[Openstack] [Heat&Quantum] Quantum Template ROLLBACK_FAILED Error

[蒋闻天]

I have heat and quantum in my devstack, just like:
ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
ENABLED_SERVICES+=,quantum,q-svc,q-agt,q-dhcp,q-l3,q-meta

Then I restart my compute, ./rejoin-stack.sh
All Service OK.

Then I run some thing like:
heat stack-create -f /opt/stack/heat/templates/Quantum.template susu

heat stack-list ROLLBACK_FAILED
I See The Error Happened , Is there anyone can help me with this problem.
Maybe some config i did not known.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Rebooted, now can't ping my guest

[Aaron Rosen]

Hi Hsiao,

You are absolutely correct! If 192.168.0.254 is set as the gateway
traffic will not be routed correctly. I also believe there is another
bug as the ip addresses are being placed on the ethX interfaces and
not bridge interfaces. I'll create a patch fixing these issues
tomorrow morning.

Thanks for spotting this!

Aaron

On Wed, Feb 27, 2013 at 10:02 PM, Chuan-Heng Hsiao
 wrote:
> Hi Aaron,
>
> I am very sorry that I made the conclusion too early because of not
> having good understanding
> of everything, and it is with high probability that I may made wrong 
> conclusion.
>
> However, based on my hypothesis (and my few experiments.)
> The gateway setting is supposed to be corresponded to the ip
> connecting to the outer internet,
> and it is 7.7.7.x and is bundled with br-ex.
>
> By setting default gateway to 192.168.0.254 (which does not even
> exit), and bundled with eth0,
> I saw that (by netstat -r) the default gateway is set to 192.168.0.254
> and can't pass to the outer internet
> correctly.
>
> Or maybe it is not the real issue (and doesn't matter how the gateway is set).
> Maybe the real issue was that I can do pings, but I can't do ssh -i to the 
> VMs,
> and it was because I did not set
>
> route add -net 10.10.10.0/24 gw $router_proj_one_IP
>
> to the controller, and the VMs can't access the metadata from
> 192.168.0.1 or $router_proj_one_IP.
> (because the controller's IP is not with the VMs IP)
>
> Sincerely,
> Hsiao
>
>
> On Thu, Feb 28, 2013 at 12:15 PM, Aaron Rosen  wrote:
>>>
>>> DO NOT SET GATEWAY as 192.168.0.254.
>> Why do you say that. I don't see any problem with what the doc says:
>>
>> # Management Network
>> auto eth0
>> iface eth0 inet static
>> address 192.168.0.2
>> netmask 255.255.255.0
>> gateway 192.168.0.254
>> dns-nameservers 8.8.8.8
>>
>> # Data Network
>> auto eth1
>> iface eth1 inet static
>> address 10.10.10.1
>> netmask 255.255.255.0
>>
>> # Public Bridge
>> auto eth2
>> iface eth2 inet manual
>> up ifconfig $IFACE 0.0.0.0 up
>> up ip link set $IFACE promisc on
>> down ifconfig $IFACE down

 ___
 Mailing list: https://launchpad.net/~openstack
 Post to : openstack@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~openstack
 More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Rebooted, now can't ping my guest

[Chuan-Heng Hsiao]

Hi Aaron,

I am very sorry that I made the conclusion too early because of not
having good understanding
of everything, and it is with high probability that I may made wrong conclusion.

However, based on my hypothesis (and my few experiments.)
The gateway setting is supposed to be corresponded to the ip
connecting to the outer internet,
and it is 7.7.7.x and is bundled with br-ex.

By setting default gateway to 192.168.0.254 (which does not even
exit), and bundled with eth0,
I saw that (by netstat -r) the default gateway is set to 192.168.0.254
and can't pass to the outer internet
correctly.

Or maybe it is not the real issue (and doesn't matter how the gateway is set).
Maybe the real issue was that I can do pings, but I can't do ssh -i to the VMs,
and it was because I did not set

route add -net 10.10.10.0/24 gw $router_proj_one_IP

to the controller, and the VMs can't access the metadata from
192.168.0.1 or $router_proj_one_IP.
(because the controller's IP is not with the VMs IP)

Sincerely,
Hsiao


On Thu, Feb 28, 2013 at 12:15 PM, Aaron Rosen  wrote:
>>
>> DO NOT SET GATEWAY as 192.168.0.254.
> Why do you say that. I don't see any problem with what the doc says:
>
> # Management Network
> auto eth0
> iface eth0 inet static
> address 192.168.0.2
> netmask 255.255.255.0
> gateway 192.168.0.254
> dns-nameservers 8.8.8.8
>
> # Data Network
> auto eth1
> iface eth1 inet static
> address 10.10.10.1
> netmask 255.255.255.0
>
> # Public Bridge
> auto eth2
> iface eth2 inet manual
> up ifconfig $IFACE 0.0.0.0 up
> up ip link set $IFACE promisc on
> down ifconfig $IFACE down
>>>
>>> ___
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to : openstack@lists.launchpad.net
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack] Memory use in Controller and Compute nodes

[Balamurugan V G]

Never mind, Looks like I should be looking at this line which gives the
correct usage which is more or less what I expect.

-/+ buffers/cache:   2009  30163

Regards,
Balu


On Thu, Feb 28, 2013 at 10:18 AM, Balamurugan V G
wrote:

> Hi,
>
> I have a 3 node Folsom with Quantum setup. One is a controller node, one
> is a quantum networking node and the other is a  KVM compute node. I see
> that on the Controller and Compute nodes, the memory usage is very high,
> based on the free command output. I have about 8gb RAM in the controller
> node and 32gb in the Compute node.  For example the compute node returns
> this:
>
> root@openstack-kvm1:~# free -m
>  total   used   free sharedbuffers cached
> Mem: 32173  31619553  0115  29494
> -/+ buffers/cache:   2009  30163
> Swap:0  0  0
> root@openstack-kvm1:~#
>
>
> I am not sure if my interpretation if the output is wrong or if I have a
> genuine memory issue. Any pointers will help.
>
> Thanks,
> Balu
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [OpenStack] Back porting the floating ip related changes to Folsom

[Balamurugan V G]

Hi,

We know that in Folsom Horizon, though there is interface for Floating ip
association/disassociation, it doesnt work due to missing integration in
Nova. But in the Grizzly, based on the release notes, this seems to have
been implemented. Can this feature can be back ported to Folsom? has
anybody tried it?

I came across this port
http://cloudistic.me/blog/openstack-folsom-backporting-quantum-floating-ips-to-nova-on-ubuntu-12-04/but
wanted to check with the community before trying it since I do not
have
much flexibility to play with my setup(dont want to mess up my current
setup). Has anybody tried this?

Regards,
Balu
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [OpenStack] Memory use in Controller and Compute nodes

[Balamurugan V G]

Hi,

I have a 3 node Folsom with Quantum setup. One is a controller node, one is
a quantum networking node and the other is a  KVM compute node. I see that
on the Controller and Compute nodes, the memory usage is very high, based
on the free command output. I have about 8gb RAM in the controller node and
32gb in the Compute node.  For example the compute node returns this:

root@openstack-kvm1:~# free -m
 total   used   free sharedbuffers cached
Mem: 32173  31619553  0115  29494
-/+ buffers/cache:   2009  30163
Swap:0  0  0
root@openstack-kvm1:~#


I am not sure if my interpretation if the output is wrong or if I have a
genuine memory issue. Any pointers will help.

Thanks,
Balu
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Rebooted, now can't ping my guest

[Aaron Rosen]

On Wed, Feb 27, 2013 at 7:11 PM, Chuan-Heng Hsiao
 wrote:
> Hi Aaron and The King in Yellow,
>
> I also experienced this problem yesterday and I just solved.
>
> Besides ensuring  quantum-openvswitch-agent processes are all up
> (except the controller node),
> there is a typo in the network node in basic install doc:
>
> http://docs.openstack.org/folsom/basic-install/content/basic-install_network.html
>
> DO NOT SET GATEWAY as 192.168.0.254.
Why do you say that. I don't see any problem with what the doc says:

# Management Network
auto eth0
iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0
gateway 192.168.0.254
dns-nameservers 8.8.8.8

# Data Network
auto eth1
iface eth1 inet static
address 10.10.10.1
netmask 255.255.255.0

# Public Bridge
auto eth2
iface eth2 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ifconfig $IFACE down
>
> or the routing table would be messed up.
>
>
> Also, if you want to do ssh, based on the following doc:
>
> https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/blob/stable/GRE/OpenStack_Folsom_Install_Guide_WebVersion.rst
>
> REMEMBER TO DO THE FOLLOWING IN YOUR CONTROLLER NODE:
>
> route add -net 10.10.10.0/24 gw $router_proj_one_IP
>
> Sincerely,
> Hsiao
>
>
> On Thu, Feb 28, 2013 at 7:57 AM, Aaron Rosen  wrote:
>> Hi
>>
>> response inline
>>
>> On Wed, Feb 27, 2013 at 3:22 PM, The King in Yellow
>>  wrote:
>>>
>>> I have been working on creating an OpenStack environment according to the
>>> Basic Install doc.  It was working fine last night!  In order to make sure I
>>> didn't mess anything up, I downed controller/network/compute nodes and
>>> cloned them (they are nested on ESXi 5.0u1).
>>>
>>> Upon coming back up, I can't ping my guests.  I'm on the network node,
>>> pinging 10.5.5.3, which is a running guest.  I'm guessing the GRE tunnel
>>> isn't coming between the compute and network node, since the br-* interfaces
>>> down?  (After this, I manually "ip link set up" all br-* interfaces on both
>>> compute and network-- nothing)
>>>
>>> I have no experience with either Quantum or Open vSwitch, so I don't know
>>> what this is telling me.  I'm rather at a loss-- can anybody point me in the
>>> right direction here?  I don't see anything in the quantum logs right now
>>> that seems to indicate an error-- openvswitch-agent.log is cycling through
>>> things like the following, though:
>>>
>>> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils] Running command:
>>> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
>>> --timeout=2 get Interface qr-9f9041ce-65 external_ids
>>> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils]
>>> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'qr-9f9041ce-65',
>>> 'external_ids']
>>> Exit code: 0
>>> Stdout: '{attached-mac="fa:16:3e:e2:38:da",
>>> iface-id="9f9041ce-654d-4706-a208-60cf5fca5d90", iface-status=active}\n'
>>> Stderr: ''
>>> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils] Running command:
>>> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
>>> --timeout=2 get Interface tap45ffdc5f-da external_ids
>>> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils]
>>> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'tap45ffdc5f-da',
>>> 'external_ids']
>>> Exit code: 0
>>> Stdout: '{attached-mac="fa:16:3e:36:2e:54",
>>> iface-id="45ffdc5f-dad9-444a-aff4-3d39b607f828", iface-status=active}\n'
>>> Stderr: ''
>>> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils] Running command:
>>> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
>>> --timeout=2 list-ports br-int
>>> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils]
>>> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>>> 'ovs-vsctl', '--timeout=2', 'list-ports', 'br-int']
>>> Exit code: 0
>>> Stdout: 'patch-tun\nqr-9f9041ce-65\ntap45ffdc5f-da\n'
>>> Stderr: ''
>>> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils] Running command:
>>> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
>>> --timeout=2 get Interface patch-tun external_ids
>>> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils]
>>> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'patch-tun', 'external_ids']
>>> Exit code: 0
>>> Stdout: '{}\n'
>>> Stderr: ''
>>>
>>>
>>> Here are the output of ifconfig -a, ovs-vsctl show, and ovs-cfctl of each
>>> bridge on the network node:
>>>
>>> root@os-network:~# ifconfig -a
>>> br-ex Link encap:Ethernet  HWaddr 00:50:56:81:66:d8
>>>   BROADCAST MULTICAST  MTU:1500  Metric:1
>>>   RX packets:23 errors:0 dropped:0 overruns:0 frame:0
>>>   TX packets:0 errors:0 dropped:0

Re: [Openstack] Rebooted, now can't ping my guest

[Chuan-Heng Hsiao]

Hi Aaron and The King in Yellow,

I also experienced this problem yesterday and I just solved.

Besides ensuring  quantum-openvswitch-agent processes are all up
(except the controller node),
there is a typo in the network node in basic install doc:

http://docs.openstack.org/folsom/basic-install/content/basic-install_network.html

DO NOT SET GATEWAY as 192.168.0.254.

or the routing table would be messed up.


Also, if you want to do ssh, based on the following doc:

https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/blob/stable/GRE/OpenStack_Folsom_Install_Guide_WebVersion.rst

REMEMBER TO DO THE FOLLOWING IN YOUR CONTROLLER NODE:

route add -net 10.10.10.0/24 gw $router_proj_one_IP

Sincerely,
Hsiao


On Thu, Feb 28, 2013 at 7:57 AM, Aaron Rosen  wrote:
> Hi
>
> response inline
>
> On Wed, Feb 27, 2013 at 3:22 PM, The King in Yellow
>  wrote:
>>
>> I have been working on creating an OpenStack environment according to the
>> Basic Install doc.  It was working fine last night!  In order to make sure I
>> didn't mess anything up, I downed controller/network/compute nodes and
>> cloned them (they are nested on ESXi 5.0u1).
>>
>> Upon coming back up, I can't ping my guests.  I'm on the network node,
>> pinging 10.5.5.3, which is a running guest.  I'm guessing the GRE tunnel
>> isn't coming between the compute and network node, since the br-* interfaces
>> down?  (After this, I manually "ip link set up" all br-* interfaces on both
>> compute and network-- nothing)
>>
>> I have no experience with either Quantum or Open vSwitch, so I don't know
>> what this is telling me.  I'm rather at a loss-- can anybody point me in the
>> right direction here?  I don't see anything in the quantum logs right now
>> that seems to indicate an error-- openvswitch-agent.log is cycling through
>> things like the following, though:
>>
>> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils] Running command:
>> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
>> --timeout=2 get Interface qr-9f9041ce-65 external_ids
>> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils]
>> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'qr-9f9041ce-65',
>> 'external_ids']
>> Exit code: 0
>> Stdout: '{attached-mac="fa:16:3e:e2:38:da",
>> iface-id="9f9041ce-654d-4706-a208-60cf5fca5d90", iface-status=active}\n'
>> Stderr: ''
>> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils] Running command:
>> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
>> --timeout=2 get Interface tap45ffdc5f-da external_ids
>> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils]
>> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'tap45ffdc5f-da',
>> 'external_ids']
>> Exit code: 0
>> Stdout: '{attached-mac="fa:16:3e:36:2e:54",
>> iface-id="45ffdc5f-dad9-444a-aff4-3d39b607f828", iface-status=active}\n'
>> Stderr: ''
>> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils] Running command:
>> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
>> --timeout=2 list-ports br-int
>> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils]
>> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'list-ports', 'br-int']
>> Exit code: 0
>> Stdout: 'patch-tun\nqr-9f9041ce-65\ntap45ffdc5f-da\n'
>> Stderr: ''
>> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils] Running command:
>> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
>> --timeout=2 get Interface patch-tun external_ids
>> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils]
>> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'patch-tun', 'external_ids']
>> Exit code: 0
>> Stdout: '{}\n'
>> Stderr: ''
>>
>>
>> Here are the output of ifconfig -a, ovs-vsctl show, and ovs-cfctl of each
>> bridge on the network node:
>>
>> root@os-network:~# ifconfig -a
>> br-ex Link encap:Ethernet  HWaddr 00:50:56:81:66:d8
>>   BROADCAST MULTICAST  MTU:1500  Metric:1
>>   RX packets:23 errors:0 dropped:0 overruns:0 frame:0
>>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>   collisions:0 txqueuelen:0
>>   RX bytes:1380 (1.3 KB)  TX bytes:0 (0.0 B)
>>
>> br-intLink encap:Ethernet  HWaddr 5e:5a:c3:07:44:42
>>   BROADCAST MULTICAST  MTU:1500  Metric:1
>>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>   collisions:0 txqueuelen:0
>>   RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>>
>> br-tunLink encap:Ethernet  HWaddr 56:2d:9f:6c:ac:4f
>>   BROADCAST MULTICAST  MTU:1500  Metric:1
>>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>   TX packets:0 errors:0 dropp

Re: [Openstack] Network configuration on compute node

[Ajiva Fan]

the output of `#brclt show` shows that your br100 is not bridged on any nic
and the output of `ifconfig` shows that your br100 get no ipv4 addr

br100 plays roles of:
1) gateway
2) dhcp server
3) dns server

so since your br100 is not created correctly, i think the vm will not
get an ip trough dhcp

please paste your nova.conf file, especially the network part. hope
someone will find the problem

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [essex vlan]cannot ping vm on other compute node

[Ajiva Fan]

thank you, Kevin S, and also thanks George

i did this command in the beginning of the time when i meet this
problem, and it failed because """sw-31(config)#vlan 105
VTP VLAN configuration not allowed when device is in CLIENT mode."""
meanwhile i'm guided to a wrong way by our network administrator,
since i'm very new to switcher config.

yes, by add a vlan id to switch, the problem is solved. and switcher
must be putted to vtp server mode. the client mode just copy vlan
config from a server, so any configure about vlan is ignored.

ps: i followed this qa on cisco site:
https://learningnetwork.cisco.com/thread/15990

thank you very much for your help

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Rebooted, now can't ping my guest

[Aaron Rosen]

Hi

response inline

On Wed, Feb 27, 2013 at 3:22 PM, The King in Yellow
 wrote:
>
> I have been working on creating an OpenStack environment according to the
> Basic Install doc.  It was working fine last night!  In order to make sure I
> didn't mess anything up, I downed controller/network/compute nodes and
> cloned them (they are nested on ESXi 5.0u1).
>
> Upon coming back up, I can't ping my guests.  I'm on the network node,
> pinging 10.5.5.3, which is a running guest.  I'm guessing the GRE tunnel
> isn't coming between the compute and network node, since the br-* interfaces
> down?  (After this, I manually "ip link set up" all br-* interfaces on both
> compute and network-- nothing)
>
> I have no experience with either Quantum or Open vSwitch, so I don't know
> what this is telling me.  I'm rather at a loss-- can anybody point me in the
> right direction here?  I don't see anything in the quantum logs right now
> that seems to indicate an error-- openvswitch-agent.log is cycling through
> things like the following, though:
>
> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils] Running command:
> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
> --timeout=2 get Interface qr-9f9041ce-65 external_ids
> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils]
> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'qr-9f9041ce-65',
> 'external_ids']
> Exit code: 0
> Stdout: '{attached-mac="fa:16:3e:e2:38:da",
> iface-id="9f9041ce-654d-4706-a208-60cf5fca5d90", iface-status=active}\n'
> Stderr: ''
> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils] Running command:
> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
> --timeout=2 get Interface tap45ffdc5f-da external_ids
> 2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils]
> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'tap45ffdc5f-da',
> 'external_ids']
> Exit code: 0
> Stdout: '{attached-mac="fa:16:3e:36:2e:54",
> iface-id="45ffdc5f-dad9-444a-aff4-3d39b607f828", iface-status=active}\n'
> Stderr: ''
> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils] Running command:
> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
> --timeout=2 list-ports br-int
> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils]
> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
> 'ovs-vsctl', '--timeout=2', 'list-ports', 'br-int']
> Exit code: 0
> Stdout: 'patch-tun\nqr-9f9041ce-65\ntap45ffdc5f-da\n'
> Stderr: ''
> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils] Running command:
> sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
> --timeout=2 get Interface patch-tun external_ids
> 2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils]
> Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf',
> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'patch-tun', 'external_ids']
> Exit code: 0
> Stdout: '{}\n'
> Stderr: ''
>
>
> Here are the output of ifconfig -a, ovs-vsctl show, and ovs-cfctl of each
> bridge on the network node:
>
> root@os-network:~# ifconfig -a
> br-ex Link encap:Ethernet  HWaddr 00:50:56:81:66:d8
>   BROADCAST MULTICAST  MTU:1500  Metric:1
>   RX packets:23 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:1380 (1.3 KB)  TX bytes:0 (0.0 B)
>
> br-intLink encap:Ethernet  HWaddr 5e:5a:c3:07:44:42
>   BROADCAST MULTICAST  MTU:1500  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> br-tunLink encap:Ethernet  HWaddr 56:2d:9f:6c:ac:4f
>   BROADCAST MULTICAST  MTU:1500  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> eth0  Link encap:Ethernet  HWaddr 00:50:56:81:28:f4
>   inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
>   inet6 addr: fe80::250:56ff:fe81:28f4/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:535 errors:0 dropped:10 overruns:0 frame:0
>   TX packets:554 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:137612 (137.6 KB)  TX bytes:108783 (108.7 KB)
>
> eth1  Link encap:Ethernet  HWaddr 00:50:56:81:44:e7
>   inet addr:10.10.10.1  Bcast:10.10.10.255  Mask:255.255.255.0
>   inet6 addr: fe80::250:56ff:fe81:44e7/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Me

[Openstack] Rebooted, now can't ping my guest

[The King in Yellow]

I have been working on creating an OpenStack environment according to the Basic
Install doc.
 It was working fine last night!  In order to make sure I didn't mess
anything up, I downed controller/network/compute nodes and cloned them
(they are nested on ESXi 5.0u1).

