Re: [openstack-dev] [Neutron] need help in translating sql query to sqlalchemy query
Was perusing the documentation again this morning and there is another thing I found - you can call join() with the aliased=True flag to get similar results. Check out the "Constructing Aliases Anonymously" section. http://docs.sqlalchemy.org/en/latest/orm/query.html -- Sean M. Collins __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] need help in translating sql query to sqlalchemy query
Thanks Sean. I will check that. Meanwhile I tried this and it is working port1 = orm.aliased(models_v2.Port, name="port1") port2 = orm.aliased(models_v2.Port, name="port2") router_intf_qry = context.session.query(RouterPort.router_id).join((port1, port1.id==RouterPort.port_id), (port2, port2.device_id==RouterPort.router_id)).filter(port1.network_id==int_net_id, port2.network_id==ext_net_id).distinct() for router in router_intf_qry: router_id =router.router_id Thanks Anil Venkata On 12/01/2015 06:35 PM, Sean M. Collins wrote: Consult the API: http://docs.sqlalchemy.org/en/latest/orm/query.html#sqlalchemy.orm.query.Query.join In fact, there is already one join happening a couple lines above your change: https://github.com/openstack/neutron/blob/stable/liberty/neutron/db/l3_db.py#L800 Most likely, you will also need to use the aliased() function - since there are some examples that are similar to what you are trying to do - check out the "Joins to a Target with an ON Clause" section in the first link. http://docs.sqlalchemy.org/en/latest/orm/query.html#sqlalchemy.orm.aliased __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] need help in translating sql query to sqlalchemy query
On Tue, Dec 01, 2015 at 10:22:41AM EST, Venkata Anil wrote: > Thanks Sean. I will check that. > > Meanwhile I tried this and it is working > > port1 = orm.aliased(models_v2.Port, name="port1") > port2 = orm.aliased(models_v2.Port, name="port2") > router_intf_qry = > context.session.query(RouterPort.router_id).join((port1, > port1.id==RouterPort.port_id), (port2, > port2.device_id==RouterPort.router_id)).filter(port1.network_id==int_net_id, > port2.network_id==ext_net_id).distinct() > >for router in router_intf_qry: > router_id =router.router_id > That looks pretty close. My only suggestion would be to try and see if you can just alias it once, instead of twice. Basically see if it is possible to replace all the port1 references with "models_v2.Port" -- Sean M. Collins __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] need help in translating sql query to sqlalchemy query
On 12/01/2015 09:06 PM, Sean M. Collins wrote: On Tue, Dec 01, 2015 at 10:22:41AM EST, Venkata Anil wrote: Thanks Sean. I will check that. Meanwhile I tried this and it is working port1 = orm.aliased(models_v2.Port, name="port1") port2 = orm.aliased(models_v2.Port, name="port2") router_intf_qry = context.session.query(RouterPort.router_id).join((port1, port1.id==RouterPort.port_id), (port2, port2.device_id==RouterPort.router_id)).filter(port1.network_id==int_net_id, port2.network_id==ext_net_id).distinct() for router in router_intf_qry: router_id =router.router_id That looks pretty close. My only suggestion would be to try and see if you can just alias it once, instead of twice. Basically see if it is possible to replace all the port1 references with "models_v2.Port" Thanks Sean. Sure, I will try that suggestion. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Neutron] need help in translating sql query to sqlalchemy query
Hi All I have the below sql query which - "lists routers connected to given internal and external networks" select DISTINCT routerports.router_id from routerports inner join ports as ports1 on (ports1.id=routerports.port_id and ports1.network_id=internal_network_id) inner join ports as ports2 on (ports2.device_id=routerports.router_id and ports2.network_id=external_network_id); In the above query I am joining port table to routerport table twice. Can someone help me in translating that to SQLAlchemy query? This is required for the change https://review.openstack.org/#/c/220135/2/neutron/db/l3_db.py (see review comments) Thanks Anil Venkata __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] need help in translating sql query to sqlalchemy query
Consult the API: http://docs.sqlalchemy.org/en/latest/orm/query.html#sqlalchemy.orm.query.Query.join In fact, there is already one join happening a couple lines above your change: https://github.com/openstack/neutron/blob/stable/liberty/neutron/db/l3_db.py#L800 Most likely, you will also need to use the aliased() function - since there are some examples that are similar to what you are trying to do - check out the "Joins to a Target with an ON Clause" section in the first link. http://docs.sqlalchemy.org/en/latest/orm/query.html#sqlalchemy.orm.aliased -- Sean M. Collins __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [neutron] Please help review this RFE
Hi Neutron folks, I'd like to introduce a pure python-driven network configuration library to Neutron. A discussion just started in the RFE ticket [1]. I'd like to get feedback on this proposal. [1]: https://bugs.launchpad.net/neutron/+bug/1492714 Take a look and let me know your thoughts. -- Li Ma (Nick) Email: skywalker.n...@gmail.com __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron][lbaas] Help on single create call
One of the features we were hoping to get into Liberty for neutron-lbaas v2 was a single create call. This call would be one that would accept an entire configuration tree of loadbalancer, listeners, pools, members, and health montiors in the API and create all of it (and also rolling back correctly when soemthing fails). I'm not going to be having a lot of time to get this done, even though it is something I've wanted. I just wouldn't be able to get to it until some time after the Liberty feature freeze. I'm emailing this out to get some feelers if someone in the community would be willing to give this an attempt. I'd definitely help out on it and collaboratively brainstorm when necessary. Let me know. Thanks, Brandon __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Neutron] AGAIN HELP CONFIRM OR DISCUSS:create a port when network contain ipv4 subnets and ipv6 subnets, allocate ipv6 address to the port.
