Re: [Openstack-operators] Delegating quota management for all projects to a user without the admin role?

We had the same problem and found the same problem. Also Neutron doesn't allow you to create a policy.json to give someone the privileges to change quotas, which is pretty bad since when updating the number of instances you usually have to also upgrade the number of ports. (Mitaka) .a.

Re: [Openstack-operators] nova resize on shared storage

2016-08-08 10:52 GMT+02:00 Timofei Durakov : > Hi, > > so for this moment we have 2 options: > - somehow check every time that nodes are on shared storage(now it's done > over ssh) > - define that shared storage explicitly() > The possible workaround for the first option is

Re: [Openstack-operators] Migration to LDAP / default domain questions

Hi Ben, We recently migrated from single-domain to multi-domain. However, in our case the situation was a bit different. The cloud was already in production with default domain pointing to LDAP, and we didn't really want to update every resource, so we kept the default domain to ldap and we added

Re: [Openstack-operators] nova snapshots should dump all RAM to hypervisor disk ?

I actually have a card in my trello board to implement live snapshots, pointing to this link http://www.sebastien-han.fr/blog/2015/02/09/openstack-perform-consistent-snapshots-with-qemu-guest-agent/ However, I haven't tested it yet. If you test it let me know how it goes. .a. On Sun, Apr 24,

Re: [Openstack-operators] nova snapshots should dump all RAM to hypervisor disk ?

We are in an even worst situation: we have flavors with 256GB of ram but only 100GB on the local hard disk, which means that we cannot snapshot VMs with this flavor. If there is any way to avoid saving the content of the ram to disk (or maybe there is a way to snapshot the ram to, e.g., ceph), we

[Openstack] Live snapshot on Kilo - when/how?

upported? I'm using RBD for ephemeral storage, using a patch to implement nova snapshots using ceph layering, and our compute nodes have very little disk space, which means that it's very likely that snapshots will fail because libvirt is unable to save the ram state to disk. Thank you in adva

Re: [Openstack-operators] Stack with external vlan and intranet vlan

tenant_network_types = gre but we presume we must use gre, vlan ? Regards 2015-07-25 12:48 GMT+02:00 Antonio Messina antonio.s.mess...@gmail.com: On Sat, Jul 25, 2015 at 12:38 PM, Ignazio Cassano ignaziocass...@gmail.com wrote: You are very kind, thank you. I have only anothe doubt. When

Re: [Openstack-operators] Problems with OpenStack and LDAP

On Mon, Aug 17, 2015 at 4:02 PM, Marc Pape marc.p...@gmail.com wrote: the internal SQL . It would be great if the service users of OpenStack are also stored in SQL, but they are also currently in the LDAP deposited. This is an use case for keystone domains

Re: [Openstack] Icehouse - Basic Network Configuration

On Thu, Aug 13, 2015 at 6:51 PM, Lloyd lloydkl.t...@gmail.com wrote: In the basic network configuration (neutron) stage, we set up the tunnel interfaces and management interfaces. In the network node, the doc says to leave the external network without IP. Then in the verification stage it is

Re: [Openstack] configure SSL on glance, nova and neutron API

Hi Yang, There are different ways of doing this: 1) configure nova/glance/neutron/cinder to speak SSL, this should be covered by the official documentation 2) run nova/glance/neutron/cinder as wsgi application behind apache, and let apache speak SSL 3) run nova/glance/neutron/cinder behind a

Re: [Openstack] Deadlock found and DuplicateEntry errors when trying to attach a neutron L3 HA router to an internal network.

statement and it isn't trying to change the primary key (or anything with unique constraints for that matter). Does it happen if you wait for the DHCP port status to change to ACTIVE on each network before you try to attach the router interface to it? On Sat, Aug 1, 2015 at 3:59 AM, Antonio

[Openstack] Deadlock found and DuplicateEntry errors when trying to attach a neutron L3 HA router to an internal network.

Hi all, I'm having issues with Neutron on Kilo 2015.1.0. Quite often (but not all the times) when I create a tenant network, attach it to a router which is attached to an external network I get Deadlock found and DuplicateEntry error on neutron servers, and the dhcp and router ports of both

Re: [Openstack-operators] Managing security incidents: how to find the guilty VM ?

