Ask Your Question

gunph1ld's profile - activity

2017-06-29 07:31:39 -0600 received badge  Famous Question (source)
2017-06-28 06:01:56 -0600 received badge  Notable Question (source)
2017-03-23 14:50:33 -0600 received badge  Popular Question (source)
2017-03-14 14:10:23 -0600 asked a question Networking in Trove. Security question

Hello,

I use Trove on my test environment and some things look very insecurely for me. The base trove schema requires access to the MQ service from guest instances, that means the network allocated to guest instances (let's call it the trove network) should has access to the management network (where the MQ servers placed), but in order to allocate a network port on the trove network a client need to have access to this network. The question is — what does prevent (or can prevent) users to create an instance (not a trove guest, but just a common compute instance) in the same trove network and get access to the management network (at least to the MQ service). It’s not a problem for trove guests, because clients don’t have SSH access to trove guests. Seems, nothing does and any clients can just allocate instances on the trove network and get access to the MQ service (next, ddos is a possible security violation at least) I found the config option trove_managed_net_id in the Trove wiki, but there are no mentions how to use it and I can not find any terminations of those options in the trove code (newton release)

Thanks.

2016-11-04 04:27:22 -0600 received badge  Notable Question (source)
2016-11-04 04:27:22 -0600 received badge  Famous Question (source)
2016-10-21 19:11:06 -0600 received badge  Notable Question (source)
2016-10-21 03:41:16 -0600 answered a question How to add additional mangle rules into qrouter ?

Bernd Bausch is right, the rules are coming from /usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_manager.py

2016-10-21 03:40:57 -0600 received badge  Scholar (source)
2016-10-21 03:40:55 -0600 received badge  Supporter (source)
2016-10-21 01:16:56 -0600 received badge  Popular Question (source)
2016-10-20 11:25:24 -0600 commented answer How to add additional mangle rules into qrouter ?

nothing

# grep -Ei 'mangle|mark' neutron.sql 
  `qos_marking` enum('untrusted','trusted') DEFAULT NULL,
2016-10-20 10:35:35 -0600 asked a question How to add additional mangle rules into qrouter ?

Hello Folks!

I want to add additional mark rules into my qrouter, like this:

ip netns exec qrouter-4*53-8e37-039e8bab301f iptables -t mangle bla-bla-bla

But my rules are disappearing every time. Where does l3-agent save iptable rules?

2016-08-10 02:10:22 -0600 received badge  Citizen Patrol (source)
2016-08-09 14:57:54 -0600 received badge  Popular Question (source)
2016-08-09 02:26:37 -0600 received badge  Editor (source)
2016-08-09 02:25:57 -0600 asked a question cinder does not work with ceilometer

Hello, guys!

I use Cinder with CEPH backend and can't find any volume meters in Ceilometer.

# ceilometer meter-list

(Show nothing with volumes.*)

cinder.conf:

control_exchange = cinder
cinder_volume_usage_audit = True
volume_usage_audit_period = hour
[oslo_messaging_notifications]
driver = messagingv2

Then, I tried to use command cinder-volume-usage-audit, but also did no affect:

# cinder-volume-usage-audit --send_actions --config-file /etc/cinder/cinder.conf
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:241: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
  exception.NotSupportedWarning

Why ceilometer meter-list does not show any volume meters?

2016-08-09 02:23:34 -0600 received badge  Famous Question (source)
2016-08-09 02:22:48 -0600 received badge  Enthusiast
2016-07-31 23:32:16 -0600 received badge  Teacher (source)
2016-07-31 23:32:16 -0600 received badge  Self-Learner (source)
2016-07-30 01:52:24 -0600 received badge  Notable Question (source)
2016-07-29 13:07:30 -0600 answered a question DVR, Floating IPs are not working. Failed sending gratuitous ARP

It is working with the old kernel. I've made an issue here - https://bugs.centos.org/view.php?id=1...

2016-07-29 01:07:43 -0600 commented question DVR, Floating IPs are not working. Failed sending gratuitous ARP

kaustubh, where is misconfiguration?

