[Openstack] [Neutron]Installing openstack on a machine with single interface
Hi All, I have seen several people asking how to set up openstack on a machine with a single nic card. I have created a blog page for the same. The blog includes aome information about openstack networking also. http://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/ Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Neutron]Installing openstack on a machine with single interface
Sorry I do not have it. In fact I have never used devstack. There are just a few commands and it should be easy for anyone who has used devstack to get this done. From: Davanum Srinivas [dava...@gmail.com] Sent: Tuesday, June 10, 2014 5:22 PM To: Ageeleshwar Kandavelu Cc: openstack@lists.openstack.org Subject: Re: [Openstack] [Neutron]Installing openstack on a machine with single interface Ageeleshwar, Do you happen to have a devstack local.conf for this specific setup? That would be of great help to everyone i believe. thanks, dims On Tue, Jun 10, 2014 at 3:54 AM, Ageeleshwar Kandavelu ageeleshwar.kandav...@csscorp.com wrote: Hi All, I have seen several people asking how to set up openstack on a machine with a single nic card. I have created a blog page for the same. The blog includes aome information about openstack networking also. http://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/ Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -- Davanum Srinivas :: http://davanum.wordpress.com http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Neutron GRE + Flat question
I have gre tenant networks and one single flat network that I use as my external network. I created a router and connected to the tenant networks and to the flat external network and every thing is working fine. Have you attached a router to your flat network and to your gre network? From: Randy [a...@djlab.com] Sent: Tuesday, June 10, 2014 5:47 PM To: openstack@lists.openstack.org Subject: [Openstack] Neutron GRE + Flat question I've got the 3-node Icehouse/Juno setup using Neutron (ml2/GRE) networking on Xenserver, like this: http://docs.openstack.org/trunk/install-guide/install/apt/content/basics-networking-neutron.html Everything works fine with the floating IPs and all...but now I want to introduce a flat network (with external router) that doesn't require NAT or floating IPs. Like this: http://docs.openstack.org/havana/install-guide/install/apt/content/section_use-cases-mixed.html Using the flat network, DHCP works but there's no metadata or connectivity in or out of the VMs. ACTUAL QUESTION: If we introduce the flat network to the network node on a dedicated interface, will it tunnel the flat network over GRE to each compute node? Or do we need to physically connect and bridge map each flat network on every compute node separately? -- ~Randy ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Openstack with Ubuntu 14.04
Icehouse works perfect on 14.04. Please follow the official install guide. Thank you, Ageeleshwar K From: Mahardhika Gilang [mahardika.gil...@andalabs.com] Sent: Monday, June 09, 2014 11:18 AM To: Openstack Milis Subject: [Openstack] Openstack with Ubuntu 14.04 Hi all, Does anyone get 3 node setup done and work with ubuntu 14.04? if i used 12.04.4 which will end on 2017, what am i must to do? upgrade OS? doest that will replace my current configuration? Thanks -- Regards, Mahardhika Gilang ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] help with neutron
Logs are too general. let me give you a few leads. 1. Check the mysql connection string inside /etc/neutron/neutron.conf and see if it is valid. 2. Check the keystone_authtoken section inside the same file and verify if they are correct and if the specified user/tenant(neutron/service) is available in keystone. 3. See if the neutron-server is running. If yes see if it is responsive . may be do a 'neutron agent-list'. of course after setting the auth credentials in environment variables. 4. See if all the agents (openvswitch/l3/dhcp) are in good state. If you see any of your agents or if the neutron-server itself is down please share your config file and log while restarting. From: 马超 [doit...@gmail.com] Sent: Tuesday, June 03, 2014 4:33 PM To: openstack@lists.openstack.org Subject: [Openstack] help with neutron Hi, I try to config ryu controller with openstak, and got a problem: # sudo ovs-ofctl dump-flows br-int NXST_FLOW reply (xid=0x4): no other flow entries here is some info, and I think the main problem is with neutron-server any help ? thanks --1-- in ryu-agent.log: CRITICAL neutron [-] Timeout while waiting on RPC response - topic: q-plugin, RPC method: get_ofp_rest_api info: unknown I have append ryu.app.ofp_rest to app_list --2-- the neutron/server.log shows: ERROR neutron.common.legacy [-] Skipping unknown group key: firewall_driver ERROR neutron.service [-] Unrecoverable error: please check log for details. TRACE neutron.service Traceback (most recent call last): TRACE neutron.service File /usr/lib/python2.7/dist-packages/neutron/service.py, line 99, in serve_wsgi TRACE neutron.service service.start() TRACE neutron.service File /usr/lib/python2.7/dist-packages/neutron/service.py, line 68, in start TRACE neutron.service self.wsgi_app = _run_wsgi(self.app_name) TRACE neutron.service File /usr/lib/python2.7/dist-packages/neutron/service.py, line 112, in _run_wsgi TRACE neutron.service app = config.load_paste_app(app_name) TRACE neutron.service File /usr/lib/python2.7/dist-packages/neutron/common/config.py, line 144, in load_paste_app TRACE neutron.service app = deploy.loadapp(config:%s % config_path, name=app_name) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py, line 247, in loadapp TRACE neutron.service return loadobj(APP, uri, name=name, **kw) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py, line 272, in loadobj TRACE neutron.service return context.create() TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py, line 710, in create TRACE neutron.service return self.object_type.invoke(self) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py, line 144, in invoke TRACE neutron.service **context.local_conf) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/util.py, line 56, in fix_call TRACE neutron.service val = callable(*args, **kw) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/urlmap.py, line 28, in urlmap_factory TRACE neutron.service app = loader.get_app(app_name, global_conf=global_conf) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py, line 350, in get_app TRACE neutron.service name=name, global_conf=global_conf).create() TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py, line 710, in create TRACE neutron.service return self.object_type.invoke(self) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py, line 144, in invoke TRACE neutron.service **context.local_conf) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/util.py, line 56, in fix_call TRACE neutron.service val = callable(*args, **kw) TRACE neutron.service File /usr/lib/python2.7/dist-packages/neutron/auth.py, line 59, in pipeline_factory TRACE neutron.service app = loader.get_app(pipeline[-1]) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py, line 350, in get_app TRACE neutron.service name=name, global_conf=global_conf).create() TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py, line 710, in create TRACE neutron.service return self.object_type.invoke(self) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py, line 146, in invoke TRACE neutron.service return fix_call(context.object, context.global_conf, **context.local_conf) TRACE neutron.service File /usr/lib/python2.7/dist-packages/paste/deploy/util.py, line 56, in fix_call TRACE neutron.service val = callable(*args, **kw) TRACE neutron.service File /usr/lib/python2.7/dist-packages/neutron/api/v2/router.py, line 72, in factory TRACE neutron.service return cls(**local_config)
Re: [Openstack] _member_ role after keystone installation
have you already added admin user to admin role. I think _member_ will already be there but you will not be able to view it until you use a user with admin role. Hope it makes sense Ageeleshwar K From: Ricardo Carrillo Cruz [ricardo.carrillo.c...@gmail.com] Sent: Sunday, June 01, 2014 5:59 PM To: openstack@lists.openstack.org Subject: [Openstack] _member_ role after keystone installation Hi guys I'm currently installing Openstack in Ubuntu 14.04 by following the official guide, instead of just use devstack, for fun. I succesfully installed keystone and I'm now at the user/tenant/roles creation step. This is an excerpt from the guide: By default, the Identity Service creates a special _member_ role. The OpenStack dashboard automatically grants access to users with this role. You will give the admin user access to this role in addition to the admin role. However, I can't see that role after installing keystone: snip ricky@openstack:~$ keystone role-list +--+---+ |id| name | +--+---+ | 3b1826a9f1234fe58e45cd27aba27c1a | admin | +--+---+ /snip Do I need to create that _member_ role myself? If so, is this a doc bug? Regards http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] _member_ role after keystone installation