On Sat, Aug 1, 2015 at 5:27 AM, gustavo panizzo gfa g...@zumbi.com.ar wrote: On Fri, Jul 31, 2015 at 05:48:19 +0200, Antonio Messina wrote: a) in case neutron supports triggers (but I don't think so), e.g. shell commands that are executed whenever a namespace is created, startup of ulogd could

[Openstack] nova usage taking too much time with many VMs in database

Hi all, I am facing an issue with Kilo on Ubuntu Trusty. I have a tenant (used for benchmarking/stress test) that started ~100k instances in the last 2 weeks. When running nova usage for this tenant, the following happens: * nova-api is stuck at 100% for a long time * as a consequence, nova CLI

Re: [Openstack-operators] Managing security incidents: how to find the guilty VM ?

netns add is called, kill it if ip netns delete is called c) [UGLY]: run a cron every tot seconds to ensure every qrouter-uuid namespace has an instance of ulogd running on it. Other suggestions? .a. On Mon, Jul 27, 2015 at 11:50 AM, Antonio Messina antonio.s.mess...@gmail.com wrote: On Thu, Jul

[Openstack-operators] Fwd: Managing security incidents: how to find the guilty VM ?

On Thu, Jul 23, 2015 at 3:54 PM, Alvise Dorigo alvise.dor...@pd.infn.it wrote: If the VM doesn't have a floating IP, the Y IP address that is exposed on the internet (and therefore the one that will be commuticated to the security people) is the one of the OpenStack router. Given the private

Re: [Openstack-operators] Stack with external vlan and intranet vlan

On Sat, Jul 25, 2015 at 12:38 PM, Ignazio Cassano ignaziocass...@gmail.com wrote: You are very kind, thank you. I have only anothe doubt. When in a normal scenario you create the external net, you also create an openvswtch bridge (br-ex) on the network node and add the nic interface you

[Openstack] Fwd: RabbitMQ in cluster mode - high cpu usage

soon) Thank you in advance for your help, Antonio Messina Package versions: rabbitmq-server 3.4.3-2~cloud0 python-amqp 1.4.6-0ubuntu1~cloud0 python-amqplib1.0.2-1 python-kombu 3.0.24-0ubuntu2~cloud0 -- antonio.s.mess

[Openstack-operators] RabbitMQ in cluster mode - high cpu usage

soon) Thank you in advance for your help, Antonio Messina Package versions: rabbitmq-server 3.4.3-2~cloud0 python-amqp 1.4.6-0ubuntu1~cloud0 python-amqplib1.0.2-1 python-kombu 3.0.24-0ubuntu2~cloud0 -- antonio.s.mess

Re: [Openstack] keystone service endpoint creation failing on RHEL7

Are you sure it's not a mysql error? Check permission for user keystone from localhost, you might need to add a grant. -- sent from my smart(er-than-me)phone Il 23/mag/2015 03:59, mich...@tropyx.com ha scritto: Hi List, We're trying to install Kilo on RHEL7, when we get to creating

Re: [Openstack] Routing from instances to floating ips in nova-network -- possible?

On Thu, May 14, 2015 at 6:19 PM, Andrew Bogott abog...@wikimedia.org wrote: OK, we've made some progress with this -- the solution seems to involve changing my dmz_cidr setting and switching our bridge to promiscuous mode. I don't have any dmz_cidr option in my nova.conf, so I don't know if

[Openstack] Routing from instances to floating ips in nova-network -- possible?

On Wed, May 6, 2015 at 10:56 PM, Andrew Bogott abog...@wikimedia.org wrote: Since time immemorial, I've accepted as a fact of life that routing from a nova instance to another instance via floating ip is impossible. We've coped with this via a hack in dnsmasq, setting an alias to rewrite

Re: [Openstack] Routing from instances to floating ips in nova-network -- possible?

On Wed, May 6, 2015 at 10:56 PM, Andrew Bogott abog...@wikimedia.org wrote: Since time immemorial, I've accepted as a fact of life that routing from a nova instance to another instance via floating ip is impossible. We've coped with this via a hack in dnsmasq, setting an alias to rewrite

Re: [Openstack] Routing from instances to floating ips in nova-network -- possible?

