens-U. Mozdzen >USt-IdNr. DE 814 013 983 > > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac > k > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac > k > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] cloud-init not start ini ubuntu 17.04
Hi Bob, yes I'm following those tutorial, creating glance image from existing vm xenserver. - build from scratch VM using "16.04 template" and "other installation media" - update & upgrade the VM OS - installing cloud-init package, no change of cloud-init configuration and using the default setting of cloud-init - reboot the VM for testing the cloud-init and no output showing cloud-init activity, there is no process associated with cloud-init in "/var/log/syslog" - export the vdi, compress the VHD, upload to glance - start instance using the custom image, just get the IP address. To gather instance metadata, "cloud-init init" must be executed manually after instance completely booting. On Thu, May 4, 2017 at 11:32 PM, Bob Ball wrote: > Hi Adhi, > > > > Did you follow a guide, such as http://citrix-openstack. > siteleaf.net/posts/generating-images-for-xenserver-in-openstack/ for > generating the image? If not, how was the image generated? > > > > What exactly is the output from the 17.04 image you’re using? > > > > Thanks, > > > > Bob > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* 03 May 2017 16:36 > *To:* openstack > *Subject:* [Openstack] cloud-init not start ini ubuntu 17.04 > > > > hi all, > > I just created ubuntu 17.04 custom image for working with openstack > xenserver, after installing & update+upgrade ubuntu 17.04 base OS, I > installed cloud-init, then reboot it to test cloud-init, but I can't see > cloud-init process during the ubuntu 17.04 OS boot. > > Is there anyone can help or give a suggest for me ? > > > -- > > Cheers, > > > > > > *Adhi Priharmanto* > > about.me/a_dhi > > [image: http://d13pix9kaak6wt.cloudfront.net/signature/colorbar.png] > > > > +62-812-82121584 <+62%20812-8212-1584> > > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] cloud-init not start ini ubuntu 17.04
hi all, I just created ubuntu 17.04 custom image for working with openstack xenserver, after installing & update+upgrade ubuntu 17.04 base OS, I installed cloud-init, then reboot it to test cloud-init, but I can't see cloud-init process during the ubuntu 17.04 OS boot. Is there anyone can help or give a suggest for me ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Limit Summary not update
Hi, Bartłomiej Solarz-Niesłuchowski your script work for all projects , thanks for share On Fri, Apr 21, 2017 at 4:04 PM, Adhi Priharmanto wrote: > Hi, Bartłomiej Solarz-Niesłuchowski > > > Thanks for suggestion, it works, does it any fixed setting in nova.conf > may be to set the automatic quota update ? > > I'm still test your script in admin project, and it works, does it works > to reset other project(tenant) too ? > > On Fri, Apr 21, 2017 at 3:00 PM, Bartłomiej Solarz-Niesłuchowski < > bartlomiej.solarz-niesluchow...@wit.edu.pl> wrote: > >> W dniu 2017-04-21 o 09:33, Adhi Priharmanto pisze: >> >> >> Hi All, >> >> I'm in ocata release, had 2 running instance >> (openstack) server list >> +--+++-- >> -++ >> | ID | Name | Status | >> Networks | Image Name | >> +--+++-- >> -++ >> | 94d63b55-1dd8-4e9e-a471-58c14defccd1 | test13 | ACTIVE | >> public119=119.x.x.x | Cirros-3-5-xen | >> | 40d68c6e-6678-4a64-9309-2302a201bc09 | test11 | ACTIVE | >> admin-int=15.15.1.13 | Cirros-3-5-xen | >> +--+++-- >> -++ >> >> but why when I open in the horizon at "Project / Compute / Overview" page >> it's show >> >> *"Instances Used 3 of 10" * >> and when I check from usage list it show 4 instance used ? >> (openstack) usage list >> Usage from 2017-03-24 to 2017-04-22: >> +-+-+--+---+---+ >> | Project | Servers | RAM MB-Hours | CPU Hours | Disk GB-Hours | >> +-+-+--+---+---+ >> | admin | 4 | 52560.71 |102.66 |102.66 | >> +-+-+--+---+---+ >> >> even I deleted all instance, the value in "Project / Compute / >> Overview" page horizon won't be refresh/update. >> >> any suggestion for this case ? >> >> http://www.deadunicornz.org/blog/2015/02/13/openstack-icehou >> se-reset-incorrect-quota-count-for-nova >> >> >> >> -- >> Bartłomiej Solarz-Niesłuchowski, Administrator WSISiZ >> e-mail: bartlomiej.solarz-niesluchow...@wit.edu.pl >> tel. 223486547, fax 223486501 >> JID: sol...@jabber.wit.edu.pl >> 01-447 Warszawa, ul. Newelska 6, pokój 404, pon.-pt. 8-16 >> Motto - Jak sobie pościelisz tak sie wyśpisz >> >> >> ___ >> Mailing list: http://lists.openstack.org/cgi >> -bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi >> -bin/mailman/listinfo/openstack >> >> > > > -- > Cheers, > > > > [image: --] > Adhi Priharmanto > [image: http://]about.me/a_dhi > <http://about.me/a_dhi?promo=email_sig> > +62-812-82121584 <+62%20812-8212-1584> > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Hello
welcome aboard On Fri, Apr 21, 2017 at 6:29 PM, TanXin <746534...@qq.com> wrote: > I want to know if I subscribe successfully. > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Limit Summary not update
Hi, Bartłomiej Solarz-Niesłuchowski Thanks for suggestion, it works, does it any fixed setting in nova.conf may be to set the automatic quota update ? I'm still test your script in admin project, and it works, does it works to reset other project(tenant) too ? On Fri, Apr 21, 2017 at 3:00 PM, Bartłomiej Solarz-Niesłuchowski < bartlomiej.solarz-niesluchow...@wit.edu.pl> wrote: > W dniu 2017-04-21 o 09:33, Adhi Priharmanto pisze: > > > Hi All, > > I'm in ocata release, had 2 running instance > (openstack) server list > +--+++-- > -++ > | ID | Name | Status | > Networks | Image Name | > +--+++-- > -++ > | 94d63b55-1dd8-4e9e-a471-58c14defccd1 | test13 | ACTIVE | > public119=119.x.x.x | Cirros-3-5-xen | > | 40d68c6e-6678-4a64-9309-2302a201bc09 | test11 | ACTIVE | > admin-int=15.15.1.13 | Cirros-3-5-xen | > +--+++-- > -++ > > but why when I open in the horizon at "Project / Compute / Overview" page > it's show > > *"Instances Used 3 of 10" * > and when I check from usage list it show 4 instance used ? > (openstack) usage list > Usage from 2017-03-24 to 2017-04-22: > +-+-+--+---+---+ > | Project | Servers | RAM MB-Hours | CPU Hours | Disk GB-Hours | > +-+-+--+---+---+ > | admin | 4 | 52560.71 |102.66 |102.66 | > +-+-+--+---+---+ > > even I deleted all instance, the value in "Project / Compute / Overview" > page horizon won't be refresh/update. > > any suggestion for this case ? > > http://www.deadunicornz.org/blog/2015/02/13/openstack- > icehouse-reset-incorrect-quota-count-for-nova > > > > -- > Bartłomiej Solarz-Niesłuchowski, Administrator WSISiZ > e-mail: bartlomiej.solarz-niesluchow...@wit.edu.pl > tel. 223486547, fax 223486501 > JID: sol...@jabber.wit.edu.pl > 01-447 Warszawa, ul. Newelska 6, pokój 404, pon.-pt. 8-16 > Motto - Jak sobie pościelisz tak sie wyśpisz > > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Limit Summary not update
