<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hello everyone,<div><br></div><div>I need some help in understanding the working process and how further I can contribute in solving this bug </div><div><a href="https://bugs.launchpad.net/trove/+bug/1324995" target="_blank" style="font-size: 12pt;">https://bugs.launchpad.net/trove/+bug/1324995</a> this is related to trove project. <br>thanks in advance,</div><div><br></div><div>Regards,<br>Khushbu Parakh<div>Arya College Of Engineering and IT</div><div>Linkedin: http://linkedin.com/in/khushbuparakh</div><div><div>about.me/khushbu.parakh</div><div><br></div><div> <span class="ecxApple-tab-span" style="white-space:pre;"> </span></div><div> </div></div><div><br></div><div><br></div><br><br><div>> From: openstack-request@lists.openstack.org<br>> Subject: Openstack Digest, Vol 29, Issue 12<br>> To: openstack@lists.openstack.org<br>> Date: Thu, 12 Nov 2015 12:00:04 +0000<br>> <br>> Send Openstack mailing list submissions to<br>> openstack@lists.openstack.org<br>> <br>> To subscribe or unsubscribe via the World Wide Web, visit<br>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> or, via email, send a message with subject or body 'help' to<br>> openstack-request@lists.openstack.org<br>> <br>> You can reach the person managing the list at<br>> openstack-owner@lists.openstack.org<br>> <br>> When replying, please edit your Subject line so it is more specific<br>> than "Re: Contents of Openstack digest..."<br>> <br>> <br>> Today's Topics:<br>> <br>> 1. Re: Keystone Fernet Token (Reza Bakhshayeshi)<br>> 2. Re: Openstack Kilo Vxlan tunnel single NIC setup (Amir Huski?)<br>> 3. Vxlan/gre port is not created in br-tun Kilo (Amir Huski?)<br>> 4. Re: Openstack Kilo Vxlan tunnel single NIC setup<br>> (Andreas Scheuring)<br>> 5. Re: Vxlan/gre port is not created in br-tun Kilo<br>> (Aleksei Stupnikov)<br>> 6. Re: Openstack Kilo Vxlan tunnel single NIC setup (Amir Huski?)<br>> <br>> <br>> ----------------------------------------------------------------------<br>> <br>> Message: 1<br>> Date: Wed, 11 Nov 2015 22:36:45 +0330<br>> From: Reza Bakhshayeshi <reza.b2008@gmail.com><br>> To: Adam Young <ayoung@redhat.com><br>> Cc: openstack <openstack@lists.openstack.org><br>> Subject: Re: [Openstack] Keystone Fernet Token<br>> Message-ID:<br>> <CAMGoRG2Wnh=urtD5bz+38cnGV-8+jm3ZxCcL=xAPohOxb9NLkw@mail.gmail.com><br>> Content-Type: text/plain; charset="utf-8"<br>> <br>> Dear Adam,<br>> <br>> here is the audit.log content:<br>> <br>> type=AVC msg=audit(1447271600.161:353): avc: denied { write } for<br>> pid=4616 comm="httpd" name="fernet-keys" dev="dm-1" ino=1706000<br>> scontext=system_u:system_r:httpd_t:s0<br>> tcontext=unconfined_u:object_r:etc_t:s0 tclass=dir<br>> type=SYSCALL msg=audit(1447271600.161:353): arch=c000003e syscall=21<br>> success=no exit=-13 a0=7f2ebf240b10 a1=2 a2=7f2ed1d1af88 a3=0 items=0<br>> ppid=2714 pid=4616 auid=4294967295 uid=163 gid=163 euid=163 suid=163<br>> fsuid=163 egid=163 sgid=163 fsgid=163 tty=(none) ses=4294967295<br>> comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0<br>> key=(null)<br>> type=AVC msg=audit(1447271602.313:354): avc: denied { write } for<br>> pid=4648 comm="httpd" name="fernet-keys" dev="dm-1" ino=1706000<br>> scontext=system_u:system_r:httpd_t:s0<br>> tcontext=unconfined_u:object_r:etc_t:s0 tclass=dir<br>> type=SYSCALL msg=audit(1447271602.313:354): arch=c000003e syscall=21<br>> success=no exit=-13 a0=7f2ebf60a4c0 a1=2 a2=7f2ed1d1af88 a3=0 items=0<br>> ppid=2714 pid=4648 auid=4294967295 uid=163 gid=163 euid=163 suid=163<br>> fsuid=163 egid=163 sgid=163 fsgid=163 tty=(none) ses=4294967295<br>> comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0<br>> key=(null)<br>> <br>> <br>> On 9 November 2015 at 18:22, Adam Young <ayoung@redhat.com> wrote:<br>> <br>> > On 11/07/2015 01:08 PM, Reza Bakhshayeshi wrote:<br>> ><br>> > Thanks all, specially Rahul,<br>> > I solved the problem temporarily by disabling selinux.<br>> ><br>> ><br>> > What did you have for an AVC? It sounds like the issue was The Keystone<br>> > WSGI process reading the Keys file? Can you post the relevant sections<br>> > from the audit log?<br>> ><br>> ><br>> ><br>> > On 3 November 2015 at 07:43, ??? <zhangjl@awcloud.com> wrote:<br>> ><br>> >> Maybe, you should do like follows:<br>> >><br>> >> chown -R keystone:keystone /etc/keystone<br>> >><br>> >> Then, restart the keystone service:<br>> >><br>> >> systemctl restart openstack-keystone<br>> >><br>> >><br>> >><br>> >><br>> >><br>> >> ------------------<br>> >> Best Regards<br>> >><br>> >> ZhangJialong<br>> >><br>> >><br>> >><br>> >> ------------------ Original ------------------<br>> >> *From: * "Adam Young"< <ayoung@redhat.com>ayoung@redhat.com>;<br>> >> *Date: * Tue, Nov 3, 2015 11:01 AM<br>> >> *To: * "openstack"< <openstack@lists.openstack.org><br>> >> openstack@lists.openstack.org>;<br>> >> *Subject: * Re: [Openstack] Keystone Fernet Token<br>> >><br>> >> On 10/28/2015 02:23 PM, Reza Bakhshayeshi wrote:<br>> >><br>> >> Hi all,<br>> >><br>> >> I'm going to use fernet token on OpenStack Kilo (only Keystone service is<br>> >> installed),<br>> >> I've configured keystone.conf like:<br>> >><br>> >> [token]<br>> >> provider = keystone.token.providers.fernet.Provider<br>> >><br>> >> when I'm running:<br>> >> keystone-manage fernet_setup --keystone-user keystone --keystone-group<br>> >> keystone<br>> >><br>> >> keys creating successfully in /etc/keystone/fernet-keys directory.<br>> >> But when I'm going to creating a token I receive the following error,<br>> >> here is the complete log:<br>> >><br>> >> 2015-10-28 21:22:14.680 65218 INFO keystone.common.wsgi [-] GET /?