[opencontrail-dev] Contrail Upgrade from an older R4.1 to a newer R4.1
Hi all, I have looked over Contrail feature guide 4.1 and I couldn't find a procedure for Contrail upgrade from an older R4.1 to a newer R4.1. Suppose I have built Contrail RPM packages for R4.1, and with them I have also built the Docker containers. With these containers, I have deployed a Contrail setup with 3 nodes: one OpenStack Controller, one Contrail Controller and one Contrail compute node. The 3 nodes are Red Hat 7.4 VMs on a Red Hat 7.4 sever. After some time I have pulled the changes from the Contrail repos and I have built again the RPMs. I want to upgrade my existing Contrail setup to use the new RPMs. Do you have some steps regarding how the upgrade on an existing Contrail setup should be performed? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Changed DNS behavior between R3.2 and R4.1
Hi all, I have a Contrail 4.1 setup and I am looking over how DNS works. My Contrail setup consists of 4 VMs installed on a CentOS 7.3 server. 1stVM is the OpenStack Controller, 2nd VM is the Contrail controller and the 3rd and the 4th VMs are the Contrail Computes. I have a similar setup, but with Contrail R3.2. I've noticed that there is a difference between Contrail R3.2 and Contrail R4.1 regarding DNS. On both setups, I have created the configuration detailed below. I have created an IPAM, named myipam and I have set Tenant DNS method for this IPAM. Tenant DNS Server IP is 8.8.8.8 and Domain Name is mydomain.com. I have created a virtual network with a single subnet with DNS enabled.. This subnet uses myipam and also has in the DNS Severs tab the IP 11.11.11.11. Then I have booted a VM which uses the virtual network I have just created. I wanted to check the nameservers used by VM. In R4.1, cat /etc/resolv.conf shows the following: nameserver 8.8.8.8 search mydomain.com In R3.2, cat /etc/resolv.conf shows the following: search mydomain.com nameserver 11.11.11.11 So, in R4.1 it uses the Tenant DNS Server IP while in R3.2 it uses the DNS Server IP associated to the respective subnet. Also, the order is changed in R4.1 compared to R3.2 (first DNS Server IP and then domain name, compared to first domain name and then DNS Server IP) Can you please explain why the behavior is changed between R3.2 and R4.1? In my opinion, the correct behavior is in R3.2. Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Questions on running Contrail services from master branch inside Docker containers
Hi all, I want to run Contrail services (such as contrail-vrouter-agent, contrail-collector, contrail-analytics, contrail-webui) and their dependencies (such as cassandra, kafka) inside Docker containers. I googled for some instructions on how to build Docker images for Contrail services, but unfortunately I could not find anything relevant. I have found contrail-docker repo on GitHub but I think this is used for running the Contrail services inside Docker containers. Contrail-docker repo supposes that the Docker images containing the Contrail services are already built. I have also found in [1] some already built Docker images containing Contrail services. [1] https://hub.docker.com/u/opencontrail/?page=1 Unfortunately, for contrail-vrouter-agent, the Docker image is from R2.20 branch: https://hub.docker.com/r/opencontrail/vrouter-agent/tags/ My questions are: 1. How to build Contrail services from master branch as images for Docker containers? 2. Is contrail-docker the repo to be used for running Docker images containing Contrail services? 3. I want to run contrail-docker with the already-built Docker images from [1], although none of them is a Docker image from master branch. Do I need a Docker image containing contrail-vrouter-agent for R4.0 branch for a full Contrail setup? 4. Which OpenStack is used in conjunction with Docker images containing Contrail services? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Contrail collector crashes on Ubuntu 14.04 with Contrail R4.1 and OpenStack Newton
Hi all, I have installed Contrail R4.1 on an Ubuntu 14.04 server. Installation worked well and all the Contrail processes were active. Afterwards, I have installed on the same server OpenStack Newton using devstack. However, I've noticed that when ./stack.sh is running, contrail-collector crashes. Unfortunately, I couldn't find any core file to analyze it with gdb. I ran dmesg command and I have encountered the following message: traps: vizd[7386] general protection ip:7f98212bc8c9 sp:7f981528a040 error:0 in libuv.so.1.0.0[7f98212aa000+23000] I had installed libuv 1.7.5-1, then I have found that OpenStack Newton uses libuv version 1.9.1 and I have installed libuv 1.9.1. However, collector still crashes. Do you have any idea on how I can solve this? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Contrail R4.1 installation on an Ubuntu 16.04 server
Hi all, I am trying to install OpenContrail R4.1 on an Ubuntu 16.04 server. For this, I am using contrail-installer package, master branch. There is no R4.1 branch in contrail-installer package. https://github.com/Juniper/contrail-installer I have read in Contrail release notes for R4.0 that Ubuntu 16.04 is supported for Contrail R4.0, therefore I suppose that Ubuntu 16.04 is also supported for OpenContrail R4.1. https://www.juniper.net/documentation/en_US/contrail4.0/information-products/topic-collections/release-notes/contrail-release-notes-4.0.2.pdf However, I am facing multiple issues during installation, such as: * apt_get install chkconfig - chkconfig is not included anymore in Ubuntu 16.04 packages * apt_get install python-docker-py - python-docker-py was replaced by python-docker * pip version 1.5.6 that contrail.sh wants to install is too old and causes mismatches * cassandra cpp drivers and libuv that are being downloaded are for Ubuntu 14.04. I"ve found the Cassandra-cpp-drivers and libuv for Ubuntu 16.04 but I don't know which version I should download for Ubuntu 16.04. o wget http://downloads.datastax.com/cpp-driver/ubuntu/14.04/cassandra/v2.2.0/cassandra-cpp-driver-dev_2.2.0-1_amd64.deb o wget http://downloads.datastax.com/cpp-driver/ubuntu/14.04/dependencies/libuv/v1.7.5/libuv_1.7.5-1_amd64.deb Because of these reasons, I do not think that using contrail.sh from contrail-installer package is the proper way to install OpenContrail R4.1 on an Ubuntu 16.04 server. Can you please let me know what can I use for installing OpenContrail R4.1 on an Ubuntu 16.04 server? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package
I don’t think I have the rights to see “Target to series”. I also looked at a bug that I logged on Launchpad and I don’t see “Target to series”. Thanks, Anda From: Sachin Bansal [mailto:sban...@juniper.net] Sent: Monday, October 30, 2017 6:57 PM To: Anda Nicolae Cc: Edward Ting; Gregory Elkinbard; Karl Klashinsky; dev@lists.opencontrail.org Subject: Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package On Oct 30, 2017, at 9:50 AM, Anda Nicolae mailto:anico...@lenovo.com>> wrote: 2. I have found the same bug in R3.2 also. I want to merge the fix from master branch to R3.2 branch. The fix can be merged without any conflicts in R3.2 branch. Do I need to log another bug for this merge? I tried to edit the initial bug and add Contrail R3.2 branch as affected project, but without any luck. You can do it by clicking on ‘Target to series’ and then selecting 3.2. Sachin ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package
Hi all, Regarding the merge I intend to do from master branch to R3.2 branch: 1. A bug was logged on R4.0. The fix was submitted in master branch and merged in R4.0 branch. Below it is the link to the bug I am referring to: https://bugs.launchpad.net/juniperopenstack/+bug/1704078 2. I have found the same bug in R3.2 also. I want to merge the fix from master branch to R3.2 branch. The fix can be merged without any conflicts in R3.2 branch. Do I need to log another bug for this merge? I tried to edit the initial bug and add Contrail R3.2 branch as affected project, but without any luck. Thanks, Anda From: Dev [mailto:dev-boun...@lists.opencontrail.org] On Behalf Of Anda Nicolae Sent: Friday, October 27, 2017 8:12 PM To: Edward Ting; Gregory Elkinbard; Sachin Bansal; Karl Klashinsky Cc: dev@lists.opencontrail.org Subject: Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package Hi all, As Edward said, I want to merge the fix from master branch to R3.2 branch. Same fix has already been merged from master branch to R4.0 branch. Thanks, Anda On Fri, Oct 27, 2017 at 7:57 PM +0300, "Edward Ting" mailto:lti...@lenovo.com>> wrote: Hi, Anda is trying to address a bug in R3.2 that is fixed in R4. https://bugs.launchpad.net/juniperopenstack/+bug/1704078 Is there a plan to merge that fix from R4 to R3.2 soon? cheers, Edward From: Dev [mailto:dev-boun...@lists.opencontrail.org] On Behalf Of Gregory Elkinbard Sent: Friday, October 27, 2017 9:44 AM To: Anda Nicolae; Sachin Bansal; Karl Klashinsky Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org> Subject: Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package Klash, I thought that we disabled mandatory CLA for all opencontrail repos. Can you take a look? Anda, please make sure that a bug or blueprint exist before asking for a review. Thanks Greg From: Dev mailto:dev-boun...@lists.opencontrail.org>> on behalf of Anda Nicolae mailto:anico...@lenovo.com>> Date: Friday, October 27, 2017 at 11:07 AM To: Sachin Bansal mailto:sban...@juniper.net>> Cc: "dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>" mailto:dev@lists.opencontrail.org>> Subject: Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package Hi Sachin, I did. I received the following error message after I wanted to do a git push: fatal: A Contributor Agreement must be completed before uploading: https://review.opencontrail.org/#/settings/agreements<https://urldefense.proofpoint.com/v2/url?u=https-3A__review.opencontrail.org_-23_settings_agreements&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=VQrMBvKeploIeBocya36pOwODBVDvmbjFqFgowqJuhs&m=KfW8YrnrqwJ4ixVBtsv6Lazxu89T8-f2kajwoE_wOEo&s=R83Nm3D5KXNcWyhaQ0io7FxbMvdzjndcBEmMC9RHLVY&e=> However, in my Gerrit account from review.opencontrail.org there is no CLA agreement. The only CLA I've found was the link from https://github.com/Juniper/contrail-web-controller/blob/master/README.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Juniper_contrail-2Dweb-2Dcontroller_blob_master_README.md&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=1fDb0E2P1eokJDVWSfwFOAZVWWCFBvpo19e_yJEwuqI&e=> Thanks, Anda From: Sachin Bansal [mailto:sban...@juniper.net] Sent: Friday, October 27, 2017 7:01 PM To: Anda Nicolae Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org> Subject: Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package Anda, These 3 links seem to describe different things. Only the first doc describes process to submit code for review. The second is only describing the organization of contrail-web-controller repo, The third one describes how our CI works (which will kick in after you submit a review). Please follow the steps in the first doc. Sachin On Oct 27, 2017, at 8:05 AM, Anda Nicolae mailto:anico...@lenovo.com>> wrote: Hi all, I need to submit a patch for review in Juniper/contrail-web-controller package. I've found at least 2 docs explaining how to submit a patch for review: https://github.com/Juniper/contrail-community-docs/blob/master/Contributor/GettingStarted/getting-started-with-opencontrail-development.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Juniper_contrail-2Dcommunity-2Ddocs_blob_master_Contributor_GettingStarted_getting-2Dstarted-2Dwith-2Dopencontrail-2Ddevelopment.md&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=zays-Fh0w6806FyMswLqhvBuQYKhKou9ueWFBeHcL
Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package
Hi all, As Edward said, I want to merge the fix from master branch to R3.2 branch. Same fix has already been merged from master branch to R4.0 branch. Thanks, Anda On Fri, Oct 27, 2017 at 7:57 PM +0300, "Edward Ting" mailto:lti...@lenovo.com>> wrote: Hi, Anda is trying to address a bug in R3.2 that is fixed in R4. https://bugs.launchpad.net/juniperopenstack/+bug/1704078 Is there a plan to merge that fix from R4 to R3.2 soon? cheers, Edward From: Dev [mailto:dev-boun...@lists.opencontrail.org] On Behalf Of Gregory Elkinbard Sent: Friday, October 27, 2017 9:44 AM To: Anda Nicolae; Sachin Bansal; Karl Klashinsky Cc: dev@lists.opencontrail.org Subject: Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package Klash, I thought that we disabled mandatory CLA for all opencontrail repos. Can you take a look? Anda, please make sure that a bug or blueprint exist before asking for a review. Thanks Greg From: Dev mailto:dev-boun...@lists.opencontrail.org>> on behalf of Anda Nicolae mailto:anico...@lenovo.com>> Date: Friday, October 27, 2017 at 11:07 AM To: Sachin Bansal mailto:sban...@juniper.net>> Cc: "dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>" mailto:dev@lists.opencontrail.org>> Subject: Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package Hi Sachin, I did. I received the following error message after I wanted to do a git push: fatal: A Contributor Agreement must be completed before uploading: https://review.opencontrail.org/#/settings/agreements<https://urldefense.proofpoint.com/v2/url?u=https-3A__review.opencontrail.org_-23_settings_agreements&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=VQrMBvKeploIeBocya36pOwODBVDvmbjFqFgowqJuhs&m=KfW8YrnrqwJ4ixVBtsv6Lazxu89T8-f2kajwoE_wOEo&s=R83Nm3D5KXNcWyhaQ0io7FxbMvdzjndcBEmMC9RHLVY&e=> However, in my Gerrit account from review.opencontrail.org there is no CLA agreement. The only CLA I’ve found was the link from https://github.com/Juniper/contrail-web-controller/blob/master/README.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Juniper_contrail-2Dweb-2Dcontroller_blob_master_README.md&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=1fDb0E2P1eokJDVWSfwFOAZVWWCFBvpo19e_yJEwuqI&e=> Thanks, Anda From: Sachin Bansal [mailto:sban...@juniper.net] Sent: Friday, October 27, 2017 7:01 PM To: Anda Nicolae Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org> Subject: Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package Anda, These 3 links seem to describe different things. Only the first doc describes process to submit code for review. The second is only describing the organization of contrail-web-controller repo, The third one describes how our CI works (which will kick in after you submit a review). Please follow the steps in the first doc. Sachin On Oct 27, 2017, at 8:05 AM, Anda Nicolae mailto:anico...@lenovo.com>> wrote: Hi all, I need to submit a patch for review in Juniper/contrail-web-controller package. I've found at least 2 docs explaining how to submit a patch for review: https://github.com/Juniper/contrail-community-docs/blob/master/Contributor/GettingStarted/getting-started-with-opencontrail-development.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Juniper_contrail-2Dcommunity-2Ddocs_blob_master_Contributor_GettingStarted_getting-2Dstarted-2Dwith-2Dopencontrail-2Ddevelopment.md&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=zays-Fh0w6806FyMswLqhvBuQYKhKou9ueWFBeHcL-A&e=> https://github.com/Juniper/contrail-web-controller/blob/master/README.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Juniper_contrail-2Dweb-2Dcontroller_blob_master_README.md&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=1fDb0E2P1eokJDVWSfwFOAZVWWCFBvpo19e_yJEwuqI&e=> https://github.com/Juniper/contrail-controller/wiki/OpenContrail-Continuous-Integration-(CI)<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Juniper_contrail-2Dcontroller_wiki_OpenContrail-2DContinuous-2DIntegration-2D-28CI-29&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=Vbl1uoXh7ZWsreucKepofblVgBsuwPP8f2f2NRBcvrM&e=> (it refers to contrail-controller repo) Can you please let me know which of these docs w
Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package
Hi Sachin, I did. I received the following error message after I wanted to do a git push: fatal: A Contributor Agreement must be completed before uploading: https://review.opencontrail.org/#/settings/agreements However, in my Gerrit account from review.opencontrail.org there is no CLA agreement. The only CLA I've found was the link from https://github.com/Juniper/contrail-web-controller/blob/master/README.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Juniper_contrail-2Dweb-2Dcontroller_blob_master_README.md&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=1fDb0E2P1eokJDVWSfwFOAZVWWCFBvpo19e_yJEwuqI&e=> Thanks, Anda From: Sachin Bansal [mailto:sban...@juniper.net] Sent: Friday, October 27, 2017 7:01 PM To: Anda Nicolae Cc: dev@lists.opencontrail.org Subject: Re: [opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package Anda, These 3 links seem to describe different things. Only the first doc describes process to submit code for review. The second is only describing the organization of contrail-web-controller repo, The third one describes how our CI works (which will kick in after you submit a review). Please follow the steps in the first doc. Sachin On Oct 27, 2017, at 8:05 AM, Anda Nicolae mailto:anico...@lenovo.com>> wrote: Hi all, I need to submit a patch for review in Juniper/contrail-web-controller package. I've found at least 2 docs explaining how to submit a patch for review: https://github.com/Juniper/contrail-community-docs/blob/master/Contributor/GettingStarted/getting-started-with-opencontrail-development.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Juniper_contrail-2Dcommunity-2Ddocs_blob_master_Contributor_GettingStarted_getting-2Dstarted-2Dwith-2Dopencontrail-2Ddevelopment.md&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=zays-Fh0w6806FyMswLqhvBuQYKhKou9ueWFBeHcL-A&e=> https://github.com/Juniper/contrail-web-controller/blob/master/README.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Juniper_contrail-2Dweb-2Dcontroller_blob_master_README.md&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=1fDb0E2P1eokJDVWSfwFOAZVWWCFBvpo19e_yJEwuqI&e=> https://github.com/Juniper/contrail-controller/wiki/OpenContrail-Continuous-Integration-(CI)<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Juniper_contrail-2Dcontroller_wiki_OpenContrail-2DContinuous-2DIntegration-2D-28CI-29&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=Vbl1uoXh7ZWsreucKepofblVgBsuwPP8f2f2NRBcvrM&e=> (it refers to contrail-controller repo) Can you please let me know which of these docs with instructions should I follow? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org<mailto:Dev@lists.opencontrail.org> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.opencontrail.org_mailman_listinfo_dev-5Flists.opencontrail.org&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=EabZ0Zop5O9VY1ZMw1WEucM4iqQ-ORZB1Djyoi_mEQE&s=hR66zP9Zw7D0Qv5sTh0KLZSHJDK8E4LCQFv4E2cSAvg&e= ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] How to submit a patch for review in Juniper/contrail-web-controller package
Hi all, I need to submit a patch for review in Juniper/contrail-web-controller package. I've found at least 2 docs explaining how to submit a patch for review: https://github.com/Juniper/contrail-community-docs/blob/master/Contributor/GettingStarted/getting-started-with-opencontrail-development.md https://github.com/Juniper/contrail-web-controller/blob/master/README.md https://github.com/Juniper/contrail-controller/wiki/OpenContrail-Continuous-Integration-(CI) (it refers to contrail-controller repo) Can you please let me know which of these docs with instructions should I follow? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Contrail intra-network multicast
Hi all, I am investigating how intra-network multicast is handled in Contrail. I know that inter-network multicast is not supported. I am using Contrail R3.2 on a RHEL 7.4 server. I have 4 virtual machines on this server: 1st vm runs OpenStack, 2nd vm runs Contrail Controller, 3rd and 4th vms run Contrail Compute. 1. I have started 2 Ubuntu tenants on both compute nodes. 1st tenant runs iperf in client mode and sends multicast packets at the multicast address 239.255.1.3. The 2nd tenant runs iperf in server mode and listens for multicast packets on 239.255.1.3. Multicast packets arrive at the 2nd tenant and iperf does not report any packet loss. However, dropstats command on both compute nodes reports multiple "Cloned original" packets while iperf is running. Why is this happening, since multicast packets arrive at the multicast listener? 2. Another test I ran is when the 1st tenant runs iperf in multicast mode and the 2nd tenant does not run iperf in server mode (and therefore the 2nd tenant does not join any multicast group). I have started tcpdump on the 2nd tenant and I have noticed that no multicast packets are received. Does vrouter on the compute node know IGMP? Also, dropstats shows that "Cloned Original stats is incremented. Why is this happening? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Need for of IPAM in Contrail R3.2
Hi all, I am trying to understand the need for IPAM in Contrail R3.2. I've noticed that IPAM is used in conjunction with subnets, DNS method, virtual DNS (if used) and NTP server. I think that IPAM's purpose is to make a mapping between subnet, DNS method and NTP server. Is this true? Also, in R3.2 documentation it is stated that in order to create a virtual network, an IPAM must be created. However, there is no need to create a new IPAM, the default IPAM can be used when creating a subnet for a virtual network. I've noticed that each subnet attached to a virtual network has an IPAM. If a virtual network has 5 subnets, should each subnet have a different IPAM associated? I know I can use default-ipam for all subnets. Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Contrail Route Targets
Hi all, I am trying to understand how Route Targets are used in Contrail. I've observed that Route Targets are used only in conjunction with physical routers that run BGP. Is this a valid observation? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] Sharing a security group between projects does not work