Hi , Could anyone please check the bug below? I had received message from some kind people, but I didn't get the answer which i want. The key point is why the created port with specify ipv4 subnet as fixed-ip get an ipv6 addr when there are some ipv6 slaac/dhcpstateful subnets. And I know the slaac subnet will automatic allocate an ipv6 addr. Users may be confused about this behavior. https://bugs.launchpad.net/neutron/+bug/1467791 This bug description: When the created network contains one ipv4 subnet and an ipv6 subnet which turned on slaac or stateless. When I create a port use cmd like: neutron port-create --fixed-ip subnet_id=$[ipv4_subnet_id] $[network_id/name] The specified fixed-ip is ipv4_subnet, but the returned port contained the ipv6 subnet. If user just want a port with ipv4 , why returned port had allocated an ipv6 address. And I know this is an design behavior from http://specs.openstack.org/openstack/neutron-specs/specs/kilo/multiple-ipv6-prefixes.html#proposed-change But we are still confused about this operation. And when we create floatingip and the external network just contained an ipv6 slaac subnet, the port will contained the ipv6 addr . Are there some issues ? Thank you anyone could help for confirm this issue , and wish you return the message asap. ZhaoBo __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] AGAIN HELP CONFIRM OR DISCUSS:create a port when network contain ipv4 subnets and ipv6 subnets, allocate ipv6 address to the port.
Hello ZhaoBo, The short summary of the BP [1] is that when a network contains an IPv6 SLAAC/dhcpv6-stateless subnet, we use RADVD daemon to advertise the prefix. RADVD deamon periodically advertises the prefix info which is a multicast message received by all the hosts/VMs on the network. When an ipv6-capable host/VM receives this Router Advertisement message, it would generate and configure an EUI-64 IPv6 address (derived via the prefix and interface MAC address) to its interface. I understand your concern saying that you only specified an IPv4 address for the port but you got IPv6 address as well. This is because.. 1. You have IPv6 subnets as part of the same network 2. The nature in which SLAAC works and is implemented in Neutron. Basically, even if Neutron does not include the IPv6 address in the port information, the VM port would be having the IPv6 address configured on its interface. Since the port would anyway have the IPv6 address, Neutron includes the IPv6 addresses (i.e., SLAAC/DHCPv6-Stateless) for the user to be aware of the list of addresses on the port. Please note that this behavior is only for IPv6 subnets configured with SLAAC/DHCPv6-Stateless and not for DHCPv6 Stateful subnets. Regarding the floating-ip behavior, the issue is recently fixed with the following patch - https://review.openstack.org/#/c/198908/ [1] http://specs.openstack.org/openstack/neutron-specs/specs/kilo/multiple-ipv6-prefixes.html#proposed-change Regards, --Sridhar. On 07/22/2015 04:35 PM, zhaobo wrote: Hi , Could anyone please check the bug below? I had received message from some kind people, but I didn't get the answer which i want. The key point is why the created port with specify ipv4 subnet as fixed-ip get an ipv6 addr when there are some ipv6 slaac/dhcpstateful subnets. And I know the slaac subnet will automatic allocate an ipv6 addr. Users may be confused about this behavior. https://bugs.launchpad.net/neutron/+bug/1467791 This bug description: When the created network contains one ipv4 subnet and an ipv6 subnet which turned on slaac or stateless. When I create a port use cmd like: neutron port-create --fixed-ip subnet_id=$[ipv4_subnet_id] $[network_id/name] The specified fixed-ip is ipv4_subnet, but the returned port contained the ipv6 subnet. If user just want a port with ipv4 , why returned port had allocated an ipv6 address. And I know this is an design behavior from http://specs.openstack.org/openstack/neutron-specs/specs/kilo/multiple-ipv6-prefixes.html#proposed-change But we are still confused about this operation. And when we create floatingip and the external network just contained an ipv6 slaac subnet, the port will contained the ipv6 addr . Are there some issues ? Thank you anyone could help for confirm this issue , and wish you return the message asap. ZhaoBo __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Need help getting DevStack setup working for VPN testing
On 01/02/2015 08:43 AM, Paul Michali (pcm) wrote: To summarize what I’m trying to do with option (A)… I want to test VPN in DevStack by setting up two private networks, two routers, and a shared public network. The VMs created in the private networks should be able to access the public network, but not the other private network (e.g. VM on private-A subnet can ping public interface of router2 on private-B subnet) | VM-a Do I need to create the second router and private network using a different tenant? Do I need to setup security group rules to allow the access desired? What local.conf settings do I need for this setup (beyond what I have below)? I’ve been trying so many different combinations (using both single and two devstack setups, trying provider net, using single/multiple tenants) and have been getting a variety of different results, from unexpected ping results, to VMs stuck in power state PAUSED, that I’m lost as to how to set this up. I think I’m hung up on the security group rules and how to setup the bridges. What I’d like to do, is just focus on this option (A) - using a single devstack with multiple routers, and see if that works. If not, I can focus on option (B), using two devstacks/hosts. Since I’m pretty much out of ideas on how to fix this for now, I’m going to try to see if I can get on a bare metal setup, which has worked in the past. Any ideas? I’d like to verify VPNaaS reference implementation with the new repo changes. Been spending some time over the holiday vacation playing with this, with no joy. :( PCM (Paul Michali) MAIL …..…. p...@cisco.commailto:p...@cisco.com IRC ……..… pc_m (irc.freenode.comhttp://irc.freenode.com) TW ………... @pmichali GPG Key … 4525ECC253E31A83 Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 Hi Paul: It might be worth your while to add an agenda item to the infra meeting agenda https://wiki.openstack.org/wiki/Meetings/InfraTeamMeeting It might help you get a sense of what is necessary to fill the gaps either in tech or knowledge. Thanks, Anita. On Dec 31, 2014, at 2:35 PM, Paul Michali (pcm) p...@cisco.commailto:p...