<br>> >> 2015-10-28 23:50:25.343 9377 INFO keystone.token.providers.fernet.utils<br>> >> [-] [fernet_tokens] key_repository does not appear to exist; attempting to<br>> >> create it<br>> >> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils<br>> >> [-] Created a new key: /etc/keystone/fernet-keys/0<br>> >> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils<br>> >> [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0']<br>> >> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils<br>> >> [-] Current primary key is: 0<br>> >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils<br>> >> [-] Next primary key will be: 1<br>> >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils<br>> >> [-] Promoted key 0 to be the primary: 1<br>> >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils<br>> >> [-] Created a new key: /etc/keystone/fernet-keys/0<br>> >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils<br>> >> [-] Excess keys to purge: []<br>> >> 2015-10-28 23:50:52.632 8059 INFO keystone.common.wsgi [-] POST /tokens?<br>> >> 2015-10-28 23:50:52.889 8059 ERROR keystone.token.providers.fernet.utils<br>> >> [-] Either [fernet_tokens] key_repository does not exist or Keystone does<br>> >> not have sufficient permission to access it: /etc/keystone/fernet-keys/<br>> >> 2015-10-28 23:50:52.890 8059 WARNING keystone.common.wsgi [-] No<br>> >> encryption keys found; run keystone-manage fernet_setup to bootstrap one.<br>> >><br>> >> while the permissions seem to be correct:<br>> >><br>> >> # ls -lah /etc/keystone/<br>> >> total 104K<br>> >> drwxr-x---. 3 root keystone 4.0K Oct 28 23:50 .<br>> >> drwxr-xr-x. 143 root root 12K Oct 28 12:56 ..<br>> >> -rw-r-----. 1 root keystone 1.5K Jul 29 00:21<br>> >> default_catalog.templates<br>> >> drwx------. 2 keystone keystone 4.0K Oct 28 23:50 fernet-keys<br>> >> -rw-r-----. 1 root keystone 57K Oct 28 23:48 keystone.conf<br>> >> -rw-r-----. 1 root keystone 1.1K Jul 29 00:21 logging.conf<br>> >> -rw-r-----. 1 keystone keystone 8.6K Jul 29 00:21 policy.json<br>> >> -rw-r-----. 1 keystone keystone 665 Jul 29 00:21<br>> >> sso_callback_template.html<br>> >><br>> >> What am I missing?<br>> >><br>> >><br>> >> No idea. When I get into these situations, I use rpdb;<br>> >><br>> >> http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/<br>> >><br>> >><br>> >> Is there anything in /etc/keystone/fernet-keys ?<br>> >><br>> >><br>> >><br>> >><br>> >><br>> >> _______________________________________________<br>> >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> >> Post to : openstack@lists.openstack.org<br>> >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> >><br>> >><br>> >><br>> >> _______________________________________________<br>> >> Mailing list:<br>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> >> Post to : openstack@lists.openstack.org<br>> >> Unsubscribe :<br>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> >><br>> >><br>> ><br>> ><br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151111/daf8f2e3/attachment-0001.html><br>> <br>> ------------------------------<br>> <br>> Message: 2<br>> Date: Thu, 12 Nov 2015 09:36:13 +0100<br>> From: Amir Huski? <amir.huskic@gmail.com><br>> To: Akash Gunjal <akgunjal@in.ibm.com><br>> Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org><br>> Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup<br>> Message-ID:<br>> <CAFSgVcyv+=uTK-bDQRYre-LctXB3aBeazVpzya6YGP4mZ90z+g@mail.gmail.com><br>> Content-Type: text/plain; charset="utf-8"<br>> <br>> Thank you all for suggestions and sorry for late answer. Now I have PC with<br>> two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre tunnel<br>> interface. Br-ex is working fine and also I can ping and access VM using<br>> floating IP. But still facing issue with vxlan/gre tunnels. Vxlan/gre port<br>> is not created on br-tun.<br>> <br>> As I already wrote I'm trying to enable L2 connectivity between VMs running<br>> on single node Openstack Kilo instalation (Devstack) and external Linux<br>> host using vxlan/gre tunnel. Since there are now two NICs I'll open new<br>> thread.<br>> <br>> Regards,<br>> Amir<br>> <br>> On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgunjal@in.ibm.com> wrote:<br>> <br>> > Hi Amir,<br>> ><br>> > One point to check is the security rules set in your controller. Check if<br>> > you have set the ingress/egress rules set for ICMP protocol (ping) which<br>> > will otherwise block traffic from external hosts to the tenant VM.<br>> ><br>> > Regards,<br>> > Akash<br>> ><br>> > [image: Inactive hide details for yatin kumbhare ---10/19/2015 03:56:22<br>> > PM---Hi Amir, Not quite sure, as I haven't tried such a thing.]yatin<br>> > kumbhare ---10/19/2015 03:56:22 PM---Hi Amir, Not quite sure, as I haven't<br>> > tried such a thing.<br>> ><br>> > From: yatin kumbhare <yatinkumbhare@gmail.com><br>> > To: Amir Huski? <amir.huskic@gmail.com><br>> > Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org><br>> > Date: 10/19/2015 03:56 PM<br>> > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup<br>> > ------------------------------<br>> ><br>> ><br>> ><br>> > Hi Amir,<br>> ><br>> > Not quite sure, as I haven't tried such a thing.<br>> ><br>> > but IMHO, you might require l2-gateway.