On Thu, May 7, 2015 at 7:30 PM, Andrew Bogott abog...@wikimedia.org wrote: On 5/7/15 2:34 AM, Antonio Messina wrote: On Wed, May 6, 2015 at 10:56 PM, Andrew Bogott abog...@wikimedia.org wrote: Since time immemorial, I've accepted as a fact of life that routing from a nova instance

Re: [Openstack] [neutron] Openstack in openstack the dummy way = troubles (inception teaches)

I rekon this topic is of no interest to the mailing list. I have, however, found the solution, and I would like to share it with the rest of the list. In my case I had two separate issues. One was a missing security rule: (cloud)(cred:tutorial)antonio@kenny:~$ neutron

Re: [Openstack] [neutron] Openstack in openstack the dummy way = troubles (inception teaches)

-dst-port=@gre-c0a8a1bc \ select-src-port=@gre-c0a8a1bc output-port=@snooper1 tcpdump -i snooper1, doesn't show any traffic. Any idea? .a. On Sun, May 3, 2015 at 12:01 AM, Antonio Messina antonio.s.mess...@gmail.com wrote: Hi all, Next week I'm doing an internal OpenStack training for my

Re: [Openstack] No valid host found

On Sun, May 3, 2015 at 11:16 AM, Vedsar Kushwaha vedsarkushw...@gmail.com wrote: I was using JUNO on Centos7. Everything was running perfectly fine. I did centos update. After that I'm getting this error No valid host found. This is a very generic error, and not very informative, I am afraid.

[Openstack] [neutron] Openstack in openstack the dummy way = troubles (inception teaches)

Hi all, Next week I'm doing an internal OpenStack training for my collegues, and since we have an OpenStack installation already uprunning, I thought it would be easier to have them setup an openstack cloud *inside* our openstack testbed. However, I'm testing my guide[1] and I'm having

Re: [Openstack-operators] [Neutron][Nova] No Valid Host when booting new VM with Public IP

On Wed, Mar 18, 2015 at 6:29 PM, Adam Lawson alaw...@aqorn.com wrote: What I'm trying to do is force OpenStack to do something it normally doesn't do for the sake of learning and experimentation. I.e. bind a public network to a VM so it can be accessed outside the cloud when floating IP's are

Re: [Openstack] [neutron]Multiple l3 agents

I haven't tested myself yet, but I will need to have multiple external networks as well very soon. I was looking at this blogpost: http://www.ajo.es/post/86497974174/using-multiple-external-networks-in-openstack Have you tried it yet? .a. -- antonio.s.mess...@gmail.com antonio.mess...@uzh.ch

Re: [Openstack-operators] Migrating keystone from MySQL to LDAP

On Mon, Mar 2, 2015 at 5:31 PM, Fox, Kevin M kevin@pnnl.gov wrote: That leaves identity mapping. There is a table of ldap users to unique id's in the database. I'm not an expert, but I have a Juno testbed that is using LDAP for identity and SQL for assignment, and the 'id' of the user is,

Re: [Openstack-operators] Migrating keystone from MySQL to LDAP

On Tue, Mar 3, 2015 at 8:44 PM, Fox, Kevin M kevin@pnnl.gov wrote: See the id_mapping table. That's the first place I've looked into: mysql select * from keystone.id_mapping; Empty set (0.00 sec) I think because of

Re: [Openstack] VM Isolation

On Thu, Jan 22, 2015 at 11:01 AM, Georgios Dimitrakakis gior...@acmac.uoc.gr wrote: FlatDHCP Manager is a different type of network manager. Openstack's Legacy networking has three of them: FlatManager, FlatDHCPManager and VlanManager I was under the impression that you were suggesting the

Re: [Openstack] ram_allocation_ratio per compute node or per AZ

On Sat, Dec 20, 2014 at 3:44 PM, Day, Phil philip@hp.com wrote: Hi, Your problem is that you still have the original ram filter configured, so its still removing all of the hosts. Try removing that and you should be OK. Note though that then any hosts not in an aggregate with a ram ratio

Re: [Openstack] ram_allocation_ratio per compute node or per AZ

On Sat, Dec 20, 2014 at 8:47 AM, mad Engineer themadengin...@gmail.com wrote: Hello All, I would like to know if its possible to set ram_allocation_ratio per compute node or at least per Availability zone. I tried setting that per compute nodes,but i get no hosts found message