@cisco.com wrote: Just more data… I keep consistently seeing that on private subnet, the VM can only access router (as expected), but on privateB subnet, the VM can access the private I/F of router1 on private subnet. From the router’s namespace, I cannot ping the local VM (why not?). Oddly, I can ping router1’s private IP from router2 namespace! I tried these commands to create security group rules (are they wrong?): # There are two default groups created by DevStack group=`neutron security-group-list | grep default | cut -f 2 -d' ' | head -1` neutron security-group-rule-create --protocol ICMP $group neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 $group group=`neutron security-group-list | grep default | cut -f 2 -d' ' | tail -1` neutron security-group-rule-create --protocol ICMP $group neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 $group The only change that happens, when I do these commands, is that the VM in privateB subnet can now ping the VM from private subnet, but not vice versa. From router1 namespace, it can then access local VMs. From router2 namespace it can access local VMs and VMs in private subnet (all access). It seems like I have some issue with security groups, and I need to square that away, before I can test VPN out. Am I creating the security group rules correctly? My goal is that the private nets can access the public net, but not each other (until VPN connection is established). Lastly, in this latest try, I set OVS_PHYSICAL_BRIDGE=br-ex. In earlier runs w/o that, there were QVO interfaces, but no QVB or QBR interfaces at all. It didn’t seem to change connectivity, however. Ideas? PCM (Paul Michali) MAIL …..…. p...@cisco.commailto:p...@cisco.com IRC ……..… pc_m (irc.freenode.comhttp://irc.freenode.com/) TW ………... @pmichali GPG Key … 4525ECC253E31A83 Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 On Dec 31, 2014, at 10:33 AM, Paul Michali (pcm) p...@cisco.commailto:p...@cisco.com wrote: I’ve been playing a bit with trying to get VPNaaS working post-repo split, and haven’t been successful. I’m trying it a few ways with DevStack, and I’m not sure whether I have a config error, setup issue, or there is something due to the split. In the past (and it’s been a few months since I verified VPN operation), I used two bare metal machines and an external switch connecting them. With a DevStack cloud running on each. That configuration is currently setup for a vendor VPN solution, so I wanted to try different methods to test the reference VPN implementation. I’ve got two ideas to do this: A) Run DevStack and create two routers with
Re: [openstack-dev] [neutron] Need help getting DevStack setup working for VPN testing
To summarize what I’m trying to do with option (A)… I want to test VPN in DevStack by setting up two private networks, two routers, and a shared public network. The VMs created in the private networks should be able to access the public network, but not the other private network (e.g. VM on private-A subnet can ping public interface of router2 on private-B subnet) | VM-a Do I need to create the second router and private network using a different tenant? Do I need to setup security group rules to allow the access desired? What local.conf settings do I need for this setup (beyond what I have below)? I’ve been trying so many different combinations (using both single and two devstack setups, trying provider net, using single/multiple tenants) and have been getting a variety of different results, from unexpected ping results, to VMs stuck in power state PAUSED, that I’m lost as to how to set this up. I think I’m hung up on the security group rules and how to setup the bridges. What I’d like to do, is just focus on this option (A) - using a single devstack with multiple routers, and see if that works. If not, I can focus on option (B), using two devstacks/hosts. Since I’m pretty much out of ideas on how to fix this for now, I’m going to try to see if I can get on a bare metal setup, which has worked in the past. Any ideas? I’d like to verify VPNaaS reference implementation with the new repo changes. Been spending some time over the holiday vacation playing with this, with no joy. :( PCM (Paul Michali) MAIL …..…. p...@cisco.commailto:p...@cisco.com IRC ……..… pc_m (irc.freenode.comhttp://irc.freenode.com) TW ………... @pmichali GPG Key … 4525ECC253E31A83 Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 On Dec 31, 2014, at 2:35 PM, Paul Michali (pcm) p...@cisco.commailto:p...@cisco.com wrote: Just more data… I keep consistently seeing that on private subnet, the VM can only access router (as expected), but on privateB subnet, the VM can access the private I/F of router1 on private subnet. From the router’s namespace, I cannot ping the local VM (why not?). Oddly, I can ping router1’s private IP from router2 namespace! I tried these commands to create security group rules (are they wrong?): # There are two default groups created by DevStack group=`neutron security-group-list | grep default | cut -f 2 -d' ' | head -1` neutron security-group-rule-create --protocol ICMP $group neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 $group group=`neutron security-group-list | grep default | cut -f 2 -d' ' | tail -1` neutron security-group-rule-create --protocol ICMP $group neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 $group The only change that happens, when I do these commands, is that the VM in privateB subnet can now ping the VM from private subnet, but not vice versa. From router1 namespace, it can then access local VMs. From router2 namespace it can access local VMs and VMs in private subnet (all access). It seems like I have some issue with security groups, and I need to square that away, before I can test VPN out. Am I creating the security group rules correctly? My goal is that the private nets can access the public net, but not each other (until VPN connection is established). Lastly, in this latest try, I set OVS_PHYSICAL_BRIDGE=br-ex. In earlier runs w/o that, there were QVO interfaces, but no QVB or QBR interfaces at all. It didn’t seem to change connectivity, however. Ideas? PCM (Paul Michali) MAIL …..…. p...@cisco.commailto:p...@cisco.com IRC ……..… pc_m (irc.freenode.comhttp://irc.freenode.com/) TW ………... @pmichali GPG Key … 4525ECC253E31A83 Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 On Dec 31, 2014, at 10:33 AM, Paul Michali (pcm) p...@cisco.commailto:p...@cisco.com wrote: I’ve been playing a bit with trying to get VPNaaS working post-repo split, and haven’t been successful. I’m trying it a few ways with DevStack, and I’m not sure whether I have a config error, setup issue, or there is something due to the split. In the past (and it’s been a few months since I verified VPN operation), I used two bare metal machines and an external switch connecting them. With a DevStack cloud running on each. That configuration is currently setup for a vendor VPN solution, so I wanted to try different methods to test the reference VPN implementation. I’ve got two ideas to do this: A) Run DevStack and create two routers with a shared “public” network, and two private networks, setting up a VPN connection between the private nets. B) Run two DevStack instances (on two VMs) and try to setup a provider network between them. I’m starting with A (though I did try B quickly, but it didn’t work), and I spun up the stack, added a second router (all under the same tenant), created another private network, and booted a Cirros VM in each private
[openstack-dev] [neutron] Need help getting DevStack setup working for VPN testing