I recently installed icehouse and never created that role but it exists. Please see if its present in the db. root@sun:~# mysql keystone -e 'select * from role;' +--+--+---+ | id | name | extra | +--+--+---+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | {enabled: True, description: Default role for project membership} | +--+--+---+ This is populated when you run keystone-manage db_sync Thank you, Ageeleshwar K From: Ricardo Carrillo Cruz [ricardo.carrillo.c...@gmail.com] Sent: Monday, June 02, 2014 2:27 PM To: Ageeleshwar Kandavelu Cc: openstack@lists.openstack.org Subject: Re: [Openstack] _member_ role after keystone installation Hi Ageeleshwar Yep, I linked together user 'admin' on tenant 'admin' with role 'admin' : ricky@openstack:~$ keystone user-role-list --user admin --tenant admin +--+---+--+--+ |id| name | user_id | tenant_id | +--+---+--+--+ | 3b1826a9f1234fe58e45cd27aba27c1a | admin | 2fb0242b87f740d6a3bb1c71d9bf58bc | 1fd8105537394a57873f234ee27596fc | +--+---+--+--+ Regards 2014-06-02 9:18 GMT+02:00 Ageeleshwar Kandavelu ageeleshwar.kandav...@csscorp.commailto:ageeleshwar.kandav...@csscorp.com: have you already added admin user to admin role. I think _member_ will already be there but you will not be able to view it until you use a user with admin role. Hope it makes sense Ageeleshwar K From: Ricardo Carrillo Cruz [ricardo.carrillo.c...@gmail.commailto:ricardo.carrillo.c...@gmail.com] Sent: Sunday, June 01, 2014 5:59 PM To: openstack@lists.openstack.orgmailto:openstack@lists.openstack.org Subject: [Openstack] _member_ role after keystone installation Hi guys I'm currently installing Openstack in Ubuntu 14.04 by following the official guide, instead of just use devstack, for fun. I succesfully installed keystone and I'm now at the user/tenant/roles creation step. This is an excerpt from the guide: By default, the Identity Service creates a special _member_ role. The OpenStack dashboard automatically grants access to users with this role. You will give the admin user access to this role in addition to the admin role. However, I can't see that role after installing keystone: snip ricky@openstack:~$ keystone role-list +--+---+ |id| name | +--+---+ | 3b1826a9f1234fe58e45cd27aba27c1a | admin | +--+---+ /snip Do I need to create that _member_ role myself? If so, is this a doc bug? Regards http://www.csscorp.com/common/email-disclaimer.php http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Network Architecture - Separate Layer 2 and Layer 3 - neutron/network node only l2
I think you are looking for multiple neutron-l3-agent. It is possible and has been discussed many times before in mailing lists. Just do a google search 'multiple l3 agent in openstack' you should be able to find some link to start with. From: Benoit ML [ben4...@gmail.com] Sent: Wednesday, May 28, 2014 2:15 PM To: openstack@lists.openstack.org; Benoit ML Subject: [Openstack] Network Architecture - Separate Layer 2 and Layer 3 - neutron/network node only l2 Hello, I'm writing to you because I'd like to discute about the separation of layer 2 and layer 3. Can openstack network node only work on layer 2 with a dedicated server ? and all layer 3 configuration done elsewere ? The idea is : netowk node manage layer 2 topologie (openvswitch/gre tunnel) and Layer 3 is dedicacted to virtual machine/application. For evry tenant i'm thinking about a VM doing all L3 jobs (router, firewall, loadbalancing, ) Did you see what i mean ? Is it possible ? Thank you in advance ! Regads, ps : sorry for my english ;) -- Benoit http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] vm without floatingip can't be ping by private net
See how you create an external network if you haven't already. Once an external network is created in openstack, instances launched in that network can be accessed directly. Thank you, Ageeleshwar K From: zengshan2008 [zengshan2...@gmail.com] Sent: Wednesday, May 21, 2014 3:01 PM To: openstack Subject: [Openstack] vm without floatingip can't be ping by private net Hi experts: I am now using ovs+vlan mode ,and after allocating the fixed ip which is 192.168.15.0/24, I login the vm by console provided by the horizon page, and I ping from the vm , it works, but I have another physical machine whose IP is 192.168.15.21, and I ping it from vm, it failed, I can't ping the vm from the physical machine whose ip is 192.168.15.21 neither. Since we don't need all the virtual machine can be visited by the external network, so I don't want to associate floatingip to all the vms, but I need the vm can be visited by the private net, how can I fix this out? Regards 2014-05-21 zengshan2008 http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Need help! Stderr: 'ovs-ofctl: -1: negative values not supported for in_port\n'
I have faced this issue before. The openvswitch-plugin tries to create gre interfaces and add them to your br-tun but fails in the process. As a result of this failure the in_port value is sent as -1 and not the actual port number as port creation failed. The error that you are seeing is only the consequence of failure to create port. You should be finding why port creation failed in first place. Normally gre interfaces will be named gre-1,2 etc. See if such ports are present in `ovs-vsctl show` output. From: Martinx - ジェームズ [thiagocmarti...@gmail.com] Sent: Thursday, May 15, 2014 12:13 PM To: openstack@lists.openstack.org Subject: [Openstack] Need help! Stderr: 'ovs-ofctl: -1: negative values not supported for in_port\n' Guys! I need a bit help here... I updated the Linux Kernel of my Ubuntu / Havana environment, to the linux-generic-lts-trusty but, I forgot that `openvsiwtch-dkms` doesn't work with it so, I restarted the cloud with the previous kernel (3.11.0-20-generic) but now, I'm seeing the following error at my Network Node: --- 2014-05-15 03:37:59.509 4889 ERROR neutron.agent.linux.ovs_lib [-] Unable to execute ['ovs-ofctl', 'add-flow', 'br-tun', 'hard_timeout=0,idle_timeout=0,priority=1,in_port=-1,actions=resubmit(,3)']. Exception: Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-ofctl', 'add-flow', 'br-tun', 'hard_timeout=0,idle_timeout=0,priority=1,in_port=-1,actions=resubmit(,3)'] Exit code: 1 Stdout: '' Stderr: 'ovs-ofctl: -1: negative values not supported for in_port\n' --- All Instances are completely offline!! What can I do to fix it? I appreciate any help! Thanks! Thiago http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [neutron] GRE network with 5 nodes
Hi, I recently tried to install Openstack with one controller/network node and 5 compute nodes. I tried to use GRE for neutron network mode. I finished the installation successfully but the network performance was terribly slow. This was partly due to the fact that I was using a low performance switch. What I inferred was while using the GRE mode the switch's port were constantly blinking indicating heavy traffic. I am aware that in GRE mode there is a mesh of tunnels between the various nodes. I assumed that the GRE mode was placing a burden too heavy on the switch and tore down the setup and created a vlan setup instead. The performance was good with vlan. Is this expected or I had been doing something wrong? http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Cinder volume deleting issue
Was the instance terminated or directly deleted from the database? From: anand ts [anandts...@gmail.com] Sent: Wednesday, May 14, 2014 4:09 PM To: openstack@lists.openstack.org Subject: [Openstack] Cinder volume deleting issue Hi all, I have multinode setup on openstack+havana+rdo on CentOS6.5 Issue- Can't able to delete cinder volume. when try to delete through command line [root@cinder ~(keystone_admin)]# cinder list +--++--+--+-+--+--+ | ID | Status | Display Name | Size | Volume Type | Bootable | Attached to | +--++--+--+-+--+--+ | fe0fdad1-2f8a-4cce-a173-797391dbc7ad | in-use | vol2 | 10 | None| true | b998107b-e708-42a5-8790-4727fed879a3 | +--++--+--+-+--+-- [root@cinder ~(keystone_admin)]# cinder delete fe0fdad1-2f8a-4cce-a173-797391dbc7ad Delete for volume fe0fdad1-2f8a-4cce-a173-797391dbc7ad failed: Invalid volume: Volume status must be available or error, but current status is: in-use (HTTP 400) (Request-ID: req-d9be63f0-476a-4ecd-8655-20491336ee8b) ERROR: Unable to delete any of the specified volumes. when try to delete through dashboard, screen shot attached with the mail. This occured when a cinder volume attached instance is deleted from the database without detaching the volume. Now the volume is in use and attached to NONE. Please find the cinder logs here , http://paste.openstack.org/show/80333/ Any work around to this problem. http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Neutron] Changing subnet tenant_id
I can not see anywhere in that page that tenant_id can be updated and it is also not possible. You only have to delete the subnet and recreate for another tenant. From: André Aranha [andre.f.ara...@gmail.com] Sent: Monday, May 12, 2014 10:01 PM To: openstack@lists.openstack.org Subject: [Openstack] [Neutron] Changing subnet tenant_id Hi, I was checking networks in Neutron and in the API (http://api.openstack.org/api-ref-networking-v2.html) it is said that one can update a subnet tenant-id. I tried and raised an error: NeutronError: Cannot update read-only attribute tenant_id. Is it really supported to change a subnet tenant-id or is it a bug? Thank you, Andre Aranha http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Controller and network services in same node
Perfectly possible. In fact that is what I have done too. In openstack the network node is nothing but a machine which has the below three installed. 1. neutron-l3-agent 2. neutron-dhcp-agent 3. neutron-openvswitch-agent The compute node is what which contains 1. nova-compute 2. neutron-openvswitch-agent The controller node is what which contains everything else. So you can always have controller and network node combined. From: Raphael Ribeiro [raphaelp...@gmail.com] Sent: Wednesday, May 14, 2014 4:14 AM To: openstack@lists.openstack.org Subject: [Openstack] Controller and network services in same node Is possible to install the neutron in the controller node without a networking node? how I do that? the neutron documentation seemed confused. -- Raphael Pereira Ribeiro Instituto de Computação - IC/UFAL Graduando em Ciências da Computação http://lattes.cnpq.br/9969641216207080 http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Network node (neutron) , I have only two interface in my machine. How will i configure External interface?
option 1 bridge all traffic from br-ex and br-eth1 to one physical interface eth1 eth0 -- Internal network br-eth1 -- Data network(physnet1 may be) br-ex -- External network in addition to the above add br-proxy ovs-vsctl add-br br-proxy ovs-vsctl add-port br-proxy eth1 ip link set eth1 up ip link set eth1 promisc on ip link add eth1-br-proxy type veth peer name proxy-br-eth1 #(see google for what is veth pair if you do not know already) ip link add ex-br-proxy type veth peer name proxy-br-ex ovs-vsctl add-port br-proxy proxy-br-eth1 ovs-vsctl add-port b-proxy proxy-br-ex ovs-vsctl add-port br-eth1 eth1-br-proxy ovs-vsctl add-port br-ex ex- br-proxy option 2 add eth0 to br-ex assign eth0's ip address to br-ex instead . This interface will act as your internal network interface as well as a interface for external network. eth1 you can use as usual and add them to br-eth1 Thank you, Ageeleshwar K From: dhanesh1212121212 [dhanesh1...@gmail.com] Sent: Monday, May 12, 2014 12:59 PM To: openstack@lists.openstack.org Subject: [Openstack] Network node (neutron) , I have only two interface in my machine. How will i configure External interface? Hi Network node (neutron) 1. 1st interface as management 2. As instance tunnels interface I have only two interface in my machine. How will i configure External interface? Do a need to add another network card? Shall i configure network node alone in VM instance. Regards, Dhanesh. http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] error while launching instance
This is not very informative. I'll give you a suggestion. Open up the log file(tail -f /var/log/nova/nova-compute.log) . Then launch an instance. Send only the errors that show up during the launch. Also I would like to see error in scheduler and nova-api . thank you, Ageeleshwar K From: zhichen...@zju.edu.cn [zhichen...@zju.edu.cn] Sent: Monday, May 12, 2014 6:53 PM To: openstack@lists.openstack.org Subject: [Openstack] error while launching instance Hi, all One day, it came to me that OpenStack is funny and maybe I would like to do something with it.First, I got one controller node and one compute node,then I followed the installation guides on the website. When I set up those necessary services, I began to launch instance through dashboard. After about three minutes when the Launch button was clicked, there came a error like this: [cid:2ac87516$1$145f09a1434$Coremail$zhichengli$zju.edu.cn] In compute node,there are some errors in the file /var/log/nova/nova-compute.log,some of which are: WARNING nova.openstack.common.db.sqlalchemy.session. SQL connection failed. 10 attempts left. ERROR oslo.messaging._drivers.common Returning exception Remote error: ProcessExecutionError Unexpected error while running command. Command: sudo nova-rootwrap /etc/nova/rootwrap.conf env CONFIG_FILE=[/etc/nova/nova.conf] NETWORK_ID=2 dnsmasq --strict-order --bind-interfaces --conf-file= --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=172.16.17.217 --except-interfaces=lo --dhcp-range=set:demo-net, 172.16.17.218,static,255.255.255.248,120s --dhcp-lease-max=8 --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/user/bin/nova-dhcpbridge --leasefile-ro --domain=novalocal --no-hosts --addn-hosts=/var/lib/nova/networks/nova-br100.hosts Exit code:11 I googled that, nothing worked for me.Could you please show me where should I go? -- Best Regards. http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] How to implement: Role based access control using XACML and SAML over rest for cloud
Hi, Your first hop is keystone project. It is the openstack identity management system. Try to get a picture of how the various other parts of openstack interact with keystone for providing their service. Second you should look into policy.json file. There is a policy.json for every service under /etc/service_name. I have not used this so far and can not offer any more information. Hope other openstack developers throw up some. Thank you, Ageeleshwar K From: Priya Sharma [priya_sha...@persistent.co.in] Sent: Friday, May 09, 2014 4:55 PM To: 'd...@cloudstack.apache.org'; 'us...@cloudstack.apache.org'; openstack@lists.openstack.org Subject: [Openstack] How to implement: Role based access control using XACML and SAML over rest for cloud Hi All, I am pursuing MTech and my MTech project is “Role based access control using XACML and SAML over rest for cloud”. I am familiar with Technologies/platform · Role based access control · XACML · SAML · Linux environment But not aware how all this work in cloud. My aim is to implement the role based access control for cloud ,my sole purpose is cloud security. Herein I am attaching the architecture diagram, I initially came up with. Any suggestion in the architect and how to implement role based access control in cloud ,will be helpful. Thanks Priya DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Neutron] Scan IPs belongin to private networks
The private networks in openstack will not be accessible from outside openstack. Based on the kind of setup you have there are certain places from where you could launch a scan. You have give the below information. Are you using neutron-openvswitch-plugin? How do you access the instances in the private network( do you have and external network, router and floating ip) ? Thank you, Ageeleshwar K From: ZIBA Romain [romain.z...@eurogiciel.fr] Sent: Wednesday, April 16, 2014 8:49 PM To: openstack@lists.openstack.org Subject: [Openstack] [Neutron] Scan IPs belongin to private networks Hello everyone, I have an Openstack infranstructure up and running with Neutron using GRE tunnel thanks to Openvswitch. I can create networks, subnets, floating IPs and private IPs. Now, I would like to scan my VMs for security purposes. Do you know if it is possible to scan private IPs with a tool such as OpenVas? Thanks beforehand best regards. Romain. http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Neutron] Scan IPs belongin to private networks
The private network is accessible from the net namespace belonging to the router attaching your private network and the external network. As far as I know you would be able to scan the private network from inside the namespace and not anywhere else. Do let me know if that answered your question and also if you are able to find an alternative please share. Thank you, Ageeleshwar K From: ZIBA Romain [romain.z...@eurogiciel.fr] Sent: Thursday, April 17, 2014 2:59 PM To: Ageeleshwar Kandavelu; openstack@lists.openstack.org Subject: RE: [Openstack] [Neutron] Scan IPs belongin to private networks Hi, Yes I am using neutron-openvswitch-plugin. In order to access the instances, I have an external network with router and floating ips. Otherwise, I can only access them from the controller/networking node using IP NETNS. I would rather not scan the floating ips because an instance may not have one. Best regards, Romain Z. De : Ageeleshwar Kandavelu [mailto:ageeleshwar.kandav...@csscorp.com] Envoyé : jeudi 17 avril 2014 09:10 À : ZIBA Romain; openstack@lists.openstack.org Objet : RE: [Openstack] [Neutron] Scan IPs belongin to private networks The private networks in openstack will not be accessible from outside openstack. Based on the kind of setup you have there are certain places from where you could launch a scan. You have give the below information. Are you using neutron-openvswitch-plugin? How do you access the instances in the private network( do you have and external network, router and floating ip) ? Thank you, Ageeleshwar K From: ZIBA Romain [romain.z...@eurogiciel.fr] Sent: Wednesday, April 16, 2014 8:49 PM To: openstack@lists.openstack.orgmailto:openstack@lists.openstack.org Subject: [Openstack] [Neutron] Scan IPs belongin to private networks Hello everyone, I have an Openstack infranstructure up and running with Neutron using GRE tunnel thanks to Openvswitch. I can create networks, subnets, floating IPs and private IPs. Now, I would like to scan my VMs for security purposes. Do you know if it is possible to scan private IPs with a tool such as OpenVas? Thanks beforehand best regards. Romain. http://www.csscorp.com/common/email-disclaimer.php http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] quantum openvswitch agent on compute nodes stops working.
Steps to debug. 1. Understand where exactly the problem lies * Are you not able to reach the floating ip of instances? * First start a continuous ping from an machine outside openstack to the floating ip * Go to network node. Find the interface of the router that attaches your external network to the br-ex(external bridge, you should see it in bridge_mappings, the one with no vlan id ranges in its corresponding network_vlan_ranges) * Note: This interface might not be in default network node host's namespace. It would exists inside the namespace that was created for your router. Your namespace for your router would normally be something like 'qrouter-router_id' and you can view it using 'ip netns' command. * Do 'tcpdump -lennvi the interface. To do this you would have to execute tcpdump inside the namespace mentioned above. You can do that by 'ip netns exec namespace id tcpdump -lennvi interface_name * In your tcpdump do you see the ping requests arriving? * No? * If you do not see them then it might be that your physical network interface (say eth3) attached to br-ex is not in promiscous mode or it is not up. * So you do 'ip link set physical_interface up', 'ip link set physical_interface promisc on' * Yes? * Go on the next step. Find the network interface attaching your router(external router) to your instance's network. Again it will be inside the same network namespace and to the tcpdump there. * Here you should see the same ping request except that the ip you are pinging should be the private ip and not the floating ip. If this is not happening the problem lies in your neutron l3 agent and /or firewall driver. * If this too is happening you have to go to the below subject. * Are the instances not able to reach other through their private ip itself? * This could mean that your instance would also not be able to reach its gateway router. The router that is responsible for floating ip mapping and inter subnet connectivity. * To check this start a continuous ping from one of the instances in openstack to the gateway router interface for that subnet. * Start tracing where your packets are dropped using tcpdump. Below is the list of interface you are to look in the order from instance to router. * The tap device attached to the instance. You can find this in the openstack dashboard page of the network. * 'int-br-eth1' * 'phy-br-eth1' at this interface the ping packets should carry a vlan(if you are using vlan mode) * eth1( I am assuming that your physnet is bridged to br-eth1 and eth1 is attached to br-eth1) here the packets should carry a vlan id that was assigned to the openstack network while you created it. * eth1 of the network node. 'phy-br-eth1', 'int-br-eth1' of network node. Then to the interface of the router in the instance's network I agree Its too cryptic and would not make sense on first look but if you study the way neutron openvswitch agent works, you will see the flow I have mentioned above. If you could tell me where exactly your packet goes missing I could find a possible reason and solution to prevent outages. There is however another way to debug using ovs-ofctl dump-flows on br-int and br-eth1 on both compute and network node. But this assumes that all flows are correctly programmed. Thank you, Ageeleshwar K From: Akshat Kansal [akshatk...@gmail.com] Sent: Thursday, April 10, 2014 1:26 PM To: Robert van Leeuwen Cc: openstack@lists.openstack.org Subject: Re: [Openstack] quantum openvswitch agent on compute nodes stops working. Thanks Robert, Yes other components still work, openvswitch works fine as no flows are dropped. I even do not see any error in the logs, but still it stops working. Also, after the restart it starts working fine,so I don't doubt the space in rabbit message queue to be a problem. Regards Akshat On Thu, Apr 10, 2014 at 11:23 AM, Robert van Leeuwen robert.vanleeu...@spilgames.commailto:robert.vanleeu...@spilgames.com wrote: I am facing a issue, where all of a sudden the quantum openvswitch agent stops working and all the VMs lose connectivity and even the provisioning fails. Also, I also want to understand what is the role of quantum openvswitch agent. Any pointer will be helpful. The agent setups the Openvswitch flows (ovs-ofctl dump-flows). I think it also creates the interfaces to be patched into the vms. What does the openvswitch logs say? Do other components still work? I think I saw something similar when rabbitmq did not have enough space (it needs at least 1GB free space). You would be able to connect to rabbitmq (so no errors in the logs) but it stopped processing messages. Cheers, Robert van
Re: [Openstack] Multiple Flat Networks same physical net
How about this in plugin.ini set like this bridge_mappings = Physnet1:br-ex1,Physnet2:br-ex2 then go on and create a proxy bridge to emulate two network on same nic ovs-vsctl add-br br-proxy ovs-vsctl add-port br-proxy ethx ovs-vsctl add-br br-ex1 ip link add name ex1-br-proxy type veth peer name proxy-br-ex1 ovs-vsctl add-port br-ex1 ex1-br-proxy ovs-vsctl add-port br-proxy proxy-br-ex1 ovs-vsctl add-br br-ex2 ip link add name ex2-br-proxy type veth peer name proxy-br-ex2 ovs-vsctl add-port br-ex2 ex2-br-proxy ovs-vsctl add-port br-proxy proxy-br-ex2 I am sorry but I still did not give you multiple flat networks on same physical network. However now you have two flat physical networks both bridged to same nic. If anyone got better suggestion please reply.. Thank you, Ageeleshwar K From: gustavo panizzo gfa [g...@zumbi.com.ar] Sent: Thursday, April 10, 2014 6:51 PM To: openstack@lists.openstack.org Subject: [Openstack] Multiple Flat Networks same physical net Hello i have a use case where i have to use two provider networks over the same physical nic. My provider provides me 2 network ranges (each has it's netmask and gateway) over the same nic. without VLAN or tunneling. i need to expose both network ranges to the VMs my initial tough was to create 2 provider networks each one with it's own subnet, then setup 2 vNIC in each vm $ neutron net-create prov-1 --provider:network_type flat --provider:physical_network physnet1 --router:external=True $ neutron subnet-create --allocation-pool start=192.168.255.151,end=192.168.255.200 prov-1 192.168.255.0/24 --name=prov-1 $ neutron net-create prov-2 --provider:network_type flat --provider:physical_network physnet1 --router:external=True then i get this error msg 409-{u'NeutronError': {u'message': u'Unable to create the flat network. Physical network physnet1 is in use.', u'type': u'FlatNetworkInUse', u'detail': u''}} this is kinda expected, flat network does not provide any kind of isolation, but is a use case in the openstack manuals http://docs.openstack.org/havana/install-guide/install/zypper/content/section_use-cases-multi-flat.html anybody has an idea how to implement it? thanks! PS: floatip is not an option :( -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Devstack Neutron Error
What is stack.sh doing at that time. Is it trying to delete a network before deleting the routers attached to its subnets? Thank you, Ageeleshwar K From: trinath.soman...@freescale.com [trinath.soman...@freescale.com] Sent: Wednesday, April 09, 2014 1:58 PM To: openstack@lists.openstack.org Subject: [Openstack] Devstack Neutron Error Hi stackers- When I run devstack Manually, I get this error at Neutron Port xxx has owner network:router_interface and therefore cannot be deleted directly via the port API And stack.sh fails to go further. Kindly help me resolve the issue. -- Trinath Somanchi - B39208 trinath.soman...@freescale.com | extn: 4048 http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Equivalent component for VPC
The answer is a bit complicated. Multiple users can belong to a tenant in openstack however a user can have multiple vpc in aws. However In aws most of the resources(security groups, routing table, access list are aligned to a vpc) Similarly in openstack all such resources are aligned to the tenant. In another perspective a vpc can be related to neutron network, because its the network that acts as a container for subnets in openstack and vpc acts as container for subnet in aws. Summing up there is no specific equivalent of vpc in openstack. Openstack follows its own logic/flow. Guys please correct me if I have gone wrong anywhere. Thank you, Ageeleshwar K From: Shital Patil [shital.pa...@gslab.com] Sent: Friday, April 04, 2014 9:12 AM To: openstack@lists.openstack.org Subject: [Openstack] Equivalent component for VPC Hi, I want to know what is the equivalent component for openstack like amzon VPC or vcloud VDC? Is it a tenant or project/user? Thank you http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [RFC] Routed private networks per tenant
How do you route every tenant network to the corporate network? From: Diego Woitasen [di...@woitasen.com.ar] Sent: Friday, April 04, 2014 1:32 AM To: openstack@lists.openstack.org Subject: [Openstack] [RFC] Routed private networks per tenant Hi, I need another opinion about what I am doing. I'm setting up OpenStack using Neutron (1 controller node, 1 network node, N computes nodes). In my setup every tenant have its own private network using VLANs (OpenVSwitch). I only need one router because I want only to isolate the projects, but they don't need to do any management or a special requirement to have one router per each one. I don't need floating IPs, NAT. Every tenant network is routed in the corporate network. So basically my config was: neutron net-create corp -- --router:external=True neutron subnet-create corp --gateway=10.210.150.254 --enable_dhcp=False --allocation-pool start=10.210.150.11,end=10.210.150.11 10.210.150.0/23 # Only one IP in the pool, the IP used to reach the tenant subnets. neutron router-create corpnet-router neutron router-gateway-set $ROUTER_ID $EXT_SUBNET_ID And for every tenant: neutron net-create --tenant-id $TENANT_ID --provider:physical_network=physnet1 --provider:network_type=vlan --provider:segmentation_id=$VLAN_ID tenantX-net neutron subnet-create --tenant-id $TENANT_ID tenantX-net 10.210.99.240/28 --gateway 10.210.99.241 neutron router-interface-add $ROUTER_ID $TENANT_SUBNET_ID This creates one router using namespaces, but I'not sure if that's the best option. If my setup is simple, may be I don't need namespaces and all the VLANs and routing could be managed in the controller node directly. I would like to hear another opinions about this setup, if it ok, if there is something better. Regards, Diego -- Diego Woitasen - Linux and Open Source solutions architect - DevOps Engineer, Infrastructure developer http://www.woitasen.com.ar ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Neutron network node setup
Maruf was correct. Also in your plugin.ini you have associate each physical network to a bridge. And each of those bridges should have one physical network interface attached. In my previous mail i gave an example where I associated Extnet to br-ex. Then add eth2 to br-ex. Then your external network(ext-net) would be overlaid on top of Extnet, bridged to br-ex, then traffic flows outside through eth2. Thank you, Ageeleshwar K From: Md. Maruful Hassan [mrf@gmail.com] Sent: Thursday, April 03, 2014 9:29 AM To: Erich Weiler Cc: Ageeleshwar Kandavelu; Alex Yang; openstack@lists.openstack.org Subject: Re: [Openstack] Neutron network node setup You need to use 'flat' instead of 'local' and specify physical_network . so modify neutron net-create ext-net --provider:network_type=local --shared --router:external=True to neutron net-create ext-net --provider:network_type=flat --provider:physical_network Extnet --shared --router:external=True Extnet is the name you configured in plugin.ini as bridge_mapping - Maruf -- m@ruf On Thu, Apr 3, 2014 at 9:37 AM, Erich Weiler wei...@soe.ucsc.edumailto:wei...@soe.ucsc.edu wrote: Hi Ageeleshwar, I *think* I see what you are saying - is this correct? First, I create a flat external network: # neutron net-create ext-net --provider:network_type=local --shared --router:external=True Created a new network: +---+--+ | Field | Value| +---+--+ | admin_state_up| True | | id| 71b4b5b9-e744-4c67-9b62-4f64ab727e47 | | name | ext-net | | provider:network_type | local| | provider:physical_network | | | provider:segmentation_id | | | router:external | True | | shared| True | | status| ACTIVE | | subnets | | | tenant_id | 36687b1d611740bd9e7309432b22dbcd | +---+--+ # neutron subnet-create ext-net --allocation-pool start=134.145.112.10,end=134.145.112.100 --gateway=134.145.112.1 --enable_dhcp=False 134.145.112.0/24http://134.145.112.0/24 Created a new subnet: +--+--+ | Field| Value| +--+--+ | allocation_pools | {start: 134.145.112.10, end: 134.145.112.100} | | cidr | 134.145.112.0/26http://134.145.112.0/26 | | dns_nameservers | | | enable_dhcp | False| | gateway_ip | 134.145.112.1 | | host_routes | | | id | 6082cdb3-98bc-4fbe-a0fb-ff264ea7384f | | ip_version | 4| | name | | | network_id | 71b4b5b9-e744-4c67-9b62-4f64ab727e47 | | tenant_id| 36687b1d611740bd9e7309432b22dbcd | +--+--+ Create a router from ext-to-int for my demo tenant: # neutron router-create ext-to-int --tenant-id f7e61747885045d8b266a161310c0094 Created a new router: +---+--+ | Field | Value| +---+--+ | admin_state_up| True | | external_gateway_info | | | id| 4ca4292c-8954-4f21-acd6-b0044e0d02cb | | name | ext-to-int | | status| ACTIVE | | tenant_id | f7e61747885045d8b266a161310c0094 | +---+--+ Set my router gateway: # neutron router-gateway-set 4ca4292c-8954-4f21-acd6-b0044e0d02cb 71b4b5b9-e744-4c67-9b62-4f64ab727e47 Set gateway for router 4ca4292c-8954-4f21-acd6-b0044e0d02cb Create a tenant-network with a VLAN: # neutron net-create --tenant-id f7e61747885045d8b266a161310c0094 demo-net --provider:network_type vlan --provider:physical_network physnet1
Re: [Openstack] [Neutron] QoS API and DB model
Just In case someone who could help me failed to see my previous mail, I am resending the below one. From: Ageeleshwar Kandavelu Sent: Monday, March 31, 2014 1:25 PM To: openstack@lists.openstack.org Subject: [Neutron] QoS API and DB model Hi, I saw the below blueprint and spec. https://blueprints.launchpad.net/neutron/+spec/quantum-qos-api-db This one appears to be incomplete. Is a more complete document hosted elsewhere? or When can I expect one. I have several doubts regarding its implementation like below. 1. Is the QoS as a service implemented yet. What is the percentage of completion 2. Is the service tied to the router. What I mean is the QoS setting are performed on a per router basis or are they global. 3. Is QoS available for openvswitch plugin too. I have one possible implementation of QoS for openvswitch and would like contribute. Thanks in advance for answering Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Neutron network node setup
Make your external network flat. If you do so there wont be any vlan tag on packets reaching your external network. in you plugin.ini you put something like this network_vlan_ranges = Intnet1:100:200,Extnet bridge_mappings = Intnet1:br-eth1,Extnet:br-ex This means you would use vlan id 100 to 200 on openstack networks created on top of Intnet1. On Extnet you would not use any vlan. Then you say that to all traffic on network created on Intnet1 should be bridged to br-eth1. Then you would add eth1 to br-eth1. Then you say all traffic for Extnet should be bridged to br-ex. Then you have to add a physical interface say eth2 to br-ex. Finally you can create an external network in openstack with physical_network=Extnet. You just said that all internal network shall be created and Intnet1 and allocated vlan from 100 to 200. External network shall be overlaid on top of Extnet and no vlans. Hope it makes sense. Ageeleshwar K From: Alex Yang [alex890...@gmail.com] Sent: Wednesday, April 02, 2014 7:09 AM To: Erich Weiler Cc: openstack@lists.openstack.org Subject: Re: [Openstack] Neutron network node setup Hi Erich, I think this following articles may helpful for you. http://developer.rackspace.com/blog/categories/networking/ 2014-04-02 5:59 GMT+08:00 Erich Weiler wei...@soe.ucsc.edumailto:wei...@soe.ucsc.edu: Hey Y'all, I'm setting up a dedicated neutron network node and I'm having a bit of trouble understanding the way the networks work. On the network node I have one interface on the public net (eth0), one interface on the private net (eth1) and I'm following these guides to set it up. My plan is to have eth0 on the public network, no VLAN magic there or anything. eth1 will be the data interface, and it will be connected to a trunk switchport so it can use VLANs for tenant isolation (OVS VLAN plugin). I ran this command to set up ext-net: neutron net-create ext-net --router:external=True Created a new network: +---+--+ | Field | Value| +---+--+ | admin_state_up| True | | id| a5599b54-dbfc-42fa-b5b9-e8ebd574ded0 | | name | ext-net | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 200 | | router:external | True | | shared| False| | status| ACTIVE | | subnets | | | tenant_id | 36687b1d611740bd9e7309432b22dbcd | +---+--+ But, I don't think network_type=vlan right? As eth0 just sits right on a public network? Should network_type=local instead? Also, should physical_network equal null, and also segmentation_id equal null as well? I would understand type=vlan and seg_id and such for a tenant network, but for ext-net? Any hints would be greatly appreciated...! -erich ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.orgmailto:openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -- 杨雨 Email: alex890...@gmail.commailto:alex890...@gmail.com GitHub: https://github.com/AlexYangYu Weibo: http://www.weibo.com/alexyangyu http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [Neutron] QoS API and DB model
Hi, I saw the below blueprint and spec. https://blueprints.launchpad.net/neutron/+spec/quantum-qos-api-db This one appears to be incomplete. Is a more complete document hosted elsewhere? or When can I expect one. I have several doubts regarding its implementation like below. 1. Is the QoS as a service implemented yet. What is the percentage of completion 2. Is the service tied to the router. What I mean is the QoS setting are performed on a per router basis or are they global. 3. Is QoS available for openvswitch plugin too. I have one possible implementation of QoS for openvswitch and would like contribute. Thanks in advance for answering Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [Neutron] Flaw in flow rules
Hi, I am using vlan mode networking. There appears to be a flaw in my flow rules. To the best of my knowledge the in_port in the below output should have been 3(according to ovs-dpctl show). But it is 33. To my surprise however, my setup is working. Can any one explain to me how this can happen. root@mars:~# ovs-ofctl dump-flows br-int NXST_FLOW reply (xid=0x4): cookie=0x0, duration=522.826s, table=0, n_packets=263, n_bytes=39666, idle_age=429, priority=3,in_port=33,dl_vlan=100 actions=mod_vlan_vid:2,NORMAL cookie=0x0, duration=2567.744s, table=0, n_packets=920, n_bytes=197692, idle_age=0, priority=2,in_port=33 actions=drop cookie=0x0, duration=2568.669s, table=0, n_packets=384, n_bytes=37365, idle_age=429, priority=1 actions=NORMAL root@mars:~# ovs-ofctl dump-flows br-eth1 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=525.124s, table=0, n_packets=384, n_bytes=37693, idle_age=431, priority=4,in_port=5,dl_vlan=2 actions=mod_vlan_vid:100,NORMAL cookie=0x0, duration=2569.882s, table=0, n_packets=6, n_bytes=468, idle_age=2559, priority=2,in_port=5 actions=drop cookie=0x0, duration=2570.721s, table=0, n_packets=12748, n_bytes=978934, idle_age=1, priority=1 actions=NORMAL root@mars:~# ovs-dpctl show system@ovs-system: lookups: hit:39891511 missed:7260493 lost:0 flows: 11 port 0: ovs-system (internal) port 1: br-int (internal) port 2: br-eth1 (internal) port 3: int-br-eth1 port 4: phy-br-eth1 port 5: eth1 port 6: tap4385c710-be root@mars:~# http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Neutron] Flaw in flow rules
Sure that helps. Any Idea whats the difference between this one and the one in dpctl show. Thank you, Ageeleshwar K From: Damon Wang [damon.dev...@gmail.com] Sent: Thursday, March 27, 2014 4:55 PM To: Ageeleshwar Kandavelu Cc: openstack@lists.openstack.org Subject: Re: [Openstack] [Neutron] Flaw in flow rules Hi, Use ovs-ofctl show br-int instead of ovs-dpctl show :-) Hope it helps Damon 2014-03-27 17:19 GMT+08:00 Ageeleshwar Kandavelu ageeleshwar.kandav...@csscorp.commailto:ageeleshwar.kandav...@csscorp.com: Hi, I am using vlan mode networking. There appears to be a flaw in my flow rules. To the best of my knowledge the in_port in the below output should have been 3(according to ovs-dpctl show). But it is 33. To my surprise however, my setup is working. Can any one explain to me how this can happen. root@mars:~# ovs-ofctl dump-flows br-int NXST_FLOW reply (xid=0x4): cookie=0x0, duration=522.826s, table=0, n_packets=263, n_bytes=39666, idle_age=429, priority=3,in_port=33,dl_vlan=100 actions=mod_vlan_vid:2,NORMAL cookie=0x0, duration=2567.744s, table=0, n_packets=920, n_bytes=197692, idle_age=0, priority=2,in_port=33 actions=drop cookie=0x0, duration=2568.669s, table=0, n_packets=384, n_bytes=37365, idle_age=429, priority=1 actions=NORMAL root@mars:~# ovs-ofctl dump-flows br-eth1 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=525.124s, table=0, n_packets=384, n_bytes=37693, idle_age=431, priority=4,in_port=5,dl_vlan=2 actions=mod_vlan_vid:100,NORMAL cookie=0x0, duration=2569.882s, table=0, n_packets=6, n_bytes=468, idle_age=2559, priority=2,in_port=5 actions=drop cookie=0x0, duration=2570.721s, table=0, n_packets=12748, n_bytes=978934, idle_age=1, priority=1 actions=NORMAL root@mars:~# ovs-dpctl show system@ovs-system: lookups: hit:39891511 missed:7260493 lost:0 flows: 11 port 0: ovs-system (internal) port 1: br-int (internal) port 2: br-eth1 (internal) port 3: int-br-eth1 port 4: phy-br-eth1 port 5: eth1 port 6: tap4385c710-be root@mars:~# http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.orgmailto:openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [Neutron] General dev queries regarding neutron ovs agent
Hi, I have two queries regarding neutron ovs agent. 1. Correct me if I am wrong the ovs agent polls the neutron database for changes before creating resources. Why does the agent have to register with neutron-server. When I give 'neutron agent-list' I can see all the agents (l3, dhcp, ovs-plugin). What is the communication interface between the neutron-server and the agents. A link to the documentation would do. 2. I recon that the ovs agent is using subprocess to create interfaces on openvswitch. What api does it use to handling namespaces i.e., to create interfaces inside non default network namespace. Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [Neutron] General dev queries regarding neutron ovs agent
That was very informative. Can you also give me any links to the documentation for the RPC interface? Is status report the only purpose of this interface or is it also used by neutron-server to notify agent about user generated events like say net-create, subnet-create etc. Thank you, Ageeleshwar K From: Salvatore Orlando [sorla...@nicira.com] Sent: Tuesday, March 25, 2014 3:31 PM To: Ageeleshwar Kandavelu Cc: openstack@lists.openstack.org Subject: Re: [Openstack] [Neutron] General dev queries regarding neutron ovs agent Comments inline. Salvatore On 25 March 2014 07:03, Ageeleshwar Kandavelu ageeleshwar.kandav...@csscorp.commailto:ageeleshwar.kandav...@csscorp.com wrote: Hi, I have two queries regarding neutron ovs agent. 1. Correct me if I am wrong the ovs agent polls the neutron database for changes before creating resources. Why does the agent have to register with neutron-server. When I give 'neutron agent-list' I can see all the agents (l3, dhcp, ovs-plugin). What is the communication interface between the neutron-server and the agents. A link to the documentation would do. The latest version of the neutron agent which had direct access to the database was Essex. Since Folsom, there is a RPC interface, which is the one the agent uses to report the state you see with neutron agent-list. Also, the agent configures iptables rules for implementing security groups, and creates gre tunnels if you're using this transport mode; it does not create however tap interfaces, but merely wires them to the appropriate network. 2. I recon that the ovs agent is using subprocess to create interfaces on openvswitch. What api does it use to handling namespaces i.e., to create interfaces inside non default network namespace. As stated earlier the OVS agent does not create interface. Other agents, such as DHCP and L3, do that. This, and ns management, is achieved with a purpose built library: neutron.agent.linux.ip_lib Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.orgmailto:openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] (no subject)
Hi, That is right. Thishttps://review.openstack.org/#/c/45232/ however is more convincing. @skywalker.nick Thank you --- Message: 20 Date: Tue, 25 Mar 2014 14:17:01 +0700 From: Kai phamtungdu...@gmail.com To: Li Ma skywalker.n...@gmail.com Cc: Openstack Milis openstack@lists.openstack.org Subject: Re: [Openstack] QoS solutions for Neutron? Message-ID: cae_13kj0jsws0putxdqu8rkus7fkttg+eksgaaxvkctnjbn...@mail.gmail.com Content-Type: text/plain; charset=utf-8 Hi Li, We had tried you suggestion, but we found that if we use nova-network (for using flavor), we cannot use neutron. Is it right? http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] floatting ip are not created
If you are using gre mode. you have to create br-tun and restart your neutron-ovs agent. If you are using vlan you have to create all bridges mentioned in bridge_mappings inside '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini' You can not expect your floating ip to work untill you can ping the external router from your instance(using vnc window) Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] floatting ip are not created
You got it wrong. br-int (Intergration bridge) - This is like a point-of-presence for instances to connect and send network traffic. br-tun (tunnel bridge) - This bridge serves as the tunnel endpoints. This is also a part of your data network. This is also used by VM. The intent is to have each tenant traffic in a separate tunnel. Packets leaving the instance will carry no vlan id. In br-int flow rules will add a vlan to the packets from each instance( the vlan id depends on the network ) . In br-tun there is one flow to translate the vlan to a particular tunnel id. So packets leaving br-tun carry tunnel id according to the tenant. The br-tun of various nodes (computes and network node) form a mesh of tunnels through which the vm data flows. Once you create br-tun and restart the neutron ovs plugin you can see the flow rules using 'ovs-ofctl dump-flows br-int/ br-tun' If you do ovs-vsctl show you will see that the br-tun of various nodes have formed a mesh of tunnels. You do not need any bridge for management. Thank you, Ageeleshwar K From: cheniour ghassen [ghacheni...@gmail.com] Sent: Tuesday, March 25, 2014 6:15 PM To: Ageeleshwar Kandavelu Subject: Re: [Openstack] floatting ip are not created Hi Ageeleshwar, I want to thank you first for your answer. I am using gre mode. As i know br-tun are using for management And br-int are used for data forwarding beteween the VMs. As documented in the openstack docs, I have created br-int and indicated tha br-tun are for management. I think the problem is because neutron doesn't detect the agents. The below pdf file contain some configurations. Thank you and i am looking forward for your answer. sincerely, Ghassen Cheniour. On Tue, Mar 25, 2014 at 1:33 PM, Ageeleshwar Kandavelu ageeleshwar.kandav...@csscorp.commailto:ageeleshwar.kandav...@csscorp.com wrote: If you are using gre mode. you have to create br-tun and restart your neutron-ovs agent. If you are using vlan you have to create all bridges mentioned in bridge_mappings inside '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini' You can not expect your floating ip to work untill you can ping the external router from your instance(using vnc window) Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Openstack Services SNMP Intergration
