Re: [Openstack] Initial quantum network state broken

Hi Greg, Sorry to hear you woes. I agree with you that setting things up is challeniging and sometimes problematic. I would suggest a number of things: 1. Give devstack a bash. This is very helpful and useful to try and understand how everything fits and works together. www.devstack.org 2. A few

Re: [Openstack] external dhcp server instead of dnsmasq

Hi,I'm not sure the "dhcp-host" configuration option exists actually. As for having one another host in VLAN mode is something I'd be interested to know as wellRegards,Razique Mahroua - Nuage & Corazique.mahr...@gmail.comTel : +33 9 72 37 94 15 Le 19 févr. 2013 à 08:05, Ritesh Nanda

[Openstack] deal with booting lots of instance simultaneously

Hi all, When create lots of instance simultaneously, there will be lots of instance in ERROR state. And most of them are caused by network rpc request timeout. This result is not so graceful. I think it will be better if scheduler keep a queue of creating request. when he find all the hosts are b

Re: [Openstack] Problems with drbd + pacemaker in HA

Hi, If you stop the resource this is perfectly normal to get a resource diskless and unconfigured since you asked pacemaker to stop it. You just need to reconnect properly the resource 0 (guess it's the mysql one). For this, it's more or less the same operation as this one: http://www.drbd.org/use

Re: [Openstack] deal with booting lots of instance simultaneously

Hi gtt, what does it mean for you 'lots of instance simultaneously'? 100, 1000, 1, more? We have launched >100 (but less than <1000) simultaneously without any issue. Rabbit running in a multicore with several gigs of RAM with out of the box configuration. Cheers Diego -- Diego Parrilla

Re: [Openstack] Problems with drbd + pacemaker in HA

+1From the HA guide : 4 Steps to solve the Split-BrainManually choose a node which data modifications will be discarded. We call it the split brain victim. Choose wisely, all modifications will be lost! When in doubt run a backup of the victim's data before you continue.When running a Pacemaker clu

Re: [Openstack] deal with booting lots of instance simultaneously

Hi Diego Thanks for you reply. How many hosts do you have? I have 4 hosts. And in this bug, https://bugs.launchpad.net/nova/+bug/1094226, The N is 20. In my environment N is about 16. I found that nova-network is too busy to deal with so many rpc request at the same time. The Rabbitmq is strong e

Re: [Openstack] deal with booting lots of instance simultaneously

Increasing the RPC timeout should help. I have seen this problem in nova-network in the past. Vish suggestion sounds good. Recently we launched by mistake 128 VMs in a production environment of a customer: 0 errors. They are using 12 cores and several gigs for the nova-network servers with dual 10

Re: [Openstack] Initial quantum network state broken

Hi Greg, I did have trouble with DHCP assignation (see my previous post in this list), which was being fixed by deleting ovs bridges on network node, recreating them and restarting OVS plugin and L3/DHCP agents (which were all on the same physical node). Maybe it helps. Anyway, when DHCP'ing

Re: [Openstack] keystone middleware

Hi Pat do you expect the one central user store to be replicated, say in Keystone, or not replicated? The approach we have taken is to assume that the user stores (we support multiple distributed ones) are external to Keystone, and will be managed by external administrators. When a user acce

Re: [Openstack] [Quantum/OVS] Br-int not responsive after network node reboot

Hi, I progressed in investigating the bug. I forgot to mention I was following "Provided Router/single tenancy" setup. So, at reboot, my tap/qg/qr network interfaces were down : 7: qg-c39e5df4-7f: mtu 1500 qdisc noop state DOWN link/ether fe:10:8c:d8:d8:ca brd ff:ff:ff:ff:ff:ff inet 19

Re: [Openstack] [Quantum/OVS] Br-int not responsive after network node reboot

On 02/19/2013 01:57 PM, Sylvain Bauza wrote: Hi, I progressed in investigating the bug. I forgot to mention I was following "Provided Router/single tenancy" setup. So, at reboot, my tap/qg/qr network interfaces were down : 7: qg-c39e5df4-7f: mtu 1500 qdisc noop state DOWN link/ether fe:10

Re: [Openstack] deal with booting lots of instance simultaneously

Are you using multi_host setup? If not, as Vish suggested, that will alleviate much of the problem. Best, -jay On 02/19/2013 04:09 AM, gtt116 wrote: > Hi Diego > > Thanks for you reply. > How many hosts do you have? I have 4 hosts. And in this bug, > https://bugs.launchpad.net/nova/+bug/1094226,

Re: [Openstack] external dhcp server instead of dnsmasq

Hope Vish can answer this , what can be the way around to do this. On Tue, Feb 19, 2013 at 2:01 PM, Razique Mahroua wrote: > Hi, > I'm not sure the "dhcp-host" configuration option exists actually. As for > having one another host in VLAN mode is something I'd be interested to know > as well > >

