[Openstack] Trove Project Bug
Khushbu Parakh
khushbuparakh at hotmail.com
Fri Nov 13 16:23:38 UTC 2015
Hello everyone,
I need some help in understanding the working process and how further I can contribute in solving this bug https://bugs.launchpad.net/trove/+bug/1324995 this is related to trove project.
thanks in advance,
Regards,
Khushbu ParakhArya College Of Engineering and ITLinkedin: http://linkedin.com/in/khushbuparakhabout.me/khushbu.parakh
> From: openstack-request at lists.openstack.org
> Subject: Openstack Digest, Vol 29, Issue 12
> To: openstack at lists.openstack.org
> Date: Thu, 12 Nov 2015 12:00:04 +0000
>
> Send Openstack mailing list submissions to
> openstack at lists.openstack.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> or, via email, send a message with subject or body 'help' to
> openstack-request at lists.openstack.org
>
> You can reach the person managing the list at
> openstack-owner at lists.openstack.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Openstack digest..."
>
>
> Today's Topics:
>
> 1. Re: Keystone Fernet Token (Reza Bakhshayeshi)
> 2. Re: Openstack Kilo Vxlan tunnel single NIC setup (Amir Huski?)
> 3. Vxlan/gre port is not created in br-tun Kilo (Amir Huski?)
> 4. Re: Openstack Kilo Vxlan tunnel single NIC setup
> (Andreas Scheuring)
> 5. Re: Vxlan/gre port is not created in br-tun Kilo
> (Aleksei Stupnikov)
> 6. Re: Openstack Kilo Vxlan tunnel single NIC setup (Amir Huski?)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 11 Nov 2015 22:36:45 +0330
> From: Reza Bakhshayeshi <reza.b2008 at gmail.com>
> To: Adam Young <ayoung at redhat.com>
> Cc: openstack <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Keystone Fernet Token
> Message-ID:
> <CAMGoRG2Wnh=urtD5bz+38cnGV-8+jm3ZxCcL=xAPohOxb9NLkw at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Dear Adam,
>
> here is the audit.log content:
>
> type=AVC msg=audit(1447271600.161:353): avc: denied { write } for
> pid=4616 comm="httpd" name="fernet-keys" dev="dm-1" ino=1706000
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=dir
> type=SYSCALL msg=audit(1447271600.161:353): arch=c000003e syscall=21
> success=no exit=-13 a0=7f2ebf240b10 a1=2 a2=7f2ed1d1af88 a3=0 items=0
> ppid=2714 pid=4616 auid=4294967295 uid=163 gid=163 euid=163 suid=163
> fsuid=163 egid=163 sgid=163 fsgid=163 tty=(none) ses=4294967295
> comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0
> key=(null)
> type=AVC msg=audit(1447271602.313:354): avc: denied { write } for
> pid=4648 comm="httpd" name="fernet-keys" dev="dm-1" ino=1706000
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:etc_t:s0 tclass=dir
> type=SYSCALL msg=audit(1447271602.313:354): arch=c000003e syscall=21
> success=no exit=-13 a0=7f2ebf60a4c0 a1=2 a2=7f2ed1d1af88 a3=0 items=0
> ppid=2714 pid=4648 auid=4294967295 uid=163 gid=163 euid=163 suid=163
> fsuid=163 egid=163 sgid=163 fsgid=163 tty=(none) ses=4294967295
> comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0
> key=(null)
>
>
> On 9 November 2015 at 18:22, Adam Young <ayoung at redhat.com> wrote:
>
> > On 11/07/2015 01:08 PM, Reza Bakhshayeshi wrote:
> >
> > Thanks all, specially Rahul,
> > I solved the problem temporarily by disabling selinux.
> >
> >
> > What did you have for an AVC? It sounds like the issue was The Keystone
> > WSGI process reading the Keys file? Can you post the relevant sections
> > from the audit log?
> >
> >
> >
> > On 3 November 2015 at 07:43, ??? <zhangjl at awcloud.com> wrote:
> >
> >> Maybe, you should do like follows:
> >>
> >> chown -R keystone:keystone /etc/keystone
> >>
> >> Then, restart the keystone service:
> >>
> >> systemctl restart openstack-keystone
> >>
> >>
> >>
> >>
> >>
> >> ------------------
> >> Best Regards
> >>
> >> ZhangJialong
> >>
> >>
> >>
> >> ------------------ Original ------------------
> >> *From: * "Adam Young"< <ayoung at redhat.com>ayoung at redhat.com>;
> >> *Date: * Tue, Nov 3, 2015 11:01 AM
> >> *To: * "openstack"< <openstack at lists.openstack.org>
> >> openstack at lists.openstack.org>;
> >> *Subject: * Re: [Openstack] Keystone Fernet Token
> >>
> >> On 10/28/2015 02:23 PM, Reza Bakhshayeshi wrote:
> >>
> >> Hi all,
> >>
> >> I'm going to use fernet token on OpenStack Kilo (only Keystone service is
> >> installed),
> >> I've configured keystone.conf like:
> >>
> >> [token]
> >> provider = keystone.token.providers.fernet.Provider
> >>
> >> when I'm running:
> >> keystone-manage fernet_setup --keystone-user keystone --keystone-group
> >> keystone
> >>
> >> keys creating successfully in /etc/keystone/fernet-keys directory.