Hi all, I have logged a bug for this: https://bugs.launchpad.net/opencontrail/+bug/1720742 Thanks, Anda -Original Message- From: Suresh Kumar Vinapamula Venkata [mailto:sure...@juniper.net] Sent: Friday, September 29, 2017 9:46 PM To: Anda Nicolae Cc: dev@lists.opencontrail.org Subject: Re: Sharing a security group between projects does not work Hi Anda, API-server is sending the needed objects. Looks like there is a limitation in UI to display the shared objects. Please raise a bug. -Suresh On 9/29/17, 1:57 AM, "Anda Nicolae" wrote: >Hi all, > >I have tried sharing with the following settings: >aaa_mode=cloud-admin >aaa_mode=rbac >aaa_mode=no-auth > >In all cases, the shared security group does not appear in the project it was >shared. > >In case of a Virtual network, Global Sharing works (the shared network >appears in all projects), but if I share a network with a particular project, >it does not appear in the project it was shared. > >Thanks, >Anda > > >-Original Message- >From: Suresh Kumar Vinapamula Venkata [mailto:sure...@juniper.net] >Sent: Wednesday, September 27, 2017 10:25 PM >To: Anda Nicolae >Subject: Re: Dev Digest, Vol 49, Issue 46 > >Hi Anda, > >Have you enabled RBAC? Could you share your objects? > >-Suresh > >>> >>> >>> -------- >>> -- >>> >>>Message: 1 >>>Date: Wed, 27 Sep 2017 14:24:32 + >>>From: Anda Nicolae >>>To: "dev@lists.opencontrail.org" >>>Subject: [opencontrail-dev] Sharing a security group between projects >>> does not work >>>Message-ID: >>>Content-Type: text/plain; charset="us-ascii" >>> >>>Hi all, >>> >>>I am using Contrail 3.2.6.0. >>>I have a setup with 3 VMs: one OpenStack Mitaka node, one Contrail >>> Controller node and one Contrail Compute node. All the 3 VMs use RHEL. >>> >>>In Contrail, I have created a security group named "sec1" in "admin" >>> project. In "Permissions" tab I have shared this security group with >>> "services" project, with all the 3 rights: "Read", "Write", "Refer". >>>However, in "services" project, "sec1" does not appear. >>> >>>Then I shared "sec1" with all the projects, by adding "Read", "Write", >>> "Refer" rights in "Global Share Permissions". >>>Still, sec1 does not appear in "services" project. >>> >>>I looked in Contrail logs, but I didn't find anything relevant. >>> >>>Do you know why this happens? >>> >>>Thanks, >>>Anda >>> >>>-- next part -- >>>An HTML attachment was scrubbed... >>>URL: >>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.opencontr >>> ail.org_pipermail_dev-5Flists.opencontrail.org_attachments_20170927_ >>> 3580673c_attachment-2D0001.html&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXe >>> MK-ndb3voDTXcWzoCI&r=Y9QaEJ2cs4La8kQDqQ-N2rBJnxrPyFqAIO8efLhSqZ0&m=X >>> rPPZgO9pRB_if4gRSs8PRYZjWkG1frQvFl37smTwCU&s=aNg1DcHzyBFR-h9dN7tU5-E >>> z_q7wOjDvzKUpiZW2XNA&e= > >>> >>>-- >>> >>>Subject: Digest Footer >>> >>>___ >>>Dev mailing list >>>Dev@lists.opencontrail.org >>> >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.opencontra >>> il.org_mailman_listinfo_dev-5Flists.opencontrail.org&d=DwICAg&c=HAkY >>> uh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Y9QaEJ2cs4La8kQDqQ-N2rBJnx >>> rPyFqAIO8efLhSqZ0&m=XrPPZgO9pRB_if4gRSs8PRYZjWkG1frQvFl37smTwCU&s=s- >>> 5uyMpPt8_p0PVV-NEIUfia6CDthxwHiLCnyxmy9gc&e= >>> >>> >>>-- >>> >>>End of Dev Digest, Vol 49, Issue 46 >>>*** >>> >>> >> ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] Sharing a security group between projects does not work
Hi all, I have tried sharing with the following settings: aaa_mode=cloud-admin aaa_mode=rbac aaa_mode=no-auth In all cases, the shared security group does not appear in the project it was shared. In case of a Virtual network, Global Sharing works (the shared network appears in all projects), but if I share a network with a particular project, it does not appear in the project it was shared. Thanks, Anda -Original Message- From: Suresh Kumar Vinapamula Venkata [mailto:sure...@juniper.net] Sent: Wednesday, September 27, 2017 10:25 PM To: Anda Nicolae Subject: Re: Dev Digest, Vol 49, Issue 46 Hi Anda, Have you enabled RBAC? Could you share your objects? -Suresh >> >> >> -- >> >>Message: 1 >>Date: Wed, 27 Sep 2017 14:24:32 + >>From: Anda Nicolae >>To: "dev@lists.opencontrail.org" >>Subject: [opencontrail-dev] Sharing a security group between projects >> does not work >>Message-ID: >>Content-Type: text/plain; charset="us-ascii" >> >>Hi all, >> >>I am using Contrail 3.2.6.0. >>I have a setup with 3 VMs: one OpenStack Mitaka node, one Contrail >> Controller node and one Contrail Compute node. All the 3 VMs use RHEL. >> >>In Contrail, I have created a security group named "sec1" in "admin" >> project. In "Permissions" tab I have shared this security group with >> "services" project, with all the 3 rights: "Read", "Write", "Refer". >>However, in "services" project, "sec1" does not appear. >> >>Then I shared "sec1" with all the projects, by adding "Read", "Write", >> "Refer" rights in "Global Share Permissions". >>Still, sec1 does not appear in "services" project. >> >>I looked in Contrail logs, but I didn't find anything relevant. >> >>Do you know why this happens? >> >>Thanks, >>Anda >> >>-- next part -- >>An HTML attachment was scrubbed... >>URL: >> <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.opencontrail.org_pipermail_dev-5Flists.opencontrail.org_attachments_20170927_3580673c_attachment-2D0001.html&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Y9QaEJ2cs4La8kQDqQ-N2rBJnxrPyFqAIO8efLhSqZ0&m=XrPPZgO9pRB_if4gRSs8PRYZjWkG1frQvFl37smTwCU&s=aNg1DcHzyBFR-h9dN7tU5-Ez_q7wOjDvzKUpiZW2XNA&e= >> > >> >>-- >> >>Subject: Digest Footer >> >>___ >>Dev mailing list >>Dev@lists.opencontrail.org >> >> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.opencontrail.org_mailman_listinfo_dev-5Flists.opencontrail.org&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Y9QaEJ2cs4La8kQDqQ-N2rBJnxrPyFqAIO8efLhSqZ0&m=XrPPZgO9pRB_if4gRSs8PRYZjWkG1frQvFl37smTwCU&s=s-5uyMpPt8_p0PVV-NEIUfia6CDthxwHiLCnyxmy9gc&e= >> >> >> >>-- >> >>End of Dev Digest, Vol 49, Issue 46 >>*** >> >> > ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Sharing a security group between projects does not work
Hi all, I am using Contrail 3.2.6.0. I have a setup with 3 VMs: one OpenStack Mitaka node, one Contrail Controller node and one Contrail Compute node. All the 3 VMs use RHEL. In Contrail, I have created a security group named "sec1" in "admin" project. In "Permissions" tab I have shared this security group with "services" project, with all the 3 rights: "Read", "Write", "Refer". However, in "services" project, "sec1" does not appear. Then I shared "sec1" with all the projects, by adding "Read", "Write", "Refer" rights in "Global Share Permissions". Still, sec1 does not appear in "services" project. I looked in Contrail logs, but I didn't find anything relevant. Do you know why this happens? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi all,
I have continued debugging multidomain support in Contrail 3.2.6.0.
I have disabled auth in Contrail by adding the following line:
aaa_mode = no-auth
in /etc/contrail/contrail-api.log and in
/etc/contrail/contrail-analytics-api.conf
I was able to log in as testuser inside testdomain and view the networks from
testproject.
Afterwards I tried to create a network inside testproject both from Contrail
GUI and using neutron commands.
Both of them failed. From contrail-api.log, I have:
File "/usr/lib/python2.7/site-packages/cfgm_common/vnc_cassandra.py", line
1283, in fq_name_to_uuid
raise NoIdError('%s %s' % (obj_type, fq_name_str))
NoIdError: Unknown id: project testdomain:testproject
Do you have any idea why this happens?
Thanks,
Anda
From: Jakub Pavlik [mailto:jpav...@mirantis.com]
Sent: Wednesday, September 20, 2017 12:15 PM
To: Anda Nicolae
Cc: dev@lists.opencontrail.org
Subject: Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Anda,
add project_name and project_domain_name what I specified in last mail.
jakub
On Wed, Sep 20, 2017 at 10:32 AM, Anda Nicolae
mailto:anico...@lenovo.com>> wrote:
Hi Jakub,
I was able to login into Contrail and to have all contrail processes active. My
contrail-keystone-auth.conf looks like this:
[KEYSTONE]
auth_url=http://:35357/v3
auth_host=
auth_protocol=http
auth_port=35357
user=admin
password=
memcache_servers=127.0.0.1:11211<http://127.0.0.1:11211>
insecure=False
I've tried with auth_url as
http://:5000/v3<http://%3cKeystone_IP%3e:5000/v3> and as
http://:35357/v3<http://%3cKeystone_IP%3e:35357/v3> and I have
obtained the same results.
After I log into Contrail, whatever I select (Networks, Policies, Routers, IPAM
etc), I get 503 Service Unavailable.
I looked over the HTTP requests that Contrail processes exchange with Keystone.
A HTTP Post request is sent to :35357 and 400 Bad Request is
received.
Since the contrail process can authenticate to keystone, it cannot further
retrieve info about routers, networks etc.
Therefore, 503 Service Unavailable is displayed.
Below are the HTTP Request and Response:
POST /v2.0/tokens HTTP/1.1
Host: :35357
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: application/json
User-Agent: keystonemiddleware.auth_token/4.4.1 keystoneauth1/2.4.1
python-requests/2.10.0 CPython/2.7.5
Content-Type: application/json
Content-Length: 51
{"auth": {"passwordCredentials": {"password": ""}}}HTTP/1.1 400 Bad Request
Date: Wed, 20 Sep 2017 05:27:25 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux)
Vary: X-Auth-Token
x-openstack-request-id: req-40bf8fc7-45b1-4e45-b6cd-e3ea950dbc0e
Content-Length: 260
Connection: close
Content-Type: application/json
{"error": {"message": "Expecting to find username or userId in
passwordCredentials - the server could not comply with the request since it is
either malformed or otherwise incorrect. The client is assumed to be in
error.", "code": 400, "title": "Bad Request"}}
Thanks,
Anda
From: Jakub Pavlik [mailto:jpav...@mirantis.com<mailto:jpav...@mirantis.com>]
Sent: Tuesday, September 19, 2017 6:32 PM
To: Anda Nicolae
Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>
Subject: Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Anda,
it is jinja template, you cannot put those params with {{}} . Extend config by
this:
project_name=admin
project_domain_name=default
auth_url=http://ip:5000/v3
Jakub
On Tue, Sep 19, 2017 at 5:18 PM, Anda Nicolae
mailto:anico...@lenovo.com>> wrote:
Hi Jakub,
Thank you for your response. Before I posted the question on the list, I had
modified contrail-auth-keystone.conf like below. Without the changes below, I
was not able to log into Contrail:
auth_url=http://:35357/v3
auth_host=
auth_protocol=http
auth_port=35357
user=admin
password=
#admin_user=
#admin_password=< admin_password >
#admin_tenant_name=< admin_tenant_name >
memcache_servers=127.0.0.1:11211<http://127.0.0.1:11211>
insecure=False
However, I modified contrail-auth-keystone.conf like you told me and now it
displays the following error in contrail-collector.log and Collector connection
is down:
Error the options configuration file contains an invalid line '{%- from
"opencontrail/map.jinja" import config with context -%}'
This is probably because I do not have any map.jinja file on my Contrail node.
