tze's profile - activity

2019-04-04 09:51:15 -0600 commented question no ssh to instance from neutron-gateway/0 - error “Permission denied (publickey)”

In ssh client you need the private key , the pub must be in the server's authorized_keys and can be instert there manually or with cloud-init and metadata service in cloud environments.

2019-01-23 01:49:10 -0600 commented answer SSH to instance in Physical Network fails "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)"

For 1st solution, if you use provider network, the DHCP must post routing rules for 169.254.169.254 address. If you have enable dhcp on your subnet and DHCP agent run must do this. If you use your own DHCP out of openstack then you must add these options. Check the routes from working environment.

2019-01-06 17:17:51 -0600 answered a question Windows instance can not reach metadata?

Because you say the Linux vms can access the the metadata service i think the installations of openstack (nova, neutron, etc) works fine. Is your windows instance has network adapter correct drivers? More simple, has your instance access to network or only console you can get? Depend of attributes in image you use the nova use different network adapter emulation. So check that your net is ok. Second think is the adapter to be configured as dhcp configuration because openstack send custom routes for ip 169.254.169.254 if you use provider networks (this is not the case in tenant networks with l3 agent). Check your route with command route print on a terminal. if your metadata service works you must get correct response for url http://169.254.169.254/.

2018-12-27 01:21:01 -0600 answered a question neutron network

If you are in University with limited access to network infastracture I think overlay network (with router and layer 3 agent) is the best, because I don't know if you switches allow you to pass vlans as segmentation method. From the other hand this way is more complicated and has same limitations like smaller MTU.

2018-12-27 01:13:27 -0600 answered a question Is there any service impact (Compute and network services) inside the VM, if the nova and neutron services on the hypervisor are restarted? The VM is an existing VM which has booted successfully.

It's absolutely safe to restart Nova compute service and neutron. All the architecture of openstack is as orchestrator, the Nova compute service sent commands to libvirt and libvirt to kvm. Same to neutron service, the neutron service give commands to open switch or brctl depends on your driver. With this design you can make updates to openstack (and hole major version) without stopping your vms.

2018-11-01 01:23:48 -0600 answered a question Attached volume to instance is not listed as disk in OS installing

First of all, when you create an instance the system copies the image (Centos in your case) to local ephemeral disk called root disk. This disk will deleted when the instance delete. You can change this with create a Volume from image and the boot instance from volume. In this case the volume will be available when the instance will be died. Now in the instance, the root disk or volume is connected as an emulated device. The os that you try to install must has drivers for this type of emulated disk. You must check in Nova project what properties you must apply to your image to tell the Nova what kind of disk will create (scsi, idea etc). It's something like scsi controllers that you need extra drivers if you try to install old os on them.

2018-07-10 03:29:18 -0600 commented question how to import xen vm to openstack kvm

Your vms are linux or windows;

2018-07-09 08:39:13 -0600 answered a question Where I can find iptables rules of the virtual router

Openstack for every network device (router, dhcp agent) creates and net namespace, so as correct you find the ip netns returns the net namespaces, so with ip netns exec you can run commands that not know what net namespace mean, or you can use other utilities that can bind directly to linux net namespaces. I preface to run :

ip netns exec <net namespace> bash

and then i start to work in the enviroment as o was without net namespaces.

2018-07-09 08:33:14 -0600 answered a question how to import xen vm to openstack kvm

The conversion of disk is the easy part. If the conversion done correctly you will see the boot screen but after a while maybe stack or blue screen will be appear. If you use virtio scsi disk controller, windows installation doesn't know about that driver and you must install them with rescue DVD and DISM utility. Alternative you can set property hw_disk_bus=ide on image and boot an instance. Secondly you need to remove any xen drivers that already exists in old installation, maybe the gplpv_uninstall_bat.zip (search in google for it) will helps you how to uninstall the drivers with rescue DVD. In my cases i do: 1. Convert the Disk (maybe with snapshot and then create volume). 2. Set the system-properties on volume (hw_disk_bus, hw_scsi_model etc) 3. I create a vm from Windows DVD (ISO) and attach the previous volume, so start and installation with an existing disk. 4. I attached and extra volume with Virtio KVM Drivers. 5. I Started the windows installation and in the advanced partition i choose to load a driver from the virtio KVM volume. 6. After the Virtio scsi controller's driver loaded i canceled the installation and i am going to repair command line and i run 7. DISM /image:C:\ /add-driver /driver:F:\virtiosisci\and64\xxxx.inf (where F:\virtiosisci\and64\xxxx.inf is the virtio scsi drivers for your windows).
8. type regedit and go to system and file-load hive. Find c:\windows\system32\config\system (where c:\windows is your old installation). Then in the loaded hive you can delete the keys and values as gplpv_uninstall_bat.zip describes.
9. After that you can delete vm and create a new with your volume.

