Encountering a live migration issue on Kolla Ansible Deployment
Hello all, I recently set up a cluster using Kolla Ansible, but I'm encountering a live migration issue. I would appreciate any advice or insights you can provide. Error Message is rule:create_port_binding is disallowed by policy Neutron server returns request_ids: ['req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee'] Here are some logs: 2024-01-25 04:55:51.599 23 INFO neutron.api.v2.resource [req-a380e1bc-a94b-4935-be0d-76fcc94becc4 req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee 636854b888d7441eafcd21255e1378f1 b07c4b6d7b2241c187ed84f30b163817 - - default default] create failed (client error): Access was denied to this resource. 2024-01-25 04:55:51.601 23 INFO neutron.wsgi [req-a380e1bc-a94b-4935-be0d-76fcc94becc4 req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee 636854b888d7441eafcd21255e1378f1 b07c4b6d7b2241c187ed84f30b163817 - - default default] 192.168.252.254,192.168.252.12 "POST /v2.0/ports/e70fab29-d0cd-4db4-8fbc-a572da1bff64/bindings HTTP/1.1" status: 403 len: 308 time: 0.0207033 Neutron server returns request_ids: ['req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee'] 2024-01-25 04:55:51.815 19 ERROR nova.conductor.manager Neutron server returns request_ids: ['req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee'] 2024-01-25 04:55:51.815 19 ERROR nova.conductor.manager Neutron server returns request_ids: ['req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee'] Neutron server returns request_ids: ['req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee']: nova.exception.Forbidden: rule:create_port_binding is disallowed by policy
Hello: Can you provide more info about the versions you are using? And the Neutron policy file. Neutron server logs (in DEBUG mode) will be helpful too. Regards. On Thu, Jan 25, 2024 at 8:39 AM <khurshidsx@gmail.com> wrote:
Hello all, I recently set up a cluster using Kolla Ansible, but I'm encountering a live migration issue. I would appreciate any advice or insights you can provide.
Error Message is rule:create_port_binding is disallowed by policy Neutron server returns request_ids: ['req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee']
Here are some logs: 2024-01-25 04:55:51.599 23 INFO neutron.api.v2.resource [req-a380e1bc-a94b-4935-be0d-76fcc94becc4 req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee 636854b888d7441eafcd21255e1378f1 b07c4b6d7b2241c187ed84f30b163817 - - default default] create failed (client error): Access was denied to this resource. 2024-01-25 04:55:51.601 23 INFO neutron.wsgi [req-a380e1bc-a94b-4935-be0d-76fcc94becc4 req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee 636854b888d7441eafcd21255e1378f1 b07c4b6d7b2241c187ed84f30b163817 - - default default] 192.168.252.254,192.168.252.12 "POST /v2.0/ports/e70fab29-d0cd-4db4-8fbc-a572da1bff64/bindings HTTP/1.1" status: 403 len: 308 time: 0.0207033 Neutron server returns request_ids: ['req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee'] 2024-01-25 04:55:51.815 19 ERROR nova.conductor.manager Neutron server returns request_ids: ['req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee'] 2024-01-25 04:55:51.815 19 ERROR nova.conductor.manager Neutron server returns request_ids: ['req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee'] Neutron server returns request_ids: ['req-dce2d22c-349b-4759-a0f2-8bebbfbb1aee']: nova.exception.Forbidden: rule:create_port_binding is disallowed by policy
Thank you Rodolfo Alonso Hernandez for promt response, Please find the relevant version information below: Neutron version: 7.8.0 Nova version: 18.4.0 I'm using default neutron policy. For reference, fault execution request: Error: Failed to live migrate instance to host "compute3". Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible. <class 'nova.exception_Remote.MigrationError_Remote'> (HTTP 500) (Request-ID: req-f7aa968d-5ce1-45aa-8219-028bf9a765ca) Neutron logs can be found in this link: https://drive.google.com/drive/folders/12q6kicN492-hgwtISK1hcymeH52A2eCb?usp...
Hi: You are using Bobcat, not the referred versions. Do you have more than one server? I see nothing in the Neutron logs related to the port binding command sent by Nova. Regards. On Thu, Jan 25, 2024 at 10:56 AM <khurshidsx@gmail.com> wrote:
Thank you Rodolfo Alonso Hernandez for promt response,
Please find the relevant version information below:
Neutron version: 7.8.0 Nova version: 18.4.0
I'm using default neutron policy. For reference, fault execution request: Error: Failed to live migrate instance to host "compute3". Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible. <class 'nova.exception_Remote.MigrationError_Remote'> (HTTP 500) (Request-ID: req-f7aa968d-5ce1-45aa-8219-028bf9a765ca)
Neutron logs can be found in this link:
https://drive.google.com/drive/folders/12q6kicN492-hgwtISK1hcymeH52A2eCb?usp...
Absolutely, you're correct, I'm using a Bobcat. The neutron version can be confusing due to python3-neutronclient. I determined the versions by executing 'neutron --version'. I have updated the previous link and divided the logs into separate nodes: Controller, compute2 (src host), and compute3 (dst host). Please refer to the logs timestamped '2024-01-25 11:34' and req-6aad20e9-a37d-42b9-ad31-6f90c1381dc8. If using a custom neutron policy what value should be set on rule:create_port_binding? Appreciate your help to solve the issue.
Hi everyone, Just wanted to share a tip regarding policy files in Nova. As of version 22.0.0 (Victoria), JSON-formatted policy files are no longer supported. I found that switching to a YAML-formatted policy file located in /etc/kolla/config did the trick. Here's the content I used in policy.yml: context_is_admin: "role:admin" service_api: "role:service" create_port_binding: "rule:service_api" This resolved the problem for me, and I hope it helps others who might be facing the same deprecation challenge.
participants (3)
-
Khurshid Suyunov
-
khurshidsx@gmail.com
-
Rodolfo Alonso Hernandez