Thanks,
Anda
From: Jakub Pavlik [mailto:jpav...@mirantis.com<mailto:jpav...@mirantis.com>]
Sent: Tuesday, September 19, 2017 12:50 PM
To: Anda Nicolae
Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>
Subject: Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Anda,
do you have configured this
https://github.com/salt-formulas/salt-formula-opencontrai
Re: [opencontrail-dev] Python exception in vnc_addr_mgmt.py when deleting an IPAM or a network
Hi Sachin, Thanks for filling the bug and for providing a fix for it. I looked over your fix and I think that at line 1736 from vnc_cfg_types.py should also be used obj_ids['uuid'] instead of obj_ids: cls.addr_mgmt.ipam_delete_notify(obj_ids['uuid'], obj_dict) Thanks, Anda From: Sachin Bansal [mailto:sban...@juniper.net] Sent: Wednesday, September 20, 2017 1:48 AM To: Anda Nicolae Cc: dev@lists.opencontrail.org Subject: Re: [opencontrail-dev] Python exception in vnc_addr_mgmt.py when deleting an IPAM or a network FYI: I have filed this bug myself: https://bugs.launchpad.net/juniperopenstack/+bug/1718311 Also submitted a fix for review: https://review.opencontrail.org/#/c/35746/ Sachin On Sep 19, 2017, at 11:29 AM, Sachin Bansal mailto:sban...@juniper.net>> wrote: Anda, This looks like recently introduced bug in 3.2 because of an incorrect merge resolution. Please file a bug and we will take care of it. Sachin On Sep 19, 2017, at 4:44 AM, Anda Nicolae mailto:anico...@lenovo.com>> wrote: Hi all, I am using Contrail 3.2.5.0. I've noticed a Python exception logged in contrail-api.log when deleting a network or an IPAM: The above is a description of an error in a Python program. Here is the call trace: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_db.py", line 323, in _dbe_subscribe_callback self._dbe_delete_notification(oper_info) File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_db.py", line 425, in _dbe_delete_notification r_class.dbe_delete_notification(obj_info, obj_dict) File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_cfg_types.py", line 1475, in dbe_delete_notification cls.addr_mgmt.net_delete_notify(obj_ids, obj_dict) File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_addr_mgmt.py", line 785, in net_delete_notify if obj_id in self._subnet_objs: TypeError: unhashable type: 'dict' In both cases, the error happens when trying to execute the following line from vnc_cfg_api_server/vnc_addr_mgmt.py: if obj_id in self._subnet_objs: This line appears in the following functions: net_delete_notify ipam_delete_notify I've added some logs and I have noticed that obj_id is a dictionary and it can't be a key in the dictionary self._subnet_objs. The exception appears because a dictionary is mutable in Python and it can't be used as a key for another dictionary. However, even if the exception occurs, the network/IPAM is successfully deleted. Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org<mailto:Dev@lists.opencontrail.org> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.opencontrail.org_mailman_listinfo_dev-5Flists.opencontrail.org&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=LPdCN5IG8UFacp_6qnD9mjSHXuExfnNC88F36JxV-mE&s=X-XKtFIGPiLf-pbOBL9CcElJ76dbrvjWMU4ANrs_vgk&e= ___ Dev mailing list Dev@lists.opencontrail.org<mailto:Dev@lists.opencontrail.org> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.opencontrail.org_mailman_listinfo_dev-5Flists.opencontrail.org&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=4SMc5wJ_FVS46-BSw4dDnrpmjQWP4eg0fer2nm244qg&m=ETDlLk9zvxFtMhrW_uctR9Ssi6CBKSonPoSLsoj5YNo&s=e1B9a3hynd_P4lPIsRFUbMEWQ0rhJthBVVkn7AQWIqg&e= ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Jakub,
I was able to login into Contrail and to have all contrail processes active. My
contrail-keystone-auth.conf looks like this:
[KEYSTONE]
auth_url=http://:35357/v3
auth_host=
auth_protocol=http
auth_port=35357
user=admin
password=
memcache_servers=127.0.0.1:11211
insecure=False
I've tried with auth_url as http://:5000/v3 and as
http://:35357/v3 and I have obtained the same results.
After I log into Contrail, whatever I select (Networks, Policies, Routers, IPAM
etc), I get 503 Service Unavailable.
I looked over the HTTP requests that Contrail processes exchange with Keystone.
A HTTP Post request is sent to :35357 and 400 Bad Request is
received.
Since the contrail process can authenticate to keystone, it cannot further
retrieve info about routers, networks etc.
Therefore, 503 Service Unavailable is displayed.
Below are the HTTP Request and Response:
POST /v2.0/tokens HTTP/1.1
Host: :35357
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: application/json
User-Agent: keystonemiddleware.auth_token/4.4.1 keystoneauth1/2.4.1
python-requests/2.10.0 CPython/2.7.5
Content-Type: application/json
Content-Length: 51
{"auth": {"passwordCredentials": {"password": ""}}}HTTP/1.1 400 Bad Request
Date: Wed, 20 Sep 2017 05:27:25 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux)
Vary: X-Auth-Token
x-openstack-request-id: req-40bf8fc7-45b1-4e45-b6cd-e3ea950dbc0e
Content-Length: 260
Connection: close
Content-Type: application/json
{"error": {"message": "Expecting to find username or userId in
passwordCredentials - the server could not comply with the request since it is
either malformed or otherwise incorrect. The client is assumed to be in
error.", "code": 400, "title": "Bad Request"}}
Thanks,
Anda
From: Jakub Pavlik [mailto:jpav...@mirantis.com]
Sent: Tuesday, September 19, 2017 6:32 PM
To: Anda Nicolae
Cc: dev@lists.opencontrail.org
Subject: Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Anda,
it is jinja template, you cannot put those params with {{}} . Extend config by
this:
project_name=admin
project_domain_name=default
auth_url=http://ip:5000/v3
Jakub
On Tue, Sep 19, 2017 at 5:18 PM, Anda Nicolae
mailto:anico...@lenovo.com>> wrote:
Hi Jakub,
Thank you for your response. Before I posted the question on the list, I had
modified contrail-auth-keystone.conf like below. Without the changes below, I
was not able to log into Contrail:
auth_url=http://:35357/v3
auth_host=
auth_protocol=http
auth_port=35357
user=admin
password=
#admin_user=
#admin_password=< admin_password >
#admin_tenant_name=< admin_tenant_name >
memcache_servers=127.0.0.1:11211<http://127.0.0.1:11211>
insecure=False
However, I modified contrail-auth-keystone.conf like you told me and now it
displays the following error in contrail-collector.log and Collector connection
is down:
Error the options configuration file contains an invalid line '{%- from
"opencontrail/map.jinja" import config with context -%}'
This is probably because I do not have any map.jinja file on my Contrail node.
Thanks,
Anda
From: Jakub Pavlik [mailto:jpav...@mirantis.com<mailto:jpav...@mirantis.com>]
Sent: Tuesday, September 19, 2017 12:50 PM
To: Anda Nicolae
Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>
Subject: Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Anda,
do you have configured this
https://github.com/salt-formulas/salt-formula-opencontrail/blob/master/opencontrail/files/3.0/contrail-keystone-auth.conf#L14
Jakub
On Tue, Sep 19, 2017 at 11:40 AM, Anda Nicolae
mailto:anico...@lenovo.com>> wrote:
Hi all,
I am using Contrail 3.2.5.0 on a RHEL server. I have 3 nodes: an OpenStack
controller, a Contrail controller and a Contrail compute.
Do you know whether Contrail supports multiple domains?
I know that OpenStack supports multiple domains when keystone v3 is used, but
Contrail processes do not seem to work OK with keystone v3.
Thanks,
Anda
___
Dev mailing list
Dev@lists.opencontrail.org<mailto:Dev@lists.opencontrail.org>
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
--
Jakub Pavlik
+420 602 177 027
jpav...@mirantis.com<mailto:jpav...@mirantis.com>
--
Jakub Pavlik
+420 602 177 027
jpav...@mirantis.com<mailto:jpav...@mirantis.com>
___
Dev mailing list
Dev@lists.opencontrail.org
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Jakub,
Thank you for your response. Before I posted the question on the list, I had
modified contrail-auth-keystone.conf like below. Without the changes below, I
was not able to log into Contrail:
auth_url=http://:35357/v3
auth_host=
auth_protocol=http
auth_port=35357
user=admin
password=
#admin_user=
#admin_password=< admin_password >
#admin_tenant_name=< admin_tenant_name >
memcache_servers=127.0.0.1:11211
insecure=False
However, I modified contrail-auth-keystone.conf like you told me and now it
displays the following error in contrail-collector.log and Collector connection
is down:
Error the options configuration file contains an invalid line '{%- from
"opencontrail/map.jinja" import config with context -%}'
This is probably because I do not have any map.jinja file on my Contrail node.
Thanks,
Anda
From: Jakub Pavlik [mailto:jpav...@mirantis.com]
Sent: Tuesday, September 19, 2017 12:50 PM
To: Anda Nicolae
Cc: dev@lists.opencontrail.org
Subject: Re: [opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi Anda,
do you have configured this
https://github.com/salt-formulas/salt-formula-opencontrail/blob/master/opencontrail/files/3.0/contrail-keystone-auth.conf#L14
Jakub
On Tue, Sep 19, 2017 at 11:40 AM, Anda Nicolae
mailto:anico...@lenovo.com>> wrote:
Hi all,
I am using Contrail 3.2.5.0 on a RHEL server. I have 3 nodes: an OpenStack
controller, a Contrail controller and a Contrail compute.
Do you know whether Contrail supports multiple domains?
I know that OpenStack supports multiple domains when keystone v3 is used, but
Contrail processes do not seem to work OK with keystone v3.
