RE: openstack-discuss Digest, Vol 60, Issue 10 ~ Fwaas in Openstack 2023.1 antelope
Hi Openstack Community! I have set up OpenStack release 2023.1 antelope with Kolla-Ansible . However, I noticed that there is no enable_plugin option in the /etc/kolla/global.yml file. Now, I am trying to install FWaaS (Firewall-as-a-Service) following the instructions provided in this OpenStack's Firewall-as-a-Service (FWaaS) v2 scenario documentation. The documentation states, On Ubuntu and CentOS, modify the [fwaas] section in the /etc/neutron/fwaas_driver.ini file instead of /etc/neutron/neutron.conf. Unfortunately, I cannot find the fwaas_driver.ini file in the neutron-server, neutron-l3-agent, or neutron-openvswitch-agent containers Can someone guide me on how to properly install FWaaS in a Kolla environment using the information from the provided link? Best, -----Original Message----- From: openstack-discuss-request@lists.openstack.org <openstack-discuss-request@lists.openstack.org> Sent: Friday, October 6, 2023 1:27 PM To: openstack-discuss@lists.openstack.org Subject: openstack-discuss Digest, Vol 60, Issue 10 Send openstack-discuss mailing list submissions to openstack-discuss@lists.openstack.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss or, via email, send a message with subject or body 'help' to openstack-discuss-request@lists.openstack.org You can reach the person managing the list at openstack-discuss-owner@lists.openstack.org When replying, please edit your Subject line so it is more specific than "Re: Contents of openstack-discuss digest..." Today's Topics: 1. Re: [ops] [nova] "invalid argument: shares xxx must be in range [1, 10000]" after 1:25.2.0 to 1.25.2.1. update (Massimo Sgaravatto) 2. [TC][Monasca] Proposal to mark Monasca as an inactive project (S?awek Kap?o?ski) 3. [neutron] Neutron drivers meeting cancelled (Rodolfo Alonso Hernandez) ---------------------------------------------------------------------- Message: 1 Date: Fri, 6 Oct 2023 09:10:47 +0200 From: Massimo Sgaravatto <massimo.sgaravatto@gmail.com> To: Franciszek Przewo?ny <fprzewozny@opera.com> Cc: OpenStack Discuss <openstack-discuss@lists.openstack.org>, smooney@redhat.com Subject: Re: [ops] [nova] "invalid argument: shares xxx must be in range [1, 10000]" after 1:25.2.0 to 1.25.2.1. update Message-ID: <CALaZjRGh6xnzX12cMgDTYx2yJYddUD9X3oh60JWnrB33ZdEf_Q@mail.gmail.com> Content-Type: text/plain; charset="utf-8" Thanks a lot Franciszek ! I was indeed seeing the problem with a VM big 56 vcpus while I didn't see the issue with a tiny instance Thanks again ! Cheers, Massimo On Fri, Oct 6, 2023 at 8:58?AM Franciszek Przewo?ny <fprzewozny@opera.com> wrote:
Hi Massimo,
We are using Ubuntu for our environments and we experienced the same issue during upgrade from Yoga/Focal to Yoga/Jammy. On Yoga/Focal cgroups_v1 were used, and cpu_shares parameter value was cpu count * 1024. From Jammy cgroups_v2 have been implemented, and cpu_shares value has been set by default to 100. It has hard limit of 10000, so flavors with more than 9vCPUs won't fit. If you need to fix this issue without stopping VMs, you can set cpu_shares with libvirt command: virsh schedinfo $domain --live cpu_shares=100 for more details about virsh schedinfo visit: https://libvirt.org/manpages/virsh.html#schedinfo
BR, Franciszek
On 5 Oct 2023, at 21:17, smooney@redhat.com wrote:
On Thu, 2023-10-05 at 16:53 +0200, Massimo Sgaravatto wrote:
Dear all
We have recently updated openstack nova on some AlmaLinux9 compute nodes running Yoga from 1:25.2.0 to 1.25.2.1. After this operation some VMs don't start anymore. In the log it is reported:
libvirt.libvirtError: invalid argument: shares \'57344\' must be in range [1, 10000]\n'}
libvirt version is 9.0.0-10.3
A quick google search suggests that it is something related to cgroups and it is fixed in libvirt >= 9.1 (which is not yet in the almalinux9 repos). Did I get it right ?
not quite
it is reated to cgroups but the cause is that in cgroups_v1 the maxvlaue of shares i.e. cpu_shares changed form make int to 10000 in cgroups_v2 so the issue is teh vm requested a cpu share value of 57344 which is not vlaid on an OS that is useing cgroups_v2 libvirt will not clamp the value nor will nova. you have to change the volue in your flavor and resize the vm.
Thanks, Massimo
Hi Asma, The enable_plugin is for devstack based deployments, I suppose. To tell the truth I am not familiar with kolla, but I found this page which speaks about enabling neutron extensions like sfc or vpnaas: https://docs.openstack.org/kolla-ansible/4.0.2/networking-guide.html and these in the group_vars/all.yml: https://opendev.org/openstack/kolla-ansible/src/branch/master/ansible/group_... So to enable vpnaas: enable_neutron_vpnaas: "yes" I suppose to do all the magic to install and set neutron-vpnaas. I can't find neutron-fwaas , but perhaps this is just my lack of experience with kolla. To see what is necessary to configure fwaas, I would check the devstack plugin: https://opendev.org/openstack/neutron-fwaas/src/branch/master/devstack Best wishes. Lajos (lajoskatona) Asma Naz Shariq <asma.naz@techavenue.biz> ezt írta (időpont: 2023. okt. 6., P, 14:37):
Hi Openstack Community!
I have set up OpenStack release 2023.1 antelope with Kolla-Ansible . However, I noticed that there is no enable_plugin option in the /etc/kolla/global.yml file. Now, I am trying to install FWaaS (Firewall-as-a-Service) following the instructions provided in this OpenStack's Firewall-as-a-Service (FWaaS) v2 scenario documentation.
The documentation states, On Ubuntu and CentOS, modify the [fwaas] section in the /etc/neutron/fwaas_driver.ini file instead of /etc/neutron/neutron.conf. Unfortunately, I cannot find the fwaas_driver.ini file in the neutron-server, neutron-l3-agent, or neutron-openvswitch-agent containers
Can someone guide me on how to properly install FWaaS in a Kolla environment using the information from the provided link?
Best,
-----Original Message----- From: openstack-discuss-request@lists.openstack.org <openstack-discuss-request@lists.openstack.org> Sent: Friday, October 6, 2023 1:27 PM To: openstack-discuss@lists.openstack.org Subject: openstack-discuss Digest, Vol 60, Issue 10
Send openstack-discuss mailing list submissions to openstack-discuss@lists.openstack.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss
or, via email, send a message with subject or body 'help' to openstack-discuss-request@lists.openstack.org
You can reach the person managing the list at openstack-discuss-owner@lists.openstack.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of openstack-discuss digest..."
Today's Topics:
1. Re: [ops] [nova] "invalid argument: shares xxx must be in range [1, 10000]" after 1:25.2.0 to 1.25.2.1. update (Massimo Sgaravatto) 2. [TC][Monasca] Proposal to mark Monasca as an inactive project (S?awek Kap?o?ski) 3. [neutron] Neutron drivers meeting cancelled (Rodolfo Alonso Hernandez)
----------------------------------------------------------------------
Message: 1 Date: Fri, 6 Oct 2023 09:10:47 +0200 From: Massimo Sgaravatto <massimo.sgaravatto@gmail.com> To: Franciszek Przewo?ny <fprzewozny@opera.com> Cc: OpenStack Discuss <openstack-discuss@lists.openstack.org>, smooney@redhat.com Subject: Re: [ops] [nova] "invalid argument: shares xxx must be in range [1, 10000]" after 1:25.2.0 to 1.25.2.1. update Message-ID: < CALaZjRGh6xnzX12cMgDTYx2yJYddUD9X3oh60JWnrB33ZdEf_Q@mail.gmail.com> Content-Type: text/plain; charset="utf-8"
Thanks a lot Franciszek ! I was indeed seeing the problem with a VM big 56 vcpus while I didn't see the issue with a tiny instance
Thanks again !
Cheers, Massimo
On Fri, Oct 6, 2023 at 8:58?AM Franciszek Przewo?ny <fprzewozny@opera.com> wrote:
Hi Massimo,
We are using Ubuntu for our environments and we experienced the same issue during upgrade from Yoga/Focal to Yoga/Jammy. On Yoga/Focal cgroups_v1 were used, and cpu_shares parameter value was cpu count * 1024. From Jammy cgroups_v2 have been implemented, and cpu_shares value has been set by default to 100. It has hard limit of 10000, so flavors with more than 9vCPUs won't fit. If you need to fix this issue without stopping VMs, you can set cpu_shares with libvirt command: virsh schedinfo $domain --live cpu_shares=100 for more details about virsh schedinfo visit: https://libvirt.org/manpages/virsh.html#schedinfo
BR, Franciszek
On 5 Oct 2023, at 21:17, smooney@redhat.com wrote:
On Thu, 2023-10-05 at 16:53 +0200, Massimo Sgaravatto wrote:
Dear all
We have recently updated openstack nova on some AlmaLinux9 compute nodes running Yoga from 1:25.2.0 to 1.25.2.1. After this operation some VMs don't start anymore. In the log it is reported:
libvirt.libvirtError: invalid argument: shares \'57344\' must be in range [1, 10000]\n'}
libvirt version is 9.0.0-10.3
A quick google search suggests that it is something related to cgroups and it is fixed in libvirt >= 9.1 (which is not yet in the almalinux9 repos). Did I get it right ?
not quite
it is reated to cgroups but the cause is that in cgroups_v1 the maxvlaue of shares i.e. cpu_shares changed form make int to 10000 in cgroups_v2 so the issue is teh vm requested a cpu share value of 57344 which is not vlaid on an OS that is useing cgroups_v2 libvirt will not clamp the value nor will nova. you have to change the volue in your flavor and resize the vm.
Thanks, Massimo
participants (2)
-
Asma Naz Shariq
-
Lajos Katona