I’ve been playing a bit with trying to get VPNaaS working post-repo split, and haven’t been successful. I’m trying it a few ways with DevStack, and I’m not sure whether I have a config error, setup issue, or there is something due to the split. In the past (and it’s been a few months since I verified VPN operation), I used two bare metal machines and an external switch connecting them. With a DevStack cloud running on each. That configuration is currently setup for a vendor VPN solution, so I wanted to try different methods to test the reference VPN implementation. I’ve got two ideas to do this: A) Run DevStack and create two routers with a shared “public” network, and two private networks, setting up a VPN connection between the private nets. B) Run two DevStack instances (on two VMs) and try to setup a provider network between them. I’m starting with A (though I did try B quickly, but it didn’t work), and I spun up the stack, added a second router (all under the same tenant), created another private network, and booted a Cirros VM in each private net. Before even trying VPN, I checked pings. From the first private net VM (10.1.0.4), I could ping on the pubic net, including the public IP of the second private net’s public interface for its router. I cannot ping the VM from the host. That seems all expected to me. What seems wrong is the other VM (this is on the post stack net I created). Like the other VM, I can ping public net IPs. However, I can also ping the private net address of the first network’s router (10.1.0.1)! Shouldn’t that have failed (at least that was what I was expecting)? I can’t ping the VM on that side though. Another curiosity is that the VM got the second IP on the subnet (10.2.0.2), unlike the other private net, where DHCP and a compute probe got the 2nd and 3rd IPs. There is DHCP enabled on this private network. When I tried VPN, both connections show as DOWN, and all I see are phase 1 ident packets. I cannot ping from VM to VM. I don’t see any logging for the OpenSwan processes, so not to sure how to debug. Maybe I can try some ipsec show command? I’m not too sure what is wrong with this setup. For a comparison, I decided to do the same thing, using stable/juno. So, I fired up a VM and cloned DevStack with stable/juno and stacked. This time, things are even worse! When I try to boot a VM, and then check the status, the VM is in PAUSED power state. I can’t seem to unpause (nor do I know why it is in this state). Verified this with both Cirros 3.3, 3.2, and Ubuntu cloud images: +--++ | Property | Value | +--++ | OS-DCF:diskConfig| MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | juno | | OS-EXT-SRV-ATTR:hypervisor_hostname | juno | | OS-EXT-SRV-ATTR:instance_name| instance-0001 | | OS-EXT-STS:power_state | 3 | | OS-EXT-STS:task_state| - | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2014-12-31T15:15:33.00 | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | config_drive | | | created | 2014-12-31T15:15:24Z | | flavor | m1.tiny (1) | | hostId | 5b0c48250ccc0ac3fca8a821e29e4b154ec0b101f9cc0a0b27071a3f | | id | ec5c8d70-ae80-4cc3-a5bb-b68019170dd6 | | image| cirros-0.3.3-x86_64-uec (797e4dee-8c03-497f-8dac-a44b9351dfa3) | | key_name | - | | metadata | {}
Re: [openstack-dev] [neutron] Need help getting DevStack setup working for VPN testing
Just more data… I keep consistently seeing that on private subnet, the VM can only access router (as expected), but on privateB subnet, the VM can access the private I/F of router1 on private subnet. From the router’s namespace, I cannot ping the local VM (why not?). Oddly, I can ping router1’s private IP from router2 namespace! I tried these commands to create security group rules (are they wrong?): # There are two default groups created by DevStack group=`neutron security-group-list | grep default | cut -f 2 -d' ' | head -1` neutron security-group-rule-create --protocol ICMP $group neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 $group group=`neutron security-group-list | grep default | cut -f 2 -d' ' | tail -1` neutron security-group-rule-create --protocol ICMP $group neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 $group The only change that happens, when I do these commands, is that the VM in privateB subnet can now ping the VM from private subnet, but not vice versa. From router1 namespace, it can then access local VMs. From router2 namespace it can access local VMs and VMs in private subnet (all access). It seems like I have some issue with security groups, and I need to square that away, before I can test VPN out. Am I creating the security group rules correctly? My goal is that the private nets can access the public net, but not each other (until VPN connection is established). Lastly, in this latest try, I set OVS_PHYSICAL_BRIDGE=br-ex. In earlier runs w/o that, there were QVO interfaces, but no QVB or QBR interfaces at all. It didn’t seem to change connectivity, however. Ideas? PCM (Paul Michali) MAIL …..…. p...@cisco.com IRC ……..… pc_m (irc.freenode.com) TW ………... @pmichali GPG Key … 4525ECC253E31A83 Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 On Dec 31, 2014, at 10:33 AM, Paul Michali (pcm) p...@cisco.com wrote: I’ve been playing a bit with trying to get VPNaaS working post-repo split, and haven’t been successful. I’m trying it a few ways with DevStack, and I’m not sure whether I have a config error, setup issue, or there is something due to the split. In the past (and it’s been a few months since I verified VPN operation), I used two bare metal machines and an external switch connecting them. With a DevStack cloud running on each. That configuration is currently setup for a vendor VPN solution, so I wanted to try different methods to test the reference VPN implementation. I’ve got two ideas to do this: A) Run DevStack and create two routers with a shared “public” network, and two private networks, setting up a VPN connection between the private nets. B) Run two DevStack instances (on two VMs) and try to setup a provider network between them. I’m starting with A (though I did try B quickly, but it didn’t work), and I spun up the stack, added a second router (all under the same tenant), created another private network, and booted a Cirros VM in each private net. Before even trying VPN, I checked pings. From the first private net VM (10.1.0.4), I could ping on the pubic net, including the public IP of the second private net’s public interface for its router. I cannot ping the VM from the host. That seems all expected to me. What seems wrong is the other VM (this is on the post stack net I created). Like the other VM, I can ping public net IPs. However, I can also ping the private net address of the first network’s router (10.1.0.1)! Shouldn’t that have failed (at least that was what I was expecting)? I can’t ping the VM on that side though. Another curiosity is that the VM got the second IP on the subnet (10.2.0.2), unlike the other private net, where DHCP and a compute probe got the 2nd and 3rd IPs. There is DHCP enabled on this private network. When I tried VPN, both connections show as DOWN, and all I see are phase 1 ident packets. I cannot ping from VM to VM. I don’t see any logging for the OpenSwan processes, so not to sure how to debug. Maybe I can try some ipsec show command? I’m not too sure what is wrong with this setup. For a comparison, I decided to do the same thing, using stable/juno. So, I fired up a VM and cloned DevStack with stable/juno and stacked. This time, things are even worse! When I try to boot a VM, and then check the status, the VM is in PAUSED power state. I can’t seem to unpause (nor do I know why it is in this state). Verified this with both Cirros 3.3, 3.2, and Ubuntu cloud images: +--++ | Property | Value | +--++ | OS-DCF:diskConfig| MANUAL
Re: [openstack-dev] [Neutron] for help!