Hi, Please reply with your suggestions on building support for all Openstack services to send SNMP traps rather than only logging to files. Wouldn't it make debugging and monitoring easier. Is there any project working on this as of now? What would be the best strategy to integrate with existing services without disturbing the core. Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Openstack Services SNMP Intergration
Thank you for the reply. The intention was to have a single interface to view all activity in the system, rather than log into each machine and read the log files of each service. I spend lot of time debugging the system and it would help people like me. From: Eric Brown [bro...@vmware.com] Sent: Thursday, March 20, 2014 7:17 PM To: Ageeleshwar Kandavelu Cc: openstack@lists.openstack.org; Syedhabib Siddikali Subject: Re: [Openstack] Openstack Services SNMP Intergration I don't think SNMP would be appropriate. For one thing SNMPv1/v2c are highly insecure, and SNMPv3 isn't widely used due to its security complexity. A better choice might be protocols such CIM or rsyslog. What kind of data are you interested in monitoring? You can probably already do what you need without adding a new protocol. On Mar 20, 2014, at 7:57 AM, Ageeleshwar Kandavelu ageeleshwar.kandav...@csscorp.commailto:ageeleshwar.kandav...@csscorp.com wrote: Hi, Please reply with your suggestions on building support for all Openstack services to send SNMP traps rather than only logging to files. Wouldn't it make debugging and monitoring easier. Is there any project working on this as of now? What would be the best strategy to integrate with existing services without disturbing the core. Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstackk=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0Ar=2CQc966BQ6s3Cdd6nQ79uvWP17nF9g%2FX4m3XppGg1xQ%3D%0Am=iMr6V3ys4hUFbe5Rc1mZ%2Bz2i4zqA5OKKjQ2NtwEelss%3D%0As=d6e4c1fd1909f493bb026c37dd092bf8b7992071f130fd63f1cc8419a18ba191 Post to : openstack@lists.openstack.orgmailto:openstack@lists.openstack.org Unsubscribe : https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstackk=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0Ar=2CQc966BQ6s3Cdd6nQ79uvWP17nF9g%2FX4m3XppGg1xQ%3D%0Am=iMr6V3ys4hUFbe5Rc1mZ%2Bz2i4zqA5OKKjQ2NtwEelss%3D%0As=d6e4c1fd1909f493bb026c37dd092bf8b7992071f130fd63f1cc8419a18ba191 http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] provider network with 3 nics
Hi, I am assuming that eth2 is attached to br-eth2 and eth2 is connected to the 192.168.1.x network. 1. make sure eth2 has promiscous enabled(ip link show eth2) and the link is up(mii-tool eth2) ip link set eth2 promisc on ip link set eth2 up Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] unable to ping google.com
Reasons for lack of connectivity to google 1. You do not have connectivity to your default gateway Symptoms: you will be unable to ping your default gateway. By default the first ip in your subnet is the ip address of your gateway. Solution: Make sure you have a router that connects your subnet with the external network's subnet. Then make sure you are able to ping the gateway. If you are unable to do so then check for errors in your neutron plugin's log file. 2. If you are able to ping the gateway but not google. Check your instance's routing table 'route -n' There should be a default route pointing to your gateway. 3. If all is well then the trouble is in your resolv.conf. http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [openstack] [neutron] how to config one l3 agent for each l3 router?
Hi, This was interesting so lets work it out this way. Lets do it for vlan mode first and then apply the logic for gre. Lets have two hosts that run l3-agent (nethost1, nethost2) nethost1 configurations In '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini' network_vlan_ranges = Intnet1:100:200,Extnet1 bridge_mappings = Intnet1:br-eth1,Extnet1:br-ex In '/etc/neutron/l3-agent.ini' gateway_external_network_id=Extnet1 nethost2 configurations In '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini' network_vlan_ranges = Intnet1:100:200,Extnet2 bridge_mappings = Intnet1:br-eth1,Extnet2:br-ex In '/etc/neutron/l3-agent.ini' gateway_external_network_id=Extnet2 Summary Now there are two l3 agents Each one running on two different nodes Each one configured to use two different external networks (Extnet1 and Extnet2) Now you can create two external networks in neutron neutron net-create --name External_Network_One --provider:physical_network Extnet1 --provider:network_type flat --router:external True --shared True neutron net-create --name External_Network_Two --provider:physical_network Extnet2 --provider:network_type flat --router:external True --shared True Then go on and create a subnet in each of the external networks Now you can connect your subnet1 to one of the two external subnets with a router and start using. All your traffic will go through that router/l3-agent/external_network. If you connect your subnet to the other external subnet then it will use a different route. In GRE mode you need not specify network_vlan_ranges and the rest of the configurations should be the same. I do not have a set up until next week so can not try this out myself. Good luck if you want to go ahead. Do get back for any issues. Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [neutron] neutron api
Thank you very much. That solved my problem. I was looking at wrong place. Sent using CloudMagichttps://cloudmagic.com/k/d/mailapp?ct=pacv=1.0.10.8pv=4.2.2 https://cloudmagic.com/k/d/mailapp?ct=pacv=1.0.10.8pv=4.2.2 On Wed, Feb 05, 2014 at 9:42 AM, Akihiro Motoki mot...@da.jp.nec.commailto:mot...@da.jp.nec.com wrote: Hi Ageeleshwar, Have you solved this topic already? Please see Networking API v2.0 reference [1] at docs.openstack.org. This is the official document maintained by neutron team. (2014/02/03 21:33), Ageeleshwar Kandavelu wrote: I was trying to use the python-neutronclient for creating security groups and it throws the weird (NeutronClientException: Unable to find 'security_group' in request body ) exception. Why is it trying to find a security group when I am trying to create a new one. I think it is just because your request body is not a proper format. An example of the request body is available at [2]. [1] http://docs.openstack.org/api/openstack-network/2.0/content/security-groups-ext.html [2]http://docs.openstack.org/api/openstack-network/2.0/content/POST_security-groups-v2.0_createSecGroup_v2.0_security-groups_security-groups-ext.html the list and get method of the python-neutronclient work well though. I checked the neutron api documentation and see that it has CRUD methods only for network, subnet and ports. (https://wiki.openstack.org/wiki/Neutron/APIv2-specification) Now I am really confused about the work-flow. Is neutron responsible for creating security groups or is it nova(create works with nova except that i do not know how to add rules to the sg). Neutron security group can be managed through both neutron API and nova API. If you need full features of Neutron security group, you need to use Neutron API directly. Thanks, Akihiro Can any one tell me which process is responsible for this workflow and what the api is and if there is support for it in any python client. Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [neutron] neutron api
I was trying to use the python-neutronclient for creating security groups and it throws the weird (NeutronClientException: Unable to find 'security_group' in request body ) exception. Why is it trying to find a security group when I am trying to create a new one. the list and get method of the python-neutronclient work well though. I checked the neutron api documentation and see that it has CRUD methods only for network, subnet and ports. (https://wiki.openstack.org/wiki/Neutron/APIv2-specification) Now I am really confused about the work-flow. Is neutron responsible for creating security groups or is it nova(create works with nova except that i do not know how to add rules to the sg). Can any one tell me which process is responsible for this workflow and what the api is and if there is support for it in any python client. Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] How to enable jumbo frames for instances
Hi, Is it possible to have a higher MTU when your ethernet is limited to 1500? Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] multiple network nodes
Hi, I would like to add here. The original question was actually about distributing the load on a network node. Although it is possible to distribute the network services like neutron-server, l3-agent, dhcp-agent etc we have to understand that this does not distribute the load. Consider the l3-agent. The l3 agent provides routing functionality and no mater how many routers you create in your openstack all are going to be handled by a single node where l3-agent is installed. The dhcp-agent runs all dnsmasq on a single node. Please correct me if I am wrong, but shouldn't this architecture be refined to really distribute the load than just distributing the services on multiple nodes. Considering the flexibility of openflow rules, why can not the l3 agent add flow rules that perform routing on the compute nodes themselves, rather than concentrating all the traffic to the node running l3-agent then routing from there. Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] multiple network nodes
Copying all participants ... Hi, I would like to add here. The original question was actually about distributing the load on a network node. Although it is possible to distribute the network services like neutron-server, l3-agent, dhcp-agent etc we have to understand that this does not distribute the load. Consider the l3-agent. The l3 agent provides routing functionality and no mater how many routers you create in your openstack all are going to be handled by a single node where l3-agent is installed. The dhcp-agent runs all dnsmasq on a single node. Please correct me if I am wrong, but shouldn't this architecture be refined to really distribute the load than just distributing the services on multiple nodes. Considering the flexibility of openflow rules, why can not the l3 agent add flow rules that perform routing on the compute nodes themselves, rather than concentrating all the traffic to the node running l3-agent then routing from there. Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] [openstack]No option to specify subnet to launch an instance
Hi, In openstack dashboard while launching instances only networks are listed. If a Network has multiple subnets how do I specify which subnet a instance should attach to. Also while creating port on a network one can not specify the subnet. Is this a bug or is there some purpose to it. Thank you, Ageeleshwar K http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] need configration for Vm network should communicate with seconf NIC
Do you intend to use this one host as compute or controller or network? If you want to use it as all in one host see https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_SingleNode/OpenStack_Grizzly_Install_Guide.rst http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Neutron port-create command
Thank you all for that was helpful. I also got some more information(to use agent/linux/interface.py) from neutron mailing list. From: Salvatore Orlando [sorla...@nicira.com] Sent: Thursday, January 09, 2014 3:16 AM To: Jonathan Proulx Cc: Ageeleshwar Kandavelu; openstack@lists.openstack.org Subject: Re: [Openstack] Neutron port-create command Hi and apologies for the delay in the reply. The neutron API operations define logical entries, which pretty much means they just exist in the database. The database provides agents information concerning how to wire these port. If you look at the OVS/ML2 plugins, what does the 'magic' for nova instances, is actually the layer2 agent (aka ovs agent), which is able to wire any port plugged into the integration bridge, but does not plug ports itself - which, in my opinion, is conceptually correct. When the interface does not belong to nova, but to a different service the process is similar, as mentioned by Jonathan. The only difference is that the service itself configures the interface and performs IP configuration for it. For instance the l3 agent: 1) creates the devices for router interfaces 2) assigns the corresponding neutron port-id setting ovs' external ids 3) configures ip information, and if necessary iptables too and then the ovs agent configures the ovs ports corresponding to these devices in order to ensure l2 connectivity. Hope this helps, Salvatore On 8 January 2014 14:49, Jonathan Proulx j...@jonproulx.commailto:j...@jonproulx.com wrote: Interesting question. I've not used neutron in that way, if you don't get any relevant responses here I'd suggest reposting under a different subject like programatically binding to neutron ports or something similar, you may get a different set of readers, perhaps posting to the openstack-dev list (if you do be sure to include '[Neutron]' in your subject) as this is something typically done by services (nuetron-dhcp-agent, neutron-l3-agent, nova-compute) rather than a manual action by an operator or end user. -Jon On Tue, Jan 7, 2014 at 11:33 PM, Ageeleshwar Kandavelu ageeleshwar.kandav...@csscorp.commailto:ageeleshwar.kandav...@csscorp.com wrote: Lets say I do not want to launch nova instances that connect to a port. I want to introduce a service that binds to that port similar to dnsmasq. How do I make neutron perform this for me. From: jonathan.pro...@gmail.commailto:jonathan.pro...@gmail.com [jonathan.pro...@gmail.commailto:jonathan.pro...@gmail.com] on behalf of Jonathan Proulx [j...@jonproulx.commailto:j...@jonproulx.com] Sent: Tuesday, January 07, 2014 8:33 PM To: Ageeleshwar Kandavelu Cc: openstack@lists.openstack.orgmailto:openstack@lists.openstack.org Subject: Re: [Openstack] Neutron port-create command On Tue, Jan 7, 2014 at 12:22 AM, Ageeleshwar Kandavelu ageeleshwar.kandav...@csscorp.commailto:ageeleshwar.kandav...@csscorp.com wrote: I am using neutron openvswitch plugin. I successfully created a port using neutron port-create, but I do not see the newly created port when I do 'ovs-vsctl show'. Is it that the port created is just a logical entity that just exists only in DB and only when a VM is launched It is created in openvswitch? port-create creates the port in the database, it's on a 'real thing' until it is associated with an instance. At that point you can see it in ovs tools. Note you don't need to create ports if you associate in instance with a network it will dynamically create ports that are removed on shut down. This is the more 'normal' use case. I use port-create to get static MAC addresses for certain node locked software services (flexlm license server in my case), there are likely other uses and I wouldn't be surprised if using pre defined ports could shave a few seconds off start up times, but not personally certain about that. -Jon http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.orgmailto:openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Neutron port-create command
Lets say I do not want to launch nova instances that connect to a port. I want to introduce a service that binds to that port similar to dnsmasq. How do I make neutron perform this for me. From: jonathan.pro...@gmail.com [jonathan.pro...@gmail.com] on behalf of Jonathan Proulx [j...@jonproulx.com] Sent: Tuesday, January 07, 2014 8:33 PM To: Ageeleshwar Kandavelu Cc: openstack@lists.openstack.org Subject: Re: [Openstack] Neutron port-create command On Tue, Jan 7, 2014 at 12:22 AM, Ageeleshwar Kandavelu ageeleshwar.kandav...@csscorp.com wrote: I am using neutron openvswitch plugin. I successfully created a port using neutron port-create, but I do not see the newly created port when I do 'ovs-vsctl show'. Is it that the port created is just a logical entity that just exists only in DB and only when a VM is launched It is created in openvswitch? port-create creates the port in the database, it's on a 'real thing' until it is associated with an instance. At that point you can see it in ovs tools. Note you don't need to create ports if you associate in instance with a network it will dynamically create ports that are removed on shut down. This is the more 'normal' use case. I use port-create to get static MAC addresses for certain node locked software services (flexlm license server in my case), there are likely other uses and I wouldn't be surprised if using pre defined ports could shave a few seconds off start up times, but not personally certain about that. -Jon http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Deploying OpenStack on multiple nodes
Hi, If you intend to deploy on multiple servers this might be useful. With this the deployment is more like configuration. http://csscorp.github.io/openstack-automation/ Thank you, Akilesh http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] Openstack Deployment Using Saltstack
Deployment of Openstack cluster is made easy using salt formulae. We have made a set of salt formulae that look more like configuration files. All that you need to do is define your cluster in a JSON file and the system will configure itself, while you can concentrate on something more important. Once the cluster converges you can login and start using Openstack right away. Salt formulae are highly readable and beginners can start modifying them with some knowledge on salt states system. To use the system you have to create a new environment in Saltstack with the following file_root and pillar_root Salt file_root: Openstack_havana/file Salt pillar_root: Openstack_havana/pillar The file_root has 1. salt sls files 2. a set of custom execution modules defined at file_root/_modules 3. a couple of custom state modules under pillar_root/_states. Lookout for the file named cluster1.sls under the pillar_root. This will act as your cluster definition. You can define as many clusters as you may need. Make sure you point your minions to the correct cluster definition using the 'top.sls' file in pillar_root. For more information regarding the project visit http://csscorp.github.io/openstack-automation/ For information of Saltstack and its features visit http://docs.saltstack.com/ Feel free to contact us. Please leave a comment at https://github.com/CSSCorp/openstack-automation http://www.csscorp.com/common/email-disclaimer.php ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack