Ask Your Question

mandarvaze's profile - activity

2015-06-01 08:37:19 -0500 received badge  Notable Question (source)
2015-06-01 08:37:19 -0500 received badge  Popular Question (source)
2012-05-22 11:03:14 -0500 answered a question How to import a keypair?

Michael,

You need to have a ssh public key (As explained by Endre above)

If you already have a ssh keypair then :

run " cat ~/.ssh/id_rsa.pub" on unix terminal You will see output as explained by Endre above. Copy the entire output (unless off course there is an error) into clipboard and paste in the Edit Box titled "Public Key" (Part of Import Keypair" pop-up dialog on Openstack Dashboard) Give some name to this keypair, and click submit

If you do not have a ssh keypair then : On linux machine you can run "ssh-keygen" command. If you are unfamiliar with this command then you can "man ssh-keygen" (Or look at http://www.manpagez.com/man/1/ssh-keygen/ (http://www.manpagez.com/man/1/ssh-key...) ) By default you can just execute "ssh-keygen" command and go with all defaults. (It is interactive command) At the end, two files id_rsa and id_rsa.pub will be created under ".ssh" folder in your home directory (Remember dot in the beginning)

2012-05-22 10:50:51 -0500 answered a question ERROR nova.rpc.common [-] Timed out waiting for RPC response: timed out

From the logs it looks like nova-compute sent an RPC request to nova-network, which did not complete. So rpc.timeout on nova-compute logs makes sense.

But why nova-network itself has RPC.timeout error is unclear from nova-network logs. Do you see any other errors in nova-network log ?

Which network manager are you using ? (May not be directly relevant to the error from logs .. but may be useful)

2012-04-26 11:23:44 -0500 answered a question Does quantum support multi-nic setup ?

Tushar (tpatil) was able to get this working (along with my code changes for https://bugs.launchpad.net/nova/+bug/983024 (https://bugs.launchpad.net/nova/+bug/...) ) using :

  1. https://github.com/soheilhassasyeganeh/devstack/ (https://github.com/soheilhassasyegane...)
  2. http://openvswitch.org/openstack/documentation/ (http://openvswitch.org/openstack/docu...)
2012-04-25 03:31:19 -0500 answered a question Does quantum support multi-nic setup ?

Soheil,

I went thru the readme of first link - It talks about nova-compute on multiple Hosts My use case is nova-network on multiple hosts. I don't think it is devstack or configuration issue.

Dan Wendlandt said that Quantum does not support such setup in Essex

-Mandar

2012-04-24 11:38:52 -0500 answered a question Does quantum support multi-nic setup ?

"Also, you didn't say exactly how you were running devstack

This is pretty standard devstack config - using Quantum and nova_ipam. Other details explained in original question.

Are you looking for specific config param ?

"there is no notion of running nova-network on multiple hosts with Quantum in Essex."

  1. Does this mean if specific use case requires multiple networks, all of them should be managed by single nova-network process ? Or that user should NOT choose Quantum Network Manager ? (opt for say VlanManager) and have multiple nova-network processes.

  2. Is there a plan to support multiple nova-networks with quantum - in Folsom ?

2012-04-23 05:33:57 -0500 answered a question Does quantum support multi-nic setup ?

I started from scratch - this time I executed "nova-manage network create" on two HostA for 10.0.8.0/24 and on HostB for 10.0.9.0/24 networks.

Only difference from previous scenario is that now gw-xxxx interface was created on HostB

But still running into same set of issues i.e. :

  1. VM doesn't have eth1 when it come up
  2. When eth1 added manually to /etc/network/interfaces (of VM) followed by "sudo ifup eth1" I still get "No lease, failing"
  3. nova list shows 10.0.9.x assigned to VM but VM doesn't really have it (Hence I can't ssh using 10.0.9.x IP)

dnsmasq for 10.0.9.x is running on HostB (as expected)

2012-04-19 09:57:42 -0500 answered a question Does quantum support multi-nic setup ?

For related bug 983024 (linked) I have made some code changes which now execute dnsmasq on appropriate host instead of everything on HostA

2012-04-19 09:54:21 -0500 asked a question Does quantum support multi-nic setup ?

Host setup :

Host A : Controller node. This has everything running via devstack/stack.sh

Host B : - Only nova-network and q-agt - nova.conf from HostA copied over to HostB, and references for localhost replaced pointing to HostA (mysql, rabbit etc) - Also updated sql_Connection entry in /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini to point to HostA

I have not added multi-host flag to my nova.conf (Should I ????)

Network Setup :

created two networks for "demo" tenant using "nova-manage network create" 10.0.8.0/24 and 10.0.9.0/24 Associated 10.0.9.0/24 with HostB using "nova-manage network modify --host"

Launched an instance for demo tenant - VM gets two fixed IPs, one each from 10.0.8.x and 10.0.9.x networks.

I can ssh to VM from HostA using 10.0.8.x IP

Problem :

I can't ssh to VM using 10.0.9.x IP from either HostA or HostB

Output from VM

When I sshed into VM, I see following on VM :

$ ifconfig -a eth0 Link encap:Ethernet HWaddr FA:16:3E:1D:72:F9 inet addr:10.0.8.23 Bcast:10.0.8.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe1d:72f9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:790 errors:0 dropped:0 overruns:0 frame:0 TX packets:505 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:67734 (66.1 KiB) TX bytes:67244 (65.6 KiB) Interrupt:10 Base address:0xa000

eth1 Link encap:Ethernet HWaddr FA:16:3E:24:C2:B4 inet6 addr: fe80::f816:3eff:fe24:c2b4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:9 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:1434 (1.4 KiB) Interrupt:11 Base address:0xe100

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

cat /etc/network/interfaces

$ cat /etc/network/interfaces

Configure Loopback

auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp

I added entry for eth1 (similar to eth0) manually and executed following :

$ sudo ifup eth1 udhcpc (v1.18.5) started Sending discover... Sending discover... Sending discover... No lease, failing

On Host A

dnsmasq for 10.0.8.x is running here, with following conf file

cat /opt/stack/nova/networks/nova-gw-afc33410-c5.conf fa:16:3e:1d:72:f9,host-10.0.8.23.novalocal,10.0.8.23

ifconfig has following entry :

gw-afc33410-c5 Link encap:Ethernet HWaddr fa:16:3e ... (more)

2012-04-04 12:49:13 -0500 answered a question live migration fails with nfs4 mounted /var/lib/nova/instances

Turns out there is some problem with nfs v4 – So we mounted the share using nfs version 3 (mount –o vers=3)

Now we could “chown” the files in nfs folder, and the instance creation also worked !!!

2012-04-04 11:01:46 -0500 answered a question live migration fails with nfs4 mounted /var/lib/nova/instances

Vish :

1) is it possible to chown files on your nfs mount?

Not sure whom should I give the ownership to ? As the dir listing shows above, the files are created with correct owner/group settings. These files were created by nova-compute process.

I "touch"ed a file for testing - which was created with "mandar:mandar" - I tried changing the ownership, but I keep getting "invalid" argument - not sure if that is what you were referring to ..

mandar@ubuntu-dev-mandar:~/nfs_shared_instances_path$ touch x mandar@ubuntu-dev-mandar:~/nfs_shared_instances_path$ ll total 16 drwxrwxrwx 4 root root 4096 2012-04-04 03:46 ./ drwxr-xr-x 15 mandar mandar 4096 2012-04-04 03:39 ../ drwxrwxr-x 2 mandar libvirtd 4096 2012-04-04 02:18 _base/ drwxr-xr-x 2 mandar libvirtd 4096 2012-04-04 03:41 instance-0000000f/ -rw-rw-r-- 1 mandar mandar 0 2012-04-04 03:46 x mandar@ubuntu-dev-mandar:~/nfs_shared_instances_path$ chown root x chown: changing ownership of x': Invalid argument mandar@ubuntu-dev-mandar:~/nfs_shared_instances_path$ ll total 16 drwxrwxrwx 4 root root 4096 2012-04-04 03:46 ./ drwxr-xr-x 15 mandar mandar 4096 2012-04-04 03:39 ../ drwxrwxr-x 2 mandar libvirtd 4096 2012-04-04 02:18 _base/ drwxr-xr-x 2 mandar libvirtd 4096 2012-04-04 03:41 instance-0000000f/ -rw-rw-r-- 1 mandar mandar 0 2012-04-04 03:46 x mandar@ubuntu-dev-mandar:~/nfs_shared_instances_path$ sudo chown root x chown: changing ownership ofx': Invalid argument mandar@ubuntu-dev-mandar:~/nfs_shared_instances_path$ chgrp libvirtd x chgrp: changing group of x': Invalid argument mandar@ubuntu-dev-mandar:~/nfs_shared_instances_path$ sudo chgrp libvirtd x chgrp: changing group ofx': Invalid argument

I also debugged the "_chown_console_log_for_instance" in "nova/virt/libvirt/connection.py" and with breakpoint before "if os.path.exists(console_log)" - I touched "console.log" at the appropriate path from another terminal.

Over there also I am getting the same error:

2012-04-04 03:56:55 TRACE nova.rpc.amqp Command: sudo /usr/local/bin/nova-rootwrap chown 1000 /home/mandar/nfs_shared_instances_path/instance-00000010/console.log 2012-04-04 03:56:55 TRACE nova.rpc.amqp Exit code: 1 2012-04-04 03:56:55 TRACE nova.rpc.amqp Stdout: '' 2012-04-04 03:56:55 TRACE nova.rpc.amqp Stderr: "/bin/chown: changing ownership of `/home/mandar/nfs_shared_instances_path/instance-00000010/console.log': Invalid argument\n"

So what is the fix for this ?

2012-04-03 12:48:13 -0500 answered a question live migration fails with nfs4 mounted /var/lib/nova/instances

I ran into the same issue - but this is several months after above problem was resolved. This is close to Essex-release

I am not trying live migration.

I have nfs mounted instances_path - so when I try to spawn an instance I run into the above errors. Especially following :

File "/usr/lib/python2.7/dist-packages/libvirt.py", line 372, in createWithFlags 40842 2012-04-03 05:42:27 TRACE nova.rpc.amqp if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', dom=self) 40843 2012-04-03 05:42:27 TRACE nova.rpc.amqp libvirtError: internal error Process exited while reading console log output: chardev: opening backend "file" failed

But as you can see below, several files are created in this folder, so I am not sure if mine if permissions issue (Else none of the files would get created) The problem is reported when libvirt tries to write to console.log (File itself is created with correct permissions - just that this is zero byte file)

mandar@ubuntu-dev-mandar:/nfs_shared_instances_path/instance-00000005$ ll total 10944 drwxrwxr-x 2 mandar libvirtd 4096 2012-04-03 05:42 ./ drwxrwxrwx 4 root root 4096 2012-04-03 05:42 ../ -rw-rw---- 1 mandar libvirtd 0 2012-04-03 05:42 console.log -rw-r--r-- 1 mandar libvirtd 6291968 2012-04-03 05:42 disk -rw-rw-r-- 1 mandar libvirtd 4731440 2012-04-03 05:42 kernel -rw-rw-r-- 1 mandar libvirtd 1067 2012-04-03 05:42 libvirt.xml -rw-rw-r-- 1 mandar libvirtd 2254249 2012-04-03 05:42 ramdisk

I'm suspecting : https://bugs.launchpad.net/ubuntu/maverick/+source/libvirt/+bug/632696 (https://bugs.launchpad.net/ubuntu/mav...) But I the above doesn't show itself in non-NFS setup

2012-04-02 10:21:26 -0500 answered a question Security : should admin of one tenant allowed to reboot server belonging to different tenant ?

Thanks John Garbutt, that solved my question.

2012-03-30 11:22:38 -0500 asked a question Response code 404 Vs 403 when operation is not allowed

Related to : https://answers.launchpad.net/nova/+question/192138 (https://answers.launchpad.net/nova/+q...)

when a member (non-admin) tries to reboot server belonging to different tenant, one would expect that 403-unauthorized HTTP code should be returned.

Setup

Use RESTClient to POST to the following URL http://<ipaddr>:8774/v2/<uuid_tenant1>/servers/<uuid_server_for_tenant2>/action JSON Body : { "reboot" : { "type" : "HARD" } } x-auth-token belongs to non-admin member for tenant1

Actual Response received : {"itemNotFound": {"message": "The resource could not be found.", "code": 404}}

Should expected response be "403-unauthorized" ?

Current response 404 makes sense based on the fact that UUID of server provided does not belong to the tenant. So even before checking what actions are allowed or not, code returns "not found" This would be similar even when invalid UUID is provide (e.g. string "ThisIsDummyUUID") - i.e. we'll get 404

Please comment whether 403 should be returned for "valid-server-uuid-but-belongs-to-different-tenant"

2012-03-30 11:04:58 -0500 asked a question Security : should admin of one tenant allowed to reboot server belonging to different tenant ?

I want to understand if there is a concept of tenant-level admin Vs global admin.

Currently it seems like only check done is whether user has admin role or not (no check is done to match the tenant if user has admin role) This results into scenario where demoAdmin can reboot adminServer - This seems like security violation.

========== I have "devstack" setup with two tenants : admin and demo I created a user "demoadmin" and assigned "admin" role for this user for tenant "demo" using : "keystone user-role-add --role <uuid_of_admin_role> --tenant_id <uuid_of_demo_tenant> --user <uuid>"

when I login to dashboard using this account, I can only see single project/tenant i.e. "demo" as expected.

In another tenant "admin" I created an instance "adminServer" - I have it's UUID stored for testing. Now using "demoadmin" credentials, I can successfully reboot "adminServer"

Expected Response : reboot should not be allowed

Actual response :

"adminServer" is rebooted using "demoadmin" credentials