Upon coming back up, I can't ping my guests.  I'm on the network node,
pinging 10.5.5.3, which is a running guest.  I'm guessing the GRE tunnel
isn't coming between the compute and network node, since the br-*
interfaces down?  (After this, I manually "ip link set up" all br-*
interfaces on both compute and network-- nothing)

I have no experience with either Quantum or Open vSwitch, so I don't know
what this is telling me.  I'm rather at a loss-- can anybody point me in
the right direction here?  I don't see anything in the quantum logs right
now that seems to indicate an error-- openvswitch-agent.log is cycling
through things like the following, though:

2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils] Running command:
sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
--timeout=2 get Interface qr-9f9041ce-65 external_ids
2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils]
Command: ['sudo', '/usr/bin/quantum-rootwrap',
'/etc/quantum/rootwrap.conf', 'ovs-vsctl', '--timeout=2', 'get',
'Interface', 'qr-9f9041ce-65', 'external_ids']
Exit code: 0
Stdout: '{attached-mac="fa:16:3e:e2:38:da",
iface-id="9f9041ce-654d-4706-a208-60cf5fca5d90", iface-status=active}\n'
Stderr: ''
2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils] Running command:
sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
--timeout=2 get Interface tap45ffdc5f-da external_ids
2013-02-27 18:19:43DEBUG [quantum.agent.linux.utils]
Command: ['sudo', '/usr/bin/quantum-rootwrap',
'/etc/quantum/rootwrap.conf', 'ovs-vsctl', '--timeout=2', 'get',
'Interface', 'tap45ffdc5f-da', 'external_ids']
Exit code: 0
Stdout: '{attached-mac="fa:16:3e:36:2e:54",
iface-id="45ffdc5f-dad9-444a-aff4-3d39b607f828", iface-status=active}\n'
Stderr: ''
2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils] Running command:
sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
--timeout=2 list-ports br-int
2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils]
Command: ['sudo', '/usr/bin/quantum-rootwrap',
'/etc/quantum/rootwrap.conf', 'ovs-vsctl', '--timeout=2', 'list-ports',
'br-int']
Exit code: 0
Stdout: 'patch-tun\nqr-9f9041ce-65\ntap45ffdc5f-da\n'
Stderr: ''
2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils] Running command:
sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf ovs-vsctl
--timeout=2 get Interface patch-tun external_ids
2013-02-27 18:19:45DEBUG [quantum.agent.linux.utils]
Command: ['sudo', '/usr/bin/quantum-rootwrap',
'/etc/quantum/rootwrap.conf', 'ovs-vsctl', '--timeout=2', 'get',
'Interface', 'patch-tun', 'external_ids']
Exit code: 0
Stdout: '{}\n'
Stderr: ''


Here are the output of ifconfig -a, ovs-vsctl show, and ovs-cfctl of each
bridge on the network node:

root@os-network:~# ifconfig -a
br-ex Link encap:Ethernet  HWaddr 00:50:56:81:66:d8
  BROADCAST MULTICAST  MTU:1500  Metric:1
  RX packets:23 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:1380 (1.3 KB)  TX bytes:0 (0.0 B)

br-intLink encap:Ethernet  HWaddr 5e:5a:c3:07:44:42
  BROADCAST MULTICAST  MTU:1500  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

br-tunLink encap:Ethernet  HWaddr 56:2d:9f:6c:ac:4f
  BROADCAST MULTICAST  MTU:1500  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0  Link encap:Ethernet  HWaddr 00:50:56:81:28:f4
  inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
  inet6 addr: fe80::250:56ff:fe81:28f4/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:535 errors:0 dropped:10 overruns:0 frame:0
  TX packets:554 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:137612 (137.6 KB)  TX bytes:108783 (108.7 KB)

eth1  Link encap:Ethernet  HWaddr 00:50:56:81:44:e7
  inet addr:10.10.10.1  Bcast:10.10.10.255  Mask:255.255.255.0
  inet6 addr: fe80::250:56ff:fe81:44e7/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:76 errors:0 dropped:9 overruns:0 frame:0
  TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:14531 (14

[Openstack] Cloudpipe - Routing not working

[Ronivon Costa]

Hello guys,
I need some advice with a cloudpipe setup.
I have a basic Folsom installation (single server), using VlanManager.
I am setting up a vpn for the subnet 10.0.4.0 (please see diagram below).

 instance1
 nova-controller   cloudpipe   openvpnhost1
10.100.200.120<--->10.0.4.2<===>   10.0.4.254 <--->10.100.100.143
 (piblic ip)   ||   10.100.100.142
  ||
  ||
  ||
  ||
  instance2
  10.0.4.3

Short story: from host1, can not ping instance2 (or cloudpipe). From
clopudpie (or instance2) cannot ping host1.

Desired behaviour: From instance2, want to ping host1. From host1,
want to ping instance2.

Long story:

The vpn link is working just fine from point to point.

However, packets are not being fully routed from one network to the other.

To troubleshoot this, I am using tcpdump, so:
On cloudpipe instance, I run:

tcpdump -i any icmp

Then, on host1 a ping'ed cloudpipe:
ping 10.0.4.2



The tcpdump on cloudpipe is like this:

21:27:56.958108  In 62:59:fd:d3:0d:f3 (oui Unknown) ethertype IPv4
(0x0800), length 100: 10.100.100.143 >
efe762bef1364f8bab0d5c71434388e2-vpn.novalocal: ICMP echo request, id
28421, seq 10, length 64

21:27:56.969406  In 00:00:00:00:00:00 (oui Ethernet) ethertype IPv4
(0x0800), length 128: efe762bef1364f8bab0d5c71434388e2-vpn.novalocal >
efe762bef1364f8bab0d5c71434388e2-vpn.novalocal: ICMP host
10.100.100.143 unreachable, length 92
---

Looks like each point in the vpn does not know the arp address for
hosts in the other network.

PS: I created routes between host1 and network 10.0.4.0:
$ ip route list
10.0.4.0/24 via 10.100.100.142 dev eth0
10.0.0.0/24 via 10.100.100.142 dev eth0
10.100.100.0/24 dev eth0  proto kernel  scope link  src 10.100.100.143
169.254.0.0/16 dev eth0  scope link  metric 1002
default via 10.100.100.1 dev eth0

OpenVPN client:
$ ip route list
10.0.4.0/24 dev tap0  proto kernel  scope link  src 10.0.4.254
10.0.0.0/24 via 10.0.4.1 dev tap0
10.100.100.0/24 dev eth0  proto kernel  scope link  src 10.100.100.142
169.254.0.0/16 dev eth0  scope link  metric 1002
default via 10.100.100.1 dev eth0

Cloudpipe instance:
$ ip route list
default via 10.0.4.1 dev br0  metric 100
10.0.4.0/24 dev br0  proto kernel  scope link  src 10.0.4.2
10.0.4.254 via 10.0.4.2 dev br0
10.100.100.0/24 via 10.0.4.2 dev br0

?? The openvpn  (cloudpipe) is setup for bridge. Should not the arp
transit to the other side of the tunnel?

?? Any tips to get this working?

I appreciate any help, thanks.
Roni.
--
http://cloud0.dyndns-web.com/blog/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Horizon Silent Failure on Auth

[Dan Reif]

All the bits appear to be working properly:

 # keystone user-list
+--+-+-+---+
|id| name| enabled | email |
+--+-+-+---+
| 4107f59814a84a75bec4c01548b0a04d | my_admin |   True  |   |
| 117410be31f449f3842acd551b42692d |cinder   |   True  |   |
| f4f6c62e3cd045258e5d182eca095e62 | ec2 |   True  |   |
| 37de28f94dcc44fca4f539f4cd9c8132 |glance   |   True  |   |
| 1b364b2ceb06400aa5fd5c10a693cdad | nova|   True  |   |
| db5f78e64430407285ff7680831af341 |   quantum   |   True  |   |
| fb8ee1e5e98d46dba9bfbb00404c1f38 |swift|   True  |   |
+--+-+-+---+
# keystone role-list
+--+--+
|id|   name   |
+--+--+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 353cdb53a5b441579ee593bca9cd6d71 |  admin   |
+--+--+
# keystone user-role-list
+--+--+--+--+
|id|   name   |
user_id  |tenant_id |
+--+--+--+--+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
4107f59814a84a75bec4c01548b0a04d | 7873441b19064c17afe2b911ffbeb183 |
| 353cdb53a5b441579ee593bca9cd6d71 |  admin   |
4107f59814a84a75bec4c01548b0a04d | 7873441b19064c17afe2b911ffbeb183 |
+--+--+--+--+

However, when I login to horizon, I'm booted back (via 302) to /horizon.  I
set logging options in /etc/openstack-dashboard/local_settings.py to
"DEBUG"; as a result, I see this in Apache's error log:

[Wed Feb 27 20:03:55 2013] [error] DEBUG:urllib3.connectionpool:"GET
/v2.0/tenants HTTP/1.1" 200 266
[Wed Feb 27 20:03:55 2013] [error] INFO:urllib3.connectionpool:Starting new
HTTP connection (1): 127.0.0.1
[Wed Feb 27 20:03:55 2013] [error] DEBUG:urllib3.connectionpool:"POST
/v2.0/tokens HTTP/1.1" 200 6937
[Wed Feb 27 20:03:55 2013] [error]
DEBUG:openstack_auth.backend:Authentication completed for user "my_admin".

Caching is enabled, and memcache is reachable.  I turned off caching, and
it made no difference.  Also potentially relevant for debugging: I *do* get
an error message if I use a non-existant username or a bad password.

Package versions:

glance2013.1.g3-0ubuntu1~cloud0
glance-api2013.1.g3-0ubuntu1~cloud0
glance-common 2013.1.g3-0ubuntu1~cloud0
glance-registry   2013.1.g3-0ubuntu1~cloud0
keystone  2013.1.g3-0ubuntu1~cloud0
nova-ajax-console-proxy   2013.1.g3-0ubuntu1~cloud0
nova-api  2013.1.g3-0ubuntu1~cloud0
nova-cert 2013.1.g3-0ubuntu1~cloud0
nova-common   2013.1.g3-0ubuntu1~cloud0
nova-consoleauth  2013.1.g3-0ubuntu1~cloud0
nova-doc  2013.1.g3-0ubuntu1~cloud0
nova-novncproxy   2013.1.g3-0ubuntu1~cloud0
nova-scheduler2013.1.g3-0ubuntu1~cloud0
openstack-dashboard   2013.1.g3-0ubuntu2~cloud0
openstack-dashboard-ubuntu-theme  2013.1.g3-0ubuntu2~cloud0
python-cinderclient 1:1.0.2.20.g20dcc85-0ubuntu1~cloud0
python-django-horizon 2013.1.g3-0ubuntu2~cloud0
python-glance 2013.1.g3-0ubuntu1~cloud0
python-glanceclient 1:0.6.0-0ubuntu1~cloud0
python-keystone   2013.1.g3-0ubuntu1~cloud0
python-keystoneclient   1:0.2.2-0ubuntu2~cloud0
python-nova   2013.1.g3-0ubuntu1~cloud0
python-novaclient  1:2.11.1-0ubuntu1~cloud0
python-openstack-auth 1.0.1-0ubuntu6~cloud0
python-oslo-config2013.1~b3-0ubuntu1~cloud0
python-quantum2013.1.g3-0ubuntu1~cloud0
python-quantumclient  1:2.1-0ubuntu1~cloud0
python-swiftclient  1:1.3.0-0ubuntu1~cloud0
quantum-common2013.1.g3-0ubuntu1~cloud0
quantum-plugin-openvswitch2013.1.g3-0ubuntu1~cloud0
quantum-plugin-openvswitch-agent  2013.1.g3-0ubuntu1~cloud0
quantum-server2013

[Openstack] Quotas for Glance and Snapshot

[Danilo Perogil]

You can kind of quota for Snapshots generated images in OpenStack? There is a 
quota system where the limit of images Glance Snapshots and enter the quota?

Only there are quotas on volumes and projects for not using Glance, Snapshot 
and even the root (/) of the instances.

Best!

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [essex vlan]cannot ping vm on other compute node

[George Mihaiescu]

Try these commands:

Conf term
Vlan 105
State active


George



-Original Message-
From: openstack-bounces+george.mihaiescu=q9@lists.launchpad.net 
[mailto:openstack-bounces+george.mihaiescu=q9@lists.launchpad.net] On 
Behalf Of Ajiva Fan
Sent: Wednesday, February 27, 2013 5:23 AM
To: Salvatore Orlando
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] [essex vlan]cannot ping vm on other compute node

thanks you for reply
special thanks to Aaron Rosen

the situation is that:
1) openstack is in vlan mode
2) switcher is in trunk mode, all vlan id is allowed
3) vlan in switcher's allowed list, active list and (not pruned) list
can communicate with each other. vlan only in allowed list but not in
the other two list is isolated
4) i tried the way which is from official site guide to set pruned
list but it does not work, the switcher just ignore the prune command
and hold the original config ( i will ask our network administrator
and find more help from cisco site )


now i think openstack is running fine ( at least from my point of view)
and i think swither trunk port is running basically correct

here is my env:

switcher port {22,23}
sw-31#show interfaces fastEthernet 0/22 trunk

PortMode Encapsulation  StatusNative vlan
Fa0/22  on   802.1q trunking  1

Port  Vlans allowed on trunk
Fa0/22  1-4094

PortVlans allowed and active in management domain
Fa0/22  
1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001

PortVlans in spanning tree forwarding state and not pruned
Fa0/22  
1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001

from openstack control node terminal:
# nova-manage network create --label admin-network-01
--fixed_range_v4=10.0.12.0/24 --vlan=105 --project_id=
# nova-manage network create --label admin-network-02
--fixed_range_v4=10.0.13.0/24 --vlan=101 --project_id=
# nova boot --image cirros --flavor 1 --availability_zone nova:control test01
# nova boot --image cirros --flavor 1 --availability_zone nova:compute test02

now test01 and test02 get two vlan ip addr, and control node and
compute node get two bridge
NOTE: *** vlan101 *** is in switcher's active list and "spanning tree
forwarding state and not pruned" list, but vlan105 is not, vlan105
just in allowed list

control node:
br105 10.0.12.6
br101 10.0.13.6
compute node
br105 10.0.12.4
br101 10.0.13.4

from control node i can ping 10.0.13.4 but cannot ping 10.0.12.4
so the root cause may be the active list and the pruned list of switcher

is there any one meet such problem?
maybe i'm fool or i'm just fooled by some odd issue

please help me

On 2/27/13, Salvatore Orlando  wrote:
> I'm not sure I followed the thread correctly from the beginning, but I
> read that you have configured you NIC for private VM networking, in
> VLAN mode, on VLAN 105.
> Is that correct?
>
> In general trunking all your switch ports used for VM networking will
> save you the hassle of adding the VLANs you are using in your setup
> one by one.
> Also, there's quite a difference between VLAN access mode and trunk
> mode. I rarely use Cisco switches, but when I do I always put them in
> trunk mode explicitly.
> The list of allowed vlan is a sort of filter that you apply on a trunk
> port. So perhaps you might want to put all your ports in trunk mode
> and use the vlan range defined in nova.conf as allowed vlan list.
>
> Salvatore
>
> On 27 February 2013 10:18, Ajiva Fan  wrote:
>> thank you very much.
>>
>> actullaly, i have already try these command yesterday, it does not work.
>>
>> currently, i find that vlan id in active list and not pruned list can
>> be passed by switcher, vlan id not in the two list cannot will be
>> droped even they are in allowed list.
>> but the network administrator (and the internet pages) tells me that
>> if vlan is in allowed list, it can go through trunk mode port.
>>
>>
>>
>>
>> there is some hardware info may not be useful, but i list it here,
>> hope it will help someone else.
>> cisco catalyst 2950 switcher only hava
>> """sw-31(config)#interface gigabitEthernet 0/2?
>> .  :  <0-2> """
>> so i just operate on fastEthernet 0/22
>> """sw-31(config)#interface fastEthernet 0/22?
>> .  :  <0-24> """
>> and 2950 defaultly
>> 1)allowed all vlan id on trunk mode
>> 2)only support 802.1q on trunk mode
>> so the following commands:
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>> will not work.
>>
>>
>> On 2/27/13, Aaron Rosen  wrote:
>>> Perhaps:
>>>
>>> interface gigbbit 0/22
>>> switchport mode trunk
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>>> interface gigbbit 0/23
>>> switchport mode trunk
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>>>
>>>
>>>
>>> On Wed, Feb 27, 2013 at 12:02 AM, Ajiva Fan  wrote:

 since i notice

Re: [Openstack] keystone - service unavailable

[Tomáš Šoltys]

I do not thinks so. I just checked whether they are defined, and they are
not.

Regards,
Tomas


2013/2/27 JuanFra Rodriguez Cardoso 

> It could be a problem with environment variables loaded previously (such
> as OS_USERNAME, OS_PASSWORD...).
>
> Regards,
> JuanFra
>
>
> 2013/2/27 Tomáš Šoltys 
>
>> Hi,
>>
>> I am trying to setup keystone myself on CentOS using this step-by-step
>> instructions:
>>
>> http://docs.openstack.org/essex/openstack-compute/install/yum/content/install-keystone.html
>>
>> I have followed the steps above but when I try to create a tenant I get
>> "Unable to communicate with identity service: (503, 'Service Unavailable').
>> (HTTP 400)"
>>
>> The command I am using is:
>> keystone --os-token 012345SECRET99TOKEN012345 --endpoint
>> http://127.0.0.1:35357/v2.0 tenant-create --name openstackDefault
>> --description "Default tenant"
>>
>> The service is running and listening on port 35357.
>>
>> Am I missing something?
>> Thanks,
>>
>> Tomáš Šoltys
>>
>> tomas.sol...@gmail.com
>> http://www.range-software.com
>> (+420) 776-843-663
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>


-- 
Tomáš Šoltys
tomas.sol...@gmail.com
http://www.range-software.com
(+420) 776-843-663
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Keystone] service unavailable

[Tomáš Šoltys]

I do not think so.

What I did is:

1. Installed CentOS as a virtual host
2. Installed openstack packages
yum install -y openstack-utils openstack-keystone python-keystoneclient
3. Executed following commands:

echo 12345678 | openstack-db --init --service keystone --password 12345678
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token
012345SECRET99TOKEN012345
service openstack-keystone start
keystone-manage db_sync

I assume I am missing something but I am failing to find ti.