Hi Chengyong, I remember there is a blueprint[1] by Edgar Magana which talks about similar use cases but that still marked for discussion whether this belongs to Neutron or Heat. [1] https://blueprints.launchpad.net/neutron/+spec/network-topologies-api Fawad Khaliq On Tue, Sep 30, 2014 at 2:26 PM, Linchengyong linchengy...@huawei.com wrote: Dear all, Could anyone help me? I have some questions to trouble . 1. Can the neutron create complex virtual network topology? Such as, any two routers' interconnection between each other. 2. If can't, Does the neutron team have any plan to support the complex virtual network topology? 3. As we can't create the complex virtual network topology with the GUI, we are wondering whether the neutron has already supported the feature to create complex virtual network topology, but just constrained by the GUI? Thanks very much. Best Regards, Chengyong Lin ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] for help!
On 30 September 2014 10:26, Linchengyong linchengy...@huawei.com wrote: Dear all, Could anyone help me? I have some questions to trouble . 1. Can the neutron create complex virtual network topology? Such as, any two routers' interconnection between each other. Only if you bridge them with a network - direct connections are not possible at the moment. Something like: 169.254.169.1 169.254.169.2 R1 --- BRIDGE --- R2 | | INT_NET_1 INT_NET_2 Also neutron routers do not support at the moment dynamic routing protocols, so you'll have to manage static routes (eg. INT_NET_1's cidr on R2 via 169.254.169.1) 2. If can't, Does the neutron team have any plan to support the complex virtual network topology? Neutron has plans for everything and the exact opposite! If you think it should support more complex topologies - whatever that might mean - feel free to share your ideas. 3. As we can't create the complex virtual network topology with the GUI, we are wondering whether the neutron has already supported the feature to create complex virtual network topology, but just constrained by the GUI? I reckon Horizon pretty much allows for controlling most of neutron API features. I'm not sure about static routes however. Thanks very much. Best Regards, Chengyong Lin ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] Need help to start contribute to Neutron
Chen, Let me know if I can help on anything! I see that Gary and Rosella already sent you good pointers to get involve in Neutron development but I am happy to help if needed. Edgar From: Rossella Sblendido rsblend...@suse.commailto:rsblend...@suse.com Reply-To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Date: Thursday, May 22, 2014 at 2:29 AM To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron] Need help to start contribute to Neutron Hello chen, You are already doing great, using irc and the mailing list is a good start. Let me give you some links that can help you ramping up: Neutron development: https://wiki.openstack.org/wiki/NeutronDevelopment If you wanna contribute fixing some bug I suggest you have a look at the low hanging fruits: https://wiki.openstack.org/wiki/NeutronStarterBugs We are using Gerrit, read here how to set it up: https://wiki.openstack.org/wiki/Gerrit_Workflow If you are more interested into documentation please follow this guide: https://wiki.openstack.org/wiki/Documentation/HowTo I am not an expert here, maybe you should contact Edgar Magana, irc: emagana Feel free to contact me on irc, my nick is rossella-s thanks for your interest in Neutron! Rossella On 05/22/2014 10:56 AM, Li, Chen wrote: Hi list, I have using Openstack/Neutron for a while. And now I hope I can do some contributions too. But neutron is too complicated, I don’t know where to start. In IRC, iwamoto suggested me to work with developer doc team. That sounds like a good idea. But I still doesn’t know what/where I should start with. Can someone help me ? Or just told me anything you think I can work on ? Thanks. -chen I used to working on CentOS, installing neutron directly using command “yum install neutron-xxx”. Now, I have already download neutron code, and run successfully run unittest. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Neutron] Need help to start contribute to Neutron
Hi list, I have using Openstack/Neutron for a while. And now I hope I can do some contributions too. But neutron is too complicated, I don't know where to start. In IRC, iwamoto suggested me to work with developer doc team. That sounds like a good idea. But I still doesn't know what/where I should start with. Can someone help me ? Or just told me anything you think I can work on ? Thanks. -chen I used to working on CentOS, installing neutron directly using command yum install neutron-xxx. Now, I have already download neutron code, and run successfully run unittest. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] Need help to start contribute to Neutron
Hello chen, You are already doing great, using irc and the mailing list is a good start. Let me give you some links that can help you ramping up: Neutron development: https://wiki.openstack.org/wiki/NeutronDevelopment If you wanna contribute fixing some bug I suggest you have a look at the low hanging fruits: https://wiki.openstack.org/wiki/NeutronStarterBugs We are using Gerrit, read here how to set it up: https://wiki.openstack.org/wiki/Gerrit_Workflow If you are more interested into documentation please follow this guide: https://wiki.openstack.org/wiki/Documentation/HowTo I am not an expert here, maybe you should contact Edgar Magana, irc: emagana Feel free to contact me on irc, my nick is rossella-s thanks for your interest in Neutron! Rossella On 05/22/2014 10:56 AM, Li, Chen wrote: Hi list, I have using Openstack/Neutron for a while. And now I hope I can do some contributions too. But neutron is too complicated, I don't know where to start. In IRC, iwamoto suggested me to work with developer doc team. That sounds like a good idea. But I still doesn't know what/where I should start with. Can someone help me ? Or just told me anything you think I can work on ? Thanks. -chen I used to working on CentOS, installing neutron directly using command yum install neutron-xxx. Now, I have already download neutron code, and run successfully run unittest. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] Need help to start contribute to Neutron
