Open Stack

Hello.

When my instances was migrated to other computes. I check on dest host and
I see that

-A neutron-openvswi-i41ec1d15-e -d x.x.x.x(my instance ip)/32 -p udp -m udp
--sport 67 --dport 68 -j RETURN missing and my instance cannot get IP. I
must restart neutron_openvswitch_agent then this rule appears and I can
touch the instance via network.

I use openswitch and provider networks. This problem has happened this
week. after the system was upgraded from xena to yoga and I enabled quorum
queue.



Nguyen Huu Khoi


On Wed, Jul 26, 2023 at 5:28 PM Nguyễn Hữu Khôi <nguyenhuukhoinw at gmail.com>
wrote:

>  Because I dont see any error logs. Althought, i set debug log to on.
>
> Your advices are very helpful to me. I will try to dig deeply. I am lost
> so some suggests are the best way for me to continue. :)
>
> On Wed, Jul 26, 2023, 4:39 PM <smooney at redhat.com> wrote:
>
>> On Wed, 2023-07-26 at 07:49 +0700, Nguyễn Hữu Khôi wrote:
>> > Hello guys.
>> >
>> > I am using openstack yoga with kolla ansible.
>> without logs of some kind i dont think anyoen will be able to hlep you
>> with this.
>> you have one issue with the config which i noted inline but that should
>> not break live migration.
>> but it would allow it to proceed when otherwise it would have failed.
>> and it woudl allow this issue to happen instead of the vm goign to error
>> ro the migration
>> being aborted in pre live migrate.
>> >
>> > When I migrate:
>> >
>> > instance1 from host A to host B after that I cannot ping this
>> > instance(telnet also). I must restart neutron_openvswitch_agent or move
>> > this instance back to host B  then this problem has gone.
>> >
>> > this is my settings:
>> >
>> > ----------------- neutron.conf -----------------
>> > [nova]
>> > live_migration_events = True
>> > ------------------------------------------------
>> >
>> > ----------------- nova.conf -----------------
>> > [DEFAULT]
>> > vif_plugging_timeout = 600
>> > vif_plugging_is_fatal = False
>> you should never run with this set to false in production.
>> it will break nova ability to detect if netroking is configured
>> when booting or migrating a vm.
>> we honestly should have remove this when we removed nova-networks
>> > debug = True
>> >
>> > [compute]
>> > live_migration_wait_for_vif_plug = True
>> >
>> > [workarounds]
>> > enable_qemu_monitor_announce_self = True
>> >
>> > ----------------- openvswitch_agent.ini-----------------
>> > [securitygroup]
>> > firewall_driver = openvswitch
>> > [ovs]
>> > openflow_processed_per_port = true
>> >
>> > I check nova, neutron, ops logs but they are ok.
>> >
>> > Thank you.
>> >
>> >
>> > Nguyen Huu Khoi
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230727/e3db309e/attachment-0001.htm>