Ask Your Question

Rajesh Ramachandran's profile - activity

2018-03-01 02:53:06 -0500 received badge  Popular Question (source)
2018-02-19 22:19:47 -0500 received badge  Famous Question (source)
2017-10-19 09:43:56 -0500 received badge  Notable Question (source)
2017-10-19 09:43:56 -0500 received badge  Popular Question (source)
2017-10-01 03:31:47 -0500 asked a question At which interface GBP rules are applied in compute node

With an Openstack environment integrated with Cisco ACI for networking,

If we are going with Group based policy for security rules for instances, at which interface the GBP policy is applied in the compute node :

Output of hypervisor with single instance running on it :

# ip a | grep -i tap
23: tapd3b51c87-5e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN qlen 1000
#


# ovs-vsctl show
931c18f8-9544-469c-a38b-ba3b6792110b
    Bridge br-int
        fail_mode: secure
        Port of-svc-ovsport
            Interface of-svc-ovsport
        Port "enp8s0"
            Interface "enp8s0"
        Port br-int
            Interface br-int
                type: internal
        Port "tapd3b51c87-5e"
            Interface "tapd3b51c87-5e"
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
    ovs_version: "2.5.0"
2017-09-07 07:51:20 -0500 commented question How long will "Testing if puppet apply is finished" take?

I have faced similar situation where the RAM was insufficient.

Check the RAM size during the installation. Recommended size is 5 to 6GB. Also, check whether the NetworkManager and firewalld is disabled. Or any errors in the logs which will be under /var/tmp/packstack ?

2017-09-04 04:37:26 -0500 received badge  Critic (source)
2017-09-03 23:31:51 -0500 commented question Unable to flush expired tokens - token.ibd

Thanks Bernd for your suggestions. As you said, it took long time because of large number of expired tokens. All good now. I also reduced the size of token.ibd by "optimize table token;"

2017-08-31 05:32:28 -0500 asked a question Unable to flush expired tokens - token.ibd

I have a RH openstack setup (undercloud and overcloud) with a single director and 3 controllers in HA mode and remaining computes.

I was trying to backup the undercloud database and observed that the DB size was more.

token.ibd is occupying more space in the disk :

# du -sch /var/lib/mysql/keystone/token.ibd
57G     /var/lib/mysql/keystone/token.ibd
57G     total

There is a cron job to execute keystone-manage token_flush command, but it looks like the cron job is not working as expected.

I tried manually running the “keystone-manage token_flush” command, it just hangs and doesn’t help. I don’t see any obvious errors from mariadb log.

If the size/number of expired tokens are high, does that cause the token_flush command to fail to handle ? If so, how do we deal with flushing the expired keystone tokens ?

2017-08-06 23:19:51 -0500 commented question Can not associate the floating ip to instance

I believe your network doesn't have a route to floating IP network. is the router attached to the external network as gateway and the router interface to the private network ? What is your network topology ?

2017-08-06 00:11:47 -0500 commented question Can not start the mariadb.service in the 3th node

any errors from mariadb log or message logs ?

2017-07-26 23:30:02 -0500 answered a question Cannot boot VM with a port that does not have an IP

I see an abandoned change -- https://review.openstack.org/#/c/239276/

I doubt if it's possible to boot VM with a port without IP even though you are able to create neutron port.

In my liberty environment, I see the below exception :

class PortRequiresFixedIP(Invalid):
    msg_fmt = _("Port %(port_id)s requires a FixedIP in order to be used.")

May be you can create a subnet, diable DHCP and boot VM's ? , if that is your setup requirement.

2017-07-26 07:18:27 -0500 asked a question Traffic flow of VM which is integrated with ACI

I am given an built Openstack environment to support. The environment is Redhat Openstack Liberty release. It is integrated with Cisco ACI as part of network design. Controller and Compute node is connected to a network for Opflex communication. Right now I see VM's which are already launched and floating IP associated with it. When I look into the compute node,I could see only tap interface associated with the port. No ovs bridges. No Linux Bridge.

I would like to understand how do the traffic flow to be traced from VM to external network ? If you need any additional details, please let me know.

2017-07-16 01:02:12 -0500 commented question Issue with glance image created from volume

1, Create instance from "Boot from image, Create new volume" option

2, Convert the volume to image

3, What is the image size you are getting out of it ? --> openstack image show <image id="">

4, Compare it with the size of flavor disk you are going to boot with.

2017-07-16 00:40:55 -0500 received badge  Commentator
2017-07-11 06:57:55 -0500 commented question no swift for newton ?

Can you provide the link for the document you are referring ?

2017-07-03 08:02:04 -0500 answered a question Volume creation with size more than 20GB is failing in OCATA

In /etc/cinder/cinder.conf, you can check under [lvm] section to see which volume_group is used as lvm backend.

2017-05-25 07:48:06 -0500 answered a question Are security groups applied at port or instance level?

Security groups are generally applied at the instance level. If there is a VM with two ports connected to different networks and security groups needs to be applied at port level, you can update the port with "neutron port-update"

neutron port-update --security-group <security group ID> <Port ID1>
neutron port-show <Port ID1> | grep -i security_groups (To check)
2017-04-25 03:53:48 -0500 commented question device dev/sda not found or ignored by filtering using vmware (openstack)

Check for verbose output just in case if you get any additional information: pvcreate -vvv /dev/sda.

Is the device part of multipathing solution ?

2017-04-20 01:17:24 -0500 received badge  Famous Question (source)
2017-04-13 00:47:46 -0500 commented question packstack Ocata --allinone error:

For nova scheduler issue, what is the output of "systemctl status openstack-nova-scheduler". Also, does the scheduler logs has any error messages ?

2017-04-13 00:46:57 -0500 commented question packstack Ocata --allinone error:

I would check if NTPD is already running, In that case you can edit the answer file and leave "CONFIG_NTP_SERVERS" to be blank. If not, please check if CONFIG_NTP_SERVERS has the right pools of ntp servers.

2017-04-11 23:42:13 -0500 commented question packstack Ocata --allinone error:

Great, Glad that you found the issue !!

2017-04-11 03:18:54 -0500 commented question packstack Ocata --allinone error:

Could you give more logs ?

tail -100 /var/tmp/packstack/20170407-160121-81CAUG/manifests/10.101.23.50_controller.pp.log

2017-04-06 10:25:03 -0500 received badge  Teacher (source)
2017-04-06 06:06:40 -0500 answered a question input username and password as userdata on windows instance

Start with :

 #ps1_sysnative (system native)

 #ps1_x86 (Windows On Windows 32bit)

Please check if the below would be helpful :

#PS1
$UserName = 'Administrator'
$Password = "abcd"
$ComputerName = "."
$Account = [ADSI]"WinNT://$ComputerName/$UserName,user"
$Account.SetPassword($Password)
$Account.SetInfo()
2017-04-06 06:03:32 -0500 asked a question Unable to access dashboard after packstart allinone installation

I installed Ocata version on a CentOS machine and the installation went successful. After which I am getting below error while accessing the dashboard :

Something went wrong!

An unexpected error has occurred. Try refreshing the page. If that doesn't help, contact your local administrator.

Seeing below error messages in horizon.log

2017-04-06 12:50:33,704 54682 ERROR django.request Internal Server Error: /dashboard/auth/login/
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/lib/python2.7/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper
    return view(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/django/utils/decorators.py", line 110, in _wrapped_view
    response = view_func(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/django/views/decorators/cache.py", line 57, in _wrapped_view_func
    response = view_func(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/openstack_auth/views.py", line 104, in login
    **kwargs)
  File "/usr/lib/python2.7/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper
    return view(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/django/utils/decorators.py", line 110, in _wrapped_view
    response = view_func(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/django/views/decorators/cache.py", line 57, in _wrapped_view_func
    response = view_func(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/django/contrib/auth/views.py", line 44, in login
    if form.is_valid():
  File "/usr/lib/python2.7/site-packages/django/forms/forms.py", line 184, in is_valid
    return self.is_bound and not self.errors
  File "/usr/lib/python2.7/site-packages/django/forms/forms.py", line 176, in errors
    self.full_clean()
  File "/usr/lib/python2.7/site-packages/django/forms/forms.py", line 393, in full_clean
    self._clean_form()
  File "/usr/lib/python2.7/site-packages/django/forms/forms.py", line 417, in _clean_form
    cleaned_data = self.clean()
  File "/usr/lib/python2.7/site-packages/django/views/decorators/debug.py", line 36, in sensitive_variables_wrapper
    return func(*func_args, **func_kwargs)
  File "/usr/lib/python2.7/site-packages/openstack_auth/forms.py", line 126, in clean
    auth_url=region)
  File "/usr/lib/python2.7/site-packages/django/contrib/auth/__init__.py", line 74, in authenticate
    user = backend.authenticate(**credentials)
  File "/usr/lib/python2.7/site-packages/openstack_auth/backend.py", line 165, in authenticate
    for id_endpoint in [cat for cat in id_endpoints['identity']]:
KeyError: 'identity'

Any pointers please ?

2017-04-05 00:33:36 -0500 answered a question Can't launch instances - not enough RAM?

I believe what you are seeing is the quota for the RAM in your tenant. Check if you have enough quota for RAM, using "nova quota-show" command

2017-04-03 06:44:45 -0500 commented question Floating IPs not accessible from inside && outside

Can you check "arping 10.29.14.144" from router namespace ? If you get response, ICMP rule might be missing in security group rule. Also, please check snat rules in iptables from router namespace.

2017-04-02 14:01:07 -0500 received badge  Scholar (source)
2017-03-31 00:06:38 -0500 received badge  Citizen Patrol (source)
2017-03-30 21:07:06 -0500 received badge  Notable Question (source)
2017-03-30 08:36:15 -0500 commented question Rabbitmq unstable error in ocata release

any error messages in rabbitmq logs ?

2017-03-30 04:38:09 -0500 answered a question Neutron doesn't know what lbaas is

LBAAS package should be missing.

Install the package "openstack-neutron-lbaas". It should create the configuration files and you can edit those.

2017-03-30 01:49:46 -0500 commented question openstack endpoint list fails with message "Failed to contact the endpoint at http://controller:35357/v3/ for discovery"

Thanks Bernd for your suggestions !!

2017-03-28 05:27:43 -0500 answered a question openstack using packstack(RDO) on rhel 7.1 gets stuck

There is a possibility that the server doesn't have enough memory. Check the RAM size during the installation. Recommended size is 5 to 6GB. Also, check whether the NetworkManager and firewalld is disabled. You can check logs under /var/tmp/packstack/ which will give pointers if the issue is otherwise.

2017-03-28 02:28:08 -0500 received badge  Popular Question (source)
2017-03-28 02:27:29 -0500 received badge  Student (source)
2017-03-28 02:25:06 -0500 answered a question openstack endpoint list fails with message "Failed to contact the endpoint at http://controller:35357/v3/ for discovery"

Ok, it seems that while doing the "Bootstap of Identity service" I used "controller" as the name instead of my controller IP. And there was no reference for my controller IP to point to the name "controller".

Command which I used :

 # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:35357/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

My Keystone DB was pointing to http://controller:%3Cport%3E (http://controller:<port></port>), whereas my AUTH_URL which I sourced was http:{controller IP}

As a fix, I added 127.0.0.1 controller to /etc/hosts file.

2017-03-26 05:02:13 -0500 asked a question openstack endpoint list fails with message "Failed to contact the endpoint at http://controller:35357/v3/ for discovery"

Hi, I am trying to deploy a single node openstack on a Centos VM following the guide :

https://docs.openstack.org/ocata/inst...

I have installed Identity Service and was attempting to create a "service" project which is when I get this error :

# openstack project create --domain default   --description "Service Project" service
Failed to contact the endpoint at http://controller:35357/v3/ for discovery. Fallback to using that endpoint as the base url.
Failed to contact the endpoint at http://controller:35357/v3/ for discovery. Fallback to using that endpoint as the base url.
Failed to contact the endpoint at http://controller:35357/v3/ for discovery. Fallback to using that endpoint as the base url.
Failed to contact the endpoint at http://controller:35357/v3/ for discovery. Fallback to using that endpoint as the base url.
Unable to establish connection to http://controller:35357/v3/domains?: HTTPConnectionPool(host='controller', port=35357): Max retries exceeded with url: /v3/domains (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0x3e3db90>: Failed to establish a new connection: [Errno -2] Name or service not known',))
[root@rajesh ~]#

I understand I would have made some mistake in configuation of http or keystone.conf, but couldn't figure out. Any pointers please ?

Here is my output from keystone.conf and httpd.conf:

[root@rajesh ~]# cat /etc/keystone/keystone.conf | grep -i "connection ="
connection = mysql+pymysql://keystone:openstack@{Controller IP address entered}/keystone

[root@rajesh ~]# cat /etc/httpd/conf/httpd.conf | grep -i ServerName
ServerName "rajesh.manual"
[root@rajesh ~]#


[root@rajesh ~]# hostname
rajesh.manual
[root@rajesh ~]#
2017-03-23 00:49:11 -0500 received badge  Supporter (source)
2017-03-17 00:12:13 -0500 received badge  Enthusiast