Ask Your Question

amedeo-salvati's profile - activity

2016-11-02 06:41:49 -0500 answered a question Can I force-delete an image?

you can update on the glance db the status to deleted -> update images set status = 'deleted' where id = 'sdasdaasd-asdasdasd-adasdasd'

HTH Amedeo

2016-10-25 02:12:16 -0500 commented answer how to find whether the project has instance by search with router gateway ip address?

usually neutron never set the name, but if you create a port, or you update a port, you can set the name

2016-10-23 07:23:44 -0500 answered a question Is it possible to delete an instance of another user within the same project? Or are instances associated with the user who created it?

yes it's possible, all users who are _member_ on the same tenant / project have the same rights -> create / delete / modify, also an "admin" user can delete all instances

HTH Amedeo

2016-10-12 05:01:20 -0500 answered a question Where is my root volume stored?

if you have an instance which as nova storage as back-end you could snapshot this instance, and this snapshot become a new glance images, after this you could create a new cinder volume using the previously created glance image: volumes -> new volume -> from volume source select image -> select the glance image

HTH Amedeo

2016-10-12 04:53:44 -0500 answered a question Not able to ping instance from other instance within the same VLAN

when you create a neutron port, if you don't assign a security group, neutron will use the "default" security group, and usually the default security group only permit all on egress and nothing on ingress, so check your instances security group.

HTH Amedeo

2016-10-12 04:50:00 -0500 commented question VM doesn't get IP

but when you start / restart services on compute and network nodes you have got errors when they try to connect to rabbitmq?

2016-09-28 09:47:13 -0500 received badge  Famous Question (source)
2016-09-19 15:07:13 -0500 received badge  Notable Question (source)
2016-09-15 10:44:35 -0500 commented answer cinder max volumes per vm

but remember when you are using virtio-blk device, the maximum number of volumes is more or less the maximum number of PCI device free -> ~20 volumes

2016-09-14 08:58:20 -0500 commented answer manipulating an "img" image for glance

also I would suggest virt-sysprep to clean instances before uploading to glance :)

2016-09-14 08:58:20 -0500 received badge  Commentator
2016-09-14 08:49:04 -0500 received badge  Organizer (source)
2016-09-14 08:21:09 -0500 answered a question What is the unique identifier of an openstack instance

usually, on most openstack installations, you could have multiple keystone "server(s)", running under apache or not, and all of this keystone service could have a single backend DB -> mysql / mariadb / galera.

HTH Amedeo

2016-09-12 03:19:57 -0500 received badge  Popular Question (source)
2016-09-09 08:39:24 -0500 asked a question openstack neutron client always want to use public endpoint

I'm trying to use internal endpoint with openstack client, and to do this I put on my keystonerc OS_INTERFACE=internal variable, and most of commands works fine, except when I use neutron commands who always want to use public endpoint, for example commands that are using internal endpoint, and are working fine:

$ openstack  server list
$ openstack  image list

instead neutron commands always try to use public endpoint instead of the internal:

$ openstack network list

It's possible to force neutron client to use the internal endpoint?

2016-09-07 09:42:05 -0500 answered a question Requested volume exceeds quota, with 8 volumes in Dashboard

maybe you have number of instances set to 0 or to the maximum number you have just launched, so you have to increase this quota or delete instances

2016-09-07 07:27:13 -0500 answered a question Multiple Neutron node with one external network

you have to configure either bridge_mappings under openvswitch plugin /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini, for example:

bridge_mappings=physnet1:br-ex,physnet2:br-dummy

and ml2 core physical_network parameter, for example (from your logs I suppose you are using flat networks):

flat_networks = physnet1,physnet2

or

flat_networks = *

and when you create an external network you have to specify that it's based on physnet1 physical network.

p.s. remember to create the OVS bridge (on example br-ex)

HTH Amedeo

2016-09-02 02:08:08 -0500 answered a question no communication between internal and external network

if your external network as gw 192.168.52.2 your neutron-server must know that, to better explain if you put a neutron router with ip 192.168.52.3 it's next hop must be 192.168.52.2, and this is for instances SNAT traffic (no floating IP), otherwise for instances who have a floaing ip 192.168.52.X they must have 192.168.52.2 gw.