hi, Warad, Manjunath I think it's happen when failed instance build reached. Deleting failed instance wasn't update the quota count. On Fri, Apr 21, 2017 at 2:58 PM, Warad, Manjunath (Nokia - SG/Singapore) < manjunath.wa...@nokia.com> wrote: > Are all the project / tenant same in these cases? > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* Friday, 21 April, 2017 3:33 PM > *To:* openstack > *Subject:* [Openstack] Limit Summary not update > > > > > Hi All, > > I'm in ocata release, had 2 running instance > > (openstack) server list > +--+++-- > -++ > | ID | Name | Status | > Networks | Image Name | > +--+++-- > -++ > | 94d63b55-1dd8-4e9e-a471-58c14defccd1 | test13 | ACTIVE | > public119=119.x.x.x | Cirros-3-5-xen | > | 40d68c6e-6678-4a64-9309-2302a201bc09 | test11 | ACTIVE | > admin-int=15.15.1.13 | Cirros-3-5-xen | > +--+++-- > -++ > > > > but why when I open in the horizon at "Project / Compute / Overview" page > it's show *"Instances Used 3 of 10"* > > and when I check from usage list it show 4 instance used ? > > (openstack) usage list > Usage from 2017-03-24 to 2017-04-22: > +-+-+--+---+---+ > | Project | Servers | RAM MB-Hours | CPU Hours | Disk GB-Hours | > +-+-+--+---+---+ > | admin | 4 | 52560.71 |102.66 |102.66 | > +-+-+--+---+---+ > > > > even I deleted all instance, the value in "Project / Compute / Overview" > page horizon won't be refresh/update. > > any suggestion for this case ? > > > > > -- > > Cheers, > > > > *Error! Filename not specified.* > > *Adhi Priharmanto* > > *Error! Filename not specified.*about.me/a_dhi > > [image: Image removed by sender.] > > > > +62-812-82121584 <+62%20812-8212-1584> > > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Limit Summary not update
Hi All, I'm in ocata release, had 2 running instance (openstack) server list +--+++---++ | ID | Name | Status | Networks | Image Name | +--+++---++ | 94d63b55-1dd8-4e9e-a471-58c14defccd1 | test13 | ACTIVE | public119=119.x.x.x | Cirros-3-5-xen | | 40d68c6e-6678-4a64-9309-2302a201bc09 | test11 | ACTIVE | admin-int=15.15.1.13 | Cirros-3-5-xen | +--+++---++ but why when I open in the horizon at "Project / Compute / Overview" page it's show *"Instances Used 3 of 10"* and when I check from usage list it show 4 instance used ? (openstack) usage list Usage from 2017-03-24 to 2017-04-22: +-+-+--+---+---+ | Project | Servers | RAM MB-Hours | CPU Hours | Disk GB-Hours | +-+-+--+---+---+ | admin | 4 | 52560.71 |102.66 |102.66 | +-+-+--+---+---+ even I deleted all instance, the value in "Project / Compute / Overview" page horizon won't be refresh/update. any suggestion for this case ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Ocata-Xenserver] failed to start instance
Hi, great its working now, thanks for your response and suggestion. My fault didn't read the documentation carefully 😂 Once again thanks Michal Adamczyk On Mon, Apr 17, 2017 at 5:17 PM, Michal Adamczyk wrote: > Hi, > > I had this issue. Since Newton you have to do one extra thing[1] on the > XenServer (Dom0): > > rm /etc/modprobe.d/blacklist-bridge* > > > 1. https://docs.openstack.org/ocata/config-reference/ > compute/hypervisor-xen-api.html > > I hope all will works! > > On pon., 17.04.2017 at 11:02, Adhi Priharmanto wrote: > >> Hi All, >> >> I'm testing openstack ocata using xenserver 7.1 as hypervisor, set up >> networking using neutron and tenant network VLAN. >> >> Instance failed to launch and nova-compute.log give an error like : >> >> 2017-04-17 16:44:09.274 14109 ERROR nova.compute.manager [instance: >> bb27957e-ab1a-4915-b01d-9557fd00ff8b] Failure: ['XENAPI_PLUGIN_FAILURE', >> 'network_config', 'PluginError', 'add bridge failed: Package not >> installed\n'] >> >> >> it's look like neutron want to create bridge network even the default >> backend switch of xenserver set to be openvswitch . >> >> >> Anyone can help me with this problem ? >> >> Thanks for any suggest >> >> -- >> Cheers, >> >> >> >> [image: --] >> Adhi Priharmanto >> [image: http://]about.me/a_dhi >> <http://about.me/a_dhi?promo=email_sig> >> +62-812-82121584 <+62%20812-8212-1584> >> >> _______ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ >> openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ >> openstack >> > -- > Kind regards, > > Michal Adamczyk > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [Ocata-Xenserver] failed to start instance
Hi All, I'm testing openstack ocata using xenserver 7.1 as hypervisor, set up networking using neutron and tenant network VLAN. Instance failed to launch and nova-compute.log give an error like : 2017-04-17 16:44:09.274 14109 ERROR nova.compute.manager [instance: bb27957e-ab1a-4915-b01d-9557fd00ff8b] Failure: ['XENAPI_PLUGIN_FAILURE', 'network_config', 'PluginError', 'add bridge failed: Package not installed\n'] it's look like neutron want to create bridge network even the default backend switch of xenserver set to be openvswitch . Anyone can help me with this problem ? Thanks for any suggest -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Failed to list network agent for the computer nodes
Nice :) On Fri, Dec 30, 2016 at 5:45 PM, don...@ahope.com.cn wrote: > Sorry, it's working now, just a typo in the configuration file. > > [root@controller ~]# openstack network agent list > +---++---+---+-- > -+---+--+ > | ID| Agent Type | Host | Availability Zone > | Alive | State | Binary | > +---++---+---+-- > -+---+--+ > | 3d236f92 | Linux | computer1 | None > | True | UP| neutron- | > | -211a-4ce | bridge | | | > | | linuxbridge- | > | c-a393-30 | agent | | | > | | agent| > | b7272280d || | | > | | | > | e || | | > | | | > | 3fd6aa96- | DHCP agent | controlle | nova > | True | UP| neutron- | > | 79c5-4887 || r | | > | | dhcp-agent | > | -b893-b92 || | | > | | | > | 1383f5d98 || | | > | | | > | c2acea10- | Linux | controlle | None > | True | UP| neutron- | > | e30a-4644 | bridge | r | | > | | linuxbridge- | > | -afd6-8ff | agent | | | > | | agent| > | d42d54b64 || | | > | | | > | d7c66d5c- | Metadata | controlle | None > | True | UP| neutron- | > | 2a44 | agent | r | | > | | metadata-| > | -437e-ac2 || | | > | | agent| > | 0-c95aa3f || | | > | | | > | 3e698 || | | > | | | > | e90641e1- | Linux | computer2 | None > | True | UP| neutron- | > | 48b3-4bad | bridge | | | > | | linuxbridge- | > | -9012-a4c | agent | | | > | | agent| > | 28be635f8 || | | > | | | > | f74249f7- | L3 agent | controlle | nova > | True | UP| neutron-l3-a | > | 5005-4df5 || r | | > | | gent | > | -87f6-8ec || | | > | | | > | 377edaeb9 || | | > | | | > +---++---+---+-- > -+---+--+ > -- > = > 董 建 华 > 地址:杭州滨江区南环路3766号新世纪办公楼 > 邮编:310053 > 手机:13857132818 <(385)%20713-2818> > 总机:0571-28996000 > 传真:0571-28996001 > 热线:4006728686 > 网址:www.ahope.com.cn > Email:don...@ahope.com.cn > > > *From:* don...@ahope.com.cn > *Date:* 2016-12-30 18:38 > *To:* adhi.pri > *CC:* openstack > *Subject:* Re: Re: [Openstack] Failed to list network agent for the > computer nodes > Now the service is running. but still the same issue. > > ------ > = > 董 建 华 > 地址:杭州滨江区南环路3766号新世纪办公楼 > 邮编:310053 > 手机:13857132818 <(385)%20713-2818> > 总机:0571-28996000 > 传真:0571-28996001 > 热线:4006728686 > 网址:www.ahope.com.cn > Email:don...@ahope.com.cn > > > *From:* Adhi Priharmanto > *Date:* 2016-12-30 17:55 > *To:* don...@ahope.com.cn > *CC:* openstack > *Subject:* Re: [Openstack] Failed to list network agent for the computer > nodes > Check neutron network-agent services status on your compute node > > On Fri, Dec 30, 2016 at 3:39 PM, don...@ahope.com.cn > wrote: > >> *Hi,* >> >> *I have a question for neutron installation. after configuring the >> control node and computer nodes, it failed to list the computer node >> network agent, what is the problem?* >> >> [admin@controller ~]$ openstack network agent list >> +---++---+---+-- >> -+---+--+ >> | ID| Agent Type | Host | Availability Zone | >> Alive | State | Binary | >> +---++---+---+-- >> -+---+--+ >>