Regards,
Tomas



2013/2/27 Dolph Mathews 

> I'm not aware that keystone is capable of raising a 503 Service
> Unavailable... are you running through a proxy? If so, I assume there's an
> issue with it's configuration.
>
>
> -Dolph
>
>
> On Wed, Feb 27, 2013 at 8:27 AM, Tomáš Šoltys wrote:
>
>> Hi,
>>
>> Yes, the service is running and listening. I can see it via ps as well as
>> by using netstat
>>
>> Here is my keystone.conf
>>
>>
>> -
>> [DEFAULT]
>> log_file = /var/log/keystone/keystone.log
>> admin_token = 012345SECRET99TOKEN012345
>>
>> [sql]
>> connection = mysql://keystone:12345678@localhost/keystone
>>
>> [identity]
>> driver = keystone.identity.backends.sql.Identity
>>
>> [catalog]
>> template_file = /etc/keystone/default_catalog.templates
>> driver = keystone.catalog.backends.sql.Catalog
>>
>> [token]
>> driver = keystone.token.backends.sql.Token
>>
>> [policy]
>>
>> [ec2]
>> driver = keystone.contrib.ec2.backends.sql.Ec2
>>
>> [ssl]
>>
>> [signing]
>>
>> [ldap]
>>
>> [filter:debug]
>> paste.filter_factory = keystone.common.wsgi:Debug.factory
>>
>> [filter:token_auth]
>> paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
>>
>> [filter:admin_token_auth]
>> paste.filter_factory =
>> keystone.middleware:AdminTokenAuthMiddleware.factory
>>
>> [filter:xml_body]
>> paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
>>
>> [filter:json_body]
>> paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
>>
>> [filter:user_crud_extension]
>> paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
>>
>> [filter:crud_extension]
>> paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
>>
>> [filter:ec2_extension]
>> paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
>>
>> [filter:s3_extension]
>> paste.filter_factory = keystone.contrib.s3:S3Extension.factory
>>
>> [filter:url_normalize]
>> paste.filter_factory = keystone.middleware:NormalizingFilter.factory
>>
>> [filter:stats_monitoring]
>> paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
>>
>> [filter:stats_reporting]
>> paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
>>
>> [app:public_service]
>> paste.app_factory = keystone.service:public_app_factory
>>
>> [app:admin_service]
>> paste.app_factory = keystone.service:admin_app_factory
>>
>> [pipeline:public_api]
>> pipeline = stats_monitoring url_normalize token_auth admin_token_auth
>> xml_body json_body debug ec2_extension user_crud_extension public_service
>>
>> [pipeline:admin_api]
>> pipeline = stats_monitoring url_normalize token_auth admin_token_auth
>> xml_body json_body debug stats_reporting ec2_extension s3_extension
>> crud_extension admin_service
>>
>> [app:public_version_service]
>> paste.app_factory = keystone.service:public_version_app_factory
>>
>> [app:admin_version_service]
>> paste.app_factory = keystone.service:admin_version_app_factory
>>
>> [pipeline:public_version_api]
>> pipeline = stats_monitoring url_normalize xml_body public_version_service
>>
>> [pipeline:admin_version_api]
>> pipeline = stats_monitoring url_normalize xml_body admin_version_service
>>
>> [composite:main]
>> use = egg:Paste#urlmap
>> /v2.0 = public_api
>> / = public_version_api
>>
>> [composite:admin]
>> use = egg:Paste#urlmap
>> /v2.0 = admin_api
>> / = admin_version_api
>>
>> -
>>
>>
>> 2013/2/27 Sylvain Bauza 
>>
>>>  Could you please paste your keystone.conf ?
>>> Also, could you please check keystone service is started ?
>>>
>>> -Sylvain
>>>
>>> Le 27/02/2013 15:06, Tomáš Šoltys a écrit :
>>>
>>>  Hi,
>>>
>>>  I am trying to setup keystone myself on CentOS using this step-by-step
>>> instructions:
>>>
>>> http://docs.openstack.org/essex/openstack-compute/install/yum/content/install-keystone.html
>>>
>>> I have followed the steps above but when I try to create a tenant I get
>>> "Unable to communicate with identity service: (503, 'Service Unavailable').
>>> (HTTP 400)"
>>>
>>> The command I am using is:
>>> keystone --os-token 012345SECRET99TOKEN012345 --endpoint
>>> http://127.0.0.1:35357/v2.0 tenant-create --name openstackDefault
>>> --description "Default tenant"
>>>
>>> The service is running an

[Openstack] keystone - service unavailable

[Tomáš Šoltys]

Hi,

I am trying to setup keystone myself on CentOS using this step-by-step
instructions:
http://docs.openstack.org/essex/openstack-compute/install/yum/content/install-keystone.html

I have followed the steps above but when I try to create a tenant I get
"Unable to communicate with identity service: (503, 'Service Unavailable').
(HTTP 400)"

The command I am using is:
keystone --os-token 012345SECRET99TOKEN012345 --endpoint
http://127.0.0.1:35357/v2.0 tenant-create --name openstackDefault
--description "Default tenant"

The service is running and listening on port 35357.

Am I missing something?
Thanks,

Tomáš Šoltys

tomas.sol...@gmail.com
http://www.range-software.com
(+420) 776-843-663
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [essex vlan]cannot ping vm on other compute node

[Kevin Stevens]

Ajiva,

In your 'show interface fa 0/2[2,3] trunk' output I don't see vlan 105 and
this is most likely because it's not created.  This might be why vlan 5
works and 105 doesn't.

Try:
> en
# conf t
# vlan 105
# exit


Thanks,
Kevin S




On 2/27/13 4:22 AM, "Ajiva Fan"  wrote:

>thanks you for reply
>special thanks to Aaron Rosen
>
>the situation is that:
>1) openstack is in vlan mode
>2) switcher is in trunk mode, all vlan id is allowed
>3) vlan in switcher's allowed list, active list and (not pruned) list
>can communicate with each other. vlan only in allowed list but not in
>the other two list is isolated
>4) i tried the way which is from official site guide to set pruned
>list but it does not work, the switcher just ignore the prune command
>and hold the original config ( i will ask our network administrator
>and find more help from cisco site )
>
>
>now i think openstack is running fine ( at least from my point of view)
>and i think swither trunk port is running basically correct
>
>here is my env:
>
>switcher port {22,23}
>sw-31#show interfaces fastEthernet 0/22 trunk
>
>PortMode Encapsulation  StatusNative vlan
>Fa0/22  on   802.1q trunking  1
>
>Port  Vlans allowed on trunk
>Fa0/22  1-4094
>
>PortVlans allowed and active in management domain
>Fa0/22  
>1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,6
>00,602,700,800,1000-1001
>
>PortVlans in spanning tree forwarding state and not pruned
>Fa0/22  
>1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,6
>00,602,700,800,1000-1001
>
>from openstack control node terminal:
># nova-manage network create --label admin-network-01
>--fixed_range_v4=10.0.12.0/24 --vlan=105 --project_id=
># nova-manage network create --label admin-network-02
>--fixed_range_v4=10.0.13.0/24 --vlan=101 --project_id=
># nova boot --image cirros --flavor 1 --availability_zone nova:control
>test01
># nova boot --image cirros --flavor 1 --availability_zone nova:compute
>test02
>
>now test01 and test02 get two vlan ip addr, and control node and
>compute node get two bridge
>NOTE: *** vlan101 *** is in switcher's active list and "spanning tree
>forwarding state and not pruned" list, but vlan105 is not, vlan105
>just in allowed list
>
>control node:
>br105 10.0.12.6
>br101 10.0.13.6
>compute node
>br105 10.0.12.4
>br101 10.0.13.4
>
>from control node i can ping 10.0.13.4 but cannot ping 10.0.12.4
>so the root cause may be the active list and the pruned list of switcher
>
>is there any one meet such problem?
>maybe i'm fool or i'm just fooled by some odd issue
>
>please help me
>
>On 2/27/13, Salvatore Orlando  wrote:
>> I'm not sure I followed the thread correctly from the beginning, but I
>> read that you have configured you NIC for private VM networking, in
>> VLAN mode, on VLAN 105.
>> Is that correct?
>>
>> In general trunking all your switch ports used for VM networking will
>> save you the hassle of adding the VLANs you are using in your setup
>> one by one.
>> Also, there's quite a difference between VLAN access mode and trunk
>> mode. I rarely use Cisco switches, but when I do I always put them in
>> trunk mode explicitly.
>> The list of allowed vlan is a sort of filter that you apply on a trunk
>> port. So perhaps you might want to put all your ports in trunk mode
>> and use the vlan range defined in nova.conf as allowed vlan list.
>>
>> Salvatore
>>
>> On 27 February 2013 10:18, Ajiva Fan  wrote:
>>> thank you very much.
>>>
>>> actullaly, i have already try these command yesterday, it does not
>>>work.
>>>
>>> currently, i find that vlan id in active list and not pruned list can
>>> be passed by switcher, vlan id not in the two list cannot will be
>>> droped even they are in allowed list.
>>> but the network administrator (and the internet pages) tells me that
>>> if vlan is in allowed list, it can go through trunk mode port.
>>>
>>>
>>>
>>>
>>> there is some hardware info may not be useful, but i list it here,
>>> hope it will help someone else.
>>> cisco catalyst 2950 switcher only hava
>>> """sw-31(config)#interface gigabitEthernet 0/2?
>>> .  :  <0-2> """
>>> so i just operate on fastEthernet 0/22
>>> """sw-31(config)#interface fastEthernet 0/22?
>>> .  :  <0-24> """
>>> and 2950 defaultly
>>> 1)allowed all vlan id on trunk mode
>>> 2)only support 802.1q on trunk mode
>>> so the following commands:
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1-4094
>>> will not work.
>>>
>>>
>>> On 2/27/13, Aaron Rosen  wrote:
 Perhaps:

 interface gigbbit 0/22
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1-4094
 interface gigbbit 0/23
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1-4094



 On Wed, Feb 27, 2013 at 12:02 AM, Ajiva Fan 
wrote:
>
> since i notice that 

Re: [Openstack] [Keystone] service unavailable

[Dolph Mathews]

I'm not aware that keystone is capable of raising a 503 Service
Unavailable... are you running through a proxy? If so, I assume there's an
issue with it's configuration.