HTH Amedeo

2016-08-31 05:00:35 -0500 answered a question Unable to create cinder volume?

you have cinder-volume service down on newcontroller:

2016-08-23 12:48:33.739 26577 WARNING cinder.scheduler.host_manager [req-3ea4502a-3143-47fc-9abb-429826f0e70a b43c1bd196e4482d91b951e0356fb3a7 9edc66f8d08d451f94017c8b2a59de6f - - -] volume service is down or disabled. (host: newcontroller)

I saw that you have also running cinder-volume service on newcompute1 node, but by the names, I suppose that this node is a nova-compute node, and not a controller node, and remember that cinder-volume is a service that MUST run only on single node, and usually on controller node -> at the time of this writing there are a blueprint to make this seervice active/active:

https://blueprints.launchpad.net/cind...

HTH Amedeo

2016-08-29 04:00:33 -0500 received badge  Critic (source)
2016-08-29 03:57:48 -0500 answered a question VM network Performance

If you have 1 Gbit connections it's equivalent to ~120 Mbyte, so I suppose you've reached your network limit.

2016-08-25 02:50:41 -0500 commented answer Kilo: How to get the scheduling of VMs spread across multiple ESXI hypervisros in the case with vcenter as compute plugin

as I know DRS must be in Fully Automated

2016-08-21 16:05:01 -0500 commented answer An interesting behavior in VM live migration

probably because one is cached on hypervisor and the other one not

2016-08-21 12:28:35 -0500 commented answer An interesting behavior in VM live migration

no, snapshot are also your private (in your tenant) glance image, what I mean is only how nova storage works behind the scenes, to better explain to live migrate your instance, the destination nova-compute has to download first your image (private or public).

2016-08-21 10:54:11 -0500 received badge  Editor (source)
2016-08-21 10:53:21 -0500 answered a question Using both neutron and legacy on the same os cloud

you could have both "neutron networking" and legacy with VLANs, for example if you are using neutron with openvswitch, you could have only on controller br-ex with access to external network, and also you could create a new ovs bridge, for example br-vlan, both on controllers and on nova-compute nodes.

some hints:

  • on controllers

on file /etc/neutron/plugins/ml2/ml2_conf.ini

type_drivers = local,flat,vlan,gre,vxlan
...
tenant_network_types = vxlan 
...
network_vlan_ranges =physnet1:1:512,physnet-vlan:3000:3300 
...

on file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

...
[OVS]
...
bridge_mappings=physnet1:br-ex,physnet-vlan:br-vlan
...

on file /etc/neutron/l3-agent.ini

...
external_network_bridge =
  • on nova-compute

on file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

...
bridge_mappings=physnet-vlan:br-vlan

Remember to create a new OVS bridge br-vlan!

HTH Amedeo

2016-08-21 05:03:51 -0500 answered a question An interesting behavior in VM live migration

I suppose your instances are based on nova storage and not on cinder, so instances on nova storage are based on two qcow2 files, one is the glance image, and the second one is instances differences from glance image. When you start live migration the destination nova-compute (hypervisor), if haven't glance image on his cache -> for example because there aren't any instances running on it based on your glance image, the nova-compute node first have to download from glance this image and then it could migrate your instances.

But your environment could be different... HTH Amedeo

2016-08-21 04:45:48 -0500 answered a question Where are the openstack user info stored?

yes, in default installation your keystone service use mysql / galera DB as a back end, and the db name should be "keystone".

HTH Amedeo

2016-08-09 04:25:42 -0500 answered a question how to find whether the project has instance by search with router gateway ip address?

have you tried with something like this?

neutron port-list -c tenant_id -c id -c name

2016-07-27 04:57:48 -0500 commented question How to start my own cloud storage

maybe you could use ceph for object and block storage, but you have to design well your OSD nodes

2016-07-27 04:54:27 -0500 answered a question Floating IPs being consumed by router

by design, and to allow source nat traffic (instances who don't have floating ip can make traffic outside your tenant), neutron router must have a floating ip...

but if you want, as a work around, you could change your tenants design, for example to use a private ip on VLAN, and then add a new subnet for the same network.

have a look at (you could change the /30 subnet with a /24 subnet for example):

https://ask.openstack.org/en/question...