<br>> ><br>> > Kind of this: *https://www.youtube.com/watch?v=74Wfr4myf5k*<br>> > <https://www.youtube.com/watch?v=74Wfr4myf5k><br>> ><br>> > Regards,<br>> > Yatin<br>> ><br>> > On Mon, Oct 19, 2015 at 4:35 AM, Amir Huski? <*amir.huskic@gmail.com*<br>> > <amir.huskic@gmail.com>> wrote:<br>> ><br>> > Hello James,<br>> ><br>> > I use underscores in ml2 config file as You suggested. Also made some<br>> > changes in config file. Here is available:<br>> > *https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0*<br>> > <https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0><br>> ><br>> > Summary:<br>> > - can ping from OS host to external gw and external linux host<br>> > - can ping from tenant VM to external gw and external linux host<br>> > - can't ping OS host and tenant VM floating IP from external linux host<br>> > - tcpdump on br-ex and eth0 interface is showing arp request during<br>> > ping request from linux external host using vxlan segment<br>> ><br>> > For additional info please check info from CLI screen here:<br>> > *https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0*<br>> > <https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0><br>> ><br>> > Accidently I deleted symbolic link in log files pointing to agent log.<br>> > Unfortunately I don't know how to create it again with proper permissions.<br>> > I tried with chmod and chown using reference command but without much<br>> > success.<br>> ><br>> > lrwxrwxrwx 1 amir amir 43 Sep 19 15:26 screen-n-sch.log -><br>> > /opt/stack/logs/n-sch.log.2015-09-19-150746<br>> > * -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00 screen-q-agt.log*<br>> > lrwxrwxrwx 1 amir amir 44 Sep 19 15:25 screen-q-dhcp.log -><br>> > /opt/stack/logs/q-dhcp.log.2015-09-19-150746<br>> ><br>> ><br>> > Thank you for your help and time.<br>> ><br>> > Kind regards,<br>> > Amir<br>> ><br>> ><br>> > On Wed, Oct 14, 2015 at 4:06 PM, James Denton <<br>> > *james.denton@rackspace.com* <james.denton@rackspace.com>> wrote:<br>> > Hi Amir,<br>> ><br>> > A couple of recommendations:<br>> ><br>> > - Your vxlan_group setting has an extra dot at the end that may be<br>> > causing issues:<br>> > [ml2_type_vxlan]<br>> > vxlan_group = 239.0.0.0.<br>> > - Your [OVS] block has some incorrect options. Use underscores rather<br>> > than spaces:<br>> > [ovs]<br>> > bridge_mappings = public:br-ex<br>> > local_ip = 192.168.100.100<br>> > vxlan_udp_port = 8472<br>> > tunnel type = vxlan<br>> > tunnel id ranges = 1001:2000<br>> > tenant network type = vxlan<br>> > enable tunneling = true<br>> > - Same goes for [agent] as well:<br>> > [agent]<br>> > tunnel_types = vxlan<br>> > root_helper_daemon = sudo /usr/local/bin/neutron-rootwrap-daemon<br>> > /etc/neutron/rootwrap.conf<br>> > root_helper = sudo /usr/local/bin/neutron-rootwrap<br>> > /etc/neutron/rootwrap.conf<br>> > #tunnel_types = vxlan<br>> > vxlan_udp_port = 8472<br>> > l2 population = false<br>> > Start by correcting those issues and restart the OVS agents across<br>> > your hosts. The agent log may be of help here as well.<br>> ><br>> > James<br>> > On Oct 14, 2015, at 2:38 AM, Amir Huski? <*amir.huskic@gmail.com*<br>> > <amir.huskic@gmail.com>> wrote:<br>> ><br>> > Hello,<br>> ><br>> > there is also my ml2_conf.ini file:<br>> > *https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini*<br>> > <https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini><br>> ><br>> > Could problem be related to single NIC installation? Is it<br>> > possible to have same interface for bridge mappings and also for tunnel<br>> > bridge? Example below:<br>> ><br>> > bridge_mappings = public:br-ex<br>> > integration bridge = br-int<br>> > tunnel bridge = br-ex<br>> ><br>> > Thank you.<br>> > Regards,<br>> > Amir<br>> ><br>> ><br>> > On Mon, Oct 12, 2015 at 3:53 PM, Amir Huski? <<br>> > *amir.huskic@gmail.com* <amir.huskic@gmail.com>> wrote:<br>> > Hi all,<br>> ><br>> > I'm trying to setup up Openstack test lab.<br>> ><br>> > I deployed Openstack Kilo (Devstack) on PC running Ubuntu LTS<br>> > 14.02 with single NIC.<br>> > Tenants are isolated with vxlan networks. I can ping from VMs<br>> > to external network PCs, SSH login from external PCs to tenants VMs<br>> > floating IP address, etc.<br>> ><br>> > I would like also to connect tenant VMs to external network<br>> > physical Linux host using vxlan tunnel and have L2 connectivity between VM<br>> > and physical Linux host over L3 network.<br>> ><br>> > Vxlan interface on Linux physical host is up and running.<br>> > When I am trying to ping from Linux physical host to Openstack VM (not<br>> > floating IP) using same subnet L2 address (example ping from 192.168.10.10<br>> > to 192.168.10.11) UDP packets on port 8472 are coming to Openstack br-ex<br>> > interface with ARP request.<br>> ><br>> > Problem is that I can't setup vxlan tunnel on Openstack.<br>> > Command "sudo ovs-vsctl show" doesn't show any vxlan tunnels.<br>> > Also when I try to ping from VM to Linux host using L2 IP<br>> > address (ping from 192.168.10.11 to 192.168.10.10) tcpdump on br-ex doesn't<br>> > show anything.<br>> ><br>> > My ml2_conf.ini files is configured following this guide:<br>> > *http://www.opencloudblog.com/?p=300*<br>> > <http://www.opencloudblog.com/?p=300><br>> ><br>> > Thanks in advance for your help,<br>> ><br>> > Regards,<br>> > Amir<br>> ><br>> > _______________________________________________<br>> > Mailing list:<br>> > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack*<br>> > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack><br>> > Post to : *openstack@lists.openstack.org*<br>> > <openstack@lists.openstack.org><br>> > Unsubscribe :<br>> > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack*<br>> > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack><br>> ><br>> ><br>> ><br>> > _______________________________________________<br>> > Mailing list:<br>> > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack*<br>> > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack><br>> > Post to : *openstack@lists.openstack.org*<br>> > <openstack@lists.openstack.org><br>> > Unsubscribe :<br>> > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack*<br>> > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack><br>> ><br>> > _______________________________________________<br>> > Mailing list:<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > Post to : openstack@lists.openstack.org<br>> > Unsubscribe :<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> ><br>> ><br>> ><br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/1ae61847/attachment-0001.html><br>> -------------- next part --------------<br>> A non-text attachment was scrubbed...<br>> Name: ecblank.gif<br>> Type: image/gif<br>> Size: 45 bytes<br>> Desc: not available<br>> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/1ae61847/attachment-0002.gif><br>> -------------- next part --------------<br>> A non-text attachment was scrubbed...<br>> Name: graycol.gif<br>> Type: image/gif<br>> Size: 105 bytes<br>> Desc: not available<br>> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/1ae61847/attachment-0003.gif><br>> <br>> ------------------------------<br>> <br>> Message: 3<br>> Date: Thu, 12 Nov 2015 10:00:12 +0100<br>> From: Amir Huski? <amir.huskic@gmail.com><br>> To: Openstack <openstack@lists.openstack.org><br>> Subject: [Openstack] Vxlan/gre port is not created in br-tun Kilo<br>> Message-ID:<br>> <CAFSgVcxtympHKoP7RxN5uz=wW6F7+5tFVi_h0Xcs30AD-HXnQA@mail.gmail.com><br>> Content-Type: text/plain; charset="utf-8"<br>> <br>> Hello,<br>> <br>> vxlan/gre port is not created in br-tun Kilo. I'm using PC with two NICs,<br>> running Ubuntu 14.04 LTS and Devstack skript for Kilo installation (single<br>> node setup).<br>> <br>> My goal is to enable L2 connectivity between VMs (vxlan/gre network) on<br>> Kilo and external Linux host.<br>> Eth0 is used for br-ex and LAN connectivity. That part is fine. I can ping<br>> and ssh to VMs using their floating IP.<br>> Eth1 should be used for vxlan/gre tunnel connection between Kilo node and<br>> Linux external node that have vxlan/gre interfaces.<br>> <br>> eth0: 192.168.123.1<br>> eth1: 192.168.100.254<br>> VMs internal: 192.168.10.x<br>> Linux external host vxlan/gre tunnel: 192.168.10.10, eth0 192.168.50.10<br>> <br>> amir@openstack:~/devstack$ sudo ovs-vsctl show<br>> c2020516-3b76-4b8c-8fa6-110fcb4fd5e3<br>> Bridge br-tun<br>> fail_mode: secure<br>> Port patch-int<br>> Interface patch-int<br>> type: patch<br>> options: {peer=patch-tun}<br>> Port br-tun<br>> Interface br-tun<br>> type: internal<br>> Bridge br-int<br>> fail_mode: secure<br>> <br>> When I try to ping from VMs to external Linux host using L2 network segment<br>> (192.168.10.5 -> 192.168.10.10) I can see using tcpdump that packets are<br>> coming only to br-int. When I try to ping from Linux external host to VMs<br>> using L2 network segment (192.168.10.10 -> 192.168.10.5) ping packets are<br>> coming to eth1 but not also to br-tun.<br>> <br>> I can add vxlan/gre port to OVS manually but nothing change and also tried<br>> with vxlan and gre but result is the same.<br>> <br>> Here are my configuration files and CLI output (ifconfig, ip a, OVS<br>> bridges/ports status, etc):<br>> https://dl.dropboxusercontent.com/u/4298410/Openstack_vxlan.zip<br>> <br>> What I'm doing wrong?<br>> <br>> Thank you.<br>> Regards,<br>> Amir<br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/4bab2926/attachment-0001.html><br>> <br>> ------------------------------<br>> <br>> Message: 4<br>> Date: Thu, 12 Nov 2015 10:17:32 +0100<br>> From: Andreas Scheuring <scheuran@linux.vnet.ibm.com><br>> To: Amir Huski? <amir.huskic@gmail.com><br>> Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org><br>> Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup<br>> Message-ID: <1447319852.3078.9.camel@scheuran-ThinkPad-W530><br>> Content-Type: text/plain; charset="UTF-8"<br>> <br>> What you see is the expected behavior. A Tun (vxlan/gre) port is created<br>> for each other Node (that runs the neutron-openvswitch-agent) in your<br>> Openstack Cluster. So if you have a single node - no other Openstack<br>> node - no tun port.<br>> <br>> It's not a use case that an external (non Openstack managed System) Node<br>> is participating in your Openstack internal tunnel network. <br>> <br>> The current ovs implementation knows exactly which vm is reachable via<br>> which mac on which other hypervisor via which tunnel port. All these<br>> logic is implemented via openflow rules, which steer the traffic to the<br>> correct tun device. Traffic that does not match those rules, will be<br>> dropped (I guess).<br>> <br>> You can only achieve this with an external vxlan network. I personally<br>> haven't tried this so far creating it with Openstack. But for a prove of<br>> concept you could create the tun port on your own on br-ex (instead of<br>> plugging your interface into br-ex).<br>> <br>> Hope this helps.<br>> <br>> <br>> <br>> -- <br>> Andreas<br>> (IRC: scheuran)<br>> <br>> <br>> <br>> On Do, 2015-11-12 at 09:36 +0100, Amir Huski? wrote:<br>> > Thank you all for suggestions and sorry for late answer. Now I have PC<br>> > with two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre<br>> > tunnel interface. Br-ex is working fine and also I can ping and access<br>> > VM using floating IP. But still facing issue with vxlan/gre tunnels.<br>> > Vxlan/gre port is not created on br-tun. <br>> > <br>> > <br>> > As I already wrote I'm trying to enable L2 connectivity between VMs<br>> > running on single node Openstack Kilo instalation (Devstack) and<br>> > external Linux host using vxlan/gre tunnel. Since there are now two<br>> > NICs I'll open new thread.<br>> > <br>> > <br>> > Regards,<br>> > Amir<br>> > <br>> > On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgunjal@in.ibm.com><br>> > wrote:<br>> > Hi Amir,<br>> > <br>> > One point to check is the security rules set in your<br>> > controller. Check if you have set the ingress/egress rules set<br>> > for ICMP protocol (ping) which will otherwise block traffic<br>> > from external hosts to the tenant VM.<br>> > <br>> > Regards,<br>> > Akash<br>> > <br>> > Inactive hide details for yatin kumbhare ---10/19/2015<br>> > 03:56:22 PM---Hi Amir, Not quite sure, as I haven't tried such<br>> > a thing.yatin kumbhare ---10/19/2015 03:56:22 PM---Hi Amir,<br>> > Not quite sure, as I haven't tried such a thing.<br>> > <br>> > From: yatin kumbhare <yatinkumbhare@gmail.com><br>> > To: Amir Huski? <amir.huskic@gmail.com><br>> > Cc: "openstack@lists.openstack.org"<br>> > <openstack@lists.openstack.org><br>> > Date: 10/19/2015 03:56 PM<br>> > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single<br>> > NIC setup<br>> > <br>> > <br>> > <br>> > ______________________________________________________________<br>> > <br>> > <br>> > <br>> > Hi Amir,<br>> > <br>> > Not quite sure, as I haven't tried such a thing.<br>> > <br>> > but IMHO, you might require l2-gateway. <br>> > <br>> > Kind of this: https://www.youtube.com/watch?v=74Wfr4myf5k<br>> > <br>> > Regards,<br>> > Yatin<br>> > <br>> > On Mon, Oct 19, 2015 at 4:35 AM, Amir Huski?<br>> > <amir.huskic@gmail.com> wrote:<br>> > Hello James,<br>> > <br>> > I use underscores in ml2 config file as You suggested.<br>> > Also made some changes in config file. Here is<br>> > available:<br>> > https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0<br>> > <br>> > Summary:<br>> > - can ping from OS host to external gw and external<br>> > linux host<br>> > - can ping from tenant VM to external gw and external<br>> > linux host<br>> > - can't ping OS host and tenant VM floating IP from<br>> > external linux host<br>> > - tcpdump on br-ex and eth0 interface is showing arp<br>> > request during ping request from linux external host<br>> > using vxlan segment<br>> > <br>> > For additional info please check info from CLI screen<br>> > here:<br>> > https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0<br>> > <br>> > Accidently I deleted symbolic link in log files<br>> > pointing to agent log. Unfortunately I don't know how<br>> > to create it again with proper permissions. I tried<br>> > with chmod and chown using reference command but<br>> > without much success.<br>> > <br>> > lrwxrwxrwx 1 amir amir 43 Sep 19 15:26<br>> > screen-n-sch.log<br>> > -> /opt/stack/logs/n-sch.log.2015-09-19-150746<br>> > -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00<br>> > screen-q-agt.log<br>> > lrwxrwxrwx 1 amir amir 44 Sep 19 15:25<br>> > screen-q-dhcp.log<br>> > -> /opt/stack/logs/q-dhcp.log.2015-09-19-150746<br>> > <br>> > <br>> > Thank you for your help and time.<br>> > <br>> > Kind regards,<br>> > Amir<br>> > <br>> > On Wed, Oct 14, 2015 at 4:06 PM, James Denton<br>> > <james.denton@rackspace.com> wrote:<br>> > Hi Amir,<br>> > <br>> > A couple of recommendations:<br>> > <br>> > - Your vxlan_group setting has an extra dot at the end<br>> > that may be causing issues:<br>> > [ml2_type_vxlan]<br>> > vxlan_group = 239.0.0.0.<br>> > - Your [OVS] block has some incorrect options. Use<br>> > underscores rather than spaces:<br>> > [ovs]<br>> > bridge_mappings = public:br-ex<br>> > local_ip = 192.168.100.100<br>> > vxlan_udp_port = 8472<br>> > tunnel type = vxlan<br>> > tunnel id ranges = 1001:2000<br>> > tenant network type = vxlan<br>> > enable tunneling = true<br>> > - Same goes for [agent] as well:<br>> > [agent]<br>> > tunnel_types = vxlan<br>> > root_helper_daemon =<br>> > sudo /usr/local/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf<br>> > root_helper =<br>> > sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf<br>> > #tunnel_types = vxlan<br>> > vxlan_udp_port = 8472<br>> > l2 population = false<br>> > Start by correcting those issues and restart the OVS<br>> > agents across your hosts. The agent log may be of help<br>> > here as well.<br>> > <br>> > James <br>> > On Oct 14, 2015, at 2:38 AM, Amir<br>> > Huski? <amir.huskic@gmail.com> wrote:<br>> > <br>> > Hello,<br>> > <br>> > there is also my ml2_conf.ini<br>> > file: https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini<br>> > <br>> > Could problem be related to single NIC<br>> > installation? Is it possible to have<br>> > same interface for bridge mappings and<br>> > also for tunnel bridge? Example below:<br>> > <br>> > bridge_mappings = public:br-ex<br>> > integration bridge = br-int<br>> > tunnel bridge = br-ex<br>> > <br>> > Thank you.<br>> > Regards,<br>> > Amir<br>> > <br>> > <br>> > On Mon, Oct 12, 2015 at 3:53 PM, Amir<br>> > Huski? <amir.huskic@gmail.com> wrote:<br>> > Hi all,<br>> > <br>> > I'm trying to setup up<br>> > Openstack test lab.<br>> > <br>> > I deployed Openstack Kilo<br>> > (Devstack) on PC running<br>> > Ubuntu LTS 14.02 with single<br>> > NIC.<br>> > Tenants are isolated with<br>> > vxlan networks. I can ping<br>> > from VMs to external network<br>> > PCs, SSH login from external<br>> > PCs to tenants VMs floating IP<br>> > address, etc.<br>> > <br>> > I would like also to connect<br>> > tenant VMs to external network<br>> > physical Linux host using<br>> > vxlan tunnel and have L2<br>> > connectivity between VM and<br>> > physical Linux host over L3<br>> > network.<br>> > <br>> > Vxlan interface on Linux<br>> > physical host is up and<br>> > running. When I am trying to<br>> > ping from Linux physical host<br>> > to Openstack VM (not floating<br>> > IP) using same subnet L2<br>> > address (example ping from<br>> > 192.168.10.10 to<br>> > 192.168.10.11) UDP packets on<br>> > port 8472 are coming to<br>> > Openstack br-ex interface with<br>> > ARP request.<br>> > <br>> > Problem is that I can't setup<br>> > vxlan tunnel on Openstack.<br>> > Command "sudo ovs-vsctl show"<br>> > doesn't show any vxlan<br>> > tunnels.<br>> > Also when I try to ping from<br>> > VM to Linux host using L2 IP<br>> > address (ping from<br>> > 192.168.10.11 to<br>> > 192.168.10.10) tcpdump on<br>> > br-ex doesn't show anything.<br>> > <br>> > My ml2_conf.ini files is<br>> > configured following this<br>> > guide:<br>> > http://www.opencloudblog.com/?p=300<br>> > <br>> > Thanks in advance for your<br>> > help,<br>> > <br>> > Regards,<br>> > Amir<br>> > <br>> > _______________________________________________<br>> > Mailing list:<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > Post to :<br>> > openstack@lists.openstack.org<br>> > Unsubscribe :<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > <br>> > <br>> > <br>> > _______________________________________________<br>> > Mailing list:<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > Post to : openstack@lists.openstack.org<br>> > Unsubscribe :<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > _______________________________________________<br>> > Mailing list:<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > Post to : openstack@lists.openstack.org<br>> > Unsubscribe :<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > <br>> > <br>> > <br>> > <br>> > <br>> > <br>> > _______________________________________________<br>> > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > Post to : openstack@lists.openstack.org<br>> > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> <br>> <br>> <br>> <br>> ------------------------------<br>> <br>> Message: 5<br>> Date: Thu, 12 Nov 2015 12:30:45 +0300<br>> From: Aleksei Stupnikov <astupnikov@mirantis.com><br>> To: Amir Huski? <amir.huskic@gmail.com><br>> Cc: Openstack <openstack@lists.openstack.org><br>> Subject: Re: [Openstack] Vxlan/gre port is not created in br-tun Kilo<br>> Message-ID:<br>> <CA+GpT_LK-JwfRbdLPbv91UCk7NuMh8LKgn__tGsGVMOyPA2wvQ@mail.gmail.com><br>> Content-Type: text/plain; charset="utf-8"<br>> <br>> Hello, Amir.<br>> <br>> I have had exactly the same problem some time ago. Please see a description<br>> and possible solution at<br>> https://ask.openstack.org/en/question/68671/centos7-rdo-vxlan-tcp-segment-losses/<br>> (you should check statistics at L2 and L3 interfaces using ethtool -S and<br>> ip -s commands before applying proposed WA).<br>> <br>> BR, Alexey Stupnikov.<br>> <br>> On Thu, Nov 12, 2015 at 12:00 PM, Amir Huski? <amir.huskic@gmail.com> wrote:<br>> <br>> > Hello,<br>> ><br>> > vxlan/gre port is not created in br-tun Kilo. I'm using PC with two NICs,<br>> > running Ubuntu 14.04 LTS and Devstack skript for Kilo installation (single<br>> > node setup).<br>> ><br>> > My goal is to enable L2 connectivity between VMs (vxlan/gre network) on<br>> > Kilo and external Linux host.<br>> > Eth0 is used for br-ex and LAN connectivity. That part is fine. I can ping<br>> > and ssh to VMs using their floating IP.<br>> > Eth1 should be used for vxlan/gre tunnel connection between Kilo node and<br>> > Linux external node that have vxlan/gre interfaces.<br>> ><br>> > eth0: 192.168.123.1<br>> > eth1: 192.168.100.254<br>> > VMs internal: 192.168.10.x<br>> > Linux external host vxlan/gre tunnel: 192.168.10.10, eth0 192.168.50.10<br>> ><br>> > amir@openstack:~/devstack$ sudo ovs-vsctl show<br>> > c2020516-3b76-4b8c-8fa6-110fcb4fd5e3<br>> > Bridge br-tun<br>> > fail_mode: secure<br>> > Port patch-int<br>> > Interface patch-int<br>> > type: patch<br>> > options: {peer=patch-tun}<br>> > Port br-tun<br>> > Interface br-tun<br>> > type: internal<br>> > Bridge br-int<br>> > fail_mode: secure<br>> ><br>> > When I try to ping from VMs to external Linux host using L2 network<br>> > segment (192.168.10.5 -> 192.168.10.10) I can see using tcpdump that<br>> > packets are coming only to br-int. When I try to ping from Linux external<br>> > host to VMs using L2 network segment (192.168.10.10 -> 192.168.10.5) ping<br>> > packets are coming to eth1 but not also to br-tun.<br>> ><br>> > I can add vxlan/gre port to OVS manually but nothing change and also tried<br>> > with vxlan and gre but result is the same.<br>> ><br>> > Here are my configuration files and CLI output (ifconfig, ip a, OVS<br>> > bridges/ports status, etc):<br>> > https://dl.dropboxusercontent.com/u/4298410/Openstack_vxlan.zip<br>> ><br>> > What I'm doing wrong?<br>> ><br>> > Thank you.<br>> > Regards,<br>> > Amir<br>> ><br>> ><br>> > _______________________________________________<br>> > Mailing list:<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > Post to : openstack@lists.openstack.org<br>> > Unsubscribe :<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> ><br>> ><br>> <br>> <br>> -- <br>> BR, Alexey Stupnikov.<br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/de10e15f/attachment-0001.html><br>> <br>> ------------------------------<br>> <br>> Message: 6<br>> Date: Thu, 12 Nov 2015 12:57:23 +0100<br>> From: Amir Huski? <amir.huskic@gmail.com><br>> To: Andreas Scheuring <scheuran@linux.vnet.ibm.com><br>> Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org><br>> Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup<br>> Message-ID:<br>> <CAFSgVczx=_Q5Wy1yn2T89JfffH14JeRQ9MPFBMNFU2cG+qQC=g@mail.gmail.com><br>> Content-Type: text/plain; charset="utf-8"<br>> <br>> Thank you Andreas. I'll try it. I've opened new thread with additional info<br>> (here:<br>> http://lists.openstack.org/pipermail/openstack/2015-November/014564.html)<br>> and subject: Vxlan/gre port is not created in br-tun Kilo. There are also<br>> config files.<br>> <br>> Regards,<br>> Amir<br>> <br>> On Thu, Nov 12, 2015 at 10:17 AM, Andreas Scheuring <<br>> scheuran@linux.vnet.ibm.com> wrote:<br>> <br>> > What you see is the expected behavior. A Tun (vxlan/gre) port is created<br>> > for each other Node (that runs the neutron-openvswitch-agent) in your<br>> > Openstack Cluster. So if you have a single node - no other Openstack<br>> > node - no tun port.<br>> ><br>> > It's not a use case that an external (non Openstack managed System) Node<br>> > is participating in your Openstack internal tunnel network.<br>> ><br>> > The current ovs implementation knows exactly which vm is reachable via<br>> > which mac on which other hypervisor via which tunnel port. All these<br>> > logic is implemented via openflow rules, which steer the traffic to the<br>> > correct tun device. Traffic that does not match those rules, will be<br>> > dropped (I guess).<br>> ><br>> > You can only achieve this with an external vxlan network. I personally<br>> > haven't tried this so far creating it with Openstack. But for a prove of<br>> > concept you could create the tun port on your own on br-ex (instead of<br>> > plugging your interface into br-ex).<br>> ><br>> > Hope this helps.<br>> ><br>> ><br>> ><br>> > --<br>> > Andreas<br>> > (IRC: scheuran)<br>> ><br>> ><br>> ><br>> > On Do, 2015-11-12 at 09:36 +0100, Amir Huski? wrote:<br>> > > Thank you all for suggestions and sorry for late answer. Now I have PC<br>> > > with two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre<br>> > > tunnel interface. Br-ex is working fine and also I can ping and access<br>> > > VM using floating IP. But still facing issue with vxlan/gre tunnels.<br>> > > Vxlan/gre port is not created on br-tun.<br>> > ><br>> > ><br>> > > As I already wrote I'm trying to enable L2 connectivity between VMs<br>> > > running on single node Openstack Kilo instalation (Devstack) and<br>> > > external Linux host using vxlan/gre tunnel. Since there are now two<br>> > > NICs I'll open new thread.<br>> > ><br>> > ><br>> > > Regards,<br>> > > Amir<br>> > ><br>> > > On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgunjal@in.ibm.com><br>> > > wrote:<br>> > > Hi Amir,<br>> > ><br>> > > One point to check is the security rules set in your<br>> > > controller. Check if you have set the ingress/egress rules set<br>> > > for ICMP protocol (ping) which will otherwise block traffic<br>> > > from external hosts to the tenant VM.<br>> > ><br>> > > Regards,<br>> > > Akash<br>> > ><br>> > > Inactive hide details for yatin kumbhare ---10/19/2015<br>> > > 03:56:22 PM---Hi Amir, Not quite sure, as I haven't tried such<br>> > > a thing.yatin kumbhare ---10/19/2015 03:56:22 PM---Hi Amir,<br>> > > Not quite sure, as I haven't tried such a thing.<br>> > ><br>> > > From: yatin kumbhare <yatinkumbhare@gmail.com><br>> > > To: Amir Huski? <amir.huskic@gmail.com><br>> > > Cc: "openstack@lists.openstack.org"<br>> > > <openstack@lists.openstack.org><br>> > > Date: 10/19/2015 03:56 PM<br>> > > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single<br>> > > NIC setup<br>> > ><br>> > ><br>> > ><br>> > > ______________________________________________________________<br>> > ><br>> > ><br>> > ><br>> > > Hi Amir,<br>> > ><br>> > > Not quite sure, as I haven't tried such a thing.<br>> > ><br>> > > but IMHO, you might require l2-gateway.<br>> > ><br>> > > Kind of this: https://www.youtube.com/watch?v=74Wfr4myf5k<br>> > ><br>> > > Regards,<br>> > > Yatin<br>> > ><br>> > > On Mon, Oct 19, 2015 at 4:35 AM, Amir Huski?<br>> > > <amir.huskic@gmail.com> wrote:<br>> > > Hello James,<br>> > ><br>> > > I use underscores in ml2 config file as You suggested.<br>> > > Also made some changes in config file. Here is<br>> > > available:<br>> > ><br>> > https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0<br>> > ><br>> > > Summary:<br>> > > - can ping from OS host to external gw and external<br>> > > linux host<br>> > > - can ping from tenant VM to external gw and external<br>> > > linux host<br>> > > - can't ping OS host and tenant VM floating IP from<br>> > > external linux host<br>> > > - tcpdump on br-ex and eth0 interface is showing arp<br>> > > request during ping request from linux external host<br>> > > using vxlan segment<br>> > ><br>> > > For additional info please check info from CLI screen<br>> > > here:<br>> > ><br>> > https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0<br>> > ><br>> > > Accidently I deleted symbolic link in log files<br>> > > pointing to agent log. Unfortunately I don't know how<br>> > > to create it again with proper permissions. I tried<br>> > > with chmod and chown using reference command but<br>> > > without much success.<br>> > ><br>> > > lrwxrwxrwx 1 amir amir 43 Sep 19 15:26<br>> > > screen-n-sch.log<br>> > > -> /opt/stack/logs/n-sch.log.2015-09-19-150746<br>> > > -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00<br>> > > screen-q-agt.log<br>> > > lrwxrwxrwx 1 amir amir 44 Sep 19 15:25<br>> > > screen-q-dhcp.log<br>> > > -> /opt/stack/logs/q-dhcp.log.2015-09-19-150746<br>> > ><br>> > ><br>> > > Thank you for your help and time.<br>> > ><br>> > > Kind regards,<br>> > > Amir<br>> > ><br>> > > On Wed, Oct 14, 2015 at 4:06 PM, James Denton<br>> > > <james.denton@rackspace.com> wrote:<br>> > > Hi Amir,<br>> > ><br>> > > A couple of recommendations:<br>> > ><br>> > > - Your vxlan_group setting has an extra dot at the end<br>> > > that may be causing issues:<br>> > > [ml2_type_vxlan]<br>> > > vxlan_group = 239.0.0.0.<br>> > > - Your [OVS] block has some incorrect options. Use<br>> > > underscores rather than spaces:<br>> > > [ovs]<br>> > > bridge_mappings = public:br-ex<br>> > > local_ip = 192.168.100.100<br>> > > vxlan_udp_port = 8472<br>> > > tunnel type = vxlan<br>> > > tunnel id ranges = 1001:2000<br>> > > tenant network type = vxlan<br>> > > enable tunneling = true<br>> > > - Same goes for [agent] as well:<br>> > > [agent]<br>> > > tunnel_types = vxlan<br>> > > root_helper_daemon =<br>> > > sudo /usr/local/bin/neutron-rootwrap-daemon<br>> > /etc/neutron/rootwrap.conf<br>> > > root_helper =<br>> > > sudo /usr/local/bin/neutron-rootwrap<br>> > /etc/neutron/rootwrap.conf<br>> > > #tunnel_types = vxlan<br>> > > vxlan_udp_port = 8472<br>> > > l2 population = false<br>> > > Start by correcting those issues and restart the OVS<br>> > > agents across your hosts. The agent log may be of help<br>> > > here as well.<br>> > ><br>> > > James<br>> > > On Oct 14, 2015, at 2:38 AM, Amir<br>> > > Huski? <amir.huskic@gmail.com> wrote:<br>> > ><br>> > > Hello,<br>> > ><br>> > > there is also my ml2_conf.ini<br>> > > file:<br>> > https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini<br>> > ><br>> > > Could problem be related to single NIC<br>> > > installation? Is it possible to have<br>> > > same interface for bridge mappings and<br>> > > also for tunnel bridge? Example below:<br>> > ><br>> > > bridge_mappings = public:br-ex<br>> > > integration bridge = br-int<br>> > > tunnel bridge = br-ex<br>> > ><br>> > > Thank you.<br>> > > Regards,<br>> > > Amir<br>> > ><br>> > ><br>> > > On Mon, Oct 12, 2015 at 3:53 PM, Amir<br>> > > Huski? <amir.huskic@gmail.com> wrote:<br>> > > Hi all,<br>> > ><br>> > > I'm trying to setup up<br>> > > Openstack test lab.<br>> > ><br>> > > I deployed Openstack Kilo<br>> > > (Devstack) on PC running<br>> > > Ubuntu LTS 14.02 with single<br>> > > NIC.<br>> > > Tenants are isolated with<br>> > > vxlan networks. I can ping<br>> > > from VMs to external network<br>> > > PCs, SSH login from external<br>> > > PCs to tenants VMs floating IP<br>> > > address, etc.<br>> > ><br>> > > I would like also to connect<br>> > > tenant VMs to external network<br>> > > physical Linux host using<br>> > > vxlan tunnel and have L2<br>> > > connectivity between VM and<br>> > > physical Linux host over L3<br>> > > network.<br>> > ><br>> > > Vxlan interface on Linux<br>> > > physical host is up and<br>> > > running. When I am trying to<br>> > > ping from Linux physical host<br>> > > to Openstack VM (not floating<br>> > > IP) using same subnet L2<br>> > > address (example ping from<br>> > > 192.168.10.10 to<br>> > > 192.168.10.11) UDP packets on<br>> > > port 8472 are coming to<br>> > > Openstack br-ex interface with<br>> > > ARP request.<br>> > ><br>> > > Problem is that I can't setup<br>> > > vxlan tunnel on Openstack.<br>> > > Command "sudo ovs-vsctl show"<br>> > > doesn't show any vxlan<br>> > > tunnels.<br>> > > Also when I try to ping from<br>> > > VM to Linux host using L2 IP<br>> > > address (ping from<br>> > > 192.168.10.11 to<br>> > > 192.168.10.10) tcpdump on<br>> > > br-ex doesn't show anything.<br>> > ><br>> > > My ml2_conf.ini files is<br>> > > configured following this<br>> > > guide:<br>> > ><br>> > http://www.opencloudblog.com/?p=300<br>> > ><br>> > > Thanks in advance for your<br>> > > help,<br>> > ><br>> > > Regards,<br>> > > Amir<br>> > ><br>> > ><br>> > _______________________________________________<br>> > > Mailing list:<br>> > ><br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > > Post to :<br>> > > openstack@lists.openstack.org<br>> > > Unsubscribe :<br>> > ><br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > ><br>> > ><br>> > ><br>> > > _______________________________________________<br>> > > Mailing list:<br>> > ><br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > > Post to : openstack@lists.openstack.org<br>> > > Unsubscribe :<br>> > ><br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > > _______________________________________________<br>> > > Mailing list:<br>> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > > Post to : openstack@lists.openstack.org<br>> > > Unsubscribe :<br>> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > ><br>> > ><br>> > ><br>> > ><br>> > ><br>> > ><br>> > > _______________________________________________<br>> > > Mailing list:<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> > > Post to : openstack@lists.openstack.org<br>> > > Unsubscribe :<br>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> ><br>> ><br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/f3d59fb6/attachment-0001.html><br>> <br>> ------------------------------<br>> <br>> _______________________________________________<br>> Openstack mailing list<br>> openstack@lists.openstack.org<br>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack<br>> <br>> <br>> End of Openstack Digest, Vol 29, Issue 12<br>> *****************************************<br></div></div> </div></body>
</html>