Ask Your Question

aji-zqfan's profile - activity

2014-11-26 11:01:42 -0500 received badge  Teacher (source)
2014-02-04 02:55:29 -0500 answered a question create security group

I think the body is wrong, should be:

{ "security_group":{ "name":"new-webservers", "description":"security group for webservers" } }

see example: (

ps: you can open the debug option of CLI neutron --debug security-group-create defaulttest to see the detail of http interactive

2014-01-31 12:58:19 -0500 answered a question Havana keystone tenant creation problem

I think host doesn't running keystone service, or your request is proxied.

2014-01-31 07:28:58 -0500 answered a question Havana keystone tenant creation problem

sudo will open a sub shell in which the os env is not set, so you got the first error. No need to use sudo, keystone has its own rootwrap.

use keystone --debug user-list to get more information

2014-01-31 02:50:20 -0500 answered a question Getting H703 when i am trying i18n _() on running tox -e pep8

It means you need to use dictionary-based string formatting ( ( ).

msg = _("Created a network %(net_id)s under a tenant %(tenant_id)s") % {'net_id': network_id, 'tenant_id': tenant_id}

(NOTE this is more than 80 characters in one line, you need to break it down)

2014-01-10 10:53:05 -0500 answered a question Can different tenants's network can be used by all tenants for vm boot?

why assume? I think maybe you can verify it on your own test environment directly.

read /etc/neutron/policy.json for more details

2014-01-09 02:37:32 -0500 answered a question what's the role of slave_connection in neutron.conf

oslo is a common code project (and it is a bit strict to sync upstream code from oslo to each project.), the link you provided in neutron is exactly oslo code. you can read for more detail.

some projects will define their own get_session, but just a simple wrapper to oslo's get_session, or maybe some special case cannot be met in specific low level driver so particular code should handle that. usually, openstack projects use oslo get_session directly, for i.e., nova, keystone, cinder, glance.

Neutron has written a simple helper function get_session, which just changes the default value of parameter sqlite_fk(which means SqliteForeignKeys) in oslo get_session, you can dig deeper to figure out why it does that, and I think this is another question.

-------------------details can be ignored--------------------- zqfan@openstack-dev:~/openstack/nova/nova$ grep -n 'def get_session' ./ -r ./openstack/common/db/sqlalchemy/ get_session(autocommit=True, expire_on_commit=False, ./tests/virt/xenapi/ get_session(): ./virt/hyperv/ def get_session_id_from_mounted_disk(self, physical_drive_path): ./virt/baremetal/db/sqlalchemy/ get_session(autocommit=True, expire_on_commit=False): ./virt/xenapi/client/ def get_session_id(self):

zqfan@openstack-dev:~/openstack/cinder/cinder$ grep -n 'def get_session' ./ -r ./openstack/common/db/sqlalchemy/ get_session(autocommit=True, expire_on_commit=False, ./volume/drivers/xenapi/ def get_session(self):

zqfan@openstack-dev:~/openstack/neutron/neutron$ grep -n 'def get_session' ./ -r./openstack/common/db/sqlalchemy/ get_session(autocommit=True, expire_on_commit=False, ./db/ get_session(autocommit=True, expire_on_commit=False):

2014-01-08 03:29:37 -0500 answered a question what's the role of slave_connection in neutron.conf

you can read this wiki to get a general knowledge: (

the sql connection/slave_connection config opt is used by oslo sqlalchemy session module[0], not neutron directly, for now, I didn't find code in neutron using slave db feature. (If I'm wrong, please let me know, thanks)

some code may use slave db to reduce the master's load, for i.e. nova periodic task[1][2], they are read operations and can accept a little lag, but operator should ensure the lag is not too high.

[0] ( [1] ( (#631, for i.e.) [2] (

2013-10-22 15:27:59 -0500 answered a question configure Neutron with 2 external networks using linuxbridge plugin / agent

are the namespaces, which are created by the first l3, flushed?

2013-10-11 03:22:20 -0500 answered a question Is it possible for a normal user to check the tenant list?

sorry, i reverified, i think there is no such way fo us to list user's tenant directly via keystone cli, but as @haneef Ali (haneef) said, you can use rest api to get the result

NOTE: i think only v3 support such request, if you modify the v3 to v2.0, it will return 404 error

so you can edit a small shell script and use it like:

root@openstack:~# cat #! /usr/bin/env bash

user_id=$(keystone user-get $1 | awk '/ id / {print $4}') curl -H "X-Auth-Token: ${OS_TOKEN:-$SERVICE_TOKEN}" "${OS_AUTH_URL%5000*}35357/v3/users/$user_id/projects"

root@openstack:~# sh demo {"links": {"self": "http://localhost:5000/v3/users/4bb84f6f499b481fa7f433a4168b03a6/projects", "previous": null, "next": null}, "projects": [{"description": null, "links": {"self": "http://localhost:5000/v3/projects/543cf789e0ca4f189f7d955592991ed0"}, "enabled": true, "id": "543cf789e0ca4f189f7d955592991ed0", "domain_id": "default", "name": "service"}]}

NOTE: you mush set OS_TOKEN and/or SERVICE_TOKEN, or you will get a 401 unauthorized error

or you can use this prettyTable script : download it to you local directory and link it

ln -s /path/to/the script /usr/local/bin

then you can directly type: # user-tenant-list demo +----------------------------------+---------+---------+-------------+ | id | name | enabled | description | +----------------------------------+---------+---------+-------------+ | 543cf789e0ca4f189f7d955592991ed0 | service | True | | +----------------------------------+---------+---------+-------------+

Finally, i think these two approaches are not so convinent, there must be a convinent way or we should creat it in keystone

2013-10-10 16:37:27 -0500 answered a question Is it possible for a normal user to check the tenant list?

i think there is no need to change the policy, i will reverify it in real envrioment, grizzly 2013.1.3, or maybe someone else can sovle it

good luck

2013-10-10 15:41:27 -0500 answered a question Cannot assign instance to a given network from Python novaclient API

you're welcome

ps, you can subscribe the mailing list: 1. 2. ( to get more help, because the is not so actvie as mailing list

and/or you can join irc channel to get realtime help (if someone interests on the question): 1.

2013-10-10 15:19:45 -0500 answered a question Is it possible for a normal user to check the tenant list?

keystone --os-username xxx --os-password xxx tenant-list

usually, we set os env var to OS_USERNAME=admin OS_PASSWORD=xxx (and there are other necessary env vars) to short the command, and run for admin: keystone tenant-list

you can set os env var to your own tenant name (along woth its corresponding password), so the command can short as admin tenant, but it would be a little inconvinent to switch back, that depends on you

2013-10-10 15:05:31 -0500 answered a question Cannot assign instance to a given network from Python novaclient API

oh, sorry, novaclient use boot instead of create, so the nova help command is nova help boot

2013-10-10 15:04:04 -0500 answered a question Cannot assign instance to a given network from Python novaclient API

i think the common way to solve such problem is:

  1. find documents in for i.e. ( , it may not be right, but can provide a general knowlege, like it said:"The parameter fixed_ip is used only when network uuid is specified; also, when port is specified, network uuid and fixed_ip are properties of the port and are ignored. Omit fixed_ip and (network) uuid to avoid validation errors."
  2. use cli help, for this case: nova help create, it can give you a direct param help message
  3. read the source code, code is power for i.e. in novaclient/

384 if nics is not None: 385 # NOTE(tr3buchet): nics can be an empty list 386 all_net_data = [] 387 for nic_info in nics: 388 net_data = {} 389 # if value is empty string, do not send value in body 390 if nic_info.get('net-id'): 391 net_data['uuid'] = nic_info['net-id'] 392 if nic_info.get('v4-fixed-ip'): 393 net_data['fixed_ip'] = nic_info['v4-fixed-ip'] 394 if nic_info.get('port-id'): 395 net_data['port'] = nic_info['port-id'] 396 all_net_data.append(net_data) 397 body['server']['networks'] = all_net_data

so, nics is a list of dict, each may have key of net-id, v4-fixed-ip, port-id, in your case, you can use nova.servers.create(name="samplehost", image=image, flavor=flavor,nics=[{'net-id': '9883ec93-4589-4fa2-825d-7a9a8215fd07'}])

it may not be right, because it depends on which version of novaclient you have installed. you can check and fix it

good luck

2013-10-09 15:56:16 -0500 answered a question [Grizzly]how to config multiple l3 agent for quantum ? I wanna run multiple l3 agent on one network node, because I wanna multiple external network.

i think maybe you can update this to the official manual, it's really useful

2013-10-04 03:06:30 -0500 answered a question neutron unit tests never complete

there is a bug report (

if you're urgent to pass ut, i think you can add mock.patch for neutron.openstack.common.loopingcall.FixedIntervalLoopingCall in neutron/tests/unit/linuxbridge/ class TestLinuxBridgeAgent.setUp

the root cause is TestLinuxBridgeAgent.test_update_devices_failed() create a LinuxBridgeNeutronAgentRPC agent but with LinuxBridgeManager mocked, the agent will report state periodically (because it is handled via FixedIntervalLoopingCall) with configuration, which needs LinuxBridgeManager.local_ip attr, as that object is mocked, json cannot serialize it

you can catch up with bug/1232155 for the real patch

good luck

2013-10-04 01:00:07 -0500 answered a question OperationalError 'no such table: quotas'

can you provider the sql_connection option in neutron.conf (please mask the real value of name and password)

2013-10-04 00:18:04 -0500 answered a question OperationalError 'no such table: quotas'

can you provide a full stack trace of this error? thanks

2013-10-03 10:41:49 -0500 answered a question OVS module gives error "FATAL: openvswitch module not found"

can you check if openvswitch-datapath-source and openvswitch-brcompat are installed?

2013-09-30 08:42:40 -0500 answered a question Fail scheduling network

'WARNING [quantum.db.agentschedulers_db] Fail scheduling network' is a warning, not error

even if everything is right, this warning will still produce when: 1) this network already scheduled on enough agent 2) there is no more enabled dhcp agent 3) there is no more actived dhcp agent

for the 1) case, it is not an system error, everything will be fine. in common case, each time you launch an instance, there will be a new port created, which will invoke dhcp schedule, and cause 1) case log.warn, and there already have a patch for such problem.

since your last comment is not related to the question title, please close this question and ask another one, or you can modify the title to suit your recently problem.


2013-09-29 00:46:22 -0500 answered a question [Grizzly]how to config multiple l3 agent for quantum ? I wanna run multiple l3 agent on one network node, because I wanna multiple external network.

and there is another similar question solved by yong sheng gong: (

2013-09-26 14:17:29 -0500 answered a question Error: Unable to locate package neutron-server E: Unable to locate package python-neutronclient

apt-get upgrade should run after apt-get update

in my notebook (which doesn't install quantum from ppa before), i add the grizzly ppa and update and run

apt-get install quantum-server python-quantumclient

everything is fine, no error is printed

it seems it is caused by wrong state (or wrong config) of apt, not caused by quantum, so i think you'd better search and fix it by yourself

after google the error you reported, i find this: ( ( which recommends affected people to rm (you can backup this dir instead of rm it directly) /var/lib/apt/lists/partial/* (not the partial dir itself), and run apt-get update

ps: in my apt sources.list, precise-security part (this is not set manually , not related the quantum ppa) is : deb precise-security main restricted deb-src precise-security restricted main multiverse universe #Added by software-properties deb precise-security universe deb precise-security multiverse

since i'm in china, the host domain name may different from yours, but the rest part should be same, please check your config file

2013-09-25 15:08:58 -0500 answered a question Error: Unable to locate package neutron-server E: Unable to locate package python-neutronclient

here is the grizzly guide: (

2013-09-25 14:49:23 -0500 answered a question Error: Unable to locate package neutron-server E: Unable to locate package python-neutronclient

sorry the doc is broken

if you want to install grizzly release, please change

apt-get install neutron-server python-neutronclient --> to

apt-get install quantum-server python-quantumclient

or if you want to install havana release, please add (or change the ppa) to /etc/apt/sources.list (note typo: not source.list) deb (http://ubuntu-cloud.archive.canonical...) precise-updates/havana main then you can install neutron-server and python-neutronclient

the other part are same, it is because this project has changed its name, sorry for this trouble.

2013-09-25 14:35:49 -0500 answered a question [Grizzly]how to config multiple l3 agent for quantum ? I wanna run multiple l3 agent on one network node, because I wanna multiple external network.

currently, you cannot run multiple l3-agent in a same host, and multi external network is not supported yet.

for i.e. l3-agent need to get_external_network_id via l3_rpc_base, and it invokes the plugin's method, which is defined in quantum/db/ (grizzly):

def get_external_network_id(self, context):
    nets = self.get_networks(context, {external_net.EXTERNAL: [True]})
    if len(nets) > 1:
        raise q_exc.TooManyExternalNetworks()
        return nets[0]['id'] if nets else None

so you can not directly run multiple external net in quantum, even you modify this part and all other related part, you still cannot support multiple external network, the l3-agent is designed to be unique in single host, there are many code based on this design. (you can see the init process of l3-agent, that will show you something, especially the ns destroy and create), so even multiple ext nets are created and multiple l3-agents are started (after some effort to modify), but they may still not work well (but you can try, nothing is impossible)

moreover, i think this feature will not be added to grizzly (even havana), since it is already in stable branch.

There already a few discussion about this topic in bugs comment and reviews, but sorry i cannot remember the links.

2013-08-05 18:07:16 -0500 answered a question How to run unit test?

using tox instead(sudo pip install tox), you can specify the python interpret environment, for i.e. tox -e py27, or directly run tox which will try to check all unit test for py26,py27,py33,pep8

2013-07-29 04:25:45 -0500 answered a question Instance is not getting a static IP

i'm not familar with fedora os, but for ubuntu os, the problem is same, and in my case the /etc/network/interfaces file not active the eth1, so you can check your os nic setting, if eth1 is not avtive, then active it and restart the network.

2013-07-25 05:42:31 -0500 answered a question Not able to ssh the launched instance

can you ping any other ip in your environment? you should check ping: sendmsg: Operation not permitted

if previous step is ok, you should check security-groups, and the security-group rules, to enable ping reply and ssh service, icmp -1 -1 and tcp 22 22 should be open

if previous step is ok, you can access your instance via VNC Console in the dashbaord, check your instance's ip

if previous step is ok, ping the host ip from the instance to find the problem

good luck

2013-07-19 10:14:28 -0500 answered a question Router External Gateway DOWN

i'm using ovs in gre mode, and i got same problem as you said: ovs-dpctl show br-ex: carrier: open failed: No such file or directory quantum port-show $wlan_port_id: status=down

however, i can ping outside via the wlan port from internal network port, i think it is because whether the port's is alive depends on admin_state_up, not status

hope someone can figure out where your problem

good luck

2013-07-17 04:41:51 -0500 answered a question Using a VNC client to connect to a vm

i use Remmina Remote Desktop Client as a vnc client, so i select vnc protocal and fill server ip with to connect to remote vm

the x means the number of output of virsh vncdisplay centos-6.4 in your referenced link

2013-07-16 12:17:05 -0500 answered a question How can I get quantum ports list associated with a security group

when you want to update a port, you can use quantum -v port-update 53b71c17-96e9-4a4d-ac1c-b14c46986ed6 -- --security-groups list=true b634eb8b-6548-4423-879e-fa8af0e14a3a to alter security-groups via single command line, because the api /ports/port_id PUT method accept a request body, and the dict object is serialized to the request body. the -v option will let you see the interactive detials

when you want to filter ports, you can use command like quantum -v port-list -- --status active to filter ports which are active

sadly, the api /ports GET method doesn't require request body, and since the security-groups is a list object, it will not be recognized in the url, so i think there is no such way can support the port-list and filtered by security-groups in a single command

however, if you truly want it, you can write a shell script which may be very slow to get all ports and filter them by security-groups

good luck

2013-07-11 06:48:18 -0500 answered a question Linux Bridge Plugin

as far as i know, the gre mode is available only in openvswitch plugin

2012-12-20 13:24:37 -0500 answered a question Cannot launch VM in multi-node deployment

if you don't want to use novnc try to disable all novnc settings (comment it by leading # in nova.conf) and restart nova service (nova-api and nova-compute) i'm not sure if this will help, but wrong setting of novnc wii cause vir domain error (in my case, only novnc will cause this error)

good luck

2012-12-20 13:17:21 -0500 answered a question Network configuration in compute node

br100 will get ip automatically and usually will bridge on a private nic (also can bridge on public nic, but instance will get a floating ip in the host's network). so on compute node, if you do not assign an ip to the br100 manually, the problem will be that you have defined a wrong fixed_ip_range when create a private network please check your instance's network since i notice vnet0 are created on the two nodes.

any detail will help us to locate the problem, especially the output of shell>nova-manage network list or content of /etc/nova/nova.conf

2012-12-20 12:59:57 -0500 answered a question nova boot error

shell>nova-manage service list if nova-network's status is xxx instead of :) shell>service nova-network status if nova-network is stop/waiting, then follow the order: 1. check /var/log/nova/nova-scheduler.log to see any error or critical 2. check /var/log/nova/nova-network.log 3. check /var/log/nova/nova-compute.log note that, since you're long time without any action, information will roll to log.1 .2 .3 etc you can try to lunch a new instance, when it fail, check the log immidiately, and paste any error or critical info to us


2012-12-18 01:40:59 -0500 answered a question instance is not starting in second compute-node machine

yes, you can jump over this problem by commenting it, but you are not able to access instance via novnc from browser ( #5 Igor Laskovy (igor-laskovy) please check the link and jump to #5 note: you should enable novnc first

2012-12-13 02:23:34 -0500 answered a question Devstack Folsom: should I be able to ping VM's private IP from host?

and here is a link may be helpful for you ( although it occurs on essex

2012-12-13 02:14:29 -0500 answered a question Devstack Folsom: should I be able to ping VM's private IP from host?

thanks for so much work and sorry for this delay reply because i take some time to test in my environment to reappear your problem

instance will get an ip from dhcp if your route is set correctly in my case, if i set a wrong route with destination is instance's private network and via a gateway( no matter qg-xx or br-xx or ehtxx), instance will discover dhcp then fail when boot up, so i'm not quite sure if your route via is necessary but i think it may effect the dhcp reply

good luck, any clarification will be appreciated. please email to

2012-12-11 07:10:28 -0500 answered a question Devstack Folsom: should I be able to ping VM's private IP from host?

use "ip netns" to get you network namespace it shall be print something like qrouter-xxxxx use "ip netns exec qrouter-xxxxx ping $your_private_ip" you cannot access an instance by private ip in another namespace unless via a router

2012-12-10 13:48:44 -0500 answered a question instance is not starting in second compute-node machine

which step do you fail? lunching an instance may process in th order of scheduling->networking->spawning and perhaps you can watch your /var/log/nova/nova-compute.log to see if any error reported