<div dir="ltr">@<span name="Jason Ford" class="" style="font-size:13px;font-family:arial,sans-serif">Jason Ford<span style="white-space:nowrap">, it turn out be the iptables issue. Thx a lot.</span></span><div><span name="Jason Ford" class="" style="font-size:13px;font-family:arial,sans-serif"><span style="white-space:nowrap">@</span></span><span style="font-family:arial,sans-serif;font-size:13px;font-weight:bold;white-space:nowrap">Jiajun Liu, </span><span style="font-family:arial,sans-serif;font-size:13px;white-space:nowrap">I am using the nova-network. So this BP is not helpful. But I am expecting this feature. </span></div>

<div><span style="font-family:arial,sans-serif;font-size:13px;white-space:nowrap"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px;white-space:nowrap">What I done:</span></div><div><font face="arial, sans-serif"><span style="white-space:nowrap">1. using virsh to disable the nwfilter for the two vms.</span></font></div>

<div><font face="arial, sans-serif"><span style="white-space:nowrap">2. stop the iptables in the vms</span></font></div><div><font face="arial, sans-serif"><span style="white-space:nowrap">3. configure the keepalived. </span></font></div>

<div><font face="arial, sans-serif"><span style="white-space:nowrap">4. works well. </span></font></div><div><font face="arial, sans-serif"><span style="white-space:nowrap"><br></span></font></div><div><font face="arial, sans-serif"><span style="white-space:nowrap">It is a hack method rather than a solution. When the Vm is hard reboot, the nwfilter is back and keepalived will be not work. </span></font></div>

</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Aug 8, 2013 at 1:37 PM, Jiajun Liu <span dir="ltr"><<a href="mailto:jiajun@unitedstack.com" target="_blank">jiajun@unitedstack.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">openstack implemented mac/ip spoofing, so the vrrp packets will be drop by iptables/ebtables. There is a blueprint (<a href="https://blueprints.launchpad.net/neutron/+spec/allowed-address-pairs" target="_blank">https://blueprints.launchpad.net/neutron/+spec/allowed-address-pairs</a>) for binding multiple mac/ip on a port. <br>


</div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On Thu, Aug 8, 2013 at 11:33 AM, Jason Ford <span dir="ltr"><<a href="mailto:jford@blackmesh.com" target="_blank">jford@blackmesh.com</a>></span> wrote:<br>


</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">



<div style="font-size:14px;font-family:Calibri,sans-serif;word-wrap:break-word">
<div>
<div>Lei,</div>
<div><br>
</div>
<div>It is probably because iptables is filtering out the heartbeat traffic at the compute node level. If you are using vlans, it should work without issue however if you are using the flat network model, you need to allow vrrp in your compute node iptable
 rule sets. See this link..</div>
<div><br>
</div>
<div><a href="http://stackoverflow.com/questions/12908701/keepalived-works-well-without-iptables" target="_blank">http://stackoverflow.com/questions/12908701/keepalived-works-well-without-iptables</a></div>
<div><br>
</div>
<div>See if that helps you out.</div>
<div>
<div><br>
</div>
<div>
<div>Regards,</div>
<div><br>
</div>
<div>Jason</div>
<div><br>
</div>
<div>--------------------------</div>
<div>Jason Ford</div>
<div><a href="mailto:jford@blackmesh.com" target="_blank">jford@blackmesh.com</a></div>
<div>Drupal/Magento/OpenStack Hosting Solutions</div>
<div><a href="http://www.blackmesh.com" target="_blank">http://www.blackmesh.com</a></div>
<div><br>
</div>
</div>
</div>
</div>
<div><br>
</div>
<span>
<div style="border-right:medium none;padding-right:0in;padding-left:0in;padding-top:3pt;text-align:left;font-size:11pt;border-bottom:medium none;font-family:Calibri;border-top:#b5c4df 1pt solid;padding-bottom:0in;border-left:medium none">



<span style="font-weight:bold">From: </span>Lei Zhang <<a href="mailto:zhang.lei.fly@gmail.com" target="_blank">zhang.lei.fly@gmail.com</a>><br>
<span style="font-weight:bold">Date: </span>Wednesday, August 7, 2013 10:48 PM<br>
<span style="font-weight:bold">To: </span>openstack <<a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a>><br>
<span style="font-weight:bold">Subject: </span>[Openstack] Can not use keepalived in vms<br>
</div><div><div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">Hi all
<div><br>
</div>
<div>Is anybody using keepalived in the vms in the Openstack environment successfully? I failed to set it up. And the two of the vm became MASTER status. </div>
<div><br>
</div>
<div>Could anybody know why it happened? and how to fix this issue?</div>
<div><br>
</div>
<div>Openstack: Folsom + nova-network</div>
<div>OS: ubuntu 12.04<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">
<div><span style="font-family:arial,sans-serif;font-size:13px;border-collapse:collapse">Lei Zhang</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px;border-collapse:collapse"><br>
</span></div>
<div><font face="arial,sans-serif">Blog: </font><a href="http://jeffrey4l.github.io" target="_blank">http://jeffrey4l.github.io</a></div>
<div>twitter/weibo: @jeffrey4l</div>
</div>
</div>
</div>
</div>
</div>
</div></div></span>
</div>

<br></div></div>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to     : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><div dir="ltr">家军@ljjjustin</div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><span style="font-family:arial,sans-serif;font-size:13px;border-collapse:collapse">Lei Zhang</span></div><div><span style="font-family:arial,sans-serif;font-size:13px;border-collapse:collapse"><br>

</span></div><div><font face="arial, sans-serif">Blog: </font><a href="http://jeffrey4l.github.io" target="_blank">http://jeffrey4l.github.io</a></div><div>twitter/weibo: @jeffrey4l</div></div>
</div>