HTH Amedeo

2016-07-26 15:38:39 -0500 commented answer Replicate a VM in openstack

Snapshotting vm state is for virtualization platforms like vsphere, ovirt. ... not for cloud platforms like openstack

2016-07-26 07:30:44 -0500 answered a question testing horizon with curl

for example the logical of my script, who download under the admin tab the csv usage reports, are:

#first curl to get the token on cookie file
$CURL -c $COOKIE_FILE -b $COOKIE_FILE --output /dev/null -s "$HORIZON_HOST/dashboard/auth/login/"

TOKEN=`cat $COOKIE_FILE | grep csrftoken | sed 's/^.*csrftoken\s*//'`

DATA="username=$HORIZON_USER&password=$HORIZON_PASSWORD&region=$HORIZON_REGION&csrfmiddlewaretoken=$TOKEN"

#now we can authenticate
$CURL -c $COOKIE_FILE -b $COOKIE_FILE --output /dev/null -s -d "$DATA" --referer "$HORIZON_HOST/dashboard/" "$HORIZON_HOST/dashboard/auth/login/"

#verify the presence of sessionid
SESSIONID=`cat $COOKIE_FILE | grep sessionid | sed 's/^.*sessionid\s*//'`
if [ "$SESSIONID" == "" ]; then
    log_debug "Error: sessionid not present on file $COOKIE_FILE ...Exit"
    exit 1
fi

#ADAPT TO YOUR ENVIRONMENT!!!!
TENANT_URL="https://your_fqdn/dashboard/auth/switch/xPUT_HERE_YOUR_TENANTIDx/?next=/dashboard/project/"
$CURL -c $COOKIE_FILE -b $COOKIE_FILE --output /dev/null -s "$TENANT_URL"

#finally you can get your csv :)
URL="$HORIZON_HOST/dashboard/admin/?start=$DATE_START&end=$DATE_END&format=csv"
$CURL -c $COOKIE_FILE -b $COOKIE_FILE --output $CSV_FILE -s "$URL"

HTH Amedeo

2016-07-21 11:24:03 -0500 received badge  Good Answer (source)
2016-07-20 08:45:41 -0500 received badge  Nice Answer (source)
2016-07-20 07:33:33 -0500 received badge  Autobiographer
2016-07-20 07:16:54 -0500 answered a question Is it possible to use Cinder as the machines drive?

yes, you can use cinder volume as your primary disk for instances, simply when you create a new instances on horizon you have to select under "Instance Boot Source" -> Boot from Image (Create a new volume), then you could select the image name and the disk size... that's all!

otherwise you can do the same things in two steps: - create a new cinder volume and under Volume source select Image -> then select the image name, type, size and availability zone; - after that you could create a new instance and under "Instance Boot Source" you can select Boot from Volume and then you can select the volume just created.

HTH Amedeo

2016-07-19 02:14:56 -0500 answered a question Running a VM on specific host using Hot

you can do this using flavor metadata and host aggregate, for example have a look at:

https://blog.russellbryant.net/2013/0...

https://www.mirantis.com/blog/segrega...

HTH Amedeo

2016-07-18 16:27:45 -0500 answered a question Running a router inside an OpenStack VM

for running a router VM inside your tenant you should disable anti-spoofing on veth, and you should instruct your neutron router what is the next hop for your "internal" network.

For example if you have your network called net-external where your neutron router has an interface at ip 192.168.0.1 you could put your VM to ip 192.168.0.254. Next you can have an internal network called net-internal where your VMROUTER is the default GW with IP 192.168.1.254.

So this could the steps:

neutron net-create net-external
neutron subnet-create --name subnet_external --allocation-pool start=192.168.0.100,end=192.168.0.200 net-external 192.168.0.0/24

Create a router01 and attach a new interface to the subnet_external -> you can do this on horizon

neutron net-create net-internal
neutron subnet-create --name subnet_internal --allocation-pool start=192.168.1.100,end=192.168.1.200 --gateway 192.168.1.254 net-internal 192.168.1.0/24

neutron security-group-create --description 'A permissive security group to be applied to the gateway' gateway-security-group
neutron security-group-rule-create --direction ingress --remote_ip_prefix 0.0.0.0/0 gateway-security-group

create the internal port:

neutron port-create --name internal_gw_port --fixed-ip ip_address=192.168.1.254 --security-group gateway-security-group net-internal

Now that's the trick! disable anti-spoofing to the internal subnet (you must change mac address):

neutron port-update internal_gw_port --allowed_address_pairs type=dict list=true mac_address=fa:16:3e:8d:69:50,ip_address=0.0.0.0/0

Now we create the port for the external subnet:

neutron port-create --name external_gw_port --fixed-ip ip_address=192.168.0.254 --security-group gateway-security-group net-external

and also we have to permit packets (no anti-spoofing) for the subnet_internal (192.168.1.0/24) on the external veth -> port external_gw_port (you must change mac address):

neutron port-update external_gw_port --allowed_address_pairs type=dict list=true mac_address=fa:16:3e:25:69:92,ip_address=192.168.1.0/24

Now you have to insert on your neutron router a static route to your subnet_internal -> neutron doesn't have access to this subnet, and it must forward packets to your VM

neutron router-update router01 --routes type=dict list=true nexthop=192.168.0.254,destination=192.168.1.0/24

Now you can boot your router VM and pass to it the 2 ports (you must change the port-id):

nova boot --flavor m1.small --key-name "YOUR KEY" --image YOUR_ROUTER_IMAGE --nic port-id=c95b4f6c-2ac5-405a-a532-bd6f7e299a73 --nic port-id=190f4b1b-eecf-483d-b156-3a66f1a4a836 --config-drive=true VMROUTER

Another little trick: if you wanna to use a floating ip on your instances besides your VMROUTER (on subnet_internal) you have to assign a multiple floating IPs to your VMROUTER on the same port, and to do this, you have to assign multiple "private" IPs on external_gw_port; for example to add the IP 192.168.0.251:

neutron port-update external_gw_port --fixed-ip subnet_id=ad19756e-2652-4e8f-a0fd-5dc3b0835070,ip_address=192.168.0.251 --fixed-ip subnet_id=ad19756e-2652-4e8f-a0fd-5dc3b0835070,ip_address=192.168.0.254

on the above example you could use 192.168.0.254 as a primary IP and the IP 192.168.0.251 as a secondary IP ... (more)

2016-07-18 15:38:37 -0500 received badge  Supporter (source)
2016-07-18 02:33:08 -0500 answered a question How to replace a Controller Node ( from HA Three node ) under TripleO Quickstart ?

I have not experience with TripleO but recently I saw a new bugzilla that it is related to your question / problem:

https://bugzilla.redhat.com/show_bug....

So, my advice is (I'm not related to RH and I don't speak for RH):

  • If you are a rh customer open a tickect to rh customer portal;

  • If you use RDO try to use rdo-list to post your questions.

HTH Amedeo

2016-07-18 02:12:38 -0500 answered a question openstack cli router gateway set

you could use openstack router set, have a look at:

openstack router set

HTH Amedeo

2016-07-17 12:52:56 -0500 answered a question /30 network per tenant

yes, you can but you could use a little trick, because in /30 you have only 2 usable IPs, one is lost for network and one is lost for broadcast, so the trick is, and works also with older version than mitaka:

  • you assign a private VLAN to the tenant, with a private subnet -> for example 10.10.10.0/29 (NO DHCP on this subnet); your physical router will be the DGW with ip 10.10.10.1 and on this router you must put a static to your neutron router for example with IP 10.10.10.6;

  • you create the neutron router with IP 10.10.10.6 (when you create the subnet 10.10.10.0/29 you could limit the usable IP only to 10.10.10.6) ;

  • then you could attach a new subnet /30 to this network by defining that subnet bigger than real, for example you could define on neutron as a /16 subnet and limiting usable floating IP only to your 4 IPs.

  • so your tenant as only 4 usable IP.

HTH Amedeo

2016-07-14 10:09:11 -0500 answered a question API to access the Dashboard statistics?

yes, you need to get every specific information through every component api for single tenant.

in spite of single tenant, but for all tenants, horizon show for the admin user a dashboard for all consumed resources (grouped by tenant)

Regards, Amedeo

2016-07-14 06:42:35 -0500 commented answer Create a VM in Openstack with One Primary Partition and two or more logical Partitions using Heat template

yes, you can

2016-07-14 03:34:31 -0500 answered a question Create a VM in Openstack with One Primary Partition and two or more logical Partitions using Heat template

I never used w2012 on heat templates, but what about using cinder volumes instead of partitioning nova C: drive?

2016-07-12 11:54:08 -0500 edited answer Change static ip address of a running instance

on openstack you could use neutron port-create, and using this command you could pass a static ip, for example:

neutron port-create --name your_static_port_name --fixed-ip ip_address=192.168.1.254 --security-group default Priv-Net

after that you can pass the port-id to "nova boot ... --nic port-id=190f4b1b-eecf-483d-b156-3a66f1a4a836 ... " or you can attach the new ethX interface to existing instance by "nova interface-attach"

otherwise you can use "neutron port-update" to assign to an existing port a new preferred IP -> you have to reconfigure your instance by hand with new IP because neutron antispoofing doesn't allow to use different IP than it expect (unless you disable it by a command like: "neutron port-update your_port_name --allowed_address_pairs type=dict list=true mac_address=XX:XX:XX:XX:XX:XX,ip_address=0.0.0.0/0").

HTH Amedeo