> >> But when I'm going to creating a token I receive the following error,
> >> here is the complete log:
> >>
> >> 2015-10-28 21:22:14.680 65218 INFO keystone.common.wsgi [-] GET /?
> >> 2015-10-28 23:50:25.343 9377 INFO keystone.token.providers.fernet.utils
> >> [-] [fernet_tokens] key_repository does not appear to exist; attempting to
> >> create it
> >> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils
> >> [-] Created a new key: /etc/keystone/fernet-keys/0
> >> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils
> >> [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0']
> >> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils
> >> [-] Current primary key is: 0
> >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils
> >> [-] Next primary key will be: 1
> >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils
> >> [-] Promoted key 0 to be the primary: 1
> >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils
> >> [-] Created a new key: /etc/keystone/fernet-keys/0
> >> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils
> >> [-] Excess keys to purge: []
> >> 2015-10-28 23:50:52.632 8059 INFO keystone.common.wsgi [-] POST /tokens?
> >> 2015-10-28 23:50:52.889 8059 ERROR keystone.token.providers.fernet.utils
> >> [-] Either [fernet_tokens] key_repository does not exist or Keystone does
> >> not have sufficient permission to access it: /etc/keystone/fernet-keys/
> >> 2015-10-28 23:50:52.890 8059 WARNING keystone.common.wsgi [-] No
> >> encryption keys found; run keystone-manage fernet_setup to bootstrap one.
> >>
> >> while the permissions seem to be correct:
> >>
> >> # ls -lah /etc/keystone/
> >> total 104K
> >> drwxr-x---. 3 root keystone 4.0K Oct 28 23:50 .
> >> drwxr-xr-x. 143 root root 12K Oct 28 12:56 ..
> >> -rw-r-----. 1 root keystone 1.5K Jul 29 00:21
> >> default_catalog.templates
> >> drwx------. 2 keystone keystone 4.0K Oct 28 23:50 fernet-keys
> >> -rw-r-----. 1 root keystone 57K Oct 28 23:48 keystone.conf
> >> -rw-r-----. 1 root keystone 1.1K Jul 29 00:21 logging.conf
> >> -rw-r-----. 1 keystone keystone 8.6K Jul 29 00:21 policy.json
> >> -rw-r-----. 1 keystone keystone 665 Jul 29 00:21
> >> sso_callback_template.html
> >>
> >> What am I missing?
> >>
> >>
> >> No idea. When I get into these situations, I use rpdb;
> >>
> >> http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/
> >>
> >>
> >> Is there anything in /etc/keystone/fernet-keys ?
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> Post to : openstack at lists.openstack.org
> >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>
> >>
> >>
> >> _______________________________________________
> >> Mailing list:
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> Post to : openstack at lists.openstack.org
> >> Unsubscribe :
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>
> >>
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151111/daf8f2e3/attachment-0001.html>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 12 Nov 2015 09:36:13 +0100
> From: Amir Huski? <amir.huskic at gmail.com>
> To: Akash Gunjal <akgunjal at in.ibm.com>
> Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup
> Message-ID:
> <CAFSgVcyv+=uTK-bDQRYre-LctXB3aBeazVpzya6YGP4mZ90z+g at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Thank you all for suggestions and sorry for late answer. Now I have PC with
> two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre tunnel
> interface. Br-ex is working fine and also I can ping and access VM using
> floating IP. But still facing issue with vxlan/gre tunnels. Vxlan/gre port
> is not created on br-tun.
>
> As I already wrote I'm trying to enable L2 connectivity between VMs running
> on single node Openstack Kilo instalation (Devstack) and external Linux
> host using vxlan/gre tunnel. Since there are now two NICs I'll open new
> thread.
>
> Regards,
> Amir
>
> On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgunjal at in.ibm.com> wrote:
>
> > Hi Amir,
> >
> > One point to check is the security rules set in your controller. Check if
> > you have set the ingress/egress rules set for ICMP protocol (ping) which
> > will otherwise block traffic from external hosts to the tenant VM.
> >
> > Regards,
> > Akash
> >
> > [image: Inactive hide details for yatin kumbhare ---10/19/2015 03:56:22
> > PM---Hi Amir, Not quite sure, as I haven't tried such a thing.]yatin
> > kumbhare ---10/19/2015 03:56:22 PM---Hi Amir, Not quite sure, as I haven't
> > tried such a thing.
> >
> > From: yatin kumbhare <yatinkumbhare at gmail.com>
> > To: Amir Huski? <amir.huskic at gmail.com>
> > Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> > Date: 10/19/2015 03:56 PM
> > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup
> > ------------------------------
> >
> >
> >
> > Hi Amir,
> >
> > Not quite sure, as I haven't tried such a thing.
> >
> > but IMHO, you might require l2-gateway.