Re: [Openstack] Flat provider_network with vlan tagged interface or vlan provider_network with untagged interface

On Wed, Dec 3, 2014 at 3:32 AM, Abhijeet Rastogi abhijeet.1...@gmail.com wrote: Hi everyone, This is a very basic doubt and I'm trying to understand this fundamental thing about creating networks in neutron. My ultimate goal is to have all instances contain just one interface and a public IP

Re: [Openstack] Flat provider_network with vlan tagged interface or vlan provider_network with untagged interface

On Wed, Dec 3, 2014 at 3:32 AM, Abhijeet Rastogi abhijeet.1...@gmail.com wrote: Hi Antonio, Thanks for the link. Could you explain a bit about We want to avoid a single point of failure, so we decided to give direct access to this network from the compute node.? What exactly did you mean by

[Openstack] [neutron] Fine grained access control on external networks

Hi all, I'm running a Juno testbed with Neutron, ml2 and ovs. We have use cases where we would like to create a shared vlan network and directly attach a VM on this network. This is not hard to do, and I've described how I did at this page: http://www.s3it.uzh.ch/blog/openstack-neutron-vlan/

Re: [Openstack] [neutron] Fine grained access control on external networks

Hi Salvatore, thank you for answering, On Fri, Nov 21, 2014 at 11:57 AM, Salvatore Orlando sorla...@nicira.com wrote: On 21 November 2014 10:35, Antonio Messina antonio.s.mess...@gmail.com wrote: 1) *any* tenant can attach VM directly to this network. I would like to be able to only allow

Re: [Openstack] (Juno) Neutron router-create 404 error

Sorry, maybe it's a stupid question, but is the l3-agent daemon actually running? root@cloud3:~# service neutron-l3-agent status neutron-l3-agent start/running, process 17696 root@cloud3:~# neutron agent-list

Re: [Openstack] Juno cloud-archive error

Which version of package `software-properties-common` do you have? Juno release was added with version `0.92.37.2`, so check if there is any update (apt-get update; apt-get install software-properties-common) If not, maybe you are using a mirror not yet updated (I don't know how often they are

Re: [Openstack] is anyone using zeromq for RPC?

(the message broker), could ease the deployment (especially in HA setup) and grant very high performance. My 2 cents... Antonio Messina -- antonio.s.mess...@gmail.com antonio.mess...@uzh.ch +41 (0)44 635 42 22 S3IT: Service and Support for Science IT http://www.s3it.uzh.ch

Re: [Openstack] [Openstack-operators] [openstack][nova] Several questions/experiences about _base directory on a big production environment

Hi Alejandro, On Thu, Apr 3, 2014 at 11:41 PM, Alejandro Comisario alejandro.comisa...@mercadolibre.com wrote: I would love to have insights regarding people using _base with no shared storage but locally on the compute, updown sides, experiences comments. We currently have a small cloud

Re: [Openstack] Multi-NIC instance is only configuring one interface

On Wed, Mar 26, 2014 at 11:11 PM, Joseph Breu b...@breu.org wrote: That's normal behavior. If you add another interface configuration to /etc/network/interfaces and ifup the new interface it will be available for use. I'm not certain that cloud-init will create the interface for you. In

[Openstack] OpenStack Havana with ZMQ

Hi all, I am testing Havana with ZeroMQ but I'm unable to make it work. First of all, I have a few questions: * I gather that the nova-rpc-zmq-receiver *must* run on *all* nodes (including compute nodes), is that correct? * the nova-rpc-zmq-receiver is part (in Ubuntu) of the nova-scheduler

Re: [Openstack] OpenStack Havana with ZMQ

On Tue, Mar 25, 2014 at 6:58 PM, Nick Maslov azp...@gmail.com wrote: hi, not related to your problem in particular - but why are you trying to setup ZMQ? RabbitMQ is not sufficient for you? Well, we don't know yet. We are planning a mid-size installation (around 600 nodes) and I'm looking for

[Openstack] A VM cannot contact another VM using its floating IP

in advance Antonio Messina -- antonio.s.mess...@gmail.com antonio.mess...@uzh.ch +41 (0)44 635 42 22 GC3: Grid Computing Competence Center http://www.gc3.uzh.ch/ University of Zurich Winterthurerstrasse 190 CH-8057 Zurich Switzerland

Re: [Openstack] Auto assign Floating IP

Hi All, maybe I am missing something, but the auto assigning feature is, in my humble opinion, very useful in order to give easy access to the VMs, so I wonder why it is not yet integrated into Neutron. I suppose other people have the same need, so I guess Neutron has a different solution for

Re: [Openstack] [keystone] could not find keystone.conf

:0.1.3-0ubu all Client libary for Openstack Keyst un python2.7-keys none(no description available) Thanks all 2013/11/24 Antonio Messina antonio.s.mess...@gmail.com On Sun, Nov 24, 2013 at 5:47 AM, Jitendra Kumar Bhaskar jitendr...@pramati.com wrote: Hi

Re: [Openstack] Deletion data from db

There is also a tool from www.mysql.com called Workbench: http://www.mysql.com/products/workbench/ There is a free version and a commercial edition. .a. On Mon, Nov 18, 2013 at 3:46 AM, wu jiang win...@gmail.com wrote: Hi Nick, If you want to see the relations of db structure (like nova), you

Re: [Openstack] Folsom: No handlers could be found for logger keystoneclient.client

You don't have the keystone tables, so keystone-manage didn't create them. Maybe the credentials in the configuration file are not correct. You should use exactly the same credentials to connect using the `mysql` command and test if you are actually able to create an empty table. Remember to use

Re: [Openstack] Folsom: No handlers could be found for logger keystoneclient.client

Il giorno 17/nov/2013 09:37, Krishanu Dhar rony.k...@gmail.com ha scritto: Yes I had executed keystone_manage db_sync. But looks like the script did not create the required tables. Copy the output of keystone-manage db_sync. Check if the user from the keystone.conf have the right permissions.

Re: [Openstack] Folsom: No handlers could be found for logger keystoneclient.client

Looks like the database has not been correctly populated with the needed tables. Did you run the command keystone-manage db_sync ? On a side note: is there any specific reason why you are installing Folsom instead of Havana? .a. On Sun, Nov 17, 2013 at 6:47 AM, Krishanu Dhar

Re: [Openstack] about block storage

I would test the effective network bandwith with iperf. Then I would test the speed of the cinder backend by mounting the volume locally and running, for instance, iozone. Finally, I would test the performance of the iSCSI backend by mounting the volume on the compute node (or another node) via

Re: [Openstack] kvm troubleshooting

On Thu, Nov 7, 2013 at 9:28 AM, Stephane EVEILLARD stephane.eveill...@gmail.com wrote: Hi installing nova it says kvm wasn't installed on my controller, message which saw for the first time when I try to inqtall kvm it says packages doesn't exist Which operating system are you using?

[Openstack] Backing up nova quota, flavor and keypairs - which tables?

Hi all, We need to backup and then recover some information from the nova database, specifically: * flavors * quotas * keypairs * security groups I would like to know which tables I am supposed to back up and recover, I guess the following: * quotas * security_groups * security_group_rules *

Re: [Openstack] Backing up nova quota, flavor and keypairs - which tables?

before. .a. Razique -- Razique On 6 Nov 2013 at 03:46:02, Antonio Messina (antonio.s.mess...@gmail.com) wrote: Hi all, We need to backup and then recover some information from the nova database, specifically: * flavors * quotas * keypairs * security groups I would like to know

Re: [Openstack] Backing up nova quota, flavor and keypairs - which tables?

/lib/mysql has only 5.1GB but it also contains an old backup. You can check rabbitmq log to see if there’s anything suspicious Rabbitmq seems fine. I don't see any queued message on any queue. .a. On 6 Nov 2013 at 06:28:16, Antonio Messina (antonio.s.mess...@gmail.com) wrote: On Wed, Nov 6

Re: [Openstack] Instances fail during/after networking

PM, Antonio Messina antonio.s.mess...@gmail.com wrote: Hi All, We are experiencing a problem with our OpenStack Folsom installation on Ubuntu 12.04, using nova-network: instances are NOT created, and deleting instances in error state fails. First of all: the installation was in production

[Openstack] Instances fail during/after networking

Hi All, We are experiencing a problem with our OpenStack Folsom installation on Ubuntu 12.04, using nova-network: instances are NOT created, and deleting instances in error state fails. First of all: the installation was in production for almost one year, and we didn't change anything. The only