2016-07-29 00:15:47 -0600 received badge  Popular Question (source)
2016-07-28 14:47:07 -0600 commented question DVR, Floating IPs are not working. Failed sending gratuitous ARP

ip netns exec fip-4f2774d1-dfb8-4833-8374-806e1fc40827 arping -A -I fg-86481da8-4c -c 3 -w 4.5 172.16.48.6 bind: Cannot assign requested address

Versions in the post above

2016-07-28 13:02:55 -0600 received badge  Student (source)
2016-07-28 10:12:29 -0600 asked a question DVR, Floating IPs are not working. Failed sending gratuitous ARP

Hello, I'm trying to use DVR and floating IPs, but it does not work. When I'm trying to associate a floating IP with VM, I see on the compute node:

2016-07-28 14:26:31.893 125513 DEBUG neutron.agent.linux.utils [-] Running command (rootwrap daemon): ['ip', 'netns', 'exec', 'fip-4f2774d1-dfb8-4833-8374-806e1fc40827', 'arping', '-A', '-I', 'fg-86481da8-4c', '-c', '3', '-w', '4.5', '172.16.48.6'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:100
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.utils [-] Exit code: 2; Stdin: ; Stdout: ; Stderr: bind: Cannot assign requested address

2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib [-] Failed sending gratuitous ARP to 172.16.48.6 on fg-86481da8-4c in namespace fip-4f2774d1-dfb8-4833-8374-806e1fc40827
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib Traceback (most recent call last):
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib File "/usr/lib/python2.7/site-packages/neutron/agent/linux/ip_lib.py", line 1040, in _arping
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib ip_wrapper.netns.execute(arping_cmd, check_exit_code=True)
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib File "/usr/lib/python2.7/site-packages/neutron/agent/linux/ip_lib.py", line 927, in execute
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib log_fail_as_error=log_fail_as_error, **kwargs)
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib File "/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 140, in execute
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib raise RuntimeError(msg)
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib RuntimeError: Exit code: 2; Stdin: ; Stdout: ; Stderr: bind: Cannot assign requested address
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib
2016-07-28 14:26:31.912 125513 ERROR neutron.agent.linux.ip_lib
2016-07-28 14:26:31.948 125513 DEBUG oslo_messaging._drivers.amqpdriver [-] received reply msg_id: 67908aabc9bd446493cd22af8cccbd59 __call__ /usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py:302
2016-07-28 14:26:31.949 125513 DEBUG neutron.agent.linux.utils [-] Running command (rootwrap daemon): ['ip', 'netns', 'exec', 'fip-4f2774d1-dfb8-4833-8374-806e1fc40827', 'ip', '-o', 'link', 'show', 'fpr-a5e261f2-9'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:100

[root@node13 ~]# sysctl net.ipv4.ip_nonlocal_bind
net.ipv4.ip_nonlocal_bind = 1

[root@node13 ~]# ip netns exec fip-4f2774d1-dfb8-4833-8374-806e1fc40827 sysctl net.ipv4.ip_nonlocal_bind
net.ipv4.ip_nonlocal_bind = 1

Remote ping is not working:

[root@node13 ~]# ping -c2 172.16.48.6
PING 172.16.48.6 (172.16.48.6) 56(84) bytes of data.
^C
--- 172.16.48.6 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms

But ping into the namespace is working:

[root@node13 ~]# ip netns
fip-4f2774d1-dfb8-4833-8374-806e1fc40827
qrouter-a5e261f2-991c-497c-adcd-b1e9e1a8a001

[root@node13 ~]# ip netns exec fip-4f2774d1-dfb8-4833-8374-806e1fc40827 ping -c2 172.16.48.6
PING 172.16.48.6 (172.16.48.6) 56(84) bytes of data.
64 bytes from 172.16.48.6: icmp_seq=1 ttl=63 time=0.290 ms
64 bytes from 172.16.48.6: icmp_seq=2 ttl ...
(more)