> >
> > Kind of this: *https://www.youtube.com/watch?v=74Wfr4myf5k*
> > <https://www.youtube.com/watch?v=74Wfr4myf5k>
> >
> > Regards,
> > Yatin
> >
> > On Mon, Oct 19, 2015 at 4:35 AM, Amir Huski? <*amir.huskic at gmail.com*
> > <amir.huskic at gmail.com>> wrote:
> >
> > Hello James,
> >
> > I use underscores in ml2 config file as You suggested. Also made some
> > changes in config file. Here is available:
> > *https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0*
> > <https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0>
> >
> > Summary:
> > - can ping from OS host to external gw and external linux host
> > - can ping from tenant VM to external gw and external linux host
> > - can't ping OS host and tenant VM floating IP from external linux host
> > - tcpdump on br-ex and eth0 interface is showing arp request during
> > ping request from linux external host using vxlan segment
> >
> > For additional info please check info from CLI screen here:
> > *https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0*
> > <https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0>
> >
> > Accidently I deleted symbolic link in log files pointing to agent log.
> > Unfortunately I don't know how to create it again with proper permissions.
> > I tried with chmod and chown using reference command but without much
> > success.
> >
> > lrwxrwxrwx 1 amir amir 43 Sep 19 15:26 screen-n-sch.log ->
> > /opt/stack/logs/n-sch.log.2015-09-19-150746
> > * -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00 screen-q-agt.log*
> > lrwxrwxrwx 1 amir amir 44 Sep 19 15:25 screen-q-dhcp.log ->
> > /opt/stack/logs/q-dhcp.log.2015-09-19-150746
> >
> >
> > Thank you for your help and time.
> >
> > Kind regards,
> > Amir
> >
> >
> > On Wed, Oct 14, 2015 at 4:06 PM, James Denton <
> > *james.denton at rackspace.com* <james.denton at rackspace.com>> wrote:
> > Hi Amir,
> >
> > A couple of recommendations:
> >
> > - Your vxlan_group setting has an extra dot at the end that may be
> > causing issues:
> > [ml2_type_vxlan]
> > vxlan_group = 239.0.0.0.
> > - Your [OVS] block has some incorrect options. Use underscores rather
> > than spaces:
> > [ovs]
> > bridge_mappings = public:br-ex
> > local_ip = 192.168.100.100
> > vxlan_udp_port = 8472
> > tunnel type = vxlan
> > tunnel id ranges = 1001:2000
> > tenant network type = vxlan
> > enable tunneling = true
> > - Same goes for [agent] as well:
> > [agent]
> > tunnel_types = vxlan
> > root_helper_daemon = sudo /usr/local/bin/neutron-rootwrap-daemon
> > /etc/neutron/rootwrap.conf
> > root_helper = sudo /usr/local/bin/neutron-rootwrap
> > /etc/neutron/rootwrap.conf
> > #tunnel_types = vxlan
> > vxlan_udp_port = 8472
> > l2 population = false
> > Start by correcting those issues and restart the OVS agents across
> > your hosts. The agent log may be of help here as well.
> >
> > James
> > On Oct 14, 2015, at 2:38 AM, Amir Huski? <*amir.huskic at gmail.com*
> > <amir.huskic at gmail.com>> wrote:
> >
> > Hello,
> >
> > there is also my ml2_conf.ini file:
> > *https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini*
> > <https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini>
> >
> > Could problem be related to single NIC installation? Is it
> > possible to have same interface for bridge mappings and also for tunnel
> > bridge? Example below:
> >
> > bridge_mappings = public:br-ex
> > integration bridge = br-int
> > tunnel bridge = br-ex
> >
> > Thank you.
> > Regards,
> > Amir
> >
> >
> > On Mon, Oct 12, 2015 at 3:53 PM, Amir Huski? <
> > *amir.huskic at gmail.com* <amir.huskic at gmail.com>> wrote:
> > Hi all,
> >
> > I'm trying to setup up Openstack test lab.
> >
> > I deployed Openstack Kilo (Devstack) on PC running Ubuntu LTS
> > 14.02 with single NIC.
> > Tenants are isolated with vxlan networks. I can ping from VMs
> > to external network PCs, SSH login from external PCs to tenants VMs
> > floating IP address, etc.
> >
> > I would like also to connect tenant VMs to external network
> > physical Linux host using vxlan tunnel and have L2 connectivity between VM
> > and physical Linux host over L3 network.
> >
> > Vxlan interface on Linux physical host is up and running.
> > When I am trying to ping from Linux physical host to Openstack VM (not
> > floating IP) using same subnet L2 address (example ping from 192.168.10.10
> > to 192.168.10.11) UDP packets on port 8472 are coming to Openstack br-ex
> > interface with ARP request.
> >
> > Problem is that I can't setup vxlan tunnel on Openstack.
> > Command "sudo ovs-vsctl show" doesn't show any vxlan tunnels.
> > Also when I try to ping from VM to Linux host using L2 IP
> > address (ping from 192.168.10.11 to 192.168.10.10) tcpdump on br-ex doesn't
> > show anything.
> >
> > My ml2_conf.ini files is configured following this guide:
> > *http://www.opencloudblog.com/?p=300*
> > <http://www.opencloudblog.com/?p=300>
> >
> > Thanks in advance for your help,
> >
> > Regards,
> > Amir
> >
> > _______________________________________________
> > Mailing list:
> > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack*
> > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> > Post to : *openstack at lists.openstack.org*
> > <openstack at lists.openstack.org>
> > Unsubscribe :
> > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack*
> > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> >
> >
> >
> > _______________________________________________
> > Mailing list:
> > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack*
> > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> > Post to : *openstack at lists.openstack.org*
> > <openstack at lists.openstack.org>
> > Unsubscribe :
> > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack*
> > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> >
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/1ae61847/attachment-0001.html>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: ecblank.gif
> Type: image/gif
> Size: 45 bytes
> Desc: not available
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/1ae61847/attachment-0002.gif>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: graycol.gif
> Type: image/gif
> Size: 105 bytes
> Desc: not available
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/1ae61847/attachment-0003.gif>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 12 Nov 2015 10:00:12 +0100
> From: Amir Huski? <amir.huskic at gmail.com>
> To: Openstack <openstack at lists.openstack.org>
> Subject: [Openstack] Vxlan/gre port is not created in br-tun Kilo
> Message-ID:
> <CAFSgVcxtympHKoP7RxN5uz=wW6F7+5tFVi_h0Xcs30AD-HXnQA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
> vxlan/gre port is not created in br-tun Kilo. I'm using PC with two NICs,
> running Ubuntu 14.04 LTS and Devstack skript for Kilo installation (single
> node setup).
>
> My goal is to enable L2 connectivity between VMs (vxlan/gre network) on
> Kilo and external Linux host.
> Eth0 is used for br-ex and LAN connectivity. That part is fine. I can ping
> and ssh to VMs using their floating IP.
> Eth1 should be used for vxlan/gre tunnel connection between Kilo node and
> Linux external node that have vxlan/gre interfaces.
>
> eth0: 192.168.123.1
> eth1: 192.168.100.254
> VMs internal: 192.168.10.x
> Linux external host vxlan/gre tunnel: 192.168.10.10, eth0 192.168.50.10
>
> amir at openstack:~/devstack$ sudo ovs-vsctl show
> c2020516-3b76-4b8c-8fa6-110fcb4fd5e3
> Bridge br-tun
> fail_mode: secure
> Port patch-int
> Interface patch-int
> type: patch
> options: {peer=patch-tun}
> Port br-tun
> Interface br-tun
> type: internal
> Bridge br-int
> fail_mode: secure
>
> When I try to ping from VMs to external Linux host using L2 network segment
> (192.168.10.5 -> 192.168.10.10) I can see using tcpdump that packets are
> coming only to br-int. When I try to ping from Linux external host to VMs
> using L2 network segment (192.168.10.10 -> 192.168.10.5) ping packets are
> coming to eth1 but not also to br-tun.
>
> I can add vxlan/gre port to OVS manually but nothing change and also tried
> with vxlan and gre but result is the same.
>
> Here are my configuration files and CLI output (ifconfig, ip a, OVS
> bridges/ports status, etc):
> https://dl.dropboxusercontent.com/u/4298410/Openstack_vxlan.zip
>
> What I'm doing wrong?
>
> Thank you.
> Regards,
> Amir
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/4bab2926/attachment-0001.html>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 12 Nov 2015 10:17:32 +0100
> From: Andreas Scheuring <scheuran at linux.vnet.ibm.com>
> To: Amir Huski? <amir.huskic at gmail.com>
> Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup
> Message-ID: <1447319852.3078.9.camel at scheuran-ThinkPad-W530>
> Content-Type: text/plain; charset="UTF-8"
>
> What you see is the expected behavior. A Tun (vxlan/gre) port is created
> for each other Node (that runs the neutron-openvswitch-agent) in your
> Openstack Cluster. So if you have a single node - no other Openstack
> node - no tun port.
>
> It's not a use case that an external (non Openstack managed System) Node
> is participating in your Openstack internal tunnel network.
>
> The current ovs implementation knows exactly which vm is reachable via
> which mac on which other hypervisor via which tunnel port. All these
> logic is implemented via openflow rules, which steer the traffic to the
> correct tun device. Traffic that does not match those rules, will be
> dropped (I guess).
>
> You can only achieve this with an external vxlan network. I personally
> haven't tried this so far creating it with Openstack. But for a prove of
> concept you could create the tun port on your own on br-ex (instead of
> plugging your interface into br-ex).
>
> Hope this helps.
>
>
>
> --
> Andreas
> (IRC: scheuran)
>
>
>
> On Do, 2015-11-12 at 09:36 +0100, Amir Huski? wrote:
> > Thank you all for suggestions and sorry for late answer. Now I have PC
> > with two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre
> > tunnel interface. Br-ex is working fine and also I can ping and access
> > VM using floating IP. But still facing issue with vxlan/gre tunnels.
> > Vxlan/gre port is not created on br-tun.
> >
> >
> > As I already wrote I'm trying to enable L2 connectivity between VMs
> > running on single node Openstack Kilo instalation (Devstack) and
> > external Linux host using vxlan/gre tunnel. Since there are now two
> > NICs I'll open new thread.
> >
> >
> > Regards,
> > Amir
> >
> > On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgunjal at in.ibm.com>
> > wrote:
> > Hi Amir,
> >
> > One point to check is the security rules set in your
> > controller. Check if you have set the ingress/egress rules set
> > for ICMP protocol (ping) which will otherwise block traffic
> > from external hosts to the tenant VM.
> >
> > Regards,
> > Akash
> >
> > Inactive hide details for yatin kumbhare ---10/19/2015
> > 03:56:22 PM---Hi Amir, Not quite sure, as I haven't tried such
> > a thing.yatin kumbhare ---10/19/2015 03:56:22 PM---Hi Amir,
> > Not quite sure, as I haven't tried such a thing.
> >
> > From: yatin kumbhare <yatinkumbhare at gmail.com>
> > To: Amir Huski? <amir.huskic at gmail.com>
> > Cc: "openstack at lists.openstack.org"
> > <openstack at lists.openstack.org>
> > Date: 10/19/2015 03:56 PM
> > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single
> > NIC setup
> >
> >
> >
> > ______________________________________________________________
> >
> >
> >
> > Hi Amir,
> >
> > Not quite sure, as I haven't tried such a thing.
> >
> > but IMHO, you might require l2-gateway.
> >
> > Kind of this: https://www.youtube.com/watch?v=74Wfr4myf5k
> >
> > Regards,
> > Yatin
> >
> > On Mon, Oct 19, 2015 at 4:35 AM, Amir Huski?
> > <amir.huskic at gmail.com> wrote:
> > Hello James,
> >
> > I use underscores in ml2 config file as You suggested.
> > Also made some changes in config file. Here is
> > available:
> > https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0
> >
> > Summary:
> > - can ping from OS host to external gw and external
> > linux host
> > - can ping from tenant VM to external gw and external
> > linux host
> > - can't ping OS host and tenant VM floating IP from
> > external linux host
> > - tcpdump on br-ex and eth0 interface is showing arp
> > request during ping request from linux external host
> > using vxlan segment
> >
> > For additional info please check info from CLI screen
> > here:
> > https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0
> >
> > Accidently I deleted symbolic link in log files
> > pointing to agent log. Unfortunately I don't know how
> > to create it again with proper permissions. I tried
> > with chmod and chown using reference command but
> > without much success.
> >
> > lrwxrwxrwx 1 amir amir 43 Sep 19 15:26
> > screen-n-sch.log
> > -> /opt/stack/logs/n-sch.log.2015-09-19-150746
> > -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00
> > screen-q-agt.log
> > lrwxrwxrwx 1 amir amir 44 Sep 19 15:25
> > screen-q-dhcp.log
> > -> /opt/stack/logs/q-dhcp.log.2015-09-19-150746
> >
> >
> > Thank you for your help and time.
> >
> > Kind regards,
> > Amir
> >
> > On Wed, Oct 14, 2015 at 4:06 PM, James Denton
> > <james.denton at rackspace.com> wrote:
> > Hi Amir,
> >
> > A couple of recommendations:
> >
> > - Your vxlan_group setting has an extra dot at the end
> > that may be causing issues:
> > [ml2_type_vxlan]
> > vxlan_group = 239.0.0.0.
> > - Your [OVS] block has some incorrect options. Use
> > underscores rather than spaces:
> > [ovs]
> > bridge_mappings = public:br-ex
> > local_ip = 192.168.100.100
> > vxlan_udp_port = 8472
> > tunnel type = vxlan
> > tunnel id ranges = 1001:2000
> > tenant network type = vxlan
> > enable tunneling = true
> > - Same goes for [agent] as well:
> > [agent]
> > tunnel_types = vxlan
> > root_helper_daemon =
> > sudo /usr/local/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
> > root_helper =
> > sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
> > #tunnel_types = vxlan
> > vxlan_udp_port = 8472
> > l2 population = false
> > Start by correcting those issues and restart the OVS
> > agents across your hosts. The agent log may be of help
> > here as well.
> >
> > James
> > On Oct 14, 2015, at 2:38 AM, Amir
> > Huski? <amir.huskic at gmail.com> wrote:
> >
> > Hello,
> >
> > there is also my ml2_conf.ini
> > file: https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini
> >
> > Could problem be related to single NIC
> > installation? Is it possible to have
> > same interface for bridge mappings and
> > also for tunnel bridge? Example below:
> >
> > bridge_mappings = public:br-ex
> > integration bridge = br-int
> > tunnel bridge = br-ex
> >
> > Thank you.
> > Regards,
> > Amir
> >
> >
> > On Mon, Oct 12, 2015 at 3:53 PM, Amir
> > Huski? <amir.huskic at gmail.com> wrote:
> > Hi all,
> >
> > I'm trying to setup up
> > Openstack test lab.
> >
> > I deployed Openstack Kilo
> > (Devstack) on PC running
> > Ubuntu LTS 14.02 with single
> > NIC.
> > Tenants are isolated with
> > vxlan networks. I can ping
> > from VMs to external network
> > PCs, SSH login from external
> > PCs to tenants VMs floating IP
> > address, etc.
> >
> > I would like also to connect
> > tenant VMs to external network
> > physical Linux host using
> > vxlan tunnel and have L2
> > connectivity between VM and
> > physical Linux host over L3
> > network.
> >
> > Vxlan interface on Linux
> > physical host is up and
> > running. When I am trying to
> > ping from Linux physical host
> > to Openstack VM (not floating
> > IP) using same subnet L2
> > address (example ping from
> > 192.168.10.10 to
> > 192.168.10.11) UDP packets on
> > port 8472 are coming to
> > Openstack br-ex interface with
> > ARP request.
> >
> > Problem is that I can't setup
> > vxlan tunnel on Openstack.
> > Command "sudo ovs-vsctl show"
> > doesn't show any vxlan
> > tunnels.
> > Also when I try to ping from
> > VM to Linux host using L2 IP
> > address (ping from
> > 192.168.10.11 to
> > 192.168.10.10) tcpdump on
> > br-ex doesn't show anything.
> >
> > My ml2_conf.ini files is
> > configured following this
> > guide:
> > http://www.opencloudblog.com/?p=300
> >
> > Thanks in advance for your
> > help,
> >
> > Regards,
> > Amir
> >
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to :
> > openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> >
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 12 Nov 2015 12:30:45 +0300
> From: Aleksei Stupnikov <astupnikov at mirantis.com>
> To: Amir Huski? <amir.huskic at gmail.com>
> Cc: Openstack <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Vxlan/gre port is not created in br-tun Kilo
> Message-ID:
> <CA+GpT_LK-JwfRbdLPbv91UCk7NuMh8LKgn__tGsGVMOyPA2wvQ at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello, Amir.
>
> I have had exactly the same problem some time ago. Please see a description
> and possible solution at
> https://ask.openstack.org/en/question/68671/centos7-rdo-vxlan-tcp-segment-losses/
> (you should check statistics at L2 and L3 interfaces using ethtool -S and
> ip -s commands before applying proposed WA).
>
> BR, Alexey Stupnikov.
>
> On Thu, Nov 12, 2015 at 12:00 PM, Amir Huski? <amir.huskic at gmail.com> wrote:
>
> > Hello,
> >
> > vxlan/gre port is not created in br-tun Kilo. I'm using PC with two NICs,
> > running Ubuntu 14.04 LTS and Devstack skript for Kilo installation (single
> > node setup).
> >
> > My goal is to enable L2 connectivity between VMs (vxlan/gre network) on
> > Kilo and external Linux host.
> > Eth0 is used for br-ex and LAN connectivity. That part is fine. I can ping
> > and ssh to VMs using their floating IP.
> > Eth1 should be used for vxlan/gre tunnel connection between Kilo node and
> > Linux external node that have vxlan/gre interfaces.
> >
> > eth0: 192.168.123.1
> > eth1: 192.168.100.254
> > VMs internal: 192.168.10.x
> > Linux external host vxlan/gre tunnel: 192.168.10.10, eth0 192.168.50.10
> >
> > amir at openstack:~/devstack$ sudo ovs-vsctl show
> > c2020516-3b76-4b8c-8fa6-110fcb4fd5e3
> > Bridge br-tun
> > fail_mode: secure
> > Port patch-int
> > Interface patch-int
> > type: patch
> > options: {peer=patch-tun}
> > Port br-tun
> > Interface br-tun
> > type: internal
> > Bridge br-int
> > fail_mode: secure
> >
> > When I try to ping from VMs to external Linux host using L2 network
> > segment (192.168.10.5 -> 192.168.10.10) I can see using tcpdump that
> > packets are coming only to br-int. When I try to ping from Linux external
> > host to VMs using L2 network segment (192.168.10.10 -> 192.168.10.5) ping
> > packets are coming to eth1 but not also to br-tun.
> >
> > I can add vxlan/gre port to OVS manually but nothing change and also tried
> > with vxlan and gre but result is the same.
> >
> > Here are my configuration files and CLI output (ifconfig, ip a, OVS
> > bridges/ports status, etc):
> > https://dl.dropboxusercontent.com/u/4298410/Openstack_vxlan.zip
> >
> > What I'm doing wrong?
> >
> > Thank you.
> > Regards,
> > Amir
> >
> >
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
>
>
> --
> BR, Alexey Stupnikov.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/de10e15f/attachment-0001.html>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 12 Nov 2015 12:57:23 +0100
> From: Amir Huski? <amir.huskic at gmail.com>
> To: Andreas Scheuring <scheuran at linux.vnet.ibm.com>
> Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup
> Message-ID:
> <CAFSgVczx=_Q5Wy1yn2T89JfffH14JeRQ9MPFBMNFU2cG+qQC=g at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Thank you Andreas. I'll try it. I've opened new thread with additional info
> (here:
> http://lists.openstack.org/pipermail/openstack/2015-November/014564.html)
> and subject: Vxlan/gre port is not created in br-tun Kilo. There are also
> config files.
>
> Regards,
> Amir
>
> On Thu, Nov 12, 2015 at 10:17 AM, Andreas Scheuring <
> scheuran at linux.vnet.ibm.com> wrote:
>
> > What you see is the expected behavior. A Tun (vxlan/gre) port is created
> > for each other Node (that runs the neutron-openvswitch-agent) in your
> > Openstack Cluster. So if you have a single node - no other Openstack
> > node - no tun port.
> >
> > It's not a use case that an external (non Openstack managed System) Node
> > is participating in your Openstack internal tunnel network.
> >
> > The current ovs implementation knows exactly which vm is reachable via
> > which mac on which other hypervisor via which tunnel port. All these
> > logic is implemented via openflow rules, which steer the traffic to the
> > correct tun device. Traffic that does not match those rules, will be
> > dropped (I guess).
> >
> > You can only achieve this with an external vxlan network. I personally
> > haven't tried this so far creating it with Openstack. But for a prove of
> > concept you could create the tun port on your own on br-ex (instead of
> > plugging your interface into br-ex).
> >
> > Hope this helps.
> >
> >
> >
> > --
> > Andreas
> > (IRC: scheuran)
> >
> >
> >
> > On Do, 2015-11-12 at 09:36 +0100, Amir Huski? wrote:
> > > Thank you all for suggestions and sorry for late answer. Now I have PC
> > > with two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre
> > > tunnel interface. Br-ex is working fine and also I can ping and access
> > > VM using floating IP. But still facing issue with vxlan/gre tunnels.
> > > Vxlan/gre port is not created on br-tun.
> > >
> > >
> > > As I already wrote I'm trying to enable L2 connectivity between VMs
> > > running on single node Openstack Kilo instalation (Devstack) and
> > > external Linux host using vxlan/gre tunnel. Since there are now two
> > > NICs I'll open new thread.
> > >
> > >
> > > Regards,
> > > Amir
> > >
> > > On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgunjal at in.ibm.com>
> > > wrote:
> > > Hi Amir,
> > >
> > > One point to check is the security rules set in your
> > > controller. Check if you have set the ingress/egress rules set
> > > for ICMP protocol (ping) which will otherwise block traffic
> > > from external hosts to the tenant VM.
> > >
> > > Regards,
> > > Akash
> > >
> > > Inactive hide details for yatin kumbhare ---10/19/2015
> > > 03:56:22 PM---Hi Amir, Not quite sure, as I haven't tried such
> > > a thing.yatin kumbhare ---10/19/2015 03:56:22 PM---Hi Amir,
> > > Not quite sure, as I haven't tried such a thing.
> > >
> > > From: yatin kumbhare <yatinkumbhare at gmail.com>
> > > To: Amir Huski? <amir.huskic at gmail.com>
> > > Cc: "openstack at lists.openstack.org"
> > > <openstack at lists.openstack.org>
> > > Date: 10/19/2015 03:56 PM
> > > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single
> > > NIC setup
> > >
> > >
> > >
> > > ______________________________________________________________
> > >
> > >
> > >
> > > Hi Amir,
> > >
> > > Not quite sure, as I haven't tried such a thing.
> > >
> > > but IMHO, you might require l2-gateway.
> > >
> > > Kind of this: https://www.youtube.com/watch?v=74Wfr4myf5k
> > >
> > > Regards,
> > > Yatin
> > >
> > > On Mon, Oct 19, 2015 at 4:35 AM, Amir Huski?
> > > <amir.huskic at gmail.com> wrote:
> > > Hello James,
> > >
> > > I use underscores in ml2 config file as You suggested.
> > > Also made some changes in config file. Here is
> > > available:
> > >
> > https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0
> > >
> > > Summary:
> > > - can ping from OS host to external gw and external
> > > linux host
> > > - can ping from tenant VM to external gw and external
> > > linux host
> > > - can't ping OS host and tenant VM floating IP from
> > > external linux host
> > > - tcpdump on br-ex and eth0 interface is showing arp
> > > request during ping request from linux external host
> > > using vxlan segment
> > >
> > > For additional info please check info from CLI screen
> > > here:
> > >
> > https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0
> > >
> > > Accidently I deleted symbolic link in log files
> > > pointing to agent log. Unfortunately I don't know how
> > > to create it again with proper permissions. I tried
> > > with chmod and chown using reference command but
> > > without much success.
> > >
> > > lrwxrwxrwx 1 amir amir 43 Sep 19 15:26
> > > screen-n-sch.log
> > > -> /opt/stack/logs/n-sch.log.2015-09-19-150746
> > > -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00
> > > screen-q-agt.log
> > > lrwxrwxrwx 1 amir amir 44 Sep 19 15:25
> > > screen-q-dhcp.log
> > > -> /opt/stack/logs/q-dhcp.log.2015-09-19-150746
> > >
> > >
> > > Thank you for your help and time.