Hi, I would suggest the following: 1. Look at the bugs and see if there is any low hanging fruit - https://bugs.launchpad.net/neutron/+bugs?field.tag=low-hanging-fruit 2. Try and add some additional unit tests – pick a section of code that interests you and try and see that it has some good code coverage with the unit tests 3. Go over the blueprints and see if there is something that interests you – if so, ask the guys driving it if you can help Good luck. Thanks Gary From: Li, Chen chen...@intel.commailto:chen...@intel.com Reply-To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Date: Thursday, May 22, 2014 11:56 AM To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Subject: [openstack-dev] [Neutron] Need help to start contribute to Neutron Hi list, I have using Openstack/Neutron for a while. And now I hope I can do some contributions too. But neutron is too complicated, I don’t know where to start. In IRC, iwamoto suggested me to work with developer doc team. That sounds like a good idea. But I still doesn’t know what/where I should start with. Can someone help me ? Or just told me anything you think I can work on ? Thanks. -chen I used to working on CentOS, installing neutron directly using command “yum install neutron-xxx”. Now, I have already download neutron code, and run successfully run unittest. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Neutron: Need help with tox failure in VPN code
, self.driver = mock.Mock() self.driver.service_type = ipsec_driver.IPSEC driver_cls.return_value = self.driver + vpnaas_provider = (p_constants.VPN + + ':vpnaas:neutron.services.vpn.' + 'service_drivers.ipsec.IPsecVPNDriver:default' ) + cfg.CONF.set_override('service_provider', + [vpnaas_provider], 'service_providers') super(TestVPNDriverPlugin, self).setUp( vpnaas_plugin=VPN_DRIVER_CLASS) From: Paul Michali p...@cisco.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Sent: Tuesday, March 4, 2014 1:28:48 PM Subject: [openstack-dev] Neutron: Need help with tox failure in VPN code Hi, I'm stuck and can use some guidance here…please! I have a change set out for review that used the VPN Service Type Framework ( https://review.openstack.org/74144). Everything worked fine, passed Jenkins, etc. Found out that the STF won't make it to I-3, so I removed the dependency from my change set and tried to modify the plugin.py file to use some STF logic (like LBaaS uses) to load the desired service driver that is specified as the default. Adjusted the code to no longer use provider info. Well, in doing so, tox fails, and unfortunately there little info on the failure. This can be seen by running a subset of the tests, where 2 fail: tox -e py27 -v -- neutron.tests.unit.services.vpn only the name of a failing test case for one, and a mention of return code 10 on another and no other info on the failure reason. I didn't see this on a full tox run in my repo, but Jenkins failed and Akihiro noticed it too, in running the above subset of the suite (thanks!). I've narrow it down a bit, but have no idea why it fails… One, it seems to be some interaction between test_vpnaas_driver_plugin.py and the two service driver tests (cisco_ipsec.py and ipsec.py). I can remove either one of the service driver tests cases, and it will still fail with the other one (so even the reference code fails). Two, if I change plugin.py to set self.driver to the reference device driver (as is done in the latest patch set) it works fine with all test cases. Three, it seems to be a test only issue, because I can run devstack with the login I have in plugin.py, currently commented out in __init__(), and successfully load either the reference or cisco service driver, by changing neutron.conf. It seems like I'm doing something wrong in the loading of the service driver, or using this implementation, is somehow interacting with the tests. If anyone has ideas on what is wrong, or a better way to load the service driver, please let me know. I was thinking I could read and parse neutron.conf manually and then load the service driver, but there must be a better way! Thanks! PCM (Paul Michali) MAIL p...@cisco.com IRCpcm_ (irc.freenode.net) TW@pmichali GPG key4525ECC253E31A83 Fingerprint 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-devk=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0Ar=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0Am=J3ghWIVLPZdVsutjofb71dKYtoj4XxhrER%2FD8VzKRX0%3D%0As=09cf53ed99065938661b61453a717d77ba3b1ec069c48e356b358d472d3b526a ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev signature.asc Description: Message signed with OpenPGP using GPGMail ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Neutron: Need help with tox failure in VPN code
ikepolicy and ipsecpolicy update usecase def __init__(self): super(VPNDriverPlugin, self).__init__() -self.ipsec_driver = ipsec_driver.IPsecVPNDriver(self) -# Currently, if the following code is used, there are UT failures -# self.service_type_manager = st_db.ServiceTypeManager.get_instance() -# drivers, default_provider = service_base.load_drivers( -# constants.VPN, self) -# self.ipsec_driver = drivers[default_provider] +# Dynamically load the current service driver +drivers, default_provider = service_base.load_drivers( +constants.VPN, self) +self.ipsec_driver = drivers[default_provider] def _get_driver_for_vpnservice(self, vpnservice): return self.ipsec_driver diff --git a/neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py b/neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py index 8c25d7e..9531938 100644 --- a/neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py +++ b/neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py @@ -17,6 +17,7 @@ import contextlib import mock +from oslo.config import cfg from neutron.common import constants from neutron import context @@ -44,6 +45,12 @@ class TestVPNDriverPlugin(test_db_vpnaas.TestVpnaas, self.driver = mock.Mock() self.driver.service_type = ipsec_driver.IPSEC driver_cls.return_value = self.driver +vpnaas_provider = (p_constants.VPN + + ':vpnaas:neutron.services.vpn.' + 'service_drivers.ipsec.IPsecVPNDriver:default') +cfg.CONF.set_override('service_provider', + [vpnaas_provider], + 'service_providers') super(TestVPNDriverPlugin, self).setUp( vpnaas_plugin=VPN_DRIVER_CLASS) Any advise? PCM (Paul Michali) MAIL p...@cisco.com IRCpcm_ (irc.freenode.net) TW@pmichali GPG key4525ECC253E31A83 Fingerprint 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 On Mar 4, 2014, at 1:31 AM, Bo Lin l...@vmware.com wrote: I don't know whether i got your point. But try to modify /neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py like the following, the error would be fixed: --- a/neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py +++ b/neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py @@ -17,6 +17,7 @@ import contextlib import mock +from oslo.config import cfg from neutron.common import constants from neutron import context @@ -44,6 +45,11 @@ class TestVPNDriverPlugin(test_db_vpnaas.TestVpnaas, self.driver = mock.Mock() self.driver.service_type = ipsec_driver.IPSEC driver_cls.return_value = self.driver + vpnaas_provider = (p_constants.VPN + + ':vpnaas:neutron.services.vpn.' + 'service_drivers.ipsec.IPsecVPNDriver:default' ) + cfg.CONF.set_override('service_provider', + [vpnaas_provider], 'service_providers') super(TestVPNDriverPlugin, self).setUp( vpnaas_plugin=VPN_DRIVER_CLASS) From: Paul Michali p...@cisco.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Sent: Tuesday, March 4, 2014 1:28:48 PM Subject: [openstack-dev] Neutron: Need help with tox failure in VPN code Hi, I'm stuck and can use some guidance here…please! I have a change set out for review that used the VPN Service Type Framework ( https://review.openstack.org/74144). Everything worked fine, passed Jenkins, etc. Found out that the STF won't make it to I-3, so I removed the dependency from my change set and tried to modify the plugin.py file to use some STF logic (like LBaaS uses) to load the desired service driver that is specified as the default. Adjusted the code to no longer use provider info. Well, in doing so, tox fails, and unfortunately there little info on the failure. This can be seen by running a subset of the tests, where 2 fail: tox -e py27 -v -- neutron.tests.unit.services.vpn only the name of a failing test case for one, and a mention of return code 10 on another and no other info on the failure reason. I didn't see this on a full tox run in my repo, but Jenkins failed and Akihiro noticed it too, in running the above subset of the suite (thanks!). I've narrow it down a bit, but have no idea why it fails… One, it seems to be some interaction between test_vpnaas_driver_plugin.py and the two service driver tests (cisco_ipsec.py and ipsec.py). I can remove either one of the service driver tests cases, and it will still fail with the other one (so even the reference code fails). Two, if I change plugin.py to set self.driver to the reference device driver (as is done in the latest patch set) it works fine with all test cases. Three, it seems to be a test only issue, because I can run devstack
[openstack-dev] Neutron: Need help with tox failure in VPN code
Hi, I'm stuck and can use some guidance here…please! I have a change set out for review that used the VPN Service Type Framework ( https://review.openstack.org/74144). Everything worked fine, passed Jenkins, etc. Found out that the STF won't make it to I-3, so I removed the dependency from my change set and tried to modify the plugin.py file to use some STF logic (like LBaaS uses) to load the desired service driver that is specified as the default. Adjusted the code to no longer use provider info. Well, in doing so, tox fails, and unfortunately there little info on the failure. This can be seen by running a subset of the tests, where 2 fail: tox -e py27 -v -- neutron.tests.unit.services.vpn only the name of a failing test case for one, and a mention of return code 10 on another and no other info on the failure reason. I didn't see this on a full tox run in my repo, but Jenkins failed and Akihiro noticed it too, in running the above subset of the suite (thanks!). I've narrow it down a bit, but have no idea why it fails… One, it seems to be some interaction between test_vpnaas_driver_plugin.py and the two service driver tests (cisco_ipsec.py and ipsec.py). I can remove either one of the service driver tests cases, and it will still fail with the other one (so even the reference code fails). Two, if I change plugin.py to set self.driver to the reference device driver (as is done in the latest patch set) it works fine with all test cases. Three, it seems to be a test only issue, because I can run devstack with the login I have in plugin.py, currently commented out in __init__(), and successfully load either the reference or cisco service driver, by changing neutron.conf. It seems like I'm doing something wrong in the loading of the service driver, or using this implementation, is somehow interacting with the tests. If anyone has ideas on what is wrong, or a better way to load the service driver, please let me know. I was thinking I could read and parse neutron.conf manually and then load the service driver, but there must be a better way! Thanks! PCM (Paul Michali) MAIL p...@cisco.com IRCpcm_ (irc.freenode.net) TW@pmichali GPG key4525ECC253E31A83 Fingerprint 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 signature.asc Description: Message signed with OpenPGP using GPGMail ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Neutron: Need help with tox failure in VPN code
./run_test.sh or ./run_test.sh -d package_name is working? 2014-03-03 21:28 GMT-08:00 Paul Michali p...@cisco.com: Hi, I'm stuck and can use some guidance here...please! I have a change set out for review that used the VPN Service Type Framework ( https://review.openstack.org/74144). Everything worked fine, passed Jenkins, etc. Found out that the STF won't make it to I-3, so I removed the dependency from my change set and tried to modify the plugin.py file to use some STF logic (like LBaaS uses) to load the desired service driver that is specified as the default. Adjusted the code to no longer use provider info. Well, in doing so, tox fails, and unfortunately there little info on the failure. This can be seen by running a subset of the tests, where 2 fail: tox -e py27 -v -- neutron.tests.unit.services.vpn only the name of a failing test case for one, and a mention of return code 10 on another and no other info on the failure reason. I didn't see this on a full tox run in my repo, but Jenkins failed and Akihiro noticed it too, in running the above subset of the suite (thanks!). I've narrow it down a bit, but have no idea why it fails... One, it seems to be some interaction between test_vpnaas_driver_plugin.py and the two service driver tests (cisco_ipsec.py and ipsec.py). I can remove either one of the service driver tests cases, and it will still fail with the other one (so even the reference code fails). Two, if I change plugin.py to set self.driver to the reference device driver (as is done in the latest patch set) it works fine with all test cases. Three, it seems to be a test only issue, because I can run devstack with the login I have in plugin.py, currently commented out in __init__(), and successfully load either the reference or cisco service driver, by changing neutron.conf. It seems like I'm doing something wrong in the loading of the service driver, or using this implementation, is somehow interacting with the tests. If anyone has ideas on what is wrong, or a better way to load the service driver, please let me know. I was thinking I could read and parse neutron.conf manually and then load the service driver, but there must be a better way! Thanks! PCM (Paul Michali) MAIL p...@cisco.com IRCpcm_ (irc.freenode.net) TW@pmichali GPG key4525ECC253E31A83 Fingerprint 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Neutron: Need help with tox failure in VPN code
Hi Paul, I think the problem for tests failure is SystemExit exception raised by service_base.py when fails to load drivers by plugin. It terminates the tests. BR, Irena From: Paul Michali [mailto:p...@cisco.com] Sent: Tuesday, March 04, 2014 7:34 AM To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] Neutron: Need help with tox failure in VPN code Hi, I'm stuck and can use some guidance here...please! I have a change set out for review that used the VPN Service Type Framework ( https://review.openstack.org/74144). Everything worked fine, passed Jenkins, etc. Found out that the STF won't make it to I-3, so I removed the dependency from my change set and tried to modify the plugin.py file to use some STF logic (like LBaaS uses) to load the desired service driver that is specified as the default. Adjusted the code to no longer use provider info. Well, in doing so, tox fails, and unfortunately there little info on the failure. This can be seen by running a subset of the tests, where 2 fail: tox -e py27 -v -- neutron.tests.unit.services.vpn only the name of a failing test case for one, and a mention of return code 10 on another and no other info on the failure reason. I didn't see this on a full tox run in my repo, but Jenkins failed and Akihiro noticed it too, in running the above subset of the suite (thanks!). I've narrow it down a bit, but have no idea why it fails... One, it seems to be some interaction between test_vpnaas_driver_plugin.py and the two service driver tests (cisco_ipsec.py and ipsec.py). I can remove either one of the service driver tests cases, and it will still fail with the other one (so even the reference code fails). Two, if I change plugin.py to set self.driver to the reference device driver (as is done in the latest patch set) it works fine with all test cases. Three, it seems to be a test only issue, because I can run devstack with the login I have in plugin.py, currently commented out in __init__(), and successfully load either the reference or cisco service driver, by changing neutron.conf. It seems like I'm doing something wrong in the loading of the service driver, or using this implementation, is somehow interacting with the tests. If anyone has ideas on what is wrong, or a better way to load the service driver, please let me know. I was thinking I could read and parse neutron.conf manually and then load the service driver, but there must be a better way! Thanks! PCM (Paul Michali) MAIL p...@cisco.commailto:p...@cisco.com IRCpcm_ (irc.freenode.nethttp://irc.freenode.net) TW@pmichali GPG key4525ECC253E31A83 Fingerprint 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Neutron: Need help with tox failure in VPN code
I don't know whether i got your point. But try to modify /neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py like the following, the error would be fixed: --- a/neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py +++ b/neutron/tests/unit/services/vpn/test_vpnaas_driver_plugin.py @@ -17,6 +17,7 @@ import contextlib import mock +from oslo.config import cfg from neutron.common import constants from neutron import context @@ -44,6 +45,11 @@ class TestVPNDriverPlugin(test_db_vpnaas.TestVpnaas, self.driver = mock.Mock() self.driver.service_type = ipsec_driver.IPSEC driver_cls.return_value = self.driver + vpnaas_provider = (p_constants.VPN + + ':vpnaas:neutron.services.vpn.' + 'service_drivers.ipsec.IPsecVPNDriver:default' ) + cfg.CONF.set_override('service_provider', + [vpnaas_provider], 'service_providers') super(TestVPNDriverPlugin, self).setUp( vpnaas_plugin=VPN_DRIVER_CLASS) - Original Message - From: Paul Michali p...@cisco.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Sent: Tuesday, March 4, 2014 1:28:48 PM Subject: [openstack-dev] Neutron: Need help with tox failure in VPN code Hi, I'm stuck and can use some guidance here…please! I have a change set out for review that used the VPN Service Type Framework ( https://review.openstack.org/74144 ). Everything worked fine, passed Jenkins, etc. Found out that the STF won't make it to I-3, so I removed the dependency from my change set and tried to modify the plugin.py file to use some STF logic (like LBaaS uses) to load the desired service driver that is specified as the default. Adjusted the code to no longer use provider info. Well, in doing so, tox fails, and unfortunately there little info on the failure. This can be seen by running a subset of the tests, where 2 fail: tox -e py27 -v -- neutron.tests.unit.services.vpn only the name of a failing test case for one, and a mention of return code 10 on another and no other info on the failure reason. I didn't see this on a full tox run in my repo, but Jenkins failed and Akihiro noticed it too, in running the above subset of the suite (thanks!). I've narrow it down a bit, but have no idea why it fails… One, it seems to be some interaction between test_vpnaas_driver_plugin.py and the two service driver tests (cisco_ipsec.py and ipsec.py). I can remove either one of the service driver tests cases, and it will still fail with the other one (so even the reference code fails). Two, if I change plugin.py to set self.driver to the reference device driver (as is done in the latest patch set) it works fine with all test cases. Three, it seems to be a test only issue, because I can run devstack with the login I have in plugin.py, currently commented out in __init__(), and successfully load either the reference or cisco service driver, by changing neutron.conf. It seems like I'm doing something wrong in the loading of the service driver, or using this implementation, is somehow interacting with the tests. If anyone has ideas on what is wrong, or a better way to load the service driver, please let me know. I was thinking I could read and parse neutron.conf manually and then load the service driver, but there must be a better way! Thanks! PCM (Paul Michali) MAIL p...@cisco.com IRC pcm_ ( irc.freenode.net ) TW @pmichali GPG key 4525ECC253E31A83 Fingerprint 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-devk=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0Ar=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0Am=J3ghWIVLPZdVsutjofb71dKYtoj4XxhrER%2FD8VzKRX0%3D%0As=09cf53ed99065938661b61453a717d77ba3b1ec069c48e356b358d472d3b526a ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev