Re: [Openstack] public net with single ip cannot be uplinked[QUANTUM]

2013-05-02 Thread Ashok Kumaran 
I echo Eric ,minimum we would be needing one IP for router gateway
interface and and one for the allocation, so dont use /32. Just my opinion


Regards,
Ashok


On Thu, May 2, 2013 at 4:35 PM,  wrote:

> I believe a minimum of 2 IP addresses is required (1 for the bridge port,
> and 1 to allocate).  
>
> ** **
>
> *From:* Openstack [mailto:openstack-bounces+eric_e_smith=
> dell@lists.launchpad.net] *On Behalf Of *Ramprasad Velavarthipati
> *Sent:* Thursday, May 02, 2013 2:00 AM
> *To:* openstack@lists.launchpad.net
> *Subject:* [Openstack] public net with single ip cannot be
> uplinked[QUANTUM]
>
> ** **
>
> Hello, 
>
> Im trying to create a public network(in a test lab where we get the ip
> addresses through DHCP., 
>
> hence I limited the public network to /32 cidr range) 
>
> Im trying to map this public network to my router in quantum Im getting
> the following error 
>
> "root@ubuntu-ram:/home/ramprasvm# quantum router-gateway-set router1
> public-net
>
> No more IP addresses available on network
> fca44fe9-0afb-4458-985e-12ae876b5494.
>
> "
>
> "root@ubuntu-ram:/home/ramprasvm# quantum net-list
>
>
> +--+-+---+
> 
>
> | id   | name| subnets
>   |
>
>
> +--+-+---+
> 
>
> | 5b5ea7cf-ea08-4007-9f6e-0c2c6a93455a | private-net |
> 7100a8ef-e204-43f2-8fdd-e0bb697bf610 172.16.8.0/24|
>
> | fca44fe9-0afb-4458-985e-12ae876b5494 | public-net  |
> b0c23146-63ea-4758-8b22-f0602bce0378 10.232.91.108/32 |
>
>
> +--+-+---+
> 
>
> root@ubuntu-ram:/home/ramprasvm# quantum subnet-list
>
>
> +--++--++
> 
>
> | id   | name   | cidr
> | allocation_pools   |
>
>
> +--++--++
> 
>
> | b0c23146-63ea-4758-8b22-f0602bce0378 | public-subnet  | 10.232.91.108/32|   
>  |
> 
>
> | 7100a8ef-e204-43f2-8fdd-e0bb697bf610 | private-subnet | 172.16.8.0/24
>  | {"start": "172.16.8.2", "end": "172.16.8.254"} |
>
> "
> 
>
> Kindly help me out how to proceed further
>
> -- 
>
> Thanks,
> -Ram
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] no IP for vm with quantum gre tunneling

2013-05-02 Thread Ashok Kumaran 
Can you share the  following configuration files
/etc/default/quantum-server, quantum.conf, quantum dhcp conf?


On Thu, May 2, 2013 at 4:15 PM, Arindam Choudhury  wrote:

> Hi,
>
> I am very new to openstack. I am trying to install grizzly with quantum
> using gre and tunneling.
>
> # nova-manage service list
> Binary   Host Zone
> Status State Updated_At
> nova-conductor   aopcsos  internal
> enabled:-)   2013-05-02 10:42:32
> nova-console aopcsos  internal
> enabled:-)   2013-05-02 10:42:33
> nova-scheduler   aopcsos  internal
> enabled:-)   2013-05-02 10:42:34
> nova-certaopcso1  internal
> enabled:-)   2013-05-02 10:42:36
> nova-compute aopcso1  nova
> enabled:-)   2013-05-02 10:42:29
> nova-consoleauth aopcsos  internal
> enabled:-)   2013-05-02 10:42:34
>
> I can launch a virtual machine. But it never gets a IP address.
>
> The error message is:
> /var/log/quantum/quantum-server.log:
> 2013-05-02 12:37:39  WARNING [quantum.db.agentschedulers_db] Fail
> scheduling network {'status': u'ACTIVE', 'subnets':
> [u'78bc7073-adcf-46ce-9096-8c5a569dc967'], 'name': u'net-user',
> 'provider:physical_network': None, 'admin_state_up': True, 'tenant_id':
> u'b6d37008724b4a32ae03ff9b44a85426', 'provider:network_type': u'gre',
> 'router:external': False, 'shared': False, 'id':
> u'11373f6b-5a9c-412a-83df-825aeaf72848', 'provider:segmentation_id': 2L}
>
> Any help will be highly appreciated ...
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] How to set up OpenStack on two computers each with one NIC?

2013-05-04 Thread Ashok Kumaran 
Hi Jing,

In a single Nic for simulation purpose you can segregate the
data/management network and the external network using Vlan tags.
Lets say your management network lies in vlan 20 and data network in 21 and
the external one in vlan 22 then you can point eth0 to vlan20 and eth0.21
to data and eth0.22 to external net.

so in your above setup instead of eth2 you can replace it with eth0.22(just
an example) and proceed. I hope you got the concept here. Hope it helps.


Regards,
Ashok



On Sun, May 5, 2013 at 1:06 AM, Jing  wrote:

>  Hi, I'm trying to set up Openstack on two computers, and each of them has
> only one NIC. I want to set up one computer as control and compute node,
> and another as compute node. I want to use vlan mode, so quantum is needed.
>
> I'm install Openstack according
>
> https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_MultiNode/OpenStack_Grizzly_Install_Guide.rst
>
> After install quantum server in first computer( used as control and
> compute node ), I tried to install the "Network Node" functions. The NIC is
> configured as follows:
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> auto eth0
> iface eth0 inet static
> address 192.168.1.104
> netmask 255.255.255.0
> gateway 192.168.1.1
> dns-nameservers 8.8.8.8
>
> In the "3.4. OpenVSwitch (Part2)" section of the guide, eth2 is cnfigured
> as
>
> # VM internet Access
> auto eth2
> iface eth2 inet manual
> up ifconfig $IFACE 0.0.0.0 up
> up ip link set $IFACE promisc on
> down ip link set $IFACE promisc off
> down ifconfig $IFACE down
>
>  I don't have another NIC. How should I write the interface configuration
> file?
> And another question , is it possible to use wireless NIC in quantum?
>
> thanks
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] quantum: no gateways in network node

2013-05-06 Thread Ashok Kumaran 
Hi Liu,

Have you done the below step? which actually attaches the router with the
specified network,

quantum router-interface-add $router_id $net1_ID
quantum router-interface-add $router-id $net2_ID


Regards,
Ashok


On Mon, May 6, 2013 at 3:02 PM, Liu Wenmao  wrote:

> Hi list:
>
> I set up quantum without namespace support, quantum-server/l3 agent/dhcp
> agent are running at the same node, besides there is a compute node.
>
> I create a router connecting two network(100.0.0.0/24, 200.0.0.0/24), so
> there should be two gateways(100.0.0.1 and 200.0.0.1) in the controller,
> however,I can see two dhcp server(100.0.0.3 and 200.0.0.2), but no gateways:
>
> root@controller:~# ifconfig
> br-ex...
> br-int...
> eth0...
> eth1
> eth2.
> lo.
> tap09a002af-66 Link encap:Ethernet  HWaddr fa:16:3e:9e:11:e0
>   inet addr:192.168.19.129  Bcast:192.168.19.255
>  Mask:255.255.255.128
>   inet6 addr: fe80::f816:3eff:fe9e:11e0/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:146 errors:0 dropped:146 overruns:0 frame:0
>   TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:9490 (9.4 KB)  TX bytes:594 (594.0 B)
> tap160480aa-84 Link encap:Ethernet  HWaddr fa:16:3e:54:77:83
>   inet addr:100.0.0.3  Bcast:100.0.0.255  Mask:255.255.255.0
>   inet6 addr: fe80::f816:3eff:fe54:7783/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:1110 errors:0 dropped:156 overruns:0 frame:0
>   TX packets:514 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:121029 (121.0 KB)  TX bytes:66549 (66.5 KB)
>
> tap5b5891ac-94 Link encap:Ethernet  HWaddr fa:16:3e:ae:35:d3
>   inet addr:200.0.0.2  Bcast:200.0.0.255  Mask:255.255.255.0
>   inet6 addr: fe80::f816:3eff:feae:35d3/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:147 errors:0 dropped:146 overruns:0 frame:0
>   TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:9816 (9.8 KB)  TX bytes:468 (468.0 B)
>
> root@controller:~# quantum subnet-show subnet1
> +--+--+
> | Field| Value|
> +--+--+
> | allocation_pools | {"start": "100.0.0.2", "end": "100.0.0.254"} |
> | cidr | 100.0.0.0/24 |
> | dns_nameservers  |  |
> | enable_dhcp  | True |
> | gateway_ip   | 100.0.0.1|
> | host_routes  |  |
> | id   | 25b34a57-db92-4a4f-a1f5-a550d5b8e1e6 |
> | ip_version   | 4|
> | name | subnet1  |
> | network_id   | eccf5627-a6c6-4007-82a0-f6b85bd2b4ce |
> | tenant_id| 53707d290204404dbff625378969c25c |
> +--+--+
>
> The VMs can not ping gateways, but can ping DHCP servers, why cannot I
> find the gateway?
>
>
> Wenmao Liu
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Quantum CLI errors on Grizzly

2013-05-08 Thread Ashok Kumaran 
Ashutosh,

[ Error 111 ] Connection refused as an error.

for the above error you might wanna check your keystone authentication
part. create the service endpoints properly

Ashok


On Wed, May 8, 2013 at 5:52 PM, Ashutosh Narayan  wrote:

> Hi Jay,
>
> The log file ( /var/log/quantum/server.log) that you requested is empty :(
> What else can I do to trouble shoot ?
>
> On Mon, Apr 29, 2013 at 8:38 PM, Jay S Bryant  wrote:
>
>> Ashutosh,
>>
>> Have you verified that the necessary Quantum processes are running?  If
>> not, ensure that quantum-dhcp-agent, quantum-l3-agent,
>> quantum-openvswitch-agent and most importantly quantum are running.  If
>> those processes are running can you share the output from
>> /var/log/quantum/server.log .  It should contain a hint as to why the
>> server is not ready for connections.
>>
>> Also, please be aware, the first time you start quantum it can take quite
>> some time to be ready for CLI connections depending on the speed of the
>> database you are using.
>>
>> *
>>
>> Jay S. Bryant**
>> Linux Developer -
>>OpenStack Enterprise Edition*
>>   [image: OpenStack Community Logo]
>> Department 7YLA, Building 015-2, Office E125, Rochester, MN
>> Telephone: (507) 253-4270, FAX (507) 253-6410
>> TIE Line: 553-4270
>> E-Mail:  jsbry...@us.ibm.com
>> 
>> All the world's a stage and most of us are desperately unrehearsed.
>>   -- Sean O'Casey
>> 
>>
>>
>>
>> From:Ashutosh Narayan 
>> To:OpenStack ,
>> Date:04/29/2013 05:08 AM
>> Subject:[Openstack] Quantum CLI errors on Grizzly
>> Sent by:"Openstack" > us.ibm@lists.launchpad.net>
>> --
>>
>>
>>
>> Hi folks,
>>
>> I have installed Grizzly on CentOS 6.3 and was setting up Quantum by
>> following the instructions given in the below link :
>> *https://fedoraproject.org/wiki/Packstack_to_Quantum*
>>
>> In step 13 when I start using Quantum CLI to create a private
>> network using the command - *quantum net-create private*
>> I get [ Error 111 ] Connection refused as an error.
>> I have installed OpenvSwitch from the source
>>
>> Even in the dashboard it's not allowing me to create Routers.
>> Same Error 111 is seen there too.
>>
>> Any suggestions ?
>>
>> Thank you,
>> --
>> Ashutosh Narayan
>> *
>> **http://ashutoshn.wordpress.com/* 
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Ashutosh Narayan
>
> http://ashutoshn.wordpress.com/
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] ConnectQuantum to VLAN-tagged physical network

2013-05-08 Thread Ashok Kumaran 
Hi Angelo,

This should be possible. Make sure that eth1 is connected to the Vlan trunk
with necessary port configurations.

Create 2 network with segmentation's ID as 108 and 109 respectively. Create
the respective subnets for both network and then proceed with further
configurations as needed. Are you facing any specific issues here?

-Ashok


On Wed, May 8, 2013 at 9:57 PM, Angelo Olivera  wrote:

> Hello,
>
> I am using Ubuntu 12.04 and OpenStack Grizzly from the Ubuntu Cloud
> archive. I am trying to get instances to get an IP address from dnsmasq in
> the 10.33.8.0/24 or 10.33.9.0/24 space and use physical routers at .1 as
> gateways. Furthermore, these two subnets should be tagged with VLANs 108
> and 109, respectively.
>
> Is this doable? I have been trying different configurations with Open
> vSwitch to no avail. My network layout is as follows:
>
> Nodes
> =
>
> Controller, network, compute node (32-core system)
> [eth0] 10.33.10.210. gateway: 10.33.10.1 (physical router)
> [eth1] connected to VLAN port on switch
>
> Compute nodes
> [eth0] 10.33.10.X
> [eth1] connected to VLAN port on switch
>
> Logical networks
> 
>
> [net1]
> vlan:108
> cidr: 10.33.8.0/24
> gateway: 10.33.8.1 (physical router)
>
> [net2]
> vlan: 109
> cidr: 10.33.9.0/24
> gateway: 10.33.9.1 (physical router)
>
> One of the configurations I tested:
>
> /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
> network_vlan_ranges = default:1:4094
> bridge_mappings = default:br0
>
> ovs-vsctl add-br br-int
> ovs-vsctl add-br br0
> ovs-vsctl add-port br0 eth1
>
> quantum net-create --shared net1 --provider:network_type vlan
> --provider:physical_network default --provider:segmentation_id 108
> quantum subnet-create net1 10.33.8.0/24
> quantum subnet-create net2 10.33.9.0/24
>
> Thanks in advance!
>
> --
> Angelo
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Failed to connect socket to '/var/run/libvirt/libvirt-sock'

2013-05-10 Thread Ashok Kumaran 
Looks like there could be some configuration issues in libvirtd.conf.
Can you ensure that you have below values set
 listen_tls=0
listen_tcp=1

Try restarting libvirt-bin let us know the outcome

-Ashok

Sent from my iPhone

On 11-May-2013, at 1:29 AM, Dhanasekaran Anbalagan 
wrote:

Hi Guys,

I trying to grizzly version on ubuntu 12.04 it's says Failed to connect
socket to '/var/run/libvirt/libvirt-sock'

Please check my console log
root@computenode:~# kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used
root@computenode:~# virsh net-destroy default
error: failed to connect to the hypervisor
error: Failed to connect socket to '/var/run/libvirt/libvirt-sock': No such
file or directory
root@computenode:~# virsh net-undefine default
error: failed to connect to the hypervisor
error: Failed to connect socket to '/var/run/libvirt/libvirt-sock': No such
file or directory
root@computenode:~# deb
http://ubuntu-cloud.archive.canonical.com/ubuntuprecise-updates/grizzly
main^C
root@computenode:~# virsh --version
1.0.2
root@computenode:~# virsh net-destroy default
error: failed to connect to the hypervisor
error: Failed to connect socket to '/var/run/libvirt/libvirt-sock': No such
file or directory
root@computenode:~# virsh net-undefine default
error: failed to connect to the hypervisor
error: Failed to connect socket to '/var/run/libvirt/libvirt-sock': No such
file or directory
root@computenode:~# service libvirt-bin restart
stop: Unknown instance:
libvirt-bin start/running, process 8606
root@computenode:~# tail -f /var/log/libvirt/
libvirtd.log  lxc/  qemu/ uml/
root@computenode:~# tail -f /var/log/libvirt/libvirtd.log
2013-05-10 19:54:23.264+: 8702: info : libvirt version: 1.0.2
2013-05-10 19:54:23.264+: 8702: error :
virNetTLSContextCheckCertFile:111 : Cannot read CA certificate
'/etc/pki/CA/cacert.pem': No such file or directory
2013-05-10 19:54:23.302+: 8718: info : libvirt version: 1.0.2
2013-05-10 19:54:23.302+: 8718: error :
virNetTLSContextCheckCertFile:111 : Cannot read CA certificate
'/etc/pki/CA/cacert.pem': No such file or directory
2013-05-10 19:54:23.337+: 8734: info : libvirt version: 1.0.2
2013-05-10 19:54:23.337+: 8734: error :
virNetTLSContextCheckCertFile:111 : Cannot read CA certificate
'/etc/pki/CA/cacert.pem': No such file or directory
2013-05-10 19:54:23.374+: 8750: info : libvirt version: 1.0.2
2013-05-10 19:54:23.374+: 8750: error :
virNetTLSContextCheckCertFile:111 : Cannot read CA certificate
'/etc/pki/CA/cacert.pem': No such file or directory
2013-05-10 19:54:23.409+: 8766: info : libvirt version: 1.0.2
2013-05-10 19:54:23.409+: 8766: error :
virNetTLSContextCheckCertFile:111 : Cannot read CA certificate
'/etc/pki/CA/cacert.pem': No such file or directory
root@computenode:~# libvirtd --version
libvirtd (libvirt) 1.0.2


Guys how to fix this. Please guide me.

-Dhanasekaran


Did I learn something today? If not, I wasted it.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] can two tenants create two identical network?

2013-05-17 Thread Ashok Kumaran 
In addition to the below changes set use_namespaces=False in dhcp_agent.ini
too.Make sure that your operating system supports network namespaces

Sent from my iPhone

On 17-May-2013, at 3:32 PM, Balamurugan V G  wrote:

I am assuming you are using Quantum for networking, in which case make sure
you have enable overlapping IPs by setting:

allow_overlapping_ips = True

in /etc/quantum/quantum.conf

You also need to enable namespaces:

use_namespaces = True

in /etc/quantum/l3_agent.ini

Regards
Balu

On Fri, May 17, 2013 at 3:22 PM, Liu Wenmao  wrote:

> Hi
>
> Suppose there are two tenants: A and B, they can create their own
> networks, but the networks are both 100.0.0.0/24, I think it is possible
> in multi-tenant scenarios since networks of different tenants are isolated,
> But in openstack, I have a network creation error, which says there is an
> existing network already.
>
> I wonder is it possible to create two identical networks for two tenant?
>
> Liu Wenmao
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] can two tenants create two identical network?

2013-05-17 Thread Ashok Kumaran 
Liu.  Sorry I meant to enable namespaces as true . Mistakenly I mentioned
as false . It's good that you made it worked now

Sent from my iPhone

On 17-May-2013, at 10:18 PM, Liu Wenmao  wrote:

Yes, I use namespace and quantum.

After I set the allow_overlapping_ips option, it works, thanks guys.

To Kumaran: Do you mean that namespace support should be disabled in DHCP
agent, but why? If I disable namespace in dhcp_agent.ini, is it possible
that something does not work?


On Fri, May 17, 2013 at 6:07 PM, Ashok Kumaran wrote:

> In addition to the below changes set use_namespaces=False in
> dhcp_agent.ini too.Make sure that your operating system supports
> network namespaces
>
> Sent from my iPhone
>
> On 17-May-2013, at 3:32 PM, Balamurugan V G 
> wrote:
>
> I am assuming you are using Quantum for networking, in which case make
> sure you have enable overlapping IPs by setting:
>
> allow_overlapping_ips = True
>
> in /etc/quantum/quantum.conf
>
> You also need to enable namespaces:
>
> use_namespaces = True
>
> in /etc/quantum/l3_agent.ini
>
> Regards
> Balu
>
> On Fri, May 17, 2013 at 3:22 PM, Liu Wenmao  wrote:
>
>> Hi
>>
>> Suppose there are two tenants: A and B, they can create their own
>> networks, but the networks are both 100.0.0.0/24, I think it is possible
>> in multi-tenant scenarios since networks of different tenants are isolated,
>> But in openstack, I have a network creation error, which says there is an
>> existing network already.
>>
>> I wonder is it possible to create two identical networks for two tenant?
>>
>> Liu Wenmao
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] instance dns issue

2013-05-17 Thread Ashok Kumaran 
I am assuming that you have a DNS externally and you want the instances to
use that DNS. If this is the requirement then
you will have to add dnsmasq_dns_server= "external DNS IP" in your
/etc/quantum/dhcp_agent.ini.Now your launched instances(VM's) can use
external DNS through quantum dnsmasq.

Please let us know if you have some other requirement.

-Ashok


On Sat, May 18, 2013 at 12:38 AM, Paras pradhan wrote:

> Hi,
>
> My instances can ping the ips but not using dns. The resolv.conf gets
> populated by the private instance network dns ip (10.0.0.2, from
> 10.0.0.0/24) . I can ping the dns ip but dns resolv is not working. What
> might be the issue?
>
> I am on quantum and grizzly in 12.04 lts.
>
> Thanks
> Paras.
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] instance dns issue

2013-05-17 Thread Ashok Kumaran 
It will not populate the external DNS ip  in your resolv.conf . Instead the
external DNS will be used by the local quantum dnsmasq for the name
resolution purpose.

For an instance lets say that your network node has a DNS ip of some
xx.xx.xx.xx  in its resolv.conf . By adding the same IP to the
dhcp_agent.ini you can make your instances to use the same DNS. I hope you
got the concept


On Sat, May 18, 2013 at 1:32 AM, Paras pradhan wrote:

> So adding dnsmasq_dns_server= "external DNS IP" should populate the
> resolv.conf of my instances with the externel DNS IP?
>
> I did that but still seeing the same ip on resolv.conf.
>
> Paras.
>
>
> On Fri, May 17, 2013 at 2:17 PM, Ashok Kumaran 
> wrote:
>
>> I am assuming that you have a DNS externally and you want the instances
>> to use that DNS. If this is the requirement then
>> you will have to add dnsmasq_dns_server= "external DNS IP" in your
>> /etc/quantum/dhcp_agent.ini.Now your launched instances(VM's) can use
>> external DNS through quantum dnsmasq.
>>
>> Please let us know if you have some other requirement.
>>
>> -Ashok
>>
>>
>> On Sat, May 18, 2013 at 12:38 AM, Paras pradhan 
>> wrote:
>>
>>> Hi,
>>>
>>> My instances can ping the ips but not using dns. The resolv.conf gets
>>> populated by the private instance network dns ip (10.0.0.2, from
>>> 10.0.0.0/24) . I can ping the dns ip but dns resolv is not working.
>>> What might be the issue?
>>>
>>> I am on quantum and grizzly in 12.04 lts.
>>>
>>> Thanks
>>> Paras.
>>>
>>> ___
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to : openstack@lists.launchpad.net
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>>
>> --
>> Regds,
>>
>> Ashok ,
>> Delivery Consultant,
>> HP.
>>
>
>


-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] instance dns issue

2013-05-17 Thread Ashok Kumaran 
Can you telnet to port 53 of local DNS ip from your instance (IP in your
resolv.conf) ?  If its not working then you might need to check your local
quantum dnsmasq settings.


On Sat, May 18, 2013 at 1:45 AM, Paras pradhan wrote:

> Thanks. Yes I got the concept but something is not working. I can't resolv
> the hosts from my instances.
>
> Thanks
> Paras.
>
>
> On Fri, May 17, 2013 at 3:10 PM, Ashok Kumaran 
> wrote:
>
>> It will not populate the external DNS ip  in your resolv.conf . Instead
>> the external DNS will be used by the local quantum dnsmasq for the name
>> resolution purpose.
>>
>> For an instance lets say that your network node has a DNS ip of some
>> xx.xx.xx.xx  in its resolv.conf . By adding the same IP to the
>> dhcp_agent.ini you can make your instances to use the same DNS. I hope you
>> got the concept
>>
>>
>> On Sat, May 18, 2013 at 1:32 AM, Paras pradhan wrote:
>>
>>> So adding dnsmasq_dns_server= "external DNS IP" should populate the
>>> resolv.conf of my instances with the externel DNS IP?
>>>
>>> I did that but still seeing the same ip on resolv.conf.
>>>
>>> Paras.
>>>
>>>
>>> On Fri, May 17, 2013 at 2:17 PM, Ashok Kumaran >> > wrote:
>>>
>>>> I am assuming that you have a DNS externally and you want the instances
>>>> to use that DNS. If this is the requirement then
>>>> you will have to add dnsmasq_dns_server= "external DNS IP" in your
>>>> /etc/quantum/dhcp_agent.ini.Now your launched instances(VM's) can use
>>>> external DNS through quantum dnsmasq.
>>>>
>>>> Please let us know if you have some other requirement.
>>>>
>>>> -Ashok
>>>>
>>>>
>>>> On Sat, May 18, 2013 at 12:38 AM, Paras pradhan >>> > wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> My instances can ping the ips but not using dns. The resolv.conf gets
>>>>> populated by the private instance network dns ip (10.0.0.2, from
>>>>> 10.0.0.0/24) . I can ping the dns ip but dns resolv is not working.
>>>>> What might be the issue?
>>>>>
>>>>> I am on quantum and grizzly in 12.04 lts.
>>>>>
>>>>> Thanks
>>>>> Paras.
>>>>>
>>>>> ___
>>>>> Mailing list: https://launchpad.net/~openstack
>>>>> Post to : openstack@lists.launchpad.net
>>>>> Unsubscribe : https://launchpad.net/~openstack
>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regds,
>>>>
>>>> Ashok ,
>>>> Delivery Consultant,
>>>> HP.
>>>>
>>>
>>>
>>
>>
>> --
>> Regds,
>>
>> Ashok ,
>> Delivery Consultant,
>> HP.
>>
>
>


-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Quantum & OVS] How to bi-direction communicate between VM instances and "old" LAN network(s)

2013-05-22 Thread Ashok Kumaran 
Hi Chu,

You might want to check this link.

http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_multi_extnet.html

you can create multiple floating ip pools in association with different ext
nets


-Ashok


On Thu, May 23, 2013 at 10:38 AM, Chu Duc Minh wrote:

> Hi, thank you for your help, but I can't follow your guides because I
> already have an external network (123.x.y.0/24)
>
> I tried some ways to add 2 floating IP(s) (belong to 2 network/subnet) to
> an instance, but still not success...
>
> Do you or others have another idea?
>
> Thank you very much!
>
>
>
>
> On Thu, May 23, 2013 at 12:40 AM, Naveen Joy (najoy) wrote:
>
>>  Hi Chu,
>>
>> ** **
>>
>> I was able to get my instances and  LAN servers communicate by following
>> the below steps. The basic idea is that you should add the external network
>> interface to br-ex,  then create an external network in quantum with
>> --router:external=True and allocate floating IPs to your instances from
>> this external network. Now your LAN servers can talk to your instances
>> using these routable floating IPs that you have allocated from the external
>> network.
>>
>> ** **
>>
>> Steps:
>>
>> **1.  **Create an external bridge named br-ex and add the network
>> card to that bridge. Also assign an IP on the external bridge so you can
>> manage it. Assuming eth1 is your network card.
>>
>> sudo ovs-vsctl add-br br-ex
>>
>> sudo ovs-vsctl add-port br-ex eth1
>>
>> sudo ip addr add  dev br-ex
>>
>> sudo ip link set br-ex up
>>
>> ** **
>>
>> **2.  **Set eth1 as a promiscuous interface in Ubuntu with no IP
>> address so your host OS does not mess with it.
>>
>> Edit your /etc/network/interfaces and add the below lines:
>>
>> iface eth1 inet manual
>>
>> up ifconfig $IFACE 0.0.0.0 up
>>
>> up ifconfig $IFACE promisc
>>
>> down ifconfig $IFACE down
>>
>> 
>>
>> **3.  **Create a shared public network and subnet for your tenant
>> routers to plug in. 
>>
>> Note that this network should be mapped to your existing LAN network and
>> you should also set an existing gateway and assign IP allocation pools.**
>> **
>>
>> quantum net-create public --shared --router:external=True
>> --provider:network_type local
>>
>> quantum subnet-create --name public-subnet --gateway 
>>  --allocation-pool start=,end= public
>> 
>>
>> ** **
>>
>> **4.  **Then set an external gateway IP for your tenant routers and
>> create your user nets
>>
>> quantum router-create router1
>>
>> quantum router-gateway-set router1 public
>>
>> quantum net-create usernet1
>>
>> quantum subnet-create --name subnet1 usernet1 10.0.0.0/24
>>
>> quantum router-interface-add router1 subnet1
>>
>> ** **
>>
>> **5.  **To enable bi-directional network communication your old LAN
>> network server farm use floating IPs. Allocate a floating IP and map it to
>> your instance port either using command line or via horizon.
>>
>> quantum floatingip-create --port_id $SERVER_PORT_ID public
>>
>> ** **
>>
>> Hope this helps.
>>
>> ** **
>>
>> Naveen/
>>
>> ** **
>>
>> ** **
>>
>> *From:* Openstack [mailto:openstack-bounces+najoy=
>> cisco@lists.launchpad.net] *On Behalf Of *Chu Duc Minh
>> *Sent:* Wednesday, May 22, 2013 5:04 AM
>> *To:* openstack@lists.launchpad.net
>> *Subject:* [Openstack] [Quantum & OVS] How to bi-direction communicate
>> between VM instances and "old" LAN network(s)
>>
>> ** **
>>
>> Hi, i deployed a Openstack Grizzly cluster with Quantum using
>> network-model *"Per-tenant Routers with Private Networks"*. Everything
>> is ok. 
>>
>> Now, i need to communicate (bi-direction) between VM network(s) and "old"
>> LAN network(s) of old server farm. (192.168.2.0/24, 192.168.3.0/24,
>> v.v...)
>>
>> I added a network card to Network-node and plug it to a LAN network (
>> 192.168.3.0/24).
>> But still not yet figured out how i can achieve it (old server farm can
>> connect to VM instance and vice-versa) 
>>
>> Could you help me, pls? Thanks a lot, folks!
>>
>> *PS:* I attach my network topology in this mail for reference. 
>>
>> I think that, maybe I need to create a new "br-ex" for LAN, create
>> port/interface in router of each tenant, then add a LAN IP (192.168.3.x) to
>> router-interface.
>> Then add route to 192.168.0.0/16 to 192.168.3.1
>> v.v
>>
>> But "how to implement it" still not clear... :-(
>>
>> ** **
>>
>> ** **
>>
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ope

Re: [Openstack] Router internal interface is DOWN (Grizzly with Quantum)

2013-05-23 Thread Ashok Kumaran 
Since you have a single node installation , for connecting to the VM's from
the base host you won't need router/l3 stuffs.if its not happening then you
might need to check the secgroup  rules.

Coming back to your question. Does the ifconfig shows internal router
interface ip ? have you added the routerid in the l3agent.ini . If not can
you add and restart the agent and check




Ashok

Sent from my iPhone

On 23-May-2013, at 5:27 PM, Nikhil Mittal  wrote:

The /etc/quantum/l3-agent.ini file seems all correct. I didn't make any
changes to it except the following line:
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver

Rest is default.
-Nikhil
On Thu, May 23, 2013 at 5:09 PM, Endre Karlson wrote:

> Have you checked your config for the agent and eventually
> /var/log/quantum/l3-agent.log or what the log file is called again ?
>
> Endre
>
>
> 2013/5/23 Nikhil Mittal 
>
>>  Hi,
>> I am able to successfully spawn VMs on my single-node Grizzly setup on
>> Ubuntu 13.04. I can ping from one VM to another VM. But i can't ping the
>> internal router interface which resides on the same subnet as the VMs. I
>> have not yet configured external network and gateway this router. NOTE: I
>> can't ping to VMs from the host machine which I believe is because of
>> router not configured with external interface.
>> Any suggestions ?
>> Thanks,
>> Nikhil
>>
>> Below is the output of useful commands:
>>
>> ===
>> root@osk-team:~# quantum port-list
>>
>> +--+--+---++
>> | id   | name | mac_address   |
>> fixed_ips
>> |
>>
>> +--+--+---++
>> | 53d63be8-967c-439c-8ffa-53ef1f7f3d37 |  | fa:16:3e:09:99:b9 |
>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>> "10.78.99.84"} |
>> | 565eb936-fb89-42a9-9482-0f089907c35a |  | fa:16:3e:96:78:92 |
>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>> "10.78.99.87"} |
>> | 6f01314f-6f47-4884-b812-1d66fae9ca3e |  | fa:16:3e:b6:c6:fe |
>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>> "10.78.99.83"} |
>> | 7894091c-274a-48dd-8348-b3fd449b6705 |  | fa:16:3e:bb:69:9e |
>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>> "10.78.99.85"} |
>> | 9c99fe76-4d74-44de-a2f5-3f3dc555c3d8 |  | fa:16:3e:db:f6:6f |
>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>> "10.78.99.86"} |
>> | badec4e8-fa4f-47e3-a7a2-123d84d03337 |  | fa:16:3e:79:01:50 |
>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>> "10.78.99.82"} |
>> | cfb7d5ba-3603-4448-9140-8c1d10ca2b2f |  | fa:16:3e:a2:db:c4 |
>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>> "10.78.99.81"} |
>>
>> +--+--+---++
>>
>> root@osk-team:~# quantum port-show cfb7d5ba-3603-4448-9140-8c1d10ca2b2f
>>
>> +--++
>> | Field|
>> Value
>> |
>>
>> +--++
>> | admin_state_up   |
>> True
>> |
>> | binding:capabilities | {"port_filter":
>> false} |
>> | binding:vif_type |
>> ovs
>> |
>> | device_id|
>> fd907599-60a2-4efa-9c7e-65fb8c8b0f77
>> |
>> | device_owner |
>> network:router_interface
>> |
>> | fixed_ips| {"subnet_id":
>> "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address": "10.78.99.81"} |
>> | id   |
>> cfb7d5ba-3603-4448-9140-8c1d10ca2b2f
>> |
>> | mac_address  |
>> fa:16:3e:a2:db:c4
>> |
>> | name
>> |
>> |
>> | network_id   |
>> 52df3dd6-76f6-4036-855d-7f81d2b440b9
>> |
>> | status   |
>> DOWN
>> |
>> | tenant_id|
>> e6a025539f2f4823b9ae25d17096efc2
>> |
>> ==
>>
>>
>>
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to

Re: [Openstack] Router internal interface is DOWN (Grizzly with Quantum)

2013-05-23 Thread Ashok Kumaran 
Thanks Salv for the crystal clear explanation .  Sorry my context was based
on without namespaces scenario .  I did not think from namespaces point of
view .

Regards
Ashok

Sent from my iPhone

On 23-May-2013, at 7:52 PM, Salvatore Orlando  wrote:



On 23 May 2013 13:15, Ashok Kumaran  wrote:

> Since you have a single node installation , for connecting to the VM's
> from the base host you won't need router/l3 stuffs.if its not happening
> then you might need to check the secgroup  rules.
>

This is true only if you're running without overlapping IPs. Otherwise the
IP addresses for your instances will be stored in a network namespace
called qdhcp- and not reachable from the host machine, unless
one eithers executes commands from within the namespace or goes through a
Quantum router (and I believe you'd want to use floating IPs for that)


>
> Coming back to your question. Does the ifconfig shows internal router
> interface ip ? have you added the routerid in the l3agent.ini . If not can
> you add and restart the agent and check
>

Again if you're using namespaces, you'll need to run ifconfig or ip addr
show from within that namespace with 'ip netns  exec '.
The default security group already allow traffic between ports belonging to
the same tenant, and this is apparently your case. If you've altered the
default settings however, it might as well be that the security group is
now blocking the traffic.
If the interface does not show up this mean the l3 agent has either crashed
or is tracebacking. The logs, as suggested by Endre, might clarify what is
going on.

Salvatore


>
>
>
>
>
> Ashok
>
> Sent from my iPhone
>
> On 23-May-2013, at 5:27 PM, Nikhil Mittal  wrote:
>
> The /etc/quantum/l3-agent.ini file seems all correct. I didn't make any
> changes to it except the following line:
> interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
>
> Rest is default.
> -Nikhil
> On Thu, May 23, 2013 at 5:09 PM, Endre Karlson wrote:
>
>> Have you checked your config for the agent and eventually
>> /var/log/quantum/l3-agent.log or what the log file is called again ?
>>
>> Endre
>>
>>
>> 2013/5/23 Nikhil Mittal 
>>
>>>  Hi,
>>> I am able to successfully spawn VMs on my single-node Grizzly setup on
>>> Ubuntu 13.04. I can ping from one VM to another VM. But i can't ping the
>>> internal router interface which resides on the same subnet as the VMs. I
>>> have not yet configured external network and gateway this router. NOTE: I
>>> can't ping to VMs from the host machine which I believe is because of
>>> router not configured with external interface.
>>> Any suggestions ?
>>> Thanks,
>>> Nikhil
>>>
>>> Below is the output of useful commands:
>>>
>>> ===
>>> root@osk-team:~# quantum port-list
>>>
>>> +--+--+---++
>>> | id   | name | mac_address   |
>>> fixed_ips
>>> |
>>>
>>> +--+--+---++
>>> | 53d63be8-967c-439c-8ffa-53ef1f7f3d37 |  | fa:16:3e:09:99:b9 |
>>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>>> "10.78.99.84"} |
>>> | 565eb936-fb89-42a9-9482-0f089907c35a |  | fa:16:3e:96:78:92 |
>>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>>> "10.78.99.87"} |
>>> | 6f01314f-6f47-4884-b812-1d66fae9ca3e |  | fa:16:3e:b6:c6:fe |
>>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>>> "10.78.99.83"} |
>>> | 7894091c-274a-48dd-8348-b3fd449b6705 |  | fa:16:3e:bb:69:9e |
>>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>>> "10.78.99.85"} |
>>> | 9c99fe76-4d74-44de-a2f5-3f3dc555c3d8 |  | fa:16:3e:db:f6:6f |
>>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>>> "10.78.99.86"} |
>>> | badec4e8-fa4f-47e3-a7a2-123d84d03337 |  | fa:16:3e:79:01:50 |
>>> {"subnet_id": "5b53398a-70ce-44c6-8f6b-7a21a4ea48d7", "ip_address":
>>> "10.78.99.82&qu

Re: [Openstack] [openstack] how to configure quantum so that two private network can ping each other?

2013-06-14 Thread Ashok Kumaran 
Hi Yuling,

You may need to check the security group rules , ensure that the security
group allows ICMP and ssh(22)  in case you are looking for ssh access,




Regards,
Ashok




On Sat, Jun 15, 2013 at 7:10 AM,  wrote:

>  Hi All,
>
> From openstack documentation, it seems that if we need to create routers
> in order to have two private network ping each other. However, I followed
> the instruction on the website
> http://docs.openstack.org/trunk/openstack-network/admin/content/l3_workflow.html,
> but still could not get the ping working through two private networks.
>
> Here is what I did:
>
> 1. I'm using the Vlan mode for OVS network type.
> 2. I created one network net1 in one subnet.
> 3. I created another network net2 in another subnet.
> 4. I created a router and attached the two subnet interfaces to the router.
> 5. I created two VM instances on net1 and net2 respectively.
> 6. However, I still was not able to ping from vm1 to vm2.
>
> Any idea?
>
> Thanks,
>
> YuLing
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>



-- 
Regds,

Ashok ,
Delivery Consultant,
HP.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Security Group of Quantum ovs plugin (Folsom) is not working

2013-06-18 Thread Ashok Kumaran 
Hi Chandler,

whats your libvirt_vif_driver set in nova-compute.conf?


On Tue, Jun 18, 2013 at 1:08 PM, Chandler Li wrote:

> Hi, Aaron,
>
> Sorry for my unclear explanation.
>
> I can ping or ssh into the VM with default security group even there are
> no rules setting...
>
> Here is my security group information,
>
> [root@controller ~]# nova secgroup-list
> +-+-+
> | Name| Description |
> +-+-+
> | default | default |
> +-+-+
> [root@controller ~]# nova secgroup-list-rules default
>
> [root@controller ~]#
>
>
> After I created a VM with default security group, I checked the iptables
> at compute node:
>
> [root@compute1 ~]# iptables -L -v -n
> Chain INPUT (policy ACCEPT 26495 packets, 22M bytes)
>  pkts bytes target prot opt in out source
> destination
>   289  120K nova-compute-INPUT  all  --  *  *   0.0.0.0/0
>0.0.0.0/0
> 0 0 ACCEPT udp  --  virbr0 *   0.0.0.0/0
> 0.0.0.0/0   udp dpt:53
> 0 0 ACCEPT tcp  --  virbr0 *   0.0.0.0/0
> 0.0.0.0/0   tcp dpt:53
> 0 0 ACCEPT udp  --  virbr0 *   0.0.0.0/0
> 0.0.0.0/0   udp dpt:67
> 0 0 ACCEPT tcp  --  virbr0 *   0.0.0.0/0
> 0.0.0.0/0   tcp dpt:67
>  1036 64284 ACCEPT tcp  --  *  *   0.0.0.0/0
> 0.0.0.0/0   tcp dpt:5900
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target prot opt in out source
> destination
> 0 0 nova-filter-top  all  --  *  *   0.0.0.0/0
> 0.0.0.0/0
> 0 0 nova-compute-FORWARD  all  --  *  *   0.0.0.0/0
>  0.0.0.0/0
> 0 0 ACCEPT all  --  *  virbr0  0.0.0.0/0
> 192.168.122.0/24state RELATED,ESTABLISHED
> 0 0 ACCEPT all  --  virbr0 *   192.168.122.0/24
> 0.0.0.0/0
> 0 0 ACCEPT all  --  virbr0 virbr0  0.0.0.0/0
> 0.0.0.0/0
> 0 0 REJECT all  --  *  virbr0  0.0.0.0/0
> 0.0.0.0/0   reject-with icmp-port-unreachable
> 0 0 REJECT all  --  virbr0 *   0.0.0.0/0
> 0.0.0.0/0   reject-with icmp-port-unreachable
>
> Chain OUTPUT (policy ACCEPT 30821 packets, 14M bytes)
>  pkts bytes target prot opt in out source
> destination
> 30218   14M nova-filter-top  all  --  *  *   0.0.0.0/0
> 0.0.0.0/0
>   261 80864 nova-compute-OUTPUT  all  --  *  *   0.0.0.0/0
>  0.0.0.0/0
>
> Chain nova-compute-FORWARD (1 references)
>  pkts bytes target prot opt in out source
> destination
>
> Chain nova-compute-INPUT (1 references)
>  pkts bytes target prot opt in out source
> destination
>
> Chain nova-compute-OUTPUT (1 references)
>  pkts bytes target prot opt in out source
> destination
>
> Chain nova-compute-inst-783 (1 references)
>  pkts bytes target prot opt in out source
> destination
> 0 0 DROP   all  --  *  *   0.0.0.0/0
> 0.0.0.0/0   state INVALID
> 0 0 ACCEPT all  --  *  *   0.0.0.0/0
> 0.0.0.0/0   state RELATED,ESTABLISHED
> 0 0 nova-compute-provider  all  --  *  *   0.0.0.0/0
>0.0.0.0/0
> 0 0 ACCEPT udp  --  *  *   30.0.0.2
> 0.0.0.0/0   udp spt:67 dpt:68
> 0 0 ACCEPT all  --  *  *   30.0.0.0/24
> 0.0.0.0/0
> 0 0 nova-compute-sg-fallback  all  --  *  *   0.0.0.0/0
>  0.0.0.0/0
>
> Chain nova-compute-local (1 references)
>  pkts bytes target prot opt in out source
> destination
> 0 0 nova-compute-inst-783  all  --  *  *   0.0.0.0/0
>30.0.0.5
>
> Chain nova-compute-provider (1 references)
>  pkts bytes target prot opt in out source
> destination
>
> Chain nova-compute-sg-fallback (1 references)
>  pkts bytes target prot opt in out source
> destination
> 0 0 DROP   all  --  *  *   0.0.0.0/0
> 0.0.0.0/0
>
> Chain nova-filter-top (2 references)
>  pkts bytes target prot opt in out source
> destination
>   261 80864 nova-compute-local  all  --  *  *   0.0.0.0/0
>0.0.0.0/0
>
>
> If I add rules to security group default:
>
> [root@controller ~]# nova secgroup-list-rules default
> +-+---+-+---+--+
> | IP Protocol | From Port | To Port | IP Range  | Source Group |
> +-+---+-+---+--+
> | icmp| -1| -1  | 0.0.0.0/0 |  |
> | tcp | 22| 22  | 0.0.0.0/0 |  |
> +-+---+-+---+--+
>
>
> the Chain nova-compute-inst-783 will be :
>
> Chain nova-compute-inst-783 (1 references)
>  pkts bytes target prot opt in out source
> destination
> 0 0 DROP   all  --  *  *   0.0.0.0/0
> 0.0.0.0/0   state INVALID
> 0 0 ACCEPT all  --  *  *   0

Re: [Openstack] Ceilometer getting a "Connection refused" from

2013-07-02 Thread Ashok Kumaran 
Glad its working ! your connection refused error should disappear now

Best,
Ashok

On Tue, Jul 2, 2013 at 3:33 PM, Jobin Raju George wrote:

>
> Hey, Ashok!
>
>
> I did the following:
>
> 1) Changed bind_ip=10.112.107.107 in /etc/mongodb.conf
> 2) Restarted mongodb using service mongodb restart.
> 3) Confirmed mongodb is running(mongodb start/running, process 15257)
> 4) Did a telnet 10.112.107.107 27017 and yes it is working now!
>
>
> Thanks a lot for your efforts!
>
>
> On Tue, Jul 2, 2013 at 3:26 PM, Ashok Kumaran wrote:
>
>> I believe that is the problem.
>>
>> Can you change the bind_ip=10.112.107.107 and then restart mongodb,then
>> try to do a telnet from your compute? let me know the outcome
>>
>>  On Tue, Jul 2, 2013 at 3:23 PM, Jobin Raju George wrote:
>>
>>> Oh yes, it is! Is that the issue?
>>>
>>>
>>> On Tue, Jul 2, 2013 at 3:22 PM, Ashok Kumaran 
>>> wrote:
>>>
>>>> Okay, Can you check what has been set on parameter bind_ip in mongodb
>>>> conf in your controller?
>>>> is it 127.0.0.1?
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Jul 2, 2013 at 3:13 PM, Jobin Raju George 
>>>> wrote:
>>>>
>>>>> Dear Ashok, thanks for you attention. Here are the outputs of commands
>>>>> you told me to execute:
>>>>>
>>>>> 1)
>>>>>
>>>>> netstat -ntlp | grep 27017
>>>>> tcp0  0 127.0.0.1:27017 0.0.0.0:*
>>>>> LISTEN  1482/mongod
>>>>>
>>>>>
>>>>> 2)
>>>>>
>>>>> telnet 10.112.107.107 27017
>>>>> Trying 10.112.107.107...
>>>>> telnet: Unable to connect to remote host: Connection refused
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Jul 2, 2013 at 2:58 PM, Ashok Kumaran <
>>>>> ashokkumara...@gmail.com> wrote:
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> I know nothing about Ceilometer, but I thought I could figure out the
>>>>>> mongodb connection issue, i have slight experience in mongodb.
>>>>>>
>>>>>> In your controller node can you check whether 27017 is listening for
>>>>>> external connections?
>>>>>> #netstat -ntlp|grep 27017 -- paste the output
>>>>>> Also from your compute do a #telnet 10.112.107.107 27017, let me know
>>>>>> the output.
>>>>>> need to know the above things before we move into the further
>>>>>> troubleshooting
>>>>>>
>>>>>>
>>>>>>
>>>>>>  On Tue, Jul 2, 2013 at 2:48 PM, Jobin Raju George <
>>>>>> jobin...@gmail.com> wrote:
>>>>>>
>>>>>>>  10.112.107.107 is the IP address of the controller node where
>>>>>>> nova, keystone, ceilometer have been installed(and so is mongodb). I 
>>>>>>> have
>>>>>>> installed ceilometer on the compute node also and configured it so that 
>>>>>>> it
>>>>>>> knows that mongodb listens on 10.112.107.107:27017 but I don't know
>>>>>>> why it is refusing connection. However, I don't see a connection 
>>>>>>> refused in
>>>>>>> mongodb's logs. Here are the last few lines of my ceilometer-api logs:
>>>>>>> http://pastebin.ubuntu.com/5835646/
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 2, 2013 at 2:42 PM, Julien Danjou wrote:
>>>>>>>
>>>>>>>> On Tue, Jul 02 2013, Jobin Raju George wrote:
>>>>>>>>
>>>>>>>> > Here is my /etc/ceilometer/ceilometer.conf:
>>>>>>>> > http://pastebin.ubuntu.com/5835612/
>>>>>>>>
>>>>>>>> So the problem is that you configured it to use mongodb at
>>>>>>>> mongodb://10.112.107.107:27017/ceilometer but mongodb doesn't seem
>>>>>>>> to
>>>>>>>> answer on this IP/port considering the error. I really dont'get
>>>>>>>> what you
>>>>>>>> don't get, it seems pretty obvious to me you should install MongoDB
>>>>>>>> where you configured Ceilometer to look, righ