Re: [Openstack] Failed to list network agent for the computer nodes
Check neutron network-agent services status on your compute node On Fri, Dec 30, 2016 at 3:39 PM, don...@ahope.com.cn wrote: > *Hi,* > > *I have a question for neutron installation. after configuring the control > node and computer nodes, it failed to list the computer node network agent, > what is the problem?* > > [admin@controller ~]$ openstack network agent list > +---++---+---+-- > -+---+--+ > | ID| Agent Type | Host | Availability Zone > | Alive | State | Binary | > +---++---+---+-- > -+---+--+ > | 3fd6aa96- | DHCP agent | controlle | nova > | True | UP| neutron- | > | 79c5-4887 || r | | > | | dhcp-agent | > | -b893-b92 || | | > | | | > | 1383f5d98 || | | > | | | > | c2acea10- | Linux | controlle | None > | True | UP| neutron- | > | e30a-4644 | bridge | r | | > | | linuxbridge- | > | -afd6-8ff | agent | | | > | | agent| > | d42d54b64 || | | > | | | > | d7c66d5c- | Metadata | controlle | None > | True | UP| neutron- | > | 2a44 | agent | r | | > | | metadata-| > | -437e-ac2 || | | > | | agent| > | 0-c95aa3f || | | > | | | > | 3e698 || | | > | | | > | f74249f7- | L3 agent | controlle | nova > | True | UP| neutron-l3-a | > | 5005-4df5 || r | | > | | gent | > | -87f6-8ec || | | > | | | > | 377edaeb9 || | | > | | | > +---++---+---+-- > -+---+--+ > > -- > = > 董 建 华 > 地址:杭州滨江区南环路3766号新世纪办公楼 > 邮编:310053 > 手机:13857132818 <(385)%20713-2818> > 总机:0571-28996000 > 传真:0571-28996001 > 热线:4006728686 > 网址:www.ahope.com.cn > Email:don...@ahope.com.cn > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Error with neutron install
check your /etc/hosts make sure your controller IP address pointing to your controller hostname, next also check your firewall/iptables. On Fri, Dec 30, 2016 at 3:02 PM, don...@ahope.com.cn wrote: > *Hi everybody,* > > *Have you seen the following issue?* > > [admin@controller ~]$ neutron ext-list > Unable to establish connection to http://controller:9696/v2.0/ > extensions.json: HTTPConnectionPool(host='controller', port=9696): Max > retries exceeded with url: /v2.0/extensions.json (Caused > by NewConnectionError(' connection.HTTPConnection object at 0x2480990>: Failed > to establish a new connection: [Errno 111] Connection refused',)) > > -- > = > 董 建 华 > 地址:杭州滨江区南环路3766号新世纪办公楼 > 邮编:310053 > 手机:13857132818 <(385)%20713-2818> > 总机:0571-28996000 > 传真:0571-28996001 > 热线:4006728686 > 网址:www.ahope.com.cn > Email:don...@ahope.com.cn > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Snapshot change to DELETED after Queued
Hi, My openstack suddenly cannot created of instance snapshot, everytime I create snapshot after Queue status it will be change to DELETED status immediately . here is my : - Nova Compute log : http://pastebin.com/B7rPyZXg - Glance Api log : http://pastebin.com/Qmq3nxHi Does any one can help me ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
Hi, Here we go, my instance property (include nova&neutron security group list): http://pastebin.com/etZ51g31 and here is my iptables of, xenserver : http://pastebin.com/skURDdaM Compute node (nova) : http://pastebin.com/fnnugbZj Network node : http://pastebin.com/WXrEKWB6 On Fri, Sep 23, 2016 at 2:04 PM, Huan Xie wrote: > Hi, > > There are several parts to check, > > 1. When you empty security group rules, was this security group > used for the instances you were testing? > > 2. Can you double check the iptables rules or paste them somewhere > then we can check those rules? > > > > Thanks, > > Huan > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* Thursday, September 22, 2016 11:47 AM > > *To:* Huan Xie > *Cc:* openstack@lists.openstack.org > *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with > Neutron & XenServer > > > > Hi, > > > > an update from my-test , why even I empty group rule with no rule defined, > I still can reach (ping & ssh) my instance from outside ? > > > > On Wed, Sep 21, 2016 at 5:18 PM, Adhi Priharmanto > wrote: > > Hi Huan Xie, > > > > > > Thanks for your fast response, I applied those patch into my Dom0 and DomU > (nova-compute) , then restarting neutron-openvswitch-agent and nova-compute > service. > > > > the error on neutron-openvswitch-agent doesn't appear anymore, now I'm > still try Security Group Rules variation for instance, I'll update results > as soon . > > > > > > > > On Wed, Sep 21, 2016 at 2:11 PM, Huan Xie wrote: > > Hi Adhi, > > > > 1. From http://pastebin.com/gwf1wdEb, we can see you have set > “conntrack” command in netwrap, but seems the whole patch is not applied, I > mean you need apply the whole patch https://review.openstack.org/# > /c/341304/ in neutron. > > netwrap locates in Dom0 /etc/xapi.d/plugins > > neutron-rootwrap-xen-dom0 locates in DomU, maybe > /usr/local/bin/neutron-rootwrap-xen-dom0 > or other path like that, depends on how you install it, you maybe need to > apply the patch to the source file > >1. With this rule, I'm still able to ping instance >2. Also please check neutron-openvswitch-agent error list when I >remove rule and terminate instance. > > ð For the two, since the patch seems not applied completely, so you > maybe can still ping the VM. Also you need to install conntrack-tools in > Dom0 because the command “conntrack” in netwrap is send to Dom0, otherwise > the real “conntrack” command is not take effect. > > > > Hope these checks can help you. > > > > Thanks, > > Huan > > > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* Wednesday, September 21, 2016 1:59 PM > > > *To:* Huan Xie > *Cc:* openstack@lists.openstack.org > *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with > Neutron & XenServer > > > > Hi All > > > > Sorry for my late reply.. > > > > @Bob, I Installed liberty manually, not using devstack, packstack, etc > > > > Here Is my node service configuration. > > > > > > > > = > > NETWORK-NODE > > = > > Configuration : http://pastebin.com/6DLqUbjU > > > > > > = > > COMPUTE-NODE > > = > > Configuration : http://pastebin.com/RhGBvNbA > > Error list : http://pastebin.com/xHQSb625 > > > > = > > XENSERVER-NODE > > = > > Configuration : http://pastebin.com/gwf1wdEb > > Error list : http://pastebin.com/wNzbhcPi > > > > for Xenserver, > >- I also setup of Multi Tenancy Networking Protections in XenServer, >following this guide https://github.com/openstack/nova/blob/master/ >plugins/xenserver/doc/networking.rst > > <https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst> >- I also setup sysctl.conf (see config at xenserver-node pastebin), >but it's like no br_netfilter module available at xenserver. > > = > > neutron security-group-rule-list > > = > > # neutron security-group-rule-list > > +--++--- > +---+---+-+ > > | id | security_group | direction | > ethertype | protocol/port | remote |
Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
Hi, an update from my-test , why even I empty group rule with no rule defined, I still can reach (ping & ssh) my instance from outside ? On Wed, Sep 21, 2016 at 5:18 PM, Adhi Priharmanto wrote: > Hi Huan Xie, > > > Thanks for your fast response, I applied those patch into my Dom0 and DomU > (nova-compute) , then restarting neutron-openvswitch-agent and nova-compute > service. > > the error on neutron-openvswitch-agent doesn't appear anymore, now I'm > still try Security Group Rules variation for instance, I'll update results > as soon . > > > > On Wed, Sep 21, 2016 at 2:11 PM, Huan Xie wrote: > >> Hi Adhi, >> >> >> >> 1. From http://pastebin.com/gwf1wdEb, we can see you have set >> “conntrack” command in netwrap, but seems the whole patch is not applied, I >> mean you need apply the whole patch https://review.openstack.org/# >> /c/341304/ in neutron. >> >> netwrap locates in Dom0 /etc/xapi.d/plugins >> >> neutron-rootwrap-xen-dom0 locates in DomU, maybe >> /usr/local/bin/neutron-rootwrap-xen-dom0 or other path like that, >> depends on how you install it, you maybe need to apply the patch to the >> source file >> >>1. With this rule, I'm still able to ping instance >>2. Also please check neutron-openvswitch-agent error list when I >>remove rule and terminate instance. >> >> ð For the two, since the patch seems not applied completely, so you >> maybe can still ping the VM. Also you need to install conntrack-tools in >> Dom0 because the command “conntrack” in netwrap is send to Dom0, otherwise >> the real “conntrack” command is not take effect. >> >> >> >> Hope these checks can help you. >> >> >> >> Thanks, >> >> Huan >> >> >> >> >> >> *From:* Adhi Priharmanto [mailto:adhi@gmail.com] >> *Sent:* Wednesday, September 21, 2016 1:59 PM >> >> *To:* Huan Xie >> *Cc:* openstack@lists.openstack.org >> *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with >> Neutron & XenServer >> >> >> >> Hi All >> >> >> >> Sorry for my late reply.. >> >> >> >> @Bob, I Installed liberty manually, not using devstack, packstack, etc >> >> >> >> Here Is my node service configuration. >> >> >> >> >> >> >> >> = >> >> NETWORK-NODE >> >> = >> >> Configuration : http://pastebin.com/6DLqUbjU >> >> >> >> >> >> = >> >> COMPUTE-NODE >> >> = >> >> Configuration : http://pastebin.com/RhGBvNbA >> >> Error list : http://pastebin.com/xHQSb625 >> >> >> >> = >> >> XENSERVER-NODE >> >> = >> >> Configuration : http://pastebin.com/gwf1wdEb >> >> Error list : http://pastebin.com/wNzbhcPi >> >> >> >> for Xenserver, >> >>- I also setup of Multi Tenancy Networking Protections in XenServer, >>following this guide https://github.com/opens >>tack/nova/blob/master/plugins/xenserver/doc/networking.rst >> >> <https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst> >>- I also setup sysctl.conf (see config at xenserver-node pastebin), >>but it's like no br_netfilter module available at xenserver. >> >> = >> >> neutron security-group-rule-list >> >> = >> >> # neutron security-group-rule-list >> >> +--++--- >> +---+---+-+ >> >> | id | security_group | direction | >> ethertype | protocol/port | remote | >> >> +--++--- >> +---+---+-+ >> >> | 310fb8eb-bcf7-4425-83a3-f2f3f1335958 | default| egress| >> IPv6 | any | any | >> >> | 42e8b7e8-1262-4673-8547-55fa6b33d4f1 | default| egress| >> IPv4 | any | any | >> >> | 4e8bde5b-344a-4c6a-b09d-223d9fec72bf | default| ingress | >> IPv4 | any | default (group) | >&g
Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
Hi Huan Xie, Thanks for your fast response, I applied those patch into my Dom0 and DomU (nova-compute) , then restarting neutron-openvswitch-agent and nova-compute service. the error on neutron-openvswitch-agent doesn't appear anymore, now I'm still try Security Group Rules variation for instance, I'll update results as soon . On Wed, Sep 21, 2016 at 2:11 PM, Huan Xie wrote: > Hi Adhi, > > > > 1. From http://pastebin.com/gwf1wdEb, we can see you have set > “conntrack” command in netwrap, but seems the whole patch is not applied, I > mean you need apply the whole patch https://review.openstack.org/# > /c/341304/ in neutron. > > netwrap locates in Dom0 /etc/xapi.d/plugins > > neutron-rootwrap-xen-dom0 locates in DomU, maybe > /usr/local/bin/neutron-rootwrap-xen-dom0 > or other path like that, depends on how you install it, you maybe need to > apply the patch to the source file > >1. With this rule, I'm still able to ping instance >2. Also please check neutron-openvswitch-agent error list when I >remove rule and terminate instance. > > ð For the two, since the patch seems not applied completely, so you > maybe can still ping the VM. Also you need to install conntrack-tools in > Dom0 because the command “conntrack” in netwrap is send to Dom0, otherwise > the real “conntrack” command is not take effect. > > > > Hope these checks can help you. > > > > Thanks, > > Huan > > > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* Wednesday, September 21, 2016 1:59 PM > > *To:* Huan Xie > *Cc:* openstack@lists.openstack.org > *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with > Neutron & XenServer > > > > Hi All > > > > Sorry for my late reply.. > > > > @Bob, I Installed liberty manually, not using devstack, packstack, etc > > > > Here Is my node service configuration. > > > > > > > > = > > NETWORK-NODE > > = > > Configuration : http://pastebin.com/6DLqUbjU > > > > > > = > > COMPUTE-NODE > > = > > Configuration : http://pastebin.com/RhGBvNbA > > Error list : http://pastebin.com/xHQSb625 > > > > = > > XENSERVER-NODE > > = > > Configuration : http://pastebin.com/gwf1wdEb > > Error list : http://pastebin.com/wNzbhcPi > > > > for Xenserver, > >- I also setup of Multi Tenancy Networking Protections in XenServer, >following this guide https://github.com/openstack/nova/blob/master/ >plugins/xenserver/doc/networking.rst > > <https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst> >- I also setup sysctl.conf (see config at xenserver-node pastebin), >but it's like no br_netfilter module available at xenserver. > > = > > neutron security-group-rule-list > > = > > # neutron security-group-rule-list > > +--++--- > +---+---+-+ > > | id | security_group | direction | > ethertype | protocol/port | remote | > > +--++--- > +---+---+-+ > > | 310fb8eb-bcf7-4425-83a3-f2f3f1335958 | default| egress| > IPv6 | any | any | > > | 42e8b7e8-1262-4673-8547-55fa6b33d4f1 | default| egress| > IPv4 | any | any | > > | 4e8bde5b-344a-4c6a-b09d-223d9fec72bf | default| ingress | > IPv4 | any | default (group) | > > | cd8f3aaa-9882-42a0-b713-87489cfff22c | default| ingress | > IPv6 | any | default (group) | > > | d884ff2f-71e8-4647-b45d-e8f92ad87261 | default| egress| > IPv4 | any | any | > > | f4f85fae-6a15-4a85-ae51-5f34536bb72e | default| ingress | > IPv6 | any | default (group) | > > | f6e3929a-3df4-4209-8486-7ce0b0047771 | default| egress| > IPv6 | any | any | > > | fbb2a744-de01-49c7-b875-8cdfbc4fdd7f | default| ingress | > IPv4 | any | default (group) | > > +--++--- > +---+---+-+ > >- With this rule, I'm still able t
Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
Hi All Sorry for my late reply.. @Bob, I Installed liberty manually, not using devstack, packstack, etc Here Is my node service configuration. = NETWORK-NODE = Configuration : http://pastebin.com/6DLqUbjU = COMPUTE-NODE = Configuration : http://pastebin.com/RhGBvNbA Error list : http://pastebin.com/xHQSb625 = XENSERVER-NODE = Configuration : http://pastebin.com/gwf1wdEb Error list : http://pastebin.com/wNzbhcPi for Xenserver, - I also setup of Multi Tenancy Networking Protections in XenServer, following this guide https://github.com/openstack/nova/blob/master/ plugins/xenserver/doc/networking.rst <https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst> - I also setup sysctl.conf (see config at xenserver-node pastebin), but it's like no br_netfilter module available at xenserver. = neutron security-group-rule-list = # neutron security-group-rule-list +--++---+---+---+-+ | id | security_group | direction | ethertype | protocol/port | remote | +--++---+---+---+-+ | 310fb8eb-bcf7-4425-83a3-f2f3f1335958 | default| egress| IPv6 | any | any | | 42e8b7e8-1262-4673-8547-55fa6b33d4f1 | default| egress| IPv4 | any | any | | 4e8bde5b-344a-4c6a-b09d-223d9fec72bf | default| ingress | IPv4 | any | default (group) | | cd8f3aaa-9882-42a0-b713-87489cfff22c | default| ingress | IPv6 | any | default (group) | | d884ff2f-71e8-4647-b45d-e8f92ad87261 | default| egress| IPv4 | any | any | | f4f85fae-6a15-4a85-ae51-5f34536bb72e | default| ingress | IPv6 | any | default (group) | | f6e3929a-3df4-4209-8486-7ce0b0047771 | default| egress| IPv6 | any | any | | fbb2a744-de01-49c7-b875-8cdfbc4fdd7f | default| ingress | IPv4 | any | default (group) | +--++---+---+---+-+ - With this rule, I'm still able to ping instance - Also please check neutron-openvswitch-agent error list when I remove rule and terminate instance. I hope anyone can guide me with this problem, thanks before. On Sun, Sep 18, 2016 at 8:16 AM, Huan Xie wrote: > Hi, > > > > After applied these change, is your neutron ml2 configuration correct? > Mainly the below parts: > > If still cannot work, could you please describe the errors? > > Beside these, we find xenserver dom0 lacks of conntrack support for > neutron-ovs-agent in compute node, there is a fix waiting for review > https://review.openstack.org/#/c/341304/ > > 1. In nova.conf, two configurations should be set > > [DEFAULT] > > firewall_driver = nova.virt.firewall.NoopFirewallDriver > > security_group_api=neutron > > use_neutron = True > > [xenserver] > > ovs_integration_bridge = > > vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver > > 2. In neutron, check configurations ml2_conf.ini in compute node > which is used for neutron L2 agent > > [agent] > > minimize_polling = False > > root_helper_daemon = > > root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0 > /etc/neutron/rootwrap.conf > > [ovs] > > integration_bridge = > > bridge_mappings = > > Thanks, > > Huan > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* Thursday, September 15, 2016 3:48 PM > > *To:* Huan Xie > *Cc:* openstack@lists.openstack.org > *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with > Neutron & XenServer > > > > Hi, I still no luck for this problem, even I using liberty release, > Security groups still not applied on network. can you help me again ? > > > > On Thu, Mar 17, 2016 at 10:55 AM, Adhi Priharmanto > wrote: > > Ok, 'll try to patched my neutron > > > > On Tue, Mar 15, 2016 at 8:52 AM, Huan Xie wrote: > > Hi, > > For apply the patch, you need to download the changed file with this > https://review.openstack.org/#/c/251271/ and its dependent changes, you > can find its dependent changes in the right corner(Related Changes) in you > open the link. > > For files that you need edit, in the middle of the code review pag
Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
Hi, I still no luck for this problem, even I using liberty release, Security groups still not applied on network. can you help me again ? On Thu, Mar 17, 2016 at 10:55 AM, Adhi Priharmanto wrote: > Ok, 'll try to patched my neutron > > On Tue, Mar 15, 2016 at 8:52 AM, Huan Xie wrote: > >> Hi, >> >> For apply the patch, you need to download the changed file with this >> https://review.openstack.org/#/c/251271/ and its dependent changes, you >> can find its dependent changes in the right corner(Related Changes) in you >> open the link. >> >> For files that you need edit, in the middle of the code review page, you >> can find a section called “Files”, this part shows you which files are >> changed. >> >> >> >> Best Regards//Huan >> >> >> >> *From:* Adhi Priharmanto [mailto:adhi@gmail.com] >> *Sent:* Monday, March 14, 2016 6:21 PM >> *To:* Huan Xie >> *Cc:* openstack@lists.openstack.org >> *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with >> Neutron & XenServer >> >> >> >> Hi Xie, >> >> >> >> I also commented on your post at blog.citrix :) , for step 1 - 3 was >> clear for me. I still confused about patched code in >> https://review.openstack.org/#/c/251271/ for some file, could you more >> explain how to, which file that I should edit ? >> >> >> >> Thanks before >> >> >> >> On Mon, Mar 14, 2016 at 3:34 PM, Huan Xie wrote: >> >> Hi Adhi, >> >> >> >> Do you use devstack to deploy XenServer + Kilo or manually? >> >> Current Kilo release does not support XenServer + Neutron security group, >> because security group is implemented via iptables on Linux bridge, >> however, there is no Linux bridge created when booting a new instance. >> >> But we now have a new fix to support neutron security group, we have >> tested that it can work, this will be implemented as a blue print >> https://review.openstack.org/#/c/251271/ >> >> So, if you want to use neutron security group in Kilo, you should add >> some patch for your code and also please make the configurations as below: >> >> >> >> 1. In nova.conf, two configurations should be set >> >> [DEFAULT] >> >> firewall_driver = nova.virt.firewall.NoopFirewallDriver >> >> security_group_api=neutron >> >> >> >> [xenserver] >> >> ovs_integration_bridge = >> >> vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver >> >> >> >> If you don’t know how to configure >> ovs_integration_bridge, then you can refer this blog >> https://www.citrix.com/blogs/2015/11/30/integrating- >> xenserver-rdo-and-neutron/ >> >> >> >> 2. In neutron, check configurations ml2_conf.ini in compute node >> which is used for neutron L2 agent >> >> [agent] >> >> minimize_polling = False >> >> root_helper_daemon = >> >> root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0 >> /etc/neutron/rootwrap.conf >> >> >> >> [ovs] >> >> integration_bridge = >> >> bridge_mappings = >> >> >> >> Also for ovs configuration items, if you don’t clear on >> how to configure them, refer the blog >> >> >> >> 3. In neutron, check configurations /etc/neutron/rootwrap.conf in >> compute node >> >> [xenapi] >> >> # XenAPI configuration is only required by the L2 agent if it is to >> >> # target a XenServer/XCP compute host's dom0. >> >> xenapi_connection_url= >> >> xenapi_connection_username= >> >> xenapi_connection_password= >> >> >> >> Best Regards//Huan >> >> >> >> Original Message >> Subject: [Openstack] Security Groups Can't Apply in Kilo with Neutron & >> XenServer >> From: Adhi Priharmanto >> To: openstack@lists.openstack.org >> CC: >> >> Hi all, >> >> I had Openstack Kilo installed on my lab, for Compute Hypervisor I use >> XenServer 6.5, and networking Using Neutron OVS. For Controller, Network, >> and Compute node I'm using Ubuntu 14.04. >> >> >> >> My problem was Security Groups rules doesn't applied to the instance that >> created. For example, there is no rule for SSH port 22 in security group i >> defined to the instance, but instance with floating IP able to login
Re: [Openstack] Installing Mitaka with Openvswitch support
Hi Daniel, I have never tried to install mitaka, but in my experience installing liberty release using neutron & openvswitch which is in liberty document also doesn't contain guide for neutron & openswitch. Then I follow "kilo" release guide http://docs.openstack.org/kilo/install-guide/install/yum/content/ to adjust neutron & openvswitch configuration. Cheers. On Tue, Jun 28, 2016 at 4:02 PM, Daniel Ruiz Molina wrote: > Hello, > > I'm reading http://docs.openstack.org/mitaka/install-guide-rdo/ and I > would like to install a small test cloud (one controller that would act as > network too, and two computes). I'm executing all commands that are in that > manual, but when I get "Networking" chapter, I don't know how configure > with Openvswitch (and not linuxbridge). I have read, also, this > http://docs.openstack.org/mitaka/networking-guide/scenario-classic-ovs.html, > but I think I have missed something in configuration because VMs don't > receive DHCP IP offer... > > In my scenario, servers have this configuration: > server: network+controller --> 3 nics --> 1 with public IP and for > OpenStack management, 1 with private IP for VM data from OpenStack and 1 > with no IP for external network (floating IPs) > computes: 2 nics --> 1 with public IP and for OpenStack management and 1 > with private IP for VM data from OpenStack. > > After trying to do an step-by-step from the manual, I have launched som > VMs but no one reveives IP address from controller... It seems there is a > problem in networking configuration (maybe eth0<-->eth1 are swapped... > > Help please! > > > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [neutron] ICMP host unreachable - admin prohibited
Hi Andreas, Yes you're right, those blocking rule appears on my iptables # iptables -S |grep icmp-host-prohibited > -A INPUT -j REJECT --reject-with icmp-host-prohibited Then after I delete those rule, everything works fine. Thank you so much Andreas. On Tue, Jun 28, 2016 at 2:11 PM, Andreas Scheuring < scheu...@linux.vnet.ibm.com> wrote: > Hi Adhi, > yeah this seems to be iptables blocking you're traffic. > Calling > # iptables-save > gives you an easy to read output of all your rules. > > Probably you'll find some rule like > # -A INPUT -j REJECT --reject-with icmp-host-prohibited > > Now the problem with the 2 rules you added is, that you are appending > your rules with -A. Iptables-save should show, that they are processed > after the blocking rule (means never). > So what you need to do is to insert your 2 rules before the blocking > rule. You can do that using -I instead of -A. > > Alternatively you could just delete the blocking rule using: > # iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited > > > Note: > The commands just add/delete the rules on your running system. After a > reboot the rule will be gone again. You need to persist them. > How to do that depends on if you're using firewalld or iptables-service. > I think the www will help you there. > > Hope that helps > > > > -- > - > Andreas > IRC: andreas_s (formerly scheuran) > > > > On Di, 2016-06-28 at 13:14 +0700, Adhi Priharmanto wrote: > > Hi, all I've setup liberty release with neutron-openvswitch using gre > > tunnel at Centos. I've an problems when iptables service started at > > network and compute node. > > Instance couldn't get the internal IP address(DHCP) when it boot, if > > dump the packet using tcpdump on both of tunnel interface it says like > > this : > > > > 13:03:08.164944 IP 10.24.0.23 > opstcomp1-srg.dev.jcamp.net: ICMP host > > 10.24.0.23 unreachable - admin prohibited, length 106 > > > > > > > > 10.24.0.0/24 is my tunnel IP network. I've already add this rule on > > both node but its no luck > > > > > > iptables -A INPUT -p gre -j ACCEPT > > > > iptables -A FORWARD -p gre -j ACCEPT > > > > > > > > Can someone help me to solve this problem ? > > > > > > -- > > Cheers, > > > > > > Adhi Priharmanto > > about.me/a_dhi > > > > > > > > +62-812-82121584 > > > > > > > > ___ > > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack@lists.openstack.org > > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [neutron] ICMP host unreachable - admin prohibited
Hi, all I've setup liberty release with neutron-openvswitch using gre tunnel at Centos. I've an problems when iptables service started at network and compute node. Instance couldn't get the internal IP address(DHCP) when it boot, if dump the packet using tcpdump on both of tunnel interface it says like this : 13:03:08.164944 IP 10.24.0.23 > opstcomp1-srg.dev.jcamp.net: ICMP host 10.24.0.23 unreachable - admin prohibited, length 106 10.24.0.0/24 is my tunnel IP network. I've already add this rule on both node but its no luck iptables -A INPUT -p gre -j ACCEPT iptables -A FORWARD -p gre -j ACCEPT Can someone help me to solve this problem ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
Ok, 'll try to patched my neutron On Tue, Mar 15, 2016 at 8:52 AM, Huan Xie wrote: > Hi, > > For apply the patch, you need to download the changed file with this > https://review.openstack.org/#/c/251271/ and its dependent changes, you > can find its dependent changes in the right corner(Related Changes) in you > open the link. > > For files that you need edit, in the middle of the code review page, you > can find a section called “Files”, this part shows you which files are > changed. > > > > Best Regards//Huan > > > > *From:* Adhi Priharmanto [mailto:adhi@gmail.com] > *Sent:* Monday, March 14, 2016 6:21 PM > *To:* Huan Xie > *Cc:* openstack@lists.openstack.org > *Subject:* Re: [Openstack] Security Groups Can't Apply in Kilo with > Neutron & XenServer > > > > Hi Xie, > > > > I also commented on your post at blog.citrix :) , for step 1 - 3 was clear > for me. I still confused about patched code in > https://review.openstack.org/#/c/251271/ for some file, could you more > explain how to, which file that I should edit ? > > > > Thanks before > > > > On Mon, Mar 14, 2016 at 3:34 PM, Huan Xie wrote: > > Hi Adhi, > > > > Do you use devstack to deploy XenServer + Kilo or manually? > > Current Kilo release does not support XenServer + Neutron security group, > because security group is implemented via iptables on Linux bridge, > however, there is no Linux bridge created when booting a new instance. > > But we now have a new fix to support neutron security group, we have > tested that it can work, this will be implemented as a blue print > https://review.openstack.org/#/c/251271/ > > So, if you want to use neutron security group in Kilo, you should add some > patch for your code and also please make the configurations as below: > > > > 1. In nova.conf, two configurations should be set > > [DEFAULT] > > firewall_driver = nova.virt.firewall.NoopFirewallDriver > > security_group_api=neutron > > > > [xenserver] > > ovs_integration_bridge = > > vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver > > > > If you don’t know how to configure ovs_integration_bridge, > then you can refer this blog > https://www.citrix.com/blogs/2015/11/30/integrating-xenserver-rdo-and-neutron/ > > > > 2. In neutron, check configurations ml2_conf.ini in compute node > which is used for neutron L2 agent > > [agent] > > minimize_polling = False > > root_helper_daemon = > > root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0 > /etc/neutron/rootwrap.conf > > > > [ovs] > > integration_bridge = > > bridge_mappings = > > > > Also for ovs configuration items, if you don’t clear on > how to configure them, refer the blog > > > > 3. In neutron, check configurations /etc/neutron/rootwrap.conf in > compute node > > [xenapi] > > # XenAPI configuration is only required by the L2 agent if it is to > > # target a XenServer/XCP compute host's dom0. > > xenapi_connection_url= > > xenapi_connection_username= > > xenapi_connection_password= > > > > Best Regards//Huan > > > > Original Message > Subject: [Openstack] Security Groups Can't Apply in Kilo with Neutron & > XenServer > From: Adhi Priharmanto > To: openstack@lists.openstack.org > CC: > > Hi all, > > I had Openstack Kilo installed on my lab, for Compute Hypervisor I use > XenServer 6.5, and networking Using Neutron OVS. For Controller, Network, > and Compute node I'm using Ubuntu 14.04. > > > > My problem was Security Groups rules doesn't applied to the instance that > created. For example, there is no rule for SSH port 22 in security group i > defined to the instance, but instance with floating IP able to login by ssh > from external network. > > > I've already add this option on my nova.conf > > > > firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver > > > > and also defined firewall_driver on my ml2_conf.ini at Controller, > Network, and Compute node > > > > [ovs] > > enable_security_group = True > > enable_ipset = True > > firewall_driver = > neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver > > > > can somebody help me with this problem ? > > > > > > -- > > Cheers, > > > > *Adhi Priharmanto* > > about.me/a_dhi > > > > > > > > > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > > -- > > Cheers, > > > > *Adhi Priharmanto* > > about.me/a_dhi > > > > +62-812-82121584 > > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
here's my security groups list # neutron security-group-rule-list +--++---+--+--+--+ | id | security_group | direction | protocol | remote_ip_prefix | remote_group | +--++---+--+--+--+ | 0d814f8a-fd79-4a86-8fb4-4d769fc8b28e | default| egress| | | | | 12d1c7ea-1b42-417b-a620-e5a0bb10e7fd | default| egress| | | | | 25de2b38-503b-47e1-8d73-a52e87425eba | default| ingress | | | default | | 43fc5af3-1dd5-4276-8d05-9f79ce6c3743 | default| egress| | | | | 5157d898-5cd4-48b8-8290-2159aebb82bf | default| ingress | icmp | 0.0.0.0/0| | | 7403a747-23cc-4a05-bec1-9f1fc0e56b78 | default| ingress | | | default | | 968d51f4-b506-47bd-b450-9fb58f26979b | adhi | egress| | | | | bda9e450-3560-449e-bf2b-22202eb8baf8 | adhi | ingress | icmp | 0.0.0.0/0| | | d24d311c-c6b8-4b94-9919-155e0e106dee | adhi | egress| | | | | da9237b6-769d-4c0c-82be-1ee14e88a2c3 | default| ingress | | | default | | f66c3883-b32e-4871-a5f2-a3b2bfc468bc | default| ingress | | | default | | fd041a73-8c5b-4e14-8053-1ed7beabf448 | default| egress| | | | +--++---+--+--+--+ On Tue, Mar 15, 2016 at 2:17 AM, Remo Mattei wrote: > can you share your security groups rules? > > On Mar 13, 2016, at 20:56, Adhi Priharmanto wrote: > > Hi all, > > I had Openstack Kilo installed on my lab, for Compute Hypervisor I use > XenServer 6.5, and networking Using Neutron OVS. For Controller, Network, > and Compute node I'm using Ubuntu 14.04. > > My problem was Security Groups rules doesn't applied to the instance that > created. For example, there is no rule for SSH port 22 in security group i > defined to the instance, but instance with floating IP able to login by ssh > from external network. > > I've already add this option on my nova.conf > > firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver > > and also defined firewall_driver on my ml2_conf.ini at Controller, > Network, and Compute node > > [ovs] > enable_security_group = True > enable_ipset = True > firewall_driver = > neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver > > can somebody help me with this problem ? > > > -- > Cheers, > > > > [image: --] > Adhi Priharmanto > [image: http://]about.me/a_dhi > <http://about.me/a_dhi?promo=email_sig> > > > !DSPAM:1,56e639a818092205511520! > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,56e639a818092205511520! > > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
Oh I forgot, I deployed openstack from Ubuntu package following of openstack docs here http://docs.openstack.org/kilo/install-guide/install/apt/content/ On Mar 14, 2016 3:47 PM, "Huan Xie" wrote: > Hi Adhi, > > > > Do you use devstack to deploy XenServer + Kilo or manually? > > Current Kilo release does not support XenServer + Neutron security group, > because security group is implemented via iptables on Linux bridge, > however, there is no Linux bridge created when booting a new instance. > > But we now have a new fix to support neutron security group, we have > tested that it can work, this will be implemented as a blue print > https://review.openstack.org/#/c/251271/ > > So, if you want to use neutron security group in Kilo, you should add some > patch for your code and also please make the configurations as below: > > > > 1. In nova.conf, two configurations should be set > > [DEFAULT] > > firewall_driver = nova.virt.firewall.NoopFirewallDriver > > security_group_api=neutron > > > > [xenserver] > > ovs_integration_bridge = > > vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver > > > > If you don’t know how to configure ovs_integration_bridge, > then you can refer this blog > https://www.citrix.com/blogs/2015/11/30/integrating-xenserver-rdo-and-neutron/ > > > > 2. In neutron, check configurations ml2_conf.ini in compute node > which is used for neutron L2 agent > > [agent] > > minimize_polling = False > > root_helper_daemon = > > root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0 > /etc/neutron/rootwrap.conf > > > > [ovs] > > integration_bridge = > > bridge_mappings = > > > > Also for ovs configuration items, if you don’t clear on > how to configure them, refer the blog > > > > 3. In neutron, check configurations /etc/neutron/rootwrap.conf in > compute node > > [xenapi] > > # XenAPI configuration is only required by the L2 agent if it is to > > # target a XenServer/XCP compute host's dom0. > > xenapi_connection_url= > > xenapi_connection_username= > > xenapi_connection_password= > > > > Best Regards//Huan > > > > Original Message > Subject: [Openstack] Security Groups Can't Apply in Kilo with Neutron & > XenServer > From: Adhi Priharmanto > To: openstack@lists.openstack.org > CC: > > Hi all, > > I had Openstack Kilo installed on my lab, for Compute Hypervisor I use > XenServer 6.5, and networking Using Neutron OVS. For Controller, Network, > and Compute node I'm using Ubuntu 14.04. > > > > My problem was Security Groups rules doesn't applied to the instance that > created. For example, there is no rule for SSH port 22 in security group i > defined to the instance, but instance with floating IP able to login by ssh > from external network. > > > I've already add this option on my nova.conf > > > > firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver > > > > and also defined firewall_driver on my ml2_conf.ini at Controller, > Network, and Compute node > > > > [ovs] > > enable_security_group = True > > enable_ipset = True > > firewall_driver = > neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver > > > > can somebody help me with this problem ? > > > > > > -- > > Cheers, > > > > *Adhi Priharmanto* > > about.me/a_dhi > > > > > > > > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
Hi Xie, I also commented on your post at blog.citrix :) , for step 1 - 3 was clear for me. I still confused about patched code in https://review.openstack.org/#/c/251271/ for some file, could you more explain how to, which file that I should edit ? Thanks before On Mon, Mar 14, 2016 at 3:34 PM, Huan Xie wrote: > Hi Adhi, > > > > Do you use devstack to deploy XenServer + Kilo or manually? > > Current Kilo release does not support XenServer + Neutron security group, > because security group is implemented via iptables on Linux bridge, > however, there is no Linux bridge created when booting a new instance. > > But we now have a new fix to support neutron security group, we have > tested that it can work, this will be implemented as a blue print > https://review.openstack.org/#/c/251271/ > > So, if you want to use neutron security group in Kilo, you should add some > patch for your code and also please make the configurations as below: > > > > 1. In nova.conf, two configurations should be set > > [DEFAULT] > > firewall_driver = nova.virt.firewall.NoopFirewallDriver > > security_group_api=neutron > > > > [xenserver] > > ovs_integration_bridge = > > vif_driver = nova.virt.xenapi.vif.XenAPIOpenVswitchDriver > > > > If you don’t know how to configure ovs_integration_bridge, > then you can refer this blog > https://www.citrix.com/blogs/2015/11/30/integrating-xenserver-rdo-and-neutron/ > > > > 2. In neutron, check configurations ml2_conf.ini in compute node > which is used for neutron L2 agent > > [agent] > > minimize_polling = False > > root_helper_daemon = > > root_helper = /usr/local/bin/neutron-rootwrap-xen-dom0 > /etc/neutron/rootwrap.conf > > > > [ovs] > > integration_bridge = > > bridge_mappings = > > > > Also for ovs configuration items, if you don’t clear on > how to configure them, refer the blog > > > > 3. In neutron, check configurations /etc/neutron/rootwrap.conf in > compute node > > [xenapi] > > # XenAPI configuration is only required by the L2 agent if it is to > > # target a XenServer/XCP compute host's dom0. > > xenapi_connection_url= > > xenapi_connection_username= > > xenapi_connection_password= > > > > Best Regards//Huan > > > > Original Message > Subject: [Openstack] Security Groups Can't Apply in Kilo with Neutron & > XenServer > From: Adhi Priharmanto > To: openstack@lists.openstack.org > CC: > > Hi all, > > I had Openstack Kilo installed on my lab, for Compute Hypervisor I use > XenServer 6.5, and networking Using Neutron OVS. For Controller, Network, > and Compute node I'm using Ubuntu 14.04. > > > > My problem was Security Groups rules doesn't applied to the instance that > created. For example, there is no rule for SSH port 22 in security group i > defined to the instance, but instance with floating IP able to login by ssh > from external network. > > > I've already add this option on my nova.conf > > > > firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver > > > > and also defined firewall_driver on my ml2_conf.ini at Controller, > Network, and Compute node > > > > [ovs] > > enable_security_group = True > > enable_ipset = True > > firewall_driver = > neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver > > > > can somebody help me with this problem ? > > > > > > -- > > Cheers, > > > > *Adhi Priharmanto* > > about.me/a_dhi > > > > > > > > ___ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
Hi all, I had Openstack Kilo installed on my lab, for Compute Hypervisor I use XenServer 6.5, and networking Using Neutron OVS. For Controller, Network, and Compute node I'm using Ubuntu 14.04. My problem was Security Groups rules doesn't applied to the instance that created. For example, there is no rule for SSH port 22 in security group i defined to the instance, but instance with floating IP able to login by ssh from external network. I've already add this option on my nova.conf firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver and also defined firewall_driver on my ml2_conf.ini at Controller, Network, and Compute node [ovs] enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver can somebody help me with this problem ? -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack