Bernd Bausch's profile - activity

"node" is the baremetal node, correct. You don't install "some configuration" on it, you copy a full system image to it.

The node has to be undeployed because it is being used for an instance. You can't just put a new system on it without removing the previous system.

There is no such thing as "virtual machine" in OpenStack. Instances are created using VMs, or containers, or baremetal. In other words, a VM can be a means of implementation, but strictly speaking it's not an OpenStack object.

I suggest you ask this on the distribution list. Put [nova] (with the square brackets) in the subject.

This is very strange and looks like a documentation bug to me.

In Ironic terminology, "deploy" means creating an instance on a baremetal node. To use the node for another instance, it has to be undeployed (i.e. old instance is removed), then deployed once more.

I am not sure if you can interrupt the deployment process, but the last paragraph in your question is definitely correct.

There are many moving parts, and therefore other potential problems. For example, the router that connects instances to the external network must have SNAT enabled. Or something is wrong with the tunnel through which instance traffic flows. Let's however first ensure physical connectivity.

You say that your OS nodes can reach the internet. However they may use eth0 to do that. Can they reach the internet via eth1, which implements the external network in your cloud?

What I mean: virbr1, to which eth1 is connected, must have connectivity to the internet.

You can only insert NICs into bridges if the operating system knows these NICs. Consequently you can't insert the host PC's NICs into the OS nodes' bridges, because the operating system that runs on the OS nodes is not aware of those NICs.

It seems you can configure yum to exclude packages, though I have never tried it. A search for yum excludeyields a few promising web pages such as https://www.tecmint.com/yum-lock-disa....

A project doesn't get resources reserved. It can obtain resources up to the quota limit. You don't lose anything (except a few database records) by creating projects.

From the install guide:

The playbook will install and configure ironic

It looks like you only install Bifrost. It does the rest.

I am confused. I thought the problem was solved.

I can only recommend you to check similar problems. I found two on ask.openstack.org and quite a few more on the internet at large. See my comments to the question.

Good luck!

If you need help, ask a specific question.

It's a message queue timeout.

A message queue connection that is idle for 20 minutes is closed automatically. It looks like the parameter was introduced in Newton. It's used here: https://opendev.org/openstack/oslo.me... (look for ttl or item_ttl).

Resources are owned by projects. Therefore, by definition, foreign projects can't consume your resources and use up your quota. You are fine.

The absence of an IP address puzzled me as well initially. It turns out that eth1 is plugged into a bridge. The router's network namespace contains an interface that is also plugged into the bridge, and the router's gateway address as well as any floating IPs are set on that interface.

A dedicated network node is not needed. It's useful when the controller is overloaded.

To understand how instances are connected, study https://docs.openstack.org/neutron/la...

Strictly speaking, therefore, it is not Neutron but the Neutron package on your OS (RHEL, Centos, OpenSUSE?) that automatically installs version 2.11 of openvswitch. i suggest you configure your package management system not to do that, install version 2.9.2 and try it out.

There is an old spec, which was implemented some five years ago, for not checking Openvswitch versions anymore. This means that Neutron doesn't know which version is required.

See https://ask.openstack.org/en/question.... One never stops learning.

If you have no WaitConditions or SoftwareDeployments, it may be OK to delete the project, but I don't see a need for it.

I don't know whether that's possible.

Either go through the code or just use the documentation. Developer docs include devstack setup instructions.

Sorry I dropped the ball. So, there is connectivity from the router's network namespace to floating IPs, but not otherwise? This is strange and I don't have an answer. I would start with a thorough analysis of all network components in that namespace, including routing and netfilter.

Which project is created? I am not aware of Heat creating projects, except if the template includes project creation.

The software versions you are trying to install are almost three years old and not available on the normal Centos repos anymore. I suggest you use a more recent version.

Newest packages are puppet-openstack_extras-14.4.0-1.el7.noarch.rpm etc; your version is 9.

You will find that many (or all?) OpenStack projects have a devstack directory. It contains the shell scripts and other files required to set up the project in a Devstack cloud. It's useful for example if you want to get a good understanding of the configuration parameters (see the settings file), or you want to understand how exactly the project is set up (start with the plugin.sh file).

If this is an HA router, the instance should be reachable from two network namespaces on the nodes where the two redundant routers are located.

I don't know if you are supposed to have connectivity from the network namespaces on other nodes. My guess: Only from compute nodes that run instances in the same network, perhaps also from controllers.

In any case, if you can access the Instances via floating IP, and you have DVR, all is fine.

It means that the server on which you run the virt-install command is unable to use CPU virtualization extensions and is therefore emulating the CPU in software, using qemu.

This has nothing to do with OpenStack. It's also not an error but a warning, as the message says. The virtual machine will be rather slow but should be functional.

What do you mean by "Can't connect VM get through qrouter"? What is qrouter, do you want to connect to a VM (from where) or from a VM (to where)?

Add the relevant part from your local.conf to your question. Also, there should be more expressive error messages; you may have to scroll up. Add those as well.

It does belong in the [agent] section; see https://docs.openstack.org/neutron/la....

I fear you may have disabled DVR now, and your config works because of that. As admin, check router details to ensure it's DVR.

Congratulations!

did you find the cause of your problem?

Rocky OpenvSwitch + Vxlan + dvr + 3 controller + 3 network +2compute

ovs local_ip= bond2.935

[root~]$ ovs-vsctl list-br

br-int

br-provider

br-tun

[-root ~]$ ovs-vsctl list-ports br-provider

bond2

phy-br-provider

When I'm ping gateway in VM

[vm-test ~]$ ping 172.16.2.1

PING 172.16.2.1 (172.16.2.1) 56(84) bytes of data.

64 bytes from 172.16.2.1: icmp_seq=1 ttl=64 time=0.083 ms (DUP!)

64 bytes from 172.16.2.1: icmp_seq=2 ttl=64 time=0.058 ms

64 bytes from 172.16.2.1: icmp_seq=3 ttl=64 time=0.052 ms (DUP!)

64 bytes from 172.16.2.1: icmp_seq=4 ttl=64 time=0.064 ms

64 bytes from 172.16.2.1: icmp_seq=5 ttl=64 time=0.048 ms

---

I've got ICMP echo reply on network Qvrouter and compute qrouter

On network node:

[network-3 ~]$ ip netns exec qrouter-c4de5b52-fc69-4c83-aa4b-ba484c1fdb17  tcpdump -i qr-cf40624d-6d -v

tcpdump: listening on qr-cf40624d-6d, link-type EN10MB (Ethernet), capture size 262144 bytes
13:24:23.216543 IP (tos 0x0, ttl 64, id 29, offset 0, flags [DF], proto ICMP (1), length 84)
171.16.2.5 > network-3: ICMP echo request, id 46593, seq 369, length 64
13:24:23.216606 IP (tos 0x0, ttl 64, id 56770, offset 0, flags [none], proto ICMP (1), length 84)
SCSP02558 > 171.16.2.5: ICMP echo reply, id 46593, seq 369, length 64 enter code here

ON computer node:

[compute-2 ~]$   ip netns exec qrouter-c4de5b52-fc69-4c83-aa4b-ba484c1fdb17  tcpdump -i qr-cf40624d-6d -v
tcpdump: listening on qr-cf40624d-6d, link-type EN10MB (Ethernet), capture size 262144 bytes
13:30:49.267312 IP (tos 0x0, ttl 64, id 51578, offset 0, flags [DF], proto ICMP (1), length 84)
171.16.2.5 > compute-2: ICMP echo request, id 46593, seq 755, length 64
13:30:49.267422 IP (tos 0x0, ttl 64, id 1365, offset 0, flags [none], proto ICMP (1), length 84)
compute-2 > 192.168.11.5: ICMP echo reply, id 46593, seq 755, length 64
13:30:50.267407 IP (tos 0x0, ttl 64, id 51747, offset 0, flags [DF], proto ICMP (1), length 84)
171.16.2.5 > compute-2: ICMP echo request, id 46593, seq 756, length 64

171.16.2.5 is My VM IP

Also try an internet search: https://duckduckgo.com/?q=ping+dup+op....

There are solutions on ask.openstack.org: https://ask.openstack.org/en/question... and https://ask.openstack.org/en/question... (perhaps more, I didn't check).

Installation on Ubuntu: https://docs.projectcalico.org/v3.9/g....

While Calico's documentation says that Pike and Queens have been used for development and mentions that Ubuntu 16.04 is known to work, you could give it a quick try with the Stein version of Devstack.