> > >
> > > Kind regards,
> > > Amir
> > >
> > > On Wed, Oct 14, 2015 at 4:06 PM, James Denton
> > > <james.denton at rackspace.com> wrote:
> > > Hi Amir,
> > >
> > > A couple of recommendations:
> > >
> > > - Your vxlan_group setting has an extra dot at the end
> > > that may be causing issues:
> > > [ml2_type_vxlan]
> > > vxlan_group = 239.0.0.0.
> > > - Your [OVS] block has some incorrect options. Use
> > > underscores rather than spaces:
> > > [ovs]
> > > bridge_mappings = public:br-ex
> > > local_ip = 192.168.100.100
> > > vxlan_udp_port = 8472
> > > tunnel type = vxlan
> > > tunnel id ranges = 1001:2000
> > > tenant network type = vxlan
> > > enable tunneling = true
> > > - Same goes for [agent] as well:
> > > [agent]
> > > tunnel_types = vxlan
> > > root_helper_daemon =
> > > sudo /usr/local/bin/neutron-rootwrap-daemon
> > /etc/neutron/rootwrap.conf
> > > root_helper =
> > > sudo /usr/local/bin/neutron-rootwrap
> > /etc/neutron/rootwrap.conf
> > > #tunnel_types = vxlan
> > > vxlan_udp_port = 8472
> > > l2 population = false
> > > Start by correcting those issues and restart the OVS
> > > agents across your hosts. The agent log may be of help
> > > here as well.
> > >
> > > James
> > > On Oct 14, 2015, at 2:38 AM, Amir
> > > Huski? <amir.huskic at gmail.com> wrote:
> > >
> > > Hello,
> > >
> > > there is also my ml2_conf.ini
> > > file:
> > https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini
> > >
> > > Could problem be related to single NIC
> > > installation? Is it possible to have
> > > same interface for bridge mappings and
> > > also for tunnel bridge? Example below:
> > >
> > > bridge_mappings = public:br-ex
> > > integration bridge = br-int
> > > tunnel bridge = br-ex
> > >
> > > Thank you.
> > > Regards,
> > > Amir
> > >
> > >
> > > On Mon, Oct 12, 2015 at 3:53 PM, Amir
> > > Huski? <amir.huskic at gmail.com> wrote:
> > > Hi all,
> > >
> > > I'm trying to setup up
> > > Openstack test lab.
> > >
> > > I deployed Openstack Kilo
> > > (Devstack) on PC running
> > > Ubuntu LTS 14.02 with single
> > > NIC.
> > > Tenants are isolated with
> > > vxlan networks. I can ping
> > > from VMs to external network
> > > PCs, SSH login from external
> > > PCs to tenants VMs floating IP
> > > address, etc.
> > >
> > > I would like also to connect
> > > tenant VMs to external network
> > > physical Linux host using
> > > vxlan tunnel and have L2
> > > connectivity between VM and
> > > physical Linux host over L3
> > > network.
> > >
> > > Vxlan interface on Linux
> > > physical host is up and
> > > running. When I am trying to
> > > ping from Linux physical host
> > > to Openstack VM (not floating
> > > IP) using same subnet L2
> > > address (example ping from
> > > 192.168.10.10 to
> > > 192.168.10.11) UDP packets on
> > > port 8472 are coming to
> > > Openstack br-ex interface with
> > > ARP request.
> > >
> > > Problem is that I can't setup
> > > vxlan tunnel on Openstack.
> > > Command "sudo ovs-vsctl show"
> > > doesn't show any vxlan
> > > tunnels.
> > > Also when I try to ping from
> > > VM to Linux host using L2 IP
> > > address (ping from
> > > 192.168.10.11 to
> > > 192.168.10.10) tcpdump on
> > > br-ex doesn't show anything.
> > >
> > > My ml2_conf.ini files is
> > > configured following this
> > > guide:
> > >
> > http://www.opencloudblog.com/?p=300
> > >
> > > Thanks in advance for your
> > > help,
> > >
> > > Regards,
> > > Amir
> > >
> > >
> > _______________________________________________
> > > Mailing list:
> > >
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > > Post to :
> > > openstack at lists.openstack.org
> > > Unsubscribe :
> > >
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > >
> > >
> > >
> > > _______________________________________________
> > > Mailing list:
> > >
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > > Post to : openstack at lists.openstack.org
> > > Unsubscribe :
> > >
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > > _______________________________________________
> > > Mailing list:
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > > Post to : openstack at lists.openstack.org
> > > Unsubscribe :
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > >
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > > Post to : openstack at lists.openstack.org
> > > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/f3d59fb6/attachment-0001.html>
>
> ------------------------------
>
> _______________________________________________
> Openstack mailing list
> openstack at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> End of Openstack Digest, Vol 29, Issue 12
> *****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151113/60bf88fc/attachment.html>
More information about the Openstack
mailing list