[openstack-dev] [Quantum][LBaaS] Test run of LBaaS service
Trinath Somanchi
trinath.somanchi at gmail.com
Tue Feb 19 05:15:08 UTC 2013
Hi -
Very much excited for the help on testing of LBaaS.
Can you guide me/the enthusiasts on how to test the LBaaS, and Which code
base to download. Because I find, more branches about LBaaS.
I Have the folsom code installed with me. Can any one guide me on how to
integrate and test LBaaS in the folsom setup I have.
Please help me integrate the LBaaS into the folsom installation.
thanks in advance.
On Tue, Feb 19, 2013 at 12:45 AM, Eugene Nikanorov
<enikanorov at mirantis.com>wrote:
> Hi Dan, Mark, folks,
>
> I know you have been working on reviewing and testing of LBaaS patches and
> run into several problems preventing the service to provide complete
> solution.
> We're currently putting all our efforts into integration testing. Please
> find the updated instruction on how to setup/run the service:
>
> Let me step through the list of problems that Dan has identified:
> 1. Strict key checking.
> By default ssh and scp use strict key checking, so once host fingerprint
> is changed for the known host, ssh/scp switch into interactive mode and ask
> if it is ok.
> We've fixed it via ssh/scp option that disables strict key checking.
>
> 2. "VM getting deleted, but then lbaas code not realizing it was deleted"
> There was I bug in the code, which incorrectly updated device status in
> case of error and didn't delete it from DB.
> We've fixed it.
>
> 3. File permissions on key file
> Key file is used in ssh/scp that are being run with "sudo ip netns exec
> <ns> ssh -i keyfile_path ..."
> I guess ssh/scp are getting sudo priviledges in this case, so I wonder,
> what issues could be experienced here.
>
> 4. Keypair injection not working
> We also has hit this issue several times without stable repro, e.g.
> sometimes it worked and sometimes it didn't.
> Currently it's our primary concern, which however could be solved by
> injecting keys into the image manually.
>
> As an alternative we tried to use pexpect library to access VM via
> login/password in pseudo-interactive mode but later decided that using key
> pairs is a more reliable way to access VM.
>
> 5. Security groups
> As far as I uderstood the concern - it's possible that security group that
> agent is using to access balancer VM could prohibit icmp packets that we
> use for liveliness check.
> So it was changed to netcat making probe on 22 port.
>
> Latest code with all these fixes was just posted on review (HAProxy
> driver) https://review.openstack.org/#/c/20985/
>
> Thanks,
> Eugene.
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Regards,
----------------------------------------------
Trinath Somanchi,
+91 9866 235 130
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130219/fc0373d2/attachment.html>
More information about the OpenStack-dev
mailing list