<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Why are you not using openvswitch flow based firewall instead of Linuxbridge which will add hops in packet path. <br><br><div dir="ltr">Sent from my iPhone</div><div dir="ltr"><br><blockquote type="cite">On Jul 27, 2023, at 12:25 PM, Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr"><div dir="auto">Hello.<div dir="auto">I figured out that my rabbitmq queues are corrupt so neutron port cannot upgrade security rules. I need delete queues so I can migrate without problem.</div><div dir="auto"><br></div><div>Thank you so much for replying to me. </div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jul 27, 2023, 8:11 AM Nguyễn Hữu Khôi <<a href="mailto:nguyenhuukhoinw@gmail.com" target="_blank">nguyenhuukhoinw@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello.<div><br></div><div>When my instances was migrated to other computes. I check on dest host and I see that </div><div><br></div><div>-A neutron-openvswi-i41ec1d15-e -d x.x.x.x(my instance ip)/32 -p udp -m udp --sport 67 --dport 68 -j RETURN missing and my instance cannot get IP. I must restart neutron_openvswitch_agent then this rule appears and I can touch the instance via network.<br></div><div><br></div><div>I use openswitch and provider networks. This problem has happened this week. after the system was upgraded from xena to yoga and I enabled quorum queue.</div><div><br></div><div><div><br></div><div><br clear="all"><div><div dir="ltr" class="gmail_signature"><div dir="ltr">Nguyen Huu Khoi<br></div></div></div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 26, 2023 at 5:28 PM Nguyễn Hữu Khôi <<a href="mailto:nguyenhuukhoinw@gmail.com" rel="noreferrer" target="_blank">nguyenhuukhoinw@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"> Because I dont see any error logs. Althought, i set debug log to on.<div dir="auto"><br></div><div dir="auto">Your advices are very helpful to me. I will try to dig deeply. I am lost so some suggests are the best way for me to continue. :)</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 26, 2023, 4:39 PM <<a href="mailto:smooney@redhat.com" rel="noreferrer" target="_blank">smooney@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, 2023-07-26 at 07:49 +0700, Nguyễn Hữu Khôi wrote:<br>
> Hello guys.<br>
> <br>
> I am using openstack yoga with kolla ansible.<br>
without logs of some kind i dont think anyoen will be able to hlep you with this.<br>
you have one issue with the config which i noted inline but that should not break live migration.<br>
but it would allow it to proceed when otherwise it would have failed.<br>
and it woudl allow this issue to happen instead of the vm goign to error ro the migration<br>
being aborted in pre live migrate.<br>
> <br>
> When I migrate:<br>
> <br>
> instance1 from host A to host B after that I cannot ping this<br>
> instance(telnet also). I must restart neutron_openvswitch_agent or move<br>
> this instance back to host B then this problem has gone.<br>
> <br>
> this is my settings:<br>
> <br>
> ----------------- neutron.conf -----------------<br>
> [nova]<br>
> live_migration_events = True<br>
> ------------------------------------------------<br>
> <br>
> ----------------- nova.conf -----------------<br>
> [DEFAULT]<br>
> vif_plugging_timeout = 600<br>
> vif_plugging_is_fatal = False<br>
you should never run with this set to false in production.<br>
it will break nova ability to detect if netroking is configured<br>
when booting or migrating a vm.<br>
we honestly should have remove this when we removed nova-networks<br>
> debug = True<br>
> <br>
> [compute]<br>
> live_migration_wait_for_vif_plug = True<br>
> <br>
> [workarounds]<br>
> enable_qemu_monitor_announce_self = True<br>
> <br>
> ----------------- openvswitch_agent.ini-----------------<br>
> [securitygroup]<br>
> firewall_driver = openvswitch<br>
> [ovs]<br>
> openflow_processed_per_port = true<br>
> <br>
> I check nova, neutron, ops logs but they are ok.<br>
> <br>
> Thank you.<br>
> <br>
> <br>
> Nguyen Huu Khoi<br>
<br>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</div></blockquote></body></html>