P.S. Don't forger to set correct the system-properties on your volume before attach it to instances.

2018-07-06 17:19:20 -0600 answered a question instance launched with flavour doesn't add required Hard disk

Your disk is correct, you need cloud-init (or your action) to resize partions.

2018-07-06 17:16:21 -0600 answered a question Reset state of server(VM) using REST API

In my case i need two command to restore the server in correct state, 1) reset state to active (openstack server set --state active {server_id} ) 2) to stop server (openstack server stop {server_id} ) So in rest api you need: 1) POST on /servers/{server_id}/action with payload {"os-resetState": {"state": "active"}} 2) POST on /servers/{server_id}/action with payload {"os-stop" : null }

2018-05-15 03:37:49 -0600 commented answer nova ceph copy-on-write images doesn't work even if it's configured to

Damian i am too updated than you.Sorry. Mitaka is two releases back as my stack is so maybe my suggestion for the api and registry is not correct.Leave it as is. I had the same error and i opened the debug on compute's nova.conf and after the log i understand that show_multiple_locations must be 0.

2018-05-14 05:05:07 -0600 answered a question nova ceph copy-on-write images doesn't work even if it's configured to

Your configuration in glance-api.conf is not correct. The show_multiple_locations = True is for file store, you are use rbd store, so only the show_image_direct_url = True needed.

The v2_api is enabled by default (in Ocata release that i am running) so in my config i have only disabled the v1 api and registry with configs:

enable_v1_api = false
enable_v1_registry = false
2018-01-30 02:18:39 -0600 commented question RDO PIKE: failing north-south connectivity when using VLAN isolation

Why you are using VLAN mechanism if your external network don't know the vlan ids?how other nodes connect with? No i haven't read it! I am using vanila openstack in a production openstack private cloud environment on openSuSE linux, so looks RDO has specific configs, sorry for your time.

2018-01-29 08:45:32 -0600 commented question RDO PIKE: failing north-south connectivity when using VLAN isolation

try with different subnets, for tenant network use 192.168.x.x something to be clear.Your router (ns) must have a connection to your provider network (like physical routers WAN interface)and multi connections with internal networks.The FIP are on "WAN" interface.What is the 123.57.10.1 on router?

2018-01-29 07:41:43 -0600 commented question RDO PIKE: failing north-south connectivity when using VLAN isolation

I think you are a little confused. The 10.116.64.10 ip is management address for infrastructure and not for the virtual network.Not allowed to have visibility from tenant networks to management networks. I think this make difficult to your case is you use the same subnet. Try other tenant network.

2018-01-29 03:20:48 -0600 commented question RDO PIKE: failing north-south connectivity when using VLAN isolation

Your problem is that you cannot ping from 10.116.64.101 to 10.116.64.10 but you can ping from 10.116.64.10 to 10.116.64.101? This looks to me as firewall, so my mind goes to Security Group. As i remember in the default security group the incoming icmp is blocked. Check and this parameter.

2017-11-02 05:55:19 -0600 commented answer Nova-compute not showing on nova service-list(controller)

@oscar I have the same problem. In my environment i have already 3 compute nodes that communicates without error with conductor but a new one compute service start to talk successfully but after some changes stopped. my guess is something wrong with package versions happen (python-oslo.*)

2017-08-01 07:32:19 -0600 received badge  Nice Answer (source)
2017-04-02 15:20:21 -0600 answered a question to long interface names

I use newton release with libvirt xen on openSUSE, and i had the same error. The error comes from interface suffix name that xen use. The problem caused from script /etc/xen/scripts/vif-common.sh as you can see the script try to create an interface with name something like tap320055bf-15-emu (for hvm is tap, for pv is not emulated so not cause error) but xen supports until 16 character devices. So
if you change suffix to be for example -e than -emu the problems solved. So you can change the lines 103 and 111 with changes:

103c103
<     dev_=${dev_%-e}
---
>     dev_=${dev_%-emu}
111c111
<         vifname="${vifname}-e"
---
>         vifname="${vifname}-emu"

You must be careful, if you make any package updates of your xen you must re-apply the patch.

I know this is dirty way but works. I will be very happy if i find another way.

2017-03-28 15:18:01 -0600 answered a question Openstack-Ansible - restart services

You can restart the the Control Plane Host, the API and network maybe not working during the reboot (because netowrk container works on this hosts) but the vms will contnue to work. All the containers are designed to auto started.

NT

2017-03-24 13:40:33 -0600 answered a question Help!!! Openstack-Ansible error on container eth1 interfaces

Its problem with network config. Make the config correct and run the installation from the scrutch.

2017-03-24 13:36:25 -0600 answered a question Neutron linuxbridge agent starts and then goes to failed state in the controller node of openstack

Your broblem is in sudo wrap at your agent. Check if sudo works on agents. Maybe broblem with neutron os account or sudo files (/etc/sudoers, /etc/sudoers.d).

2017-01-18 05:02:45 -0600 commented question Horizon shows that my instance gets IP address,but actually it does not!

The configuration of OVS look ok. But i don't know if your physical switch's ports are configured as trunk ports. If your switch isn't managed you must change or to Flat provider network or to overlay tenant network. Finally i can see vlan tag 1, this maybe cause problems to untagged PID in switch.

2017-01-18 04:46:26 -0600 received badge  Supporter (source)
2017-01-14 14:26:52 -0600 commented question Horizon shows that my instance gets IP address,but actually it does not!

Is your overlay network correct? You use openvswitch? Please paste the result of ovs-vsctl show of controller and compute nodes.

2017-01-14 12:29:21 -0600 commented answer VM IP address not assigned

You welcome @fabry00 . I mean maybe in the new cloned node you have forgot to change the [ovs]\local_ip setting in openvswitch_agent.ini. Can you add in outputs the ovs-vsctl show of the new node (as i understand is the node9).

2017-01-14 09:54:03 -0600 commented question firewall_driver = openvswitch

I try to use the native openvswitch firewall too but i can't (on newton release). Everything run without error but agent never creates the xvlan tunnels on br-tun.

2017-01-14 09:54:03 -0600 received badge  Commentator
2017-01-08 14:50:48 -0600 commented answer Openstack: Could not load neutron.agent.linux.interface.OVSInterfaceDriver

Have you setup in file dhcp_agent.ini (section [DEFAULT]) interface_driver = openvswitch ? This is common mistake with named classes. Change this setting restart agent and message will stop (maybe other messages will raised from the driver).

2017-01-08 14:39:35 -0600 commented answer WARNING stevedore.named [req-11821da7-e1f5-46de-92a8-e93536819f8d - - - - -] Could not load neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

Neutron use named classes (check the error source is stevedore.named). You have a file setup.cfg that has the correct name for these classes. I think the right value is "iptables" for linuxbridge-agent and "linuxbridge" for l3-agent.

2017-01-08 14:32:52 -0600 commented question vxlan issue on compute node

The overlay network must work for all compute and network nodes,and must be communicate(for example ping) each other.The overlay network defined on openvswitch_agent.ini and in [ovs]\local_ip for each node.So if you try from network node to ping new compute on this ip and you cannot, check you nets.

2017-01-08 14:15:11 -0600 commented question Openstack newton with openvswitch, error in VM instantiation in compute node. (port binding error)

I aggree with others, your config is not correct, you can see the clear message: AMQP server on controller:5672 is unreachable

2017-01-08 14:09:57 -0600 answered a question Failed to Create the provider network

As i can see your linux bridge name must be ens160, is this bridge interface or ethernet interface? You must create the bridge with your distribution's tools and then you must define the bridge name in linuxbridge_agent.ini on [linux_bridge]\physical_interface_mappings = provider:<bridge_name>

The simplest topology is on bridge with one physical interface on it.

2017-01-07 10:15:48 -0600 answered a question Newton CentOS firewall driver issue

The firewall driver name is not correct, the correct setting is: firewall_driver=iptables Neutron use named class loader and accepted values are in setup.cfg file.

2017-01-07 10:06:27 -0600 answered a question Newton neutron Bridge

The firewall driver is not correct. The correct setting is : firewall_driver = iptables. Neutron used named classes and you can find all named classes from https://github.com/openstack/neutron/....

2017-01-06 05:54:53 -0600 commented answer VM IP address not assigned

I think the problem is the connection of two br-tun bridges. With command: "ovs.vsctl show" on both, netnode and new node you must see from one port on br-tun of type gre or vxlan. The ip's of this connection are configured on openvswitch_agent.ini in [ovs]\local_ip setting.

2017-01-02 15:45:21 -0600 commented question I can ping all IPs in my DHCP pool!

Your private subnet (on controller) is 172.16.0.0/24 or something else? Routing table (on controller)?

2017-01-02 15:33:23 -0600 answered a question Use provider network for internet?

Actually you don't need internet access on your management network, only for setup, update, API's access etc. If you like you can have isolated management network and only on net node you must have connection with provide network to give public access to your vm's. Personally i suggest to route internet access on management network because is very helpfully.

2017-01-02 14:16:20 -0600 answered a question Newton: Will public floating IP addresses work with current configuration?

To work with floating ips you need your network node to have connection with your router. Every floating you use in openstack added on the interface on network node (in the router's net namespace) and your router routting the traffic. So from your CIDR one ip will used by the netgear and all others will added on openstack as floating ip pool.Then the neutron makes nat the floating ip to your private ip. So in your question i think the answer is "the ips actually used by the server". I think you never need to flush any arp cache. If you need any other information tell me to explain you.

2017-01-02 11:46:48 -0600 answered a question metadata service not working (Juno)

Have you check if the mrtadata proxy service is started on compute nodes? The connection between vm and metadata service is via metadata proxy of neutron.

2017-01-02 11:41:51 -0600 answered a question VM IP address not assigned

On new host changed the network interface, so check if the os firewall added the internal interfaces on some restricted zone. Check the conectivity of instanse with the dhcp's Net Namespace on network node. Maybe the iptables in netns blocks the dhcp calls. If you add manual ip address on vm has connectivity with assisiated subnet?

2017-01-02 11:31:03 -0600 commented question Rebooting Network node after installation

What agent driver you use? Os? In my OpenSuSE installation i had problems with services dependency between network and openvswitchd service.

2017-01-02 11:23:32 -0600 commented question I can ping all IPs in my DHCP pool!

I cannot understand the network topology. You use flat provider networking? Normally, from controller you need router to connect on vms. Have a layer 3 router configure? About @Bernd suggestion is to check if the reply of ping comes from corrct mac address, you can check with tcpdump or with arp.

2016-12-29 03:34:49 -0600 received badge  Enthusiast
2016-12-28 18:22:38 -0600 answered a question Cannot Ping VMs

First of all i think Some versions of Cirros Image has a bug with DHCP leases. Check if your Image version hasn't bug on DHCP lease. Secondly i think your gre setup is ok. On your both nodes (Network and compute) you have from one internal port so, you can add a temporarly ip (other subnet of that you already used) on both interfaces (Network node/br-tun, Compute node/br-tun) and check if they can ping each other. If your ping works, your gre tunnel is correct. I need more details to suggest you something else, for example the neutron networks config, and subnet confg. You Dhcp agent works fine(openstack network agent list)? On network node the network namespace created correct?

2016-12-28 17:48:49 -0600 edited answer Neutron configuration with libvirt

As i can see in this Guide used Provider Network configuration. So in the one VM example use the net you create on provider vlan 223. Your vm's work because both belongs to vlan 223. Normally you cannot communicate with vm's with this configuration, except if you attach some device to vlan 223 and gives it a valid ip (not included to allocation poll of sub-net you created before). I cannot understand why you must ping from Controller the instances? If you need to access the vms outside of the virtual network, you must enable floating ip address, but this need L3 routing module.