Thanks,
Anda
___
Dev mailing list
Dev@lists.opencontrail.org<mailto:Dev@lists.opencontrail.org>
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
--
Jakub Pavlik
+420 602 177 027
jpav...@mirantis.com<mailto:jpav...@mirantis.com>
___
Dev mailing list
Dev@lists.opencontrail.org
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Python exception in vnc_addr_mgmt.py when deleting an IPAM or a network
Hi all, I am using Contrail 3.2.5.0. I've noticed a Python exception logged in contrail-api.log when deleting a network or an IPAM: The above is a description of an error in a Python program. Here is the call trace: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_db.py", line 323, in _dbe_subscribe_callback self._dbe_delete_notification(oper_info) File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_db.py", line 425, in _dbe_delete_notification r_class.dbe_delete_notification(obj_info, obj_dict) File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_cfg_types.py", line 1475, in dbe_delete_notification cls.addr_mgmt.net_delete_notify(obj_ids, obj_dict) File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_addr_mgmt.py", line 785, in net_delete_notify if obj_id in self._subnet_objs: TypeError: unhashable type: 'dict' In both cases, the error happens when trying to execute the following line from vnc_cfg_api_server/vnc_addr_mgmt.py: if obj_id in self._subnet_objs: This line appears in the following functions: net_delete_notify ipam_delete_notify I've added some logs and I have noticed that obj_id is a dictionary and it can't be a key in the dictionary self._subnet_objs. The exception appears because a dictionary is mutable in Python and it can't be used as a key for another dictionary. However, even if the exception occurs, the network/IPAM is successfully deleted. Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Multiple domains support in Contrail 3.2.5.0
Hi all, I am using Contrail 3.2.5.0 on a RHEL server. I have 3 nodes: an OpenStack controller, a Contrail controller and a Contrail compute. Do you know whether Contrail supports multiple domains? I know that OpenStack supports multiple domains when keystone v3 is used, but Contrail processes do not seem to work OK with keystone v3. Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Cannot create network in Contrail when using another domain
Hi all, I am using Contrail 3.2.5.0 on a CentOS 7.3 server. I have 3 VMs on the server: an OpenStack node, a Contrail Controller node and a Contrail Compute node. All the 3 nodes use RHEL as OS. I have enabled domains support in OpenStack and Contrail and I am using keystone v3. In OpenStack, I have created a new domain (named test2), a new user for the domain (named testuser) and a project inside that domain (named testproject). I was able to log into Contrail using testuser/ and test2. But testuser only sees the networks previously created in default-domain by admin. If I change the domain to test2, then I am not allowed to create/read/update/delete networks in test2 domain. It displays "No data available." Please see the attached printscreen. This does not happen only for networks, it also happens for logical routers, floating IPs, ipams, security groups etc. I know that in Contrail 3.2.4.0 I was able to create/read/update/delete networks as testuser. Do you have any idea why this is not working in 3.2.5.0? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Meaning of some fields used when creating a virtual DNS server
Hi all, I have a question regarding the meaning of some fields when creating a virtual DNS server. It would greatly help if you can provide an explanation about their meaning and usage. Unfortunately, they are not explained in the documentation: https://www.juniper.net/documentation/en_US/contrail3.2/topics/task/configuration/configure-dns-vnc.html These fields are: Floating IP Record and External Visibility. Also, I suppose that Reverse Resolution refers to the capability of the DNS server to support reverse DNS lookups. Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] L2 forwarding mode and RBAC not working
Hi all, I have a server running CentOS 7.3 with 4 VMs: 1st VM is the OpenStack node, the 2nd VM is the Contrail controller node, the 3rd and the 4th VMs are Contrail compute nodes. CentOS 7.3 is running on all the 3 VMs. Contrail version I am using is 3.2.5.0. In /etc/contrail/contrail-analytics-api.conf and in /etc/contrail/contrail-api.conf, I have added the line: aaa_mode = rbac then I have restarted supervisor-config and supervisor-analytics processes. >From OpenStack I have created a new user named myuser, and a new role named >myrole: openstack role create myrole openstack role add --project demo --user myuser myrole >From Configure -> Infrastructure -> RBAC, Project tab, for default-domain, >demo project, I have added a new API Access Rule, like in RBACAPI.PNG >From Configure -> Infrastructure -> Global Config, I have set Forwarding Mode >as L2 only. On the demo project, I have created 2 VMs in the same virtual network and I have issued a ping from one VM to another. Ping is not working between VMs, which is wrong. Do you know which might be the cause for ping not working between VMs? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] Default DNS server IP address inside a VM
Thank for your response. I have 2 additional questions regarding Virtual DNS. Can you please take a look? 1. From Contrail GUI, I create a virtual DNS server, named mydns, which has as DNS forwarder 8.8.8.8 and as domain name aaa.net. From OpenStack, I create a VM, named myvm, which uses mydns. The domain name, aaa.net, appears in /etc/resolv.conf. Should the DNS forwarder IP address appear in /etc/resolv.conf from myvm? 2. I use the same virtual DNS server and I create a virtual network, name mynet, with a subnet inside of it. For this subnet, I assign 8.8.4.4 DNS server, in "DNS IPs" list. Please see attached mynet.PNG. From OpenStack, I create a VM, named myvm, which uses mynet. In /etc/resolv.conf from myvm, appears 8.8.4.4, but aaa.net does not appear. Shouldn't aaa.net appear in /etc/resolv.conf from myvm? Thanks, Anda From: Sachin Bansal [mailto:sban...@juniper.net] Sent: Friday, August 4, 2017 7:19 PM To: Anda Nicolae; dev@lists.opencontrail.org Subject: Re: [opencontrail-dev] Default DNS server IP address inside a VM Anda, I think the documentation hasn’t been updated. You can specify the dns address when you create the subnet and that value will be used as dns server. The default value is gateway+1. Sachin From: Dev mailto:dev-boun...@lists.opencontrail.org>> on behalf of Anda Nicolae mailto:anico...@lenovo.com>> Date: Friday, August 4, 2017 at 7:47 AM To: "dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>" mailto:dev@lists.opencontrail.org>> Subject: [opencontrail-dev] Default DNS server IP address inside a VM Hi all, I have a question regarding the IP address of a default DNS server inside a VM, in Contrail. I am using Contrail 3.2.4.0 on a CentOS 7.3 server. I have 4 VMs on the respective server: one OpenStack VM, one Contrail VM and 2 Contrail compute VMs. All VMs use CentOS 7.3 server. I have created a virtual network with CIDR 1.1.1.0/24. From Contrail GUI, default gateway for this VN is 1.1.1.1. I am using the default DNS server. I have created a VM using this virtual network. Inside the VM, I have run: cat /etc/resolv.conf nameserver 1.1.1.2 From the Contrail 3.2 documentation, DNS in default mode, we have: Default: In default mode, DNS resolution for VMs is performed based on the name server configuration in the server infrastructure. The subnet default gateway is configured as the DNS server for the VM, and the DHCP response to the VM has this DNS server option. DNS requests sent by a VM to the default gateway are sent to the name servers configured on the respective compute nodes. The responses are sent back to the VM. https://www.juniper.net/documentation/en_US/contrail3.2/topics/task/configuration/configure-dns-vnc.html Can you please explain to me why does the default DNS server have gateway IP address +1, instead of gateway IP address, like it is mentioned in the documentation? ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Default DNS server IP address inside a VM
Hi all, I have a question regarding the IP address of a default DNS server inside a VM, in Contrail. I am using Contrail 3.2.4.0 on a CentOS 7.3 server. I have 4 VMs on the respective server: one OpenStack VM, one Contrail VM and 2 Contrail compute VMs. All VMs use CentOS 7.3 server. I have created a virtual network with CIDR 1.1.1.0/24. From Contrail GUI, default gateway for this VN is 1.1.1.1. I am using the default DNS server. I have created a VM using this virtual network. Inside the VM, I have run: cat /etc/resolv.conf nameserver 1.1.1.2 >From the Contrail 3.2 documentation, DNS in default mode, we have: Default: In default mode, DNS resolution for VMs is performed based on the name server configuration in the server infrastructure. The subnet default gateway is configured as the DNS server for the VM, and the DHCP response to the VM has this DNS server option. DNS requests sent by a VM to the default gateway are sent to the name servers configured on the respective compute nodes. The responses are sent back to the VM. https://www.juniper.net/documentation/en_US/contrail3.2/topics/task/configuration/configure-dns-vnc.html Can you please explain to me why does the default DNS server have gateway IP address +1, instead of gateway IP address, like it is mentioned in the documentation? ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy
Of course. I have just used the unidirectional network policy between the 2 networks. Thanks, Anda From: Sachin Bansal [mailto:sban...@juniper.net] Sent: Wednesday, July 26, 2017 7:14 PM To: Anda Nicolae; Douglas Lardo Cc: dev@lists.opencontrail.org Subject: Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy Did you try without the logical router? From: Anda Nicolae mailto:anico...@lenovo.com>> Date: Wednesday, July 26, 2017 at 12:55 AM To: Sachin Bansal mailto:sban...@juniper.net>>, Douglas Lardo mailto:dla...@riotgames.com>> Cc: "dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>" mailto:dev@lists.opencontrail.org>> Subject: RE: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy Hi Sachin, Thanks for the clarification, I have also arrived at this conclusion after Doug's reply. What I still don't understand is why ping, tcp and udp traffic (the last 2 being sent with iperf) initiated from VM2 to VM1 work. The network policy is unidirectional, allowing traffic from VN1 to VN2 only. I have sent traffic in the reverse direction and it works. I don't understand why. Before sending traffic from VM2 to VM1, I have deleted and re-created the virtual networks with other subnets, the network policy and the virtual machines to make sure that there are no existing flow rules for the subnets of VN2 and VN1. Thanks, Anda From: Sachin Bansal [mailto:sban...@juniper.net] Sent: Wednesday, July 26, 2017 8:48 AM To: Anda Nicolae; Douglas Lardo Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org> Subject: Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy Anda, If you connect two networks with a logical router, you don’t need to use any network policy. Network policy and logical routers are two alternate ways to enable communication between two networks. Sachin From: Dev mailto:dev-boun...@lists.opencontrail.org>> on behalf of Anda Nicolae mailto:anico...@lenovo.com>> Date: Monday, July 24, 2017 at 12:00 AM To: Douglas Lardo mailto:dla...@riotgames.com>> Cc: "dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>" mailto:dev@lists.opencontrail.org>> Subject: Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy Hello Doug, Thanks for your response. Sorry I wasn't clear, by router I meant logical router which can be created from Contrail GUI (from Configure -> Networking -> Routers). I know that vrouter is installed on Contrail compute nodes. Now I understand that network policy adds forwarding rules to allow response packets to arrive at their destination. However, after I have sent the e-mail on the Contrail dev list, I have also sent echo requests (ping) from VM2 to VM1 and VM1 sent echo replies. Please remember that the network policy I have added had the following syntax: Protocol : ANY, Source VN1, Destination VN2, unidirectional (from VN1 to VN2 only), port: ANY. Therefore, ping from VM2 to VM1 shouldn't have worked, since the network policy direction is not respected. Does anyone know why the network policy direction was not respected? Thanks, Anda From: Douglas Lardo [mailto:dla...@riotgames.com] Sent: Friday, July 21, 2017 8:50 PM To: Anda Nicolae Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org> Subject: Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy Anda, I don't run Openstack but I think the router you are looking for isn't applicable with Contrail. Contrail has routers, but they are installed on every compute node as a 'vRouter', much like a vSwitch from VMware or OVS. The difference is that in addition to the layer 2 switching, the vRouter also routes traffic between virtual networks. When you add a policy that defines SRC A can talk to SRC B, the appropriate routes are automatically imported for you. Your traffic flow sounds like it's working as intended. When you create a permitted flow from VN1_SRV->VN2_SRV, the return flow from VN2_SRV->VN1_SRV is automatically generated for you. HTH, Doug On Fri, Jul 21, 2017 at 2:48 AM, Anda Nicolae mailto:anico...@lenovo.com>> wrote: Hello, I have a setup of 4 VMs: one OpenStack node, one Contrail controller node and 2 Contrail compute nodes. Contrail version I am using is 3.2.4.0 version. All the 4 VMs use CentOS 7.2. I have created 2 virtual networks, VN1 and VN2. I have also created 2 virtual machines, VM1 having an IP address from VN1 and VM2 having an IP address from VN2. By default, ping between VM1 and VM2 is not working since VNs in Contrail are isolated from one another. I have added a network policy :
Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy
Hi Sachin, Thanks for the clarification, I have also arrived at this conclusion after Doug's reply. What I still don't understand is why ping, tcp and udp traffic (the last 2 being sent with iperf) initiated from VM2 to VM1 work. The network policy is unidirectional, allowing traffic from VN1 to VN2 only. I have sent traffic in the reverse direction and it works. I don't understand why. Before sending traffic from VM2 to VM1, I have deleted and re-created the virtual networks with other subnets, the network policy and the virtual machines to make sure that there are no existing flow rules for the subnets of VN2 and VN1. Thanks, Anda From: Sachin Bansal [mailto:sban...@juniper.net] Sent: Wednesday, July 26, 2017 8:48 AM To: Anda Nicolae; Douglas Lardo Cc: dev@lists.opencontrail.org Subject: Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy Anda, If you connect two networks with a logical router, you don’t need to use any network policy. Network policy and logical routers are two alternate ways to enable communication between two networks. Sachin From: Dev mailto:dev-boun...@lists.opencontrail.org>> on behalf of Anda Nicolae mailto:anico...@lenovo.com>> Date: Monday, July 24, 2017 at 12:00 AM To: Douglas Lardo mailto:dla...@riotgames.com>> Cc: "dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>" mailto:dev@lists.opencontrail.org>> Subject: Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy Hello Doug, Thanks for your response. Sorry I wasn't clear, by router I meant logical router which can be created from Contrail GUI (from Configure -> Networking -> Routers). I know that vrouter is installed on Contrail compute nodes. Now I understand that network policy adds forwarding rules to allow response packets to arrive at their destination. However, after I have sent the e-mail on the Contrail dev list, I have also sent echo requests (ping) from VM2 to VM1 and VM1 sent echo replies. Please remember that the network policy I have added had the following syntax: Protocol : ANY, Source VN1, Destination VN2, unidirectional (from VN1 to VN2 only), port: ANY. Therefore, ping from VM2 to VM1 shouldn't have worked, since the network policy direction is not respected. Does anyone know why the network policy direction was not respected? Thanks, Anda From: Douglas Lardo [mailto:dla...@riotgames.com] Sent: Friday, July 21, 2017 8:50 PM To: Anda Nicolae Cc: dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org> Subject: Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy Anda, I don't run Openstack but I think the router you are looking for isn't applicable with Contrail. Contrail has routers, but they are installed on every compute node as a 'vRouter', much like a vSwitch from VMware or OVS. The difference is that in addition to the layer 2 switching, the vRouter also routes traffic between virtual networks. When you add a policy that defines SRC A can talk to SRC B, the appropriate routes are automatically imported for you. Your traffic flow sounds like it's working as intended. When you create a permitted flow from VN1_SRV->VN2_SRV, the return flow from VN2_SRV->VN1_SRV is automatically generated for you. HTH, Doug On Fri, Jul 21, 2017 at 2:48 AM, Anda Nicolae mailto:anico...@lenovo.com>> wrote: Hello, I have a setup of 4 VMs: one OpenStack node, one Contrail controller node and 2 Contrail compute nodes. Contrail version I am using is 3.2.4.0 version. All the 4 VMs use CentOS 7.2. I have created 2 virtual networks, VN1 and VN2. I have also created 2 virtual machines, VM1 having an IP address from VN1 and VM2 having an IP address from VN2. By default, ping between VM1 and VM2 is not working since VNs in Contrail are isolated from one another. I have added a network policy : Protocol : ANY, Source VN1, Destination VN2, unidirectional (from VN1 to VN2 only), port: ANY. I added the policy to both VN1 and VN2 and ping is working. My questions are: 1. Is it normal that echo request (from ping) arrives at its destination since I have 2 virtual networks that are not connected via a router, but have a network policy? 2. Why does echo reply (from ping) arrive at its destination, since the network policy is unidirectional (from VN1 to VN2 only)? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org<mailto:Dev@lists.opencontrail.org> http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org -- Doug Lardo // Riot Games // c: 818.620.7046 // summoner: Riot Antares Q: Why is this email 5 sentences or less? A: http://five.sentenc.es ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy
Hello Doug, Thanks for your response. Sorry I wasn't clear, by router I meant logical router which can be created from Contrail GUI (from Configure -> Networking -> Routers). I know that vrouter is installed on Contrail compute nodes. Now I understand that network policy adds forwarding rules to allow response packets to arrive at their destination. However, after I have sent the e-mail on the Contrail dev list, I have also sent echo requests (ping) from VM2 to VM1 and VM1 sent echo replies. Please remember that the network policy I have added had the following syntax: Protocol : ANY, Source VN1, Destination VN2, unidirectional (from VN1 to VN2 only), port: ANY. Therefore, ping from VM2 to VM1 shouldn't have worked, since the network policy direction is not respected. Does anyone know why the network policy direction was not respected? Thanks, Anda From: Douglas Lardo [mailto:dla...@riotgames.com] Sent: Friday, July 21, 2017 8:50 PM To: Anda Nicolae Cc: dev@lists.opencontrail.org Subject: Re: [opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy Anda, I don't run Openstack but I think the router you are looking for isn't applicable with Contrail. Contrail has routers, but they are installed on every compute node as a 'vRouter', much like a vSwitch from VMware or OVS. The difference is that in addition to the layer 2 switching, the vRouter also routes traffic between virtual networks. When you add a policy that defines SRC A can talk to SRC B, the appropriate routes are automatically imported for you. Your traffic flow sounds like it's working as intended. When you create a permitted flow from VN1_SRV->VN2_SRV, the return flow from VN2_SRV->VN1_SRV is automatically generated for you. HTH, Doug On Fri, Jul 21, 2017 at 2:48 AM, Anda Nicolae mailto:anico...@lenovo.com>> wrote: Hello, I have a setup of 4 VMs: one OpenStack node, one Contrail controller node and 2 Contrail compute nodes. Contrail version I am using is 3.2.4.0 version. All the 4 VMs use CentOS 7.2. I have created 2 virtual networks, VN1 and VN2. I have also created 2 virtual machines, VM1 having an IP address from VN1 and VM2 having an IP address from VN2. By default, ping between VM1 and VM2 is not working since VNs in Contrail are isolated from one another. I have added a network policy : Protocol : ANY, Source VN1, Destination VN2, unidirectional (from VN1 to VN2 only), port: ANY. I added the policy to both VN1 and VN2 and ping is working. My questions are: 1. Is it normal that echo request (from ping) arrives at its destination since I have 2 virtual networks that are not connected via a router, but have a network policy? 2. Why does echo reply (from ping) arrive at its destination, since the network policy is unidirectional (from VN1 to VN2 only)? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org<mailto:Dev@lists.opencontrail.org> http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org -- Doug Lardo // Riot Games // c: 818.620.7046 // summoner: Riot Antares Q: Why is this email 5 sentences or less? A: http://five.sentenc.es ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Ping Working Between 2 Virtual Networks Connected via an Unidirectional Network Policy
Hello, I have a setup of 4 VMs: one OpenStack node, one Contrail controller node and 2 Contrail compute nodes. Contrail version I am using is 3.2.4.0 version. All the 4 VMs use CentOS 7.2. I have created 2 virtual networks, VN1 and VN2. I have also created 2 virtual machines, VM1 having an IP address from VN1 and VM2 having an IP address from VN2. By default, ping between VM1 and VM2 is not working since VNs in Contrail are isolated from one another. I have added a network policy : Protocol : ANY, Source VN1, Destination VN2, unidirectional (from VN1 to VN2 only), port: ANY. I added the policy to both VN1 and VN2 and ping is working. My questions are: 1. Is it normal that echo request (from ping) arrives at its destination since I have 2 virtual networks that are not connected via a router, but have a network policy? 2. Why does echo reply (from ping) arrive at its destination, since the network policy is unidirectional (from VN1 to VN2 only)? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
Re: [opencontrail-dev] Contrail GUI Virtual Router IP address
Will do. I have already added that the bug is not reproducible in 3.2.4.0
Contrail version.
Can you please let me know in which files is implemented the logic of the route
targets?
Thanks,
Anda
Get Outlook for iOS<https://aka.ms/o0ukef>
On Wed, Jul 12, 2017 at 8:01 PM +0300, "Andrey Pavlov"
mailto:andrey...@gmail.com>> wrote:
Hi Anda,
It will be very helpful if you add this info directly to the bug.
Regards,
Andrey Pavlov.
On Wed, Jul 12, 2017 at 7:09 PM, Anda Nicolae
mailto:anico...@lenovo.com>> wrote:
Hi all,
Thanks a lot for your responses.
Contrail version I was using when I encountered this bug was 3.2.3.0.
I have checked contrail-schema process status from contrail-status output and
it is active.
I have also browsed through contrail-schema log, but I did not find anything
relevant.
Now I have installed Contrail version 3.2.4.0 and the bug is not reproducible.
If you know the commit that fixed this, please let me know. I have tried to
find the functions/modules where the routing logic happens, but without any
notable results.
I have checked route-target link from Contrail 3.2.4.0 and below is the output.
Virtual networks names are anda_lenovoA and anda_lenovoB and logical router
name is router1. I can see “routing_instance_back_refs” and “routing-instance”
so the route targets are exported.
{"route-target": {"display_name": "target:64512:803", "uuid":
"6da5401e-52c6-457d-ab72-3cf3dac49dfa", "href":"https://:8143/proxy?proxyURL=http://:8082/route-target/6da5401e-52c6-457d-ab72-3cf3dac49dfa",
"routing_instance_back_refs": [{"to": ["default-domain", "admin",
"anda_lenovoA", "anda_lenovoA"], "href":"https://:8143/proxy?proxyURL=http://:8082/routing-instance/0b09292b-e4b7-47e6-8329-ce461d89137d", "attr":
{"import_export": null}, "uuid": "0b09292b-e4b7-47e6-8329-ce461d89137d"},
{"to": ["default-domain", "admin", "anda_lenovoB", "anda_lenovoB"],
"href":"https://:8143/proxy?proxyURL=http://:8082/routing-instance/8b756a10-52bc-4c14-a5f4-7a9261ea1003", "attr":
{"import_export": null}, "uuid": "8b756a10-52bc-4c14-a5f4-7a9261ea1003"}],
"perms2": {"owner": "5792015c404a4bd4a0ff775de5c38bf4", "owner_access": 7,
"global_access": 0, "share": []}, "id_perms": {"enable": true, "uuid":
{"uuid_mslong": 7900791620273325437, "uuid_lslong": 12354003745875729914},
"created": "2017-07-12T14:02:42.656006", "description": null, "creator": null,
"user_visible": true, "last_modified": "2017-07-12T14:02:42.656006",
"permissions": {"owner": "cloud-admin", "owner_access": 7, "other_access": 7,
"group": "cloud-admin-group", "group_access": 7}}, "logical_router_back_refs":
[{"to": ["default-domain", "admin", "router1"], "href":"https://:8143/proxy?proxyURL=http://:8082/logical-router/98c6dabf-b7c0-46f4-b106-4587c3ce242e", "attr": null,
"uuid": "98c6dabf-b7c0-46f4-b106-4587c3ce242e"}], "fq_name":
["target:64512:803"], "name": "target:64512:803"}}
Thanks,
Anda
From: Sachin Bansal [mailto:sban...@juniper.net<mailto:sban...@juniper.net>]
Sent: Wednesday, July 12, 2017 6:08 PM
To: Anda Nicolae
Cc: Vedamurthy Ananth Joshi;
dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>
Subject: Re: [opencontrail-dev] Contrail GUI Virtual Router IP address
Anda,
As Vedu explained earlier, the IP address of the logical router interface is
completely inconsequential and is not used in any forwarding at all. You can
rest assured that with .100 addresses, the connectivity is expected to work.
Also, gateway of a network cannot be changed.
The way it works is, we allocate a route target for the logical router and
attach it to each of the VNs so that the VRFs for each of those VNs can import
each other’s routes. Now
From the output you sent, it seems the route target is only connected to the
logical router, not the two virtual networks. Could you please make sure
contrail-schema is running and active? If it is, please check its logs for any
errors.
Sachin
On Jul 12, 2017, at 2:51 AM, Anda Nicolae
mailto:anico...@lenovo.com>> wrote:
I have errors in contrail-api.log such as: Error while accessing route_target
uuid 408155ef-22d0-46e8-b0c2-07f3fec44dae
The above uuid does not correspond neither to subnet, net, net or logical
router assigne
Re: [opencontrail-dev] Contrail GUI Virtual Router IP address
Hi all,
Thanks a lot for your responses.
Contrail version I was using when I encountered this bug was 3.2.3.0.
I have checked contrail-schema process status from contrail-status output and
it is active.
I have also browsed through contrail-schema log, but I did not find anything
relevant.
Now I have installed Contrail version 3.2.4.0 and the bug is not reproducible.
If you know the commit that fixed this, please let me know. I have tried to
find the functions/modules where the routing logic happens, but without any
notable results.
I have checked route-target link from Contrail 3.2.4.0 and below is the output.
Virtual networks names are anda_lenovoA and anda_lenovoB and logical router
name is router1. I can see “routing_instance_back_refs” and “routing-instance”
so the route targets are exported.
{"route-target": {"display_name": "target:64512:803", "uuid":
"6da5401e-52c6-457d-ab72-3cf3dac49dfa", "href":"https://:8143/proxy?proxyURL=http://:8082/route-target/6da5401e-52c6-457d-ab72-3cf3dac49dfa",
"routing_instance_back_refs": [{"to": ["default-domain", "admin",
"anda_lenovoA", "anda_lenovoA"], "href":"https://:8143/proxy?proxyURL=http://:8082/routing-instance/0b09292b-e4b7-47e6-8329-ce461d89137d", "attr":
{"import_export": null}, "uuid": "0b09292b-e4b7-47e6-8329-ce461d89137d"},
{"to": ["default-domain", "admin", "anda_lenovoB", "anda_lenovoB"],
"href":"https://:8143/proxy?proxyURL=http://:8082/routing-instance/8b756a10-52bc-4c14-a5f4-7a9261ea1003", "attr":
{"import_export": null}, "uuid": "8b756a10-52bc-4c14-a5f4-7a9261ea1003"}],
"perms2": {"owner": "5792015c404a4bd4a0ff775de5c38bf4", "owner_access": 7,
"global_access": 0, "share": []}, "id_perms": {"enable": true, "uuid":
{"uuid_mslong": 7900791620273325437, "uuid_lslong": 12354003745875729914},
"created": "2017-07-12T14:02:42.656006", "description": null, "creator": null,
"user_visible": true, "last_modified": "2017-07-12T14:02:42.656006",
"permissions": {"owner": "cloud-admin", "owner_access": 7, "other_access": 7,
"group": "cloud-admin-group", "group_access": 7}}, "logical_router_back_refs":
[{"to": ["default-domain", "admin", "router1"], "href":"https://:8143/proxy?proxyURL=http://:8082/logical-router/98c6dabf-b7c0-46f4-b106-4587c3ce242e", "attr": null,
"uuid": "98c6dabf-b7c0-46f4-b106-4587c3ce242e"}], "fq_name":
["target:64512:803"], "name": "target:64512:803"}}
Thanks,
Anda
From: Sachin Bansal [mailto:sban...@juniper.net]
Sent: Wednesday, July 12, 2017 6:08 PM
To: Anda Nicolae
Cc: Vedamurthy Ananth Joshi; dev@lists.opencontrail.org
Subject: Re: [opencontrail-dev] Contrail GUI Virtual Router IP address
Anda,
As Vedu explained earlier, the IP address of the logical router interface is
completely inconsequential and is not used in any forwarding at all. You can
rest assured that with .100 addresses, the connectivity is expected to work.
Also, gateway of a network cannot be changed.
The way it works is, we allocate a route target for the logical router and
attach it to each of the VNs so that the VRFs for each of those VNs can import
each other’s routes. Now
From the output you sent, it seems the route target is only connected to the
logical router, not the two virtual networks. Could you please make sure
contrail-schema is running and active? If it is, please check its logs for any
errors.
Sachin
On Jul 12, 2017, at 2:51 AM, Anda Nicolae
mailto:anico...@lenovo.com>> wrote:
I have errors in contrail-api.log such as: Error while accessing route_target
uuid 408155ef-22d0-46e8-b0c2-07f3fec44dae
The above uuid does not correspond neither to subnet, net, net or logical
router assigned to my networks.
I don't think that the RT is exported. I have followed the links and I arrived
at https://https://%3ccontroller/>
IP>:8143/proxy?proxyURL=http://:8082/route-target/5654b306-a359-4ccb-93d8-dfa8dbf7afea.
I don't see any route here. (below is the output)
{"route-target": {"fq_name": ["target:64512:814"], "uuid":
"5654b306-a359-4ccb-93d8-dfa8dbf7afea", "href":"https:// :8143/proxy?proxyURL=http:// :8082/route-target/5654b306-a359-4ccb-93d8-dfa8dbf7afea", "perms2":
{"owner": "cloud-admin&
Re: [opencontrail-dev] Contrail GUI Virtual Router IP address
I have errors in contrail-api.log such as: Error while accessing route_target
uuid 408155ef-22d0-46e8-b0c2-07f3fec44dae
The above uuid does not correspond neither to subnet, net, net or logical
router assigned to my networks.
I don't think that the RT is exported. I have followed the links and I arrived
at https://https://%3ccontroller>
IP>:8143/proxy?proxyURL=http://:8082/route-target/5654b306-a359-4ccb-93d8-dfa8dbf7afea.
I don't see any route here. (below is the output)
{"route-target": {"fq_name": ["target:64512:814"], "uuid":
"5654b306-a359-4ccb-93d8-dfa8dbf7afea", "href":"https:// :8143/proxy?proxyURL=http:// :8082/route-target/5654b306-a359-4ccb-93d8-dfa8dbf7afea", "perms2":
{"owner": "cloud-admin", "owner_access": 7, "global_access": 0, "share": []},
"id_perms": {"enable": true, "uuid": {"uuid_mslong": 6220793826397211851,
"uuid_lslong": 10653510834882850794}, "created": "2017-07-12T07:32:05.894686",
"description": null, "creator": null, "user_visible": true, "last_modified":
"2017-07-12T07:32:05.894686", "permissions": {"owner": "cloud-admin",
"owner_access": 7, "other_access": 7, "group": "cloud-admin-group",
"group_access": 7}}, "logical_router_back_refs": [{"to": ["default-domain",
"anda", "lrouter"], "href":"https://:8143/proxy?proxyURL=http://
:8082/logical-router/48b2f8f1-d16f-4e6d-8ab4-5caec740eaf8", "attr": null,
"uuid": "48b2f8f1-d16f-4e6d-8ab4-5caec740eaf8"}], "display_name":
"target:64512:814", "name": "target:64512:814"}}
The problem that I think it is is that both subnets have a gateway that is
already set (1.1.1.1 and 2.2.2.1, respectively). Contrail GUI assigns gateway
IP address as .1.
So, the logical router that I create connects these 2 subnets. Therefore,
logical router interfaces should have the same IP addresses as the gateway of
each subnet (1.1.1.1 instead of 1.1.1.100 and 2.2.2.1 instead of 2.2.2.100).
If I use neutron commands to create the logical router, the interfaces of the
logical router created from neutron commands have the IP addresses of the
gateway of each subnet.
As workaround, if I try to change the gateway IP address of a subnet (from
1.1.1.1 to 1.1.1.100, in order to match the IP address of the virtual router),
I receive the following error:
Error: Virtual-Network(default-domain:anda:aaa) has invalid subnet(1.1.1.0/24)
Thanks,
Anda
From: Vedamurthy Ananth Joshi [mailto:vjo...@juniper.net]
Sent: Wednesday, July 12, 2017 10:00 AM
To: Anda Nicolae; dev@lists.opencontrail.org
Subject: Re: [opencontrail-dev] Contrail GUI Virtual Router IP address
So 1.1.1.102/32 and 2.2.2.102/32 are not seen in each other’s tables.
Are there any errors in contrail-schema logs?
Can you check if the RT of the logical-router object is both imported and
exported in both routing-instances?
RT of the router can be got from UI Monitor>Infrastructure> Config Nodes>
, Click on ‘Config’ link at the bottom. Then follow logical-routers
link
Routing instance details can be got from
http://http://%3ccontrol-node>
ip>:8083/Snh_ShowRoutingInstanceSummaryReq?search_string=
Vedu
From: Anda Nicolae mailto:anico...@lenovo.com>>
Date: Tuesday, July 11, 2017 at 5:49 PM
To: Vedamurthy Ananth Joshi mailto:vjo...@juniper.net>>,
"dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>"
mailto:dev@lists.opencontrail.org>>
Subject: RE: [opencontrail-dev] Contrail GUI Virtual Router IP address
Thank you, Vedu. I have created 2 VMs, first VM having an IP address from VN1
subnet and the 2nd VM having an IP address from VN2 subnet.
route -n command on the 1st VM shows that default gateway is 1.1.1.1
route -n command on the 2nd VM shows that default gateway is 2.2.2.1.
As I have written in the above e-mail, virtual router IP address is 1.1.1.100.
I have retrieved the vrf associated to each VN and below it is the routing
table associated to each vrf.
[root@Hercules ~]$rt --dump 4
Flags: L=Label Valid, P=Proxy ARP, T=Trap ARP, F=Flood ARP
vRouter inet4 routing table 0/4/unicast
Destination PPLFlagsLabel NexthopStitched
MAC(Index)
0.0.0.0/8 0 - 0-
1.0.0.0/16 0 - 0-
1.1.0.0/24 0 - 0-
1.1.1.0/32 24 TF - 1-
1.1.1.1/32 32 PT - 8
Re: [opencontrail-dev] Contrail GUI Virtual Router IP address
Thank you, Vedu. I have created 2 VMs, first VM having an IP address from VN1 subnet and the 2nd VM having an IP address from VN2 subnet. route -n command on the 1st VM shows that default gateway is 1.1.1.1 route -n command on the 2nd VM shows that default gateway is 2.2.2.1. As I have written in the above e-mail, virtual router IP address is 1.1.1.100. I have retrieved the vrf associated to each VN and below it is the routing table associated to each vrf. [root@Hercules ~]$rt --dump 4 Flags: L=Label Valid, P=Proxy ARP, T=Trap ARP, F=Flood ARP vRouter inet4 routing table 0/4/unicast Destination PPLFlagsLabel NexthopStitched MAC(Index) 0.0.0.0/8 0 - 0- 1.0.0.0/16 0 - 0- 1.1.0.0/24 0 - 0- 1.1.1.0/32 24 TF - 1- 1.1.1.1/32 32 PT - 8- 1.1.1.2/32 24 TF - 1- 1.1.1.3/32 24 TF - 1- 1.1.1.4/32 24 TF - 1- 1.1.1.5/32 24 TF - 1- 1.1.1.6/32 24 TF - 1- 1.1.1.7/32 24 TF - 1- 1.1.1.8/32 24 TF - 1- [truncated output] 1.1.1.100/32 24 TF - 1- 1.1.1.101/32 32P - 69 2:ae:a9:f1:8e:71(218780) 1.1.1.102/32 24 TF - 1- [truncated output] [root@Hercules ~]$rt --dump 7 Flags: L=Label Valid, P=Proxy ARP, T=Trap ARP, F=Flood ARP vRouter inet4 routing table 0/7/unicast Destination PPLFlagsLabel NexthopStitched MAC(Index) 0.0.0.0/8 0 - 0- 1.0.0.0/8 0 - 0- 2.0.0.0/16 0 - 0- 2.1.0.0/16 0 - 0- 2.2.0.0/24 0 - 0- 2.2.1.0/24 0 - 0- 2.2.2.0/32 24 TF - 1- 2.2.2.1/32 32 PT - 8- 2.2.2.2/32 32 PT - 8- 2.2.2.3/32 24 TF - 1- 2.2.2.4/32 24 TF - 1- 2.2.2.5/32 24 TF - 1- 2.2.2.6/32 24 TF - 1- 2.2.2.7/32 24 TF - 1- 2.2.2.8/32 24 TF - 1- [truncated output] 2.2.2.100/32 24 TF - 1- 2.2.2.101/32 24 TF - 1- 2.2.2.102/32 32P - 82 2:7c:84:1c:eb:e9(209628) [truncated output] Thanks, Anda From: Vedamurthy Ananth Joshi [mailto:vjo...@juniper.net] Sent: Tuesday, July 11, 2017 2:02 PM To: Anda Nicolae; dev@lists.opencontrail.org Subject: Re: [opencontrail-dev] Contrail GUI Virtual Router IP address IIRC, the port-ip assigned to the router ports does not affect the forwarding. I think you should check if the routes of the other VN is present in the routing table of each VN(route-target of the router object is used to ensure that it happens). You may want to dump the object details to check. Vedu From: Dev mailto:dev-boun...@lists.opencontrail.org>> on behalf of Anda Nicolae mailto:anico...@lenovo.com>> Date: Tuesday, July 11, 2017 at 12:54 PM To: "dev@lists.opencontrail.org<mailto:dev@lists.opencontrail.org>" mailto:dev@lists.opencontrail.org>> Subject: [opencontrail-dev] Contrail GUI Virtual Router IP address Hi all, I am currently investigating https://bugs.launchpad.net/opencontrail/+bug/1696760. I have a setup with 3 VMs: 1st VM is Openstack node, the 2nd VM is Contrail controller node and the 3rd VM is Contrail compute node. CentOS is running on all the 3 VMs. I have used fab command to install Contrail on VMs. From Contrail GUI I have created 2 Virtual Networks each with its own (different) IP subnet (1.1.1.0/24 and 2.2.2.0/24). By default, Contrail GUI adds 1.1.1.1 as gateway IP address for the 1st VN and 2.2.2.1 as gateway IP address for the 2nd VN. I need to create a logical router to route the traffic between
[opencontrail-dev] Contrail GUI Virtual Router IP address
Hi all, I am currently investigating https://bugs.launchpad.net/opencontrail/+bug/1696760. I have a setup with 3 VMs: 1st VM is Openstack node, the 2nd VM is Contrail controller node and the 3rd VM is Contrail compute node. CentOS is running on all the 3 VMs. I have used fab command to install Contrail on VMs. >From Contrail GUI I have created 2 Virtual Networks each with its own >(different) IP subnet (1.1.1.0/24 and 2.2.2.0/24). By default, Contrail GUI adds 1.1.1.1 as gateway IP address for the 1st VN and 2.2.2.1 as gateway IP address for the 2nd VN. I need to create a logical router to route the traffic between the Virtual Networks above. There are 2 ways in which I can create this virtual router: 1. Using neutron cmds: neutron router-create router1 neutron router-interface-add router1 neutron router-interface-add router1 In this case, the IP addresses of the router interfaces are 1.1.1.1 and 2.2.2.1, which matches the gateway IP address of each subnet. 2. Using Contrail GUI In this case, the IP addresses of the router interfaces are 1.1.1.100 and 2.2.2.100, which doesn't match the gateway IP address of each subnet, and the traffic is not router between VNs. I have started looking over the code to see where is gateway IP address .100 configured. I am stuck at /usr/lib/python2.7/site-packages/vnc_cfg_api_server/gen/resource_client.py, line 5762, function: def virtual_router_ip_address(self, virtual_router_ip_address). The above file is autogenerated and this is a setter function. Can you please give a hint on how to continue my investigation? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Physnet in env.sriov from testbed.py
Hi all,
I am trying to install Contrail using fab and testbed.py. I need to enable
sriov in Contrail.
The physical nics from compute node where I need to enable sriov have sriov
capability (I've checked this using lspci -v). Although compute nodes do not
have ASPM support (BIOS does not have this option), I've found on this mailing
list that sriov works even if ASPM is disabled. [1]
[1]
http://lists.opencontrail.org/pipermail/dev_lists.opencontrail.org/2017-April/003164.html
I have added the following lines in testbed.py:
env.sriov = {
host3 :[ {'interface' : 'eth5', 'VF' : 7, 'physnets' : ['physnet1',
'physnet2']}]
host4 :[ {'interface' : 'eth5', 'VF' : 7, 'physnets' :
['physnet1', 'physnet2']}]
}
eth5 the interface on which data plane traffic (traffic from the VMs created on
the compute nodes) is forwarded.
My question is: what does physnet represent?
Thanks,
Anda
___
Dev mailing list
Dev@lists.opencontrail.org
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] How to configure DNS in tenant mode
Hi all, I am using OpenContrail R3.2. I am trying to create a setup with a tenant VM which uses DNS in tenant mode. I have read in Contrail-feature-guide about configuring DNS tenant mode and below are my steps: 1. I know that I have to associate IPAM with tenant DNS. Because default IPAM does not appear in IP Address Management tab, I have created an IPAM named "myipam". "myipam" has "Tenant DNS" method and Tenant DNS Server IPs "8.8.8.8" in IPAM tab. "myipam" has "Read", "Write", "Refer" as Owner and Global Share permissions. Also, in "Share list", I have selected "admin" project with "Read", "Write", "Refer" permissions. 2. Afterwards, I have created a network named "mynetwork" and I tried to assign a subnet to this network. In "Edit Network" window, in "Subnets" field, I have selected "myipam", added CIDR and Allocation Pool, checked DNS and DHCP and hit "Save". 3. Then I have opened again "Edit Network" window, for "mynetwork". In "Subnets" field, IPAM was changed to "default-ipam" instead of "myipam". IPAM drop-down list is deactivated (so I cannot choose again "myipam"). I have modified CIDR, Allocation Pool, DNS, DHCP saved "Edit Network" and reopened it but I got the same result. I have booted a VM using nova boot and as I expected, in /etc/resolv.conf was not the DNS server I have configured in "myipam". Can you please let me know how can I configure DNS in tenant mode? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
[opencontrail-dev] Multicast between tenants in different subnets
Hi all, I am using OpenContrail with OpenStack. I have created 2 tenant VMs in 2 different subnets. I have used "neutron" commands for creating the subnets and "nova boot" for booting the VMs. Ping between VMs works OK. I intend to send multicast traffic from VM1 to VM2 using iperf. Unfortunately, no multicast pkts arrive at VM2, where iperf in server mode runs. Same scenario with iperf works, but having VM1 and VM2 in the same subnet. I have issued "dropstats" command on the compute node which hosts the VMS. I have noticed that there are very many "Cloned Original" packets. >From "ifconfig" output, I have also noticed there are very many Rx dropped >pkts on vhost0. >From OpenContrail web interface, Configure Tab, I have run the iperf test >using Forwarding Mode "Default", "L2 and L3", "L2 Only", "L3 Only" and I have >encountered the same problem. Can someone please let me know if multicast should work between tenants in different subnets and if so, how to configure Contrail? Thanks, Anda ___ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