Re: [Openstack] keystone middleware

Hello, Comments inline. On Mon, 18 Feb 2013 19:56:00 -0600, Dolph Mathews wrote > On Mon, Feb 18, 2013 at 9:59 AM, pat wrote: >Hello, > > Sorry to disturb, but I have some questions regarding keystone middleware. > > Some introduction to problem: I need to integrate OpenStack to our existing > i

Re: [Openstack] keystone middleware

Hi, Expecting single external user store which is RO for keystone. In common the users store is LDAP. As I wrote the key thing here is the generated token. Pat On Tue, 19 Feb 2013 10:44:59 +, David Chadwick wrote > Hi Pat > > do you expect the one central user store to be replicated, s

Re: [Openstack] [Quantum/OVS] Br-int not responsive after network node reboot

Le 19/02/2013 13:31, Gary Kotton a écrit : On 02/19/2013 01:57 PM, Sylvain Bauza wrote: Hi, I progressed in investigating the bug. I forgot to mention I was following "Provided Router/single tenancy" setup. So, at reboot, my tap/qg/qr network interfaces were down : 7: qg-c39e5df4-7f: mtu 150

Re: [Openstack] [Quantum/OVS] Br-int not responsive after network node reboot

On 02/19/2013 03:47 PM, Sylvain Bauza wrote: Le 19/02/2013 13:31, Gary Kotton a écrit : On 02/19/2013 01:57 PM, Sylvain Bauza wrote: Hi, I progressed in investigating the bug. I forgot to mention I was following "Provided Router/single tenancy" setup. So, at reboot, my tap/qg/qr network inte

[Openstack] [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenStack Security Advisory: 2013-004 CVE: CVE-2013-1664, CVE-2013-1665 Date: February 19, 2013 Title: Information leak and Denial of Service using XML entities Reporter: Jonathan Murray (NCC Group), Joshua Harlow (Yahoo!), Stuart Stent Products: Key

Re: [Openstack] Horizon Keystone Endpoint Issue

Same problem here. Running Grizzly. Dashboard keeps prompting me for my credentials. Pretty sure dashboard sends wrong tenant name to keystone. Here is the keystone.log entry: 2013-02-19 16:55:06  WARNING [keystone.common.wsgi] Authorization failed. The requ

Re: [Openstack] Horizon Keystone Endpoint Issue

I checked /etc/nova/api-paste.ini. Here's the relevant section in it: [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_host = 192.168.203.103 auth_port = 35357 auth_protocol = http admin_te

Re: [Openstack] Horizon Keystone Endpoint Issue

Moreover (sorry for spamming), this command works fine: root@leonard:/etc/init.d# keystone --os-username nova --os-password openstack --os-tenant-name service --os-auth-url http://192.168.203.103:5000/v2.0/ token-get +---+-

[Openstack] [OSSA 2013-005] Keystone EC2-style authentication accepts disabled user/tenants (CVE-2013-0282)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenStack Security Advisory: 2013-005 CVE: CVE-2013-0282 Date: February 19, 2013 Keystone EC2-style authentication accepts disabled user/tenants Reporter: Nathanael Burton (National Security Agency) Products: Keystone Affects: All versions Descripti

Re: [Openstack] Help with VMs

Hi Lloyd  Many thanks for the tips. Been a great help. Been trying a few things out. I'm running Ubuntu 12.4 with OpenStack. Created a FreeBSD 9.0 image that works for KVM. i.e. kvm-img create -f raw freebsd3.img 10G kvm -m 512 -hda freebsd3.img  -cdrom FreeBSD-9.0-RELEASE-amd64-disc1.iso -bo

[Openstack] Run ./run_tests.sh test_libvirt error

Hi all, After i installed Openstack by Devstack, i wanna run the tests in the nova/tests/test_libvirt.py file. I ran the command './run_tests.sh test_libvirt' and i caught following error. $ ./run_tests.sh test_libvirt Running `tools/with_venv.sh python setup.py testr --slowest --testr-args='--su

Re: [Openstack] Help with VMs

On Tue, Feb 19, 2013 at 1:25 PM, Harvey West wrote: > This boots ok. kvm -m 2048 -hda freeBSD.img -boot c > (note: did not use virtio mods. Assumed these were just optimized NIC/SCSI > drivers. Which I can live without for the time being) I ran into the same isssue with FreeBSD images. These ar

Re: [Openstack] Help with VMs

Harvey , To get console.log in ubuntu we need to make some changes in grub config Below steps works in ubuntu, hope only the file location would be different rest would be the same. Write /etc/default/grub GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200" then save and run update-grub2 u