-Dolph


On Wed, Feb 27, 2013 at 8:27 AM, Tomáš Šoltys wrote:

> Hi,
>
> Yes, the service is running and listening. I can see it via ps as well as
> by using netstat
>
> Here is my keystone.conf
>
>
> -
> [DEFAULT]
> log_file = /var/log/keystone/keystone.log
> admin_token = 012345SECRET99TOKEN012345
>
> [sql]
> connection = mysql://keystone:12345678@localhost/keystone
>
> [identity]
> driver = keystone.identity.backends.sql.Identity
>
> [catalog]
> template_file = /etc/keystone/default_catalog.templates
> driver = keystone.catalog.backends.sql.Catalog
>
> [token]
> driver = keystone.token.backends.sql.Token
>
> [policy]
>
> [ec2]
> driver = keystone.contrib.ec2.backends.sql.Ec2
>
> [ssl]
>
> [signing]
>
> [ldap]
>
> [filter:debug]
> paste.filter_factory = keystone.common.wsgi:Debug.factory
>
> [filter:token_auth]
> paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
>
> [filter:admin_token_auth]
> paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
>
> [filter:xml_body]
> paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
>
> [filter:json_body]
> paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
>
> [filter:user_crud_extension]
> paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
>
> [filter:crud_extension]
> paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
>
> [filter:ec2_extension]
> paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
>
> [filter:s3_extension]
> paste.filter_factory = keystone.contrib.s3:S3Extension.factory
>
> [filter:url_normalize]
> paste.filter_factory = keystone.middleware:NormalizingFilter.factory
>
> [filter:stats_monitoring]
> paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
>
> [filter:stats_reporting]
> paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
>
> [app:public_service]
> paste.app_factory = keystone.service:public_app_factory
>
> [app:admin_service]
> paste.app_factory = keystone.service:admin_app_factory
>
> [pipeline:public_api]
> pipeline = stats_monitoring url_normalize token_auth admin_token_auth
> xml_body json_body debug ec2_extension user_crud_extension public_service
>
> [pipeline:admin_api]
> pipeline = stats_monitoring url_normalize token_auth admin_token_auth
> xml_body json_body debug stats_reporting ec2_extension s3_extension
> crud_extension admin_service
>
> [app:public_version_service]
> paste.app_factory = keystone.service:public_version_app_factory
>
> [app:admin_version_service]
> paste.app_factory = keystone.service:admin_version_app_factory
>
> [pipeline:public_version_api]
> pipeline = stats_monitoring url_normalize xml_body public_version_service
>
> [pipeline:admin_version_api]
> pipeline = stats_monitoring url_normalize xml_body admin_version_service
>
> [composite:main]
> use = egg:Paste#urlmap
> /v2.0 = public_api
> / = public_version_api
>
> [composite:admin]
> use = egg:Paste#urlmap
> /v2.0 = admin_api
> / = admin_version_api
>
> -
>
>
> 2013/2/27 Sylvain Bauza 
>
>>  Could you please paste your keystone.conf ?
>> Also, could you please check keystone service is started ?
>>
>> -Sylvain
>>
>> Le 27/02/2013 15:06, Tomáš Šoltys a écrit :
>>
>>  Hi,
>>
>>  I am trying to setup keystone myself on CentOS using this step-by-step
>> instructions:
>>
>> http://docs.openstack.org/essex/openstack-compute/install/yum/content/install-keystone.html
>>
>> I have followed the steps above but when I try to create a tenant I get
>> "Unable to communicate with identity service: (503, 'Service Unavailable').
>> (HTTP 400)"
>>
>> The command I am using is:
>> keystone --os-token 012345SECRET99TOKEN012345 --endpoint
>> http://127.0.0.1:35357/v2.0 tenant-create --name openstackDefault
>> --description "Default tenant"
>>
>> The service is running and listening on port 35357.
>>
>> Am I missing something?
>> Thanks,
>>
>> Tomáš Šoltys
>>
>> tomas.sol...@gmail.com
>> http://www.range-software.com
>> (+420) 776-843-663
>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Tom

Re: [Openstack] [Keystone] service unavailable

[Tomáš Šoltys]

Hi,

Yes, the service is running and listening. I can see it via ps as well as
by using netstat

Here is my keystone.conf

-
[DEFAULT]
log_file = /var/log/keystone/keystone.log
admin_token = 012345SECRET99TOKEN012345

[sql]
connection = mysql://keystone:12345678@localhost/keystone

[identity]
driver = keystone.identity.backends.sql.Identity

[catalog]
template_file = /etc/keystone/default_catalog.templates
driver = keystone.catalog.backends.sql.Catalog

[token]
driver = keystone.token.backends.sql.Token

[policy]

[ec2]
driver = keystone.contrib.ec2.backends.sql.Ec2

[ssl]

[signing]

[ldap]

[filter:debug]
paste.filter_factory = keystone.common.wsgi:Debug.factory

[filter:token_auth]
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory

[filter:admin_token_auth]
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory

[filter:xml_body]
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory

[filter:json_body]
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory

[filter:user_crud_extension]
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory

[filter:crud_extension]
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory

[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory

[filter:s3_extension]
paste.filter_factory = keystone.contrib.s3:S3Extension.factory

[filter:url_normalize]
paste.filter_factory = keystone.middleware:NormalizingFilter.factory

[filter:stats_monitoring]
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory

[filter:stats_reporting]
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory

[app:public_service]
paste.app_factory = keystone.service:public_app_factory

[app:admin_service]
paste.app_factory = keystone.service:admin_app_factory

[pipeline:public_api]
pipeline = stats_monitoring url_normalize token_auth admin_token_auth
xml_body json_body debug ec2_extension user_crud_extension public_service

[pipeline:admin_api]
pipeline = stats_monitoring url_normalize token_auth admin_token_auth
xml_body json_body debug stats_reporting ec2_extension s3_extension
crud_extension admin_service

[app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory

[app:admin_version_service]
paste.app_factory = keystone.service:admin_version_app_factory

[pipeline:public_version_api]
pipeline = stats_monitoring url_normalize xml_body public_version_service

[pipeline:admin_version_api]
pipeline = stats_monitoring url_normalize xml_body admin_version_service

[composite:main]
use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api

[composite:admin]
use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_api
-


2013/2/27 Sylvain Bauza 

>  Could you please paste your keystone.conf ?
> Also, could you please check keystone service is started ?
>
> -Sylvain
>
> Le 27/02/2013 15:06, Tomáš Šoltys a écrit :
>
>  Hi,
>
>  I am trying to setup keystone myself on CentOS using this step-by-step
> instructions:
>
> http://docs.openstack.org/essex/openstack-compute/install/yum/content/install-keystone.html
>
> I have followed the steps above but when I try to create a tenant I get
> "Unable to communicate with identity service: (503, 'Service Unavailable').
> (HTTP 400)"
>
> The command I am using is:
> keystone --os-token 012345SECRET99TOKEN012345 --endpoint
> http://127.0.0.1:35357/v2.0 tenant-create --name openstackDefault
> --description "Default tenant"
>
> The service is running and listening on port 35357.
>
> Am I missing something?
> Thanks,
>
> Tomáš Šoltys
>
> tomas.sol...@gmail.com
> http://www.range-software.com
> (+420) 776-843-663
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Tomáš Šoltys
tomas.sol...@gmail.com
http://www.range-software.com
(+420) 776-843-663
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Keystone] service unavailable

[Sylvain Bauza]

Could you please paste your keystone.conf ?
Also, could you please check keystone service is started ?

-Sylvain

Le 27/02/2013 15:06, Tomás( S(oltys a écrit :

Hi,

I am trying to setup keystone myself on CentOS using this step-by-step 
instructions:

http://docs.openstack.org/essex/openstack-compute/install/yum/content/install-keystone.html

I have followed the steps above but when I try to create a tenant I 
get "Unable to communicate with identity service: (503, 'Service 
Unavailable'). (HTTP 400)"


The command I am using is:
keystone --os-token 012345SECRET99TOKEN012345 --endpoint 
http://127.0.0.1:35357/v2.0 tenant-create --name openstackDefault 
--description "Default tenant"


The service is running and listening on port 35357.

Am I missing something?

Thanks,

Tomás( S(oltys

tomas.sol...@gmail.com 
http://www.range-software.com
(+420) 776-843-663


___
Mailing list:https://launchpad.net/~openstack
Post to :openstack@lists.launchpad.net
Unsubscribe :https://launchpad.net/~openstack
More help   :https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] [Keystone] service unavailable

[Tomáš Šoltys]

Hi,

I am trying to setup keystone myself on CentOS using this step-by-step
instructions:
http://docs.openstack.org/essex/openstack-compute/install/yum/content/install-keystone.html

I have followed the steps above but when I try to create a tenant I get
"Unable to communicate with identity service: (503, 'Service Unavailable').
(HTTP 400)"

The command I am using is:
keystone --os-token 012345SECRET99TOKEN012345 --endpoint
http://127.0.0.1:35357/v2.0 tenant-create --name openstackDefault
--description "Default tenant"

The service is running and listening on port 35357.

Am I missing something?
Thanks,

Tomáš Šoltys

tomas.sol...@gmail.com
http://www.range-software.com
(+420) 776-843-663
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Fwd: Nova network problem on rhel6.4 and folsom

[mohammad kashif]

Sorry I didn't reply to list at first instance so I am forwarding it now

Hi Vish
Did some poking around but not sure about my conclusion. If you look at

ip link show eth1

3: eth1:  mtu 1500 qdisc pfifo_fast state
UP qlen 1000
link/ether 00:30:48:35:3d:ff brd ff:ff:ff:ff:ff:ff

 br100:  mtu 1500 qdisc noqueue state
UNKNOWN
link/ether 00:30:48:35:3d:ff brd ff:ff:ff:ff:ff:ff

 brctl show br100
bridge name bridge id   STP enabled interfaces
br100   8000.003048353dff   no  eth1


If I compare it with my Ubuntu installation then eth1 should be showing
br100 as its master.
ubuntu example
ip link show eth0
3: eth0:  mtu 1500 qdisc mq master br100
state UP qlen 1000
link/ether 00:1a:a0:2e:ff:58 brd ff:ff:ff:ff:ff:ff


I tried manually setting up br100 as master for rhel6.4 machine but it turn
out that ip command available with rhel6.4 does not support bridge.
ip -V
ip utility, iproute2-ss091226

Which is quite old. As I said I could not reach on any conclusion as if it
is the main reason then it would have been detected earlier.