Re: [Openstack] Help with VMs

You definitely need the libvirt modules. Nova has no way to detect whether the modules are installed so it will try to attach via virtio. Note that with grizzly you can use custom glance properties to override the default vif type and disk bus. See https://review.openstack.org/#/c/21527/ and ht

Re: [Openstack] external dhcp server instead of dnsmasq

You cannot have an external dhcp server with openstack. Openstack needs a way to know the ip address assigned to a vm to do its listing properly. If you don't care about the api returning valid ips there is a possibility of using FlatNetworking (not FlatDHCP) to make nova stick the network into

[Openstack] Quantum floating IP SNAT not working

Hi, I have a classic "Provider Network, private networks" as follows : - internal network 10.0.0.0/24 - external network 192.168.10.0/24 gw 192.168.1.252 (I know, I have to add a manual route on both gw and network node) - br-ex is having 192.168.10.254 I have a floating IP 192.168.10.2 NAT

Re: [Openstack] external dhcp server instead of dnsmasq

Thanks vish, Can you tell me the location of the external host file we provide to dnsmasq , so that i can try putting the directive there. On Wed, Feb 20, 2013 at 1:07 AM, Vishvananda Ishaya wrote: > You cannot have an external dhcp server with openstack. Openstack needs a > way to know the

Re: [Openstack] external dhcp server instead of dnsmasq

Thanks Vish, This is something I always forget to ask: I'm curious about the historical reasons for dnsmasq instead of ISC-DHCP managed with OMAPI, for example. Cheers Diego -- Diego Parrilla *CEO* *www.stackops.com | * diego.parri...@stackops.com** | +34 649 94 43 29

Re: [Openstack] external dhcp server instead of dnsmasq

No particular reason except that is what libvirt uses by default and it is easy to modify. Vish On Feb 19, 2013, at 11:51 AM, Diego Parrilla Santamaría wrote: > Thanks Vish, > > This is something I always forget to ask: I'm curious about the historical > reasons for dnsmasq instead of ISC-D

Re: [Openstack] external dhcp server instead of dnsmasq

It is unfortunately regenerated every time an instance is launched, but if you want to test editing it is referenced in the commmandline for dnsmasq. for example on devstack: --dhcp-hostsfile=/opt/stack/data/nova/br100.conf Vish On Feb 19, 2013, at 11:49 AM, Ritesh Nanda wrote: > Thanks vish

Re: [Openstack] external dhcp server instead of dnsmasq

Thanks again vish Do we have any roadmap to include a functinality for using ISC-dhcp and bind dns as default in openstack. As with the release of Bind 10 a lot of functionality would be getting change from how bind9 worked. Now ISC-dhcp would be saving lease files in database and lot more. Even m

Re: [Openstack] Quantum floating IP SNAT not working

Damn. Found it. I stupidly forgot to add manual route to 192.168.1.252 for qg (gateway) network ! I had all the keys, I knew that for metadata traffic, you need external mapping to router IP, I saw that iptables was saying 'outbound traffic thru 192.168.10.1' (ie. qg - router), but I didn't not

Re: [Openstack] external dhcp server instead of dnsmasq

nova dhcp and dns architecture won't change. But I'm sure an alternate dhcp implementation could be done as a quantum l3 plugin. So that combined with moniker would likely be the path forward. Vish On Feb 19, 2013, at 12:18 PM, Ritesh Nanda wrote: > Thanks again vish > > Do we have any roadm

Re: [Openstack] Suggestions for shared-storage cluster file system

Hey Marco, have you been able to run some performance test on your Gluster cluster?Thanks :) Razique Mahroua - Nuage & Corazique.mahr...@gmail.comTel : +33 9 72 37 94 15 Le 18 févr. 2013 à 14:20, Marco CONSONNI a écrit :Hello Sam,I've tried two of them: NFS and Gluster.Some pr

Re: [Openstack] [Quantum/OVS] Br-int not responsive after network node reboot

Le 19/02/2013 13:31, Gary Kotton a écrit : The problem is as follows: When you reboot the host the openvswitch will create the interfaces on restart. this causes problems with the dhcp and the l3 agents. the solution to this is to run the quantum-ovs-cleanup utility on reboot prior to the dhcp

Re: [Openstack] Suggestions for shared-storage cluster file system

We have used Gluster for small deployments, but lately we have changed our mind. Basically we have bet on Gluster for 2013 because of: - 10GbE everywhere, and Gluster MUST run in 10GbE (or Infiniband) - 3.3 release fixes some issues when locking big files: Granular locking - libgfapi reborn, no m

Re: [Openstack] external dhcp server instead of dnsmasq

Or is there any way in openstack i can implement dynamic dns in openstack. If you want your VM's to automatically get a DNS entry, I have a MyDNS add-on that can do it. MyDNS is a DNS server that uses a database instead of zone files. You just have to pick a domain or subdomain, and then ma

[Openstack] [DevStack] Does a Swift/Keystone only install require AMQP?

Hi All, When I was doing a Swift/Keystone only install with DevStack I used the following in my localrc disable_all_services enable_service key swift mysql Then stack.sh paused with the error message ERROR: at least one rpc backend must be enabled, set one of 'rabbit', 'qpid', 'zerom

Re: [Openstack] [DevStack] Does a Swift/Keystone only install require AMQP?

nothing in swift requires rabbit, qpid, or zeromq --john On Feb 19, 2013, at 4:53 PM, Everett Toews wrote: > Hi All, > > When I was doing a Swift/Keystone only install with DevStack I used the > following in my localrc > > disable_all_services > enable_service key swift mysql > > Then

Re: [Openstack] [DevStack] Does a Swift/Keystone only install require AMQP?

It doesn't - the AMQP is needed for the Nova/Glance/Cinder/Ceilometer integration and that internal RPC mechanism that they use. -joe On Feb 19, 2013, at 4:53 PM, Everett Toews wrote: > Hi All, > > When I was doing a Swift/Keystone only install with DevStack I used the > following in my local

[Openstack] Fwd: Initial quantum network state broken

>From my perspective, it seems that the OVS bridges are not being brought up correctly. As you can see in my earlier post, the integration bridge (int) and the physical interface bridges (br-ex and br-eth1) are downed. I've tried to bring them up in promiscuous mode in the case of br-int, and wit

Re: [Openstack] Openstack] Suggestions for shared-storage cluster file system

So it sounds like what we're talking about here is running a Ceph or GlusterFS node alongside the compute node (ie, on the same physical system). I assume then that VMs access their volumes via NFS or iSCSI from Cinder on the controller node, and in turn, Cinder reads and writes to the cluster FS,

[Openstack] PKI and HA in OpenStack

Hello All! How does high availability and public key infrastructure work together in openstack? For example we have Swift proxies for horizontal scaling. They authenticate themselves with Keystone. Do the set of machines in the swift proxy cluster use the same public-private key pair? Much th

[Openstack] [OpenStack] About API Key Extension

Hi experts, I've installed openstack with devStack. The problem is can I get some existing implementation and try to patch it with my openstack? I notice that RackSpace has already implement it. Link as following: http://docs.rackspacecloud.com/openstack-extensions/auth/RAX-KSKEY-admin-devguide/

Re: [Openstack] [OpenStack] About API Key Extension

Sorry for misunderstand. I need to patch API Key for my own openstack. That's the point. Thank you! Best Regards! Henry At 2013-02-20 12:48:33,"Zhiqiang Zhao" wrote: Hi experts, I've installed openstack with devStack. The problem is can I get some existing implementation and try to patc

[Openstack] [SWIFT] Account or User or Account_User?

In tempauth of SAIO, what's the meaning of *user_test_tester3 = testing3* * * not account is test tester3 is a user of that account, but tester3 is not admin or reseller admin. Could testers get(GET,HEAD) information from account:test? In the current code, the answer is no. I'm not sure what can

[Openstack] Restart devstack errors

Hi all, When i reboot my OS, i have to install devstack again. But i caught following errors during the restart + timeout 60 sh -c 'while ! http_proxy= curl -s http://192.168.1.3:5000/v2.0/ >/dev/null; do sleep 1; done' + echo 'keystone did not start' keystone did not start + exit 1 + clean + loc

Re: [Openstack] Horizon Keystone Endpoint Issue

On 20 February 2013 03:40, Michaël Van de Borne wrote: > Same problem here. Running Grizzly. Dashboard keeps prompting me for my > credentials. Pretty sure dashboard sends wrong tenant name to keystone. > Here's the relevant section in /etc/openstack-dashboard/local-settings.py: > OPENSTACK_HOST

[Openstack] security releases

Is there any plan to have security releases for the supported versions of the various Openstack components? Like having a 2012.2.3.3 for keystone (the last number being the security release). -- -- Matthew Thode signature.asc Description: OpenPGP digital signature

[Openstack] Keystone issue [Can't go back to command prompt after running Keystone]

Hi everyone, I am trying to install OpenStack for the first time. After successfully installing Keystone service, when i run the service i can't come back to the server's command prompt. To get to command prompt i have to stop the Keystone service. During the process of adding images in Glance i am

[Openstack] [LBaas] Enabling LBaaS in Folsom Installation

Hi Stackers- Has any one tried on enabling LBaaS in Folsom Installation. Kindly share me the installation/integration of LBaaS into Folsom. I think, there is some Service agent work already into quantum -- Regards, -- Trinath Somanchi, +91 9866 235 1