Thanks
Kashif




On Tue, Feb 26, 2013 at 10:49 PM, Vishvananda Ishaya
wrote:

> Odd, I couldn't say. Is there vm working? Perhaps it doesn't matter. It is
> a bit odd that you have two overlapping ips on br100. If something is
> broken, that could potentially be causing issues.
>
> Vish
>
> On Feb 26, 2013, at 2:33 PM, mohammad kashif 
> wrote:
>
> Hi Vish
> Thanks for looking into it. For the simplicity, I have disabled second
> compute node for time being. I am checking it as single node installation.
>
> Like one VM is running on controller node
>  aad411aa-dc50-4fad-ab2f-8fd283ed94e8 |  | ACTIVE |
> private=192.168.9.34
>
> brctl show br100
> bridge name bridge id   STP enabled interfaces
> br100   8000.003048353dff   no  eth1
>   vnet0
>
>  ip add
> 1: lo:  mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet 169.254.169.254/32 scope link lo
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: eth0:  mtu 1500 qdisc pfifo_fast state
> UP qlen 1000
> link/ether 00:30:48:35:3d:fe brd ff:ff:ff:ff:ff:ff
> inet 163.1.5.243/24 brd 163.1.5.255 scope global eth0
> inet6 fe80::230:48ff:fe35:3dfe/64 scope link
>valid_lft forever preferred_lft forever
> 3: eth1:  mtu 1500 qdisc pfifo_fast state
> UP qlen 1000
> link/ether 00:30:48:35:3d:ff brd ff:ff:ff:ff:ff:ff
> inet6 fe80::230:48ff:fe35:3dff/64 scope link
>valid_lft forever preferred_lft forever
> 4: virbr0:  mtu 1500 qdisc noqueue state
> UNKNOWN
> link/ether 52:54:00:e4:6d:24 brd ff:ff:ff:ff:ff:ff
> inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
> 5: virbr0-nic:  mtu 1500 qdisc noop state DOWN qlen
> 500
> link/ether 52:54:00:e4:6d:24 brd ff:ff:ff:ff:ff:ff
> 7: br100:  mtu 1500 qdisc noqueue state
> UNKNOWN
> link/ether 00:30:48:35:3d:ff brd ff:ff:ff:ff:ff:ff
> inet 192.168.9.33/27 brd 192.168.9.63 scope global br100
> inet 192.168.9.1/24 brd 192.168.9.255 scope global br100
> inet6 fe80::8cc4:2cff:feb2:2233/64 scope link
>valid_lft forever preferred_lft forever
> 8: vnet0:  mtu 1500 qdisc pfifo_fast
> state UNKNOWN qlen 500
> link/ether fe:16:3e:5f:b2:0a brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc16:3eff:fe5f:b20a/64 scope link
>valid_lft forever preferred_lft forever
>
> I don't understand that why br100 is displaying unknown state.
>
> Thanks
> Kashif
>
>
>
>
>
> On Tue, Feb 26, 2013 at 7:19 PM, Vishvananda Ishaya  > wrote:
>
>>
>> On Feb 26, 2013, at 10:11 AM, mohammad kashif 
>> wrote:
>>
>> Hi
>> I am installing openstack folsom on rhel6.4 with multi_host nova network.
>> I have  a working setup with ubuntu 12.04 and Essex and  I am using almost
>> same network setup  with rhel with folsom. I don't understand that what is
>> going wrong with rhel.
>>
>> I have two machines with everything including nova-compute on one machine
>> and an extra machine running nova-compute, nova-network and
>> nova-metadata-api.
>>
>> Main problem is that I can create vm and it is getting  private ip
>> address from dhcp but that address is not being attached to bridge br100.
>> Nova network is creating bridge but it stay in unknown state
>>
>> ip link show br100
>>
>> 7: br100:  mtu 1500 qdisc noqueue state
>> UNKNOWN
>> link/ether 00:30:48:35:3d:ff brd ff:ff:ff:ff:ff:ff
>>
>> Some of network related setting is
>>
>> public_interface = eth0
>> flat_interface = eth1
>>
>>
>> These needs to be set explicitly to em1 / em2 on the second machine. If
>> you do brctl show i suspect em2 is not being added to the bridge. You could
>> also manually add it to the bridge:
>> brctl addif br100 em2
>>
>> Also the private ip address is not added to the bridge. if you do:
>> 

[Openstack] Network configuration on compute node

[Javier Alvarez]

Hello,

I'm having troubles with the network configuration in a compute node. I 
followed this tutorial:


http://www.mirantis.com/blog/openstack-networking-single-host-flatdhcpmanager/

But my instances are unable to get an IP via DHCP. The network 
configuration in the compute node when an instance is running is as follows:


> ifconfig

br100 Link encap:Ethernet  HWaddr fe:16:3e:3b:3f:ef
  inet6 addr: fe80::b0e3:fdff:fe8f:ae5f/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:132 errors:0 dropped:0 overruns:0 frame:0
  TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:24372 (23.8 KiB)  TX bytes:2790 (2.7 KiB)

eth0  Link encap:Ethernet  HWaddr 68:b5:99:c2:3b:04
  inet addr:172.16.8.21  Bcast:172.16.8.255 Mask:255.255.255.0
  inet6 addr: fe80::6ab5:99ff:fec2:3b04/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:12559093 errors:0 dropped:0 overruns:0 frame:0
  TX packets:5842385 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:11928155434 (11.1 GiB)  TX bytes:636265975 (606.7 MiB)
  Memory:fe86-fe88

eth2  Link encap:Ethernet  HWaddr 68:b5:99:c2:3b:0e
  UP BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
  Memory:fe76-fe78

loLink encap:Local Loopback
  inet addr:127.0.0.1  Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING  MTU:16436  Metric:1
  RX packets:156854 errors:0 dropped:0 overruns:0 frame:0
  TX packets:156854 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:1140082417 (1.0 GiB)  TX bytes:1140082417 (1.0 GiB)

vnet0 Link encap:Ethernet  HWaddr fe:16:3e:3b:3f:ef
  inet6 addr: fe80::fc16:3eff:fe3b:3fef/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:7 errors:0 dropped:0 overruns:0 frame:0
  TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:500
  RX bytes:1310 (1.2 KiB)  TX bytes:1956 (1.9 KiB)

> brctl show

bridge name bridge id   STP enabled interfaces
br100   8000.fe163e3b3fef   no  vnet0

Also, tcpdump in br100 shows the DHCP being broadcasted (I think):

12:54:17.895215 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, 
Request from fa:16:3e:7e:eb:2e (oui Unknown), length 280
12:54:20.899472 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, 
Request from fa:16:3e:7e:eb:2e (oui Unknown), length 280


But they never get to eth2, any help?

Thanks,

Javi

--
Javier Álvarez Cid-Fuentes
Grid Computing and Clusters Group
Barcelona Supercomputing Center (BSC-CNS)
Tel. (+34) 93 413 72 46


WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.

http://www.bsc.es/disclaimer

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [essex vlan]cannot ping vm on other compute node

[Ajiva Fan]

thanks you for reply
special thanks to Aaron Rosen

the situation is that:
1) openstack is in vlan mode
2) switcher is in trunk mode, all vlan id is allowed
3) vlan in switcher's allowed list, active list and (not pruned) list
can communicate with each other. vlan only in allowed list but not in
the other two list is isolated
4) i tried the way which is from official site guide to set pruned
list but it does not work, the switcher just ignore the prune command
and hold the original config ( i will ask our network administrator
and find more help from cisco site )


now i think openstack is running fine ( at least from my point of view)
and i think swither trunk port is running basically correct

here is my env:

switcher port {22,23}
sw-31#show interfaces fastEthernet 0/22 trunk

PortMode Encapsulation  StatusNative vlan
Fa0/22  on   802.1q trunking  1

Port  Vlans allowed on trunk
Fa0/22  1-4094

PortVlans allowed and active in management domain
Fa0/22  
1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001

PortVlans in spanning tree forwarding state and not pruned
Fa0/22  
1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001

from openstack control node terminal:
# nova-manage network create --label admin-network-01
--fixed_range_v4=10.0.12.0/24 --vlan=105 --project_id=
# nova-manage network create --label admin-network-02
--fixed_range_v4=10.0.13.0/24 --vlan=101 --project_id=
# nova boot --image cirros --flavor 1 --availability_zone nova:control test01
# nova boot --image cirros --flavor 1 --availability_zone nova:compute test02

now test01 and test02 get two vlan ip addr, and control node and
compute node get two bridge
NOTE: *** vlan101 *** is in switcher's active list and "spanning tree
forwarding state and not pruned" list, but vlan105 is not, vlan105
just in allowed list

control node:
br105 10.0.12.6
br101 10.0.13.6
compute node
br105 10.0.12.4
br101 10.0.13.4

from control node i can ping 10.0.13.4 but cannot ping 10.0.12.4
so the root cause may be the active list and the pruned list of switcher

is there any one meet such problem?
maybe i'm fool or i'm just fooled by some odd issue

please help me

On 2/27/13, Salvatore Orlando  wrote:
> I'm not sure I followed the thread correctly from the beginning, but I
> read that you have configured you NIC for private VM networking, in
> VLAN mode, on VLAN 105.
> Is that correct?
>
> In general trunking all your switch ports used for VM networking will
> save you the hassle of adding the VLANs you are using in your setup
> one by one.
> Also, there's quite a difference between VLAN access mode and trunk
> mode. I rarely use Cisco switches, but when I do I always put them in
> trunk mode explicitly.
> The list of allowed vlan is a sort of filter that you apply on a trunk
> port. So perhaps you might want to put all your ports in trunk mode
> and use the vlan range defined in nova.conf as allowed vlan list.
>
> Salvatore
>
> On 27 February 2013 10:18, Ajiva Fan  wrote:
>> thank you very much.
>>
>> actullaly, i have already try these command yesterday, it does not work.
>>
>> currently, i find that vlan id in active list and not pruned list can
>> be passed by switcher, vlan id not in the two list cannot will be
>> droped even they are in allowed list.
>> but the network administrator (and the internet pages) tells me that
>> if vlan is in allowed list, it can go through trunk mode port.
>>
>>
>>
>>
>> there is some hardware info may not be useful, but i list it here,
>> hope it will help someone else.
>> cisco catalyst 2950 switcher only hava
>> """sw-31(config)#interface gigabitEthernet 0/2?
>> .  :  <0-2> """
>> so i just operate on fastEthernet 0/22
>> """sw-31(config)#interface fastEthernet 0/22?
>> .  :  <0-24> """
>> and 2950 defaultly
>> 1)allowed all vlan id on trunk mode
>> 2)only support 802.1q on trunk mode
>> so the following commands:
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>> will not work.
>>
>>
>> On 2/27/13, Aaron Rosen  wrote:
>>> Perhaps:
>>>
>>> interface gigbbit 0/22
>>> switchport mode trunk
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>>> interface gigbbit 0/23
>>> switchport mode trunk
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>>>
>>>
>>>
>>> On Wed, Feb 27, 2013 at 12:02 AM, Ajiva Fan  wrote:

 since i notice that in switcher:
 sw-31>show interface fastEthernet 0/22 trunk

 PortMode Encapsulation  StatusNative vlan
 Fa0/22  on   802.1q trunking  1

 Port  Vlans allowed on trunk
 Fa0/22  1-4094

 PortVlans allowed and active in management domain
 Fa0/22
 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303

Re: [Openstack] [essex vlan]cannot ping vm on other compute node

[Salvatore Orlando]

I'm not sure I followed the thread correctly from the beginning, but I
read that you have configured you NIC for private VM networking, in
VLAN mode, on VLAN 105.
Is that correct?

In general trunking all your switch ports used for VM networking will
save you the hassle of adding the VLANs you are using in your setup
one by one.
Also, there's quite a difference between VLAN access mode and trunk
mode. I rarely use Cisco switches, but when I do I always put them in
trunk mode explicitly.
The list of allowed vlan is a sort of filter that you apply on a trunk
port. So perhaps you might want to put all your ports in trunk mode
and use the vlan range defined in nova.conf as allowed vlan list.

Salvatore

On 27 February 2013 10:18, Ajiva Fan  wrote:
> thank you very much.
>
> actullaly, i have already try these command yesterday, it does not work.
>
> currently, i find that vlan id in active list and not pruned list can
> be passed by switcher, vlan id not in the two list cannot will be
> droped even they are in allowed list.
> but the network administrator (and the internet pages) tells me that
> if vlan is in allowed list, it can go through trunk mode port.
>
>
>
>
> there is some hardware info may not be useful, but i list it here,
> hope it will help someone else.
> cisco catalyst 2950 switcher only hava
> """sw-31(config)#interface gigabitEthernet 0/2?
> .  :  <0-2> """
> so i just operate on fastEthernet 0/22
> """sw-31(config)#interface fastEthernet 0/22?
> .  :  <0-24> """
> and 2950 defaultly
> 1)allowed all vlan id on trunk mode
> 2)only support 802.1q on trunk mode
> so the following commands:
>> switchport trunk encapsulation dot1q
>> switchport trunk allowed vlan 1-4094
> will not work.
>
>
> On 2/27/13, Aaron Rosen  wrote:
>> Perhaps:
>>
>> interface gigbbit 0/22
>> switchport mode trunk
>> switchport trunk encapsulation dot1q
>> switchport trunk allowed vlan 1-4094
>> interface gigbbit 0/23
>> switchport mode trunk
>> switchport trunk encapsulation dot1q
>> switchport trunk allowed vlan 1-4094
>>
>>
>>
>> On Wed, Feb 27, 2013 at 12:02 AM, Ajiva Fan  wrote:
>>>
>>> since i notice that in switcher:
>>> sw-31>show interface fastEthernet 0/22 trunk
>>>
>>> PortMode Encapsulation  StatusNative vlan
>>> Fa0/22  on   802.1q trunking  1
>>>
>>> Port  Vlans allowed on trunk
>>> Fa0/22  1-4094
>>>
>>> PortVlans allowed and active in management domain
>>> Fa0/22
>>> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
>>>
>>> PortVlans in spanning tree forwarding state and not pruned
>>> Fa0/22
>>> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
>>>
>>> the vlan 5 is active in management domain but 105 is not, so i try the
>>> same workflow as before but change vlan id 5 to 110, ping gets no
>>> reply as vlan105
>>>
>>> so may be i should add vlan105 to active list ? sorry i'm a green hand
>>> to switcher and got confused.
>>> 1) what the different between the allowd list and active list
>>> 2) if i should add active list manually, so does the cloud admin, if
>>> he create a vlan for a tenant, he should add to switcher active list
>>> too? is there any way automatically recoginize the vlan tag and allow
>>> it pass?
>>> maybe add a range to active list, for example, 100-4000? it's ugly..
>>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [essex vlan]cannot ping vm on other compute node

[Ajiva Fan]

thank you very much.

actullaly, i have already try these command yesterday, it does not work.

currently, i find that vlan id in active list and not pruned list can
be passed by switcher, vlan id not in the two list cannot will be
droped even they are in allowed list.
but the network administrator (and the internet pages) tells me that
if vlan is in allowed list, it can go through trunk mode port.




there is some hardware info may not be useful, but i list it here,
hope it will help someone else.
cisco catalyst 2950 switcher only hava
"""sw-31(config)#interface gigabitEthernet 0/2?
.  :  <0-2> """
so i just operate on fastEthernet 0/22
"""sw-31(config)#interface fastEthernet 0/22?
.  :  <0-24> """
and 2950 defaultly
1)allowed all vlan id on trunk mode
2)only support 802.1q on trunk mode
so the following commands:
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 1-4094
will not work.


On 2/27/13, Aaron Rosen  wrote:
> Perhaps:
>
> interface gigbbit 0/22
> switchport mode trunk
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 1-4094
> interface gigbbit 0/23
> switchport mode trunk
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 1-4094
>
>
>
> On Wed, Feb 27, 2013 at 12:02 AM, Ajiva Fan  wrote:
>>
>> since i notice that in switcher:
>> sw-31>show interface fastEthernet 0/22 trunk
>>
>> PortMode Encapsulation  StatusNative vlan
>> Fa0/22  on   802.1q trunking  1
>>
>> Port  Vlans allowed on trunk
>> Fa0/22  1-4094
>>
>> PortVlans allowed and active in management domain
>> Fa0/22
>> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
>>
>> PortVlans in spanning tree forwarding state and not pruned
>> Fa0/22
>> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
>>
>> the vlan 5 is active in management domain but 105 is not, so i try the
>> same workflow as before but change vlan id 5 to 110, ping gets no
>> reply as vlan105
>>
>> so may be i should add vlan105 to active list ? sorry i'm a green hand
>> to switcher and got confused.
>> 1) what the different between the allowd list and active list
>> 2) if i should add active list manually, so does the cloud admin, if
>> he create a vlan for a tenant, he should add to switcher active list
>> too? is there any way automatically recoginize the vlan tag and allow
>> it pass?
>> maybe add a range to active list, for example, 100-4000? it's ugly..
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [essex vlan]cannot ping vm on other compute node

[Aaron Rosen]

Perhaps:

interface gigbbit 0/22
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-4094
interface gigbbit 0/23
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-4094



On Wed, Feb 27, 2013 at 12:02 AM, Ajiva Fan  wrote:
>
> since i notice that in switcher:
> sw-31>show interface fastEthernet 0/22 trunk
>
> PortMode Encapsulation  StatusNative vlan
> Fa0/22  on   802.1q trunking  1
>
> Port  Vlans allowed on trunk
> Fa0/22  1-4094
>
> PortVlans allowed and active in management domain
> Fa0/22  
> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
>
> PortVlans in spanning tree forwarding state and not pruned
> Fa0/22  
> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
>
> the vlan 5 is active in management domain but 105 is not, so i try the
> same workflow as before but change vlan id 5 to 110, ping gets no
> reply as vlan105
>
> so may be i should add vlan105 to active list ? sorry i'm a green hand
> to switcher and got confused.
> 1) what the different between the allowd list and active list
> 2) if i should add active list manually, so does the cloud admin, if
> he create a vlan for a tenant, he should add to switcher active list
> too? is there any way automatically recoginize the vlan tag and allow
> it pass?
> maybe add a range to active list, for example, 100-4000? it's ugly..

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [essex vlan]cannot ping vm on other compute node

[Ajiva Fan]

since i notice that in switcher:
sw-31>show interface fastEthernet 0/22 trunk

PortMode Encapsulation  StatusNative vlan
Fa0/22  on   802.1q trunking  1

Port  Vlans allowed on trunk
Fa0/22  1-4094

PortVlans allowed and active in management domain
Fa0/22  
1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001

PortVlans in spanning tree forwarding state and not pruned
Fa0/22  
1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001

the vlan 5 is active in management domain but 105 is not, so i try the
same workflow as before but change vlan id 5 to 110, ping gets no
reply as vlan105

so may be i should add vlan105 to active list ? sorry i'm a green hand
to switcher and got confused.
1) what the different between the allowd list and active list
2) if i should add active list manually, so does the cloud admin, if
he create a vlan for a tenant, he should add to switcher active list
too? is there any way automatically recoginize the vlan tag and allow
it pass?
maybe add a range to active list, for example, 100-4000? it's ugly..

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp