[Openstack] help!
Heidi Bretz
heidi at openstack.org
Thu Sep 10 18:38:01 UTC 2015
Please unsubscribe me
-----Original Message-----
From: openstack-request at lists.openstack.org
[mailto:openstack-request at lists.openstack.org]
Sent: Wednesday, September 09, 2015 5:00 AM
To: openstack at lists.openstack.org
Subject: Openstack Digest, Vol 27, Issue 8
Send Openstack mailing list submissions to
openstack at lists.openstack.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
or, via email, send a message with subject or body 'help' to
openstack-request at lists.openstack.org
You can reach the person managing the list at
openstack-owner at lists.openstack.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Openstack digest..."
Today's Topics:
1. Console via NoVNC showing garbled screen for Windows XP guest
(Silvano Cirujano Cuesta)
2. port-delete issue (Yngvi P?ll ?orfinnsson)
3. Re: Query regarding contribution for monitoring of Nova and
Swift (John Dickinson)
4. Re: Query regarding contribution for monitoring of Nova and
Swift (Erik McCormick)
5. Re: port-delete issue (Brian Haley)
6. Re: port-delete issue (Yngvi P?ll ?orfinnsson)
7. Re: port-delete issue (Yngvi P?ll ?orfinnsson)
8. Re: port-delete issue (Brian Haley)
9. Re: port-delete issue (Yngvi P?ll ?orfinnsson)
10. [OSSA 2015-018] Neutron firewall rules bypass through port
update (CVE-2015-5240) (Tristan Cacqueray)
11. Devstack multinode setup integration with Opendaylight
(saurabh suman)
12. Re: port-delete issue (Yngvi P?ll ?orfinnsson)
13. [openstack][swift]Got error when installing swift all in one.
(hao wang)
14. Re: [openstack][swift]Got error when installing swift all in
one. (Kota TSUYUZAKI)
15. Cannot Attach Volumes Via Horizon (Ludwig Tirazona)
16. Neutron with apache2 wsgi module don't ack rabbitMQ messages
(Heiko Kr?mer)
----------------------------------------------------------------------
Message: 1
Date: Tue, 8 Sep 2015 17:25:14 +0200
From: Silvano Cirujano Cuesta <silvano.cirujano-cuesta at siemens.com>
To: openstack at lists.openstack.org
Subject: [Openstack] Console via NoVNC showing garbled screen for
Windows XP guest
Message-ID: <55EEFDDA.4040505 at siemens.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hi,
We have a test installation of OpenStack where we can instantiate VMs via
Horizon without problems.
But when we try to view the graphical console of VMs hosting a WindowsXP
installation we get the garbled screen that you can see in the screenshot.
Did anybody observed something similar? I couldn't find anybody describing
similar effects in the internet...
The graphical console via virt-manager looks good, so the QEMU VNC server is
working fine.
The boot-up splash screen also looks good with Horizon, so the VNC
web-client (right now NoVNC) works at least partially.
Since other VNC clients work fine, I think it's an issue with the NoVNC
client.
Some information about our environment:
- OpenStack version: Kilo
- OpenStack nodes running as VMs in a server that is behind a gateway,
therefore network latencies can be high
Any help first to find out the origin of the issue and then to fix it will
be appreciated!
Regards,
Silvano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: novnc.png
Type: image/png
Size: 46222 bytes
Desc: not available
URL:
<http://lists.openstack.org/pipermail/openstack/attachments/20150908/79cc1aa
5/attachment-0001.png>
------------------------------
Message: 2
Date: Tue, 8 Sep 2015 16:01:11 +0000
From: Yngvi P?ll ?orfinnsson <yngvith at siminn.is>
To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
Subject: [Openstack] port-delete issue
Message-ID: <1397f802959543b18f1339ac11738929 at simi-mbx-04.siminn.is>
Content-Type: text/plain; charset="iso-8859-1"
HI
I can't delete a subnet (id f505a109-07a7-420a-ae6b-aa5995126be7 ), because
one port is still in use.
root at opst-ctrl1-dev:/# neutron subnet-delete
f505a109-07a7-420a-ae6b-aa5995126be7
Unable to complete operation on subnet f505a109-07a7-420a-ae6b-aa5995126be7.
One or more ports have an IP allocation from this subnet. (HTTP 409)
(Request-ID: req-fbd64f19-2888-4d87-8e60-bc2cc920cd12)
This is the port in use:
root at opst-ctrl1-dev:/# neutron port-list | grep
f505a109-07a7-420a-ae6b-aa5995126be7
| 220f1ad2-10bb-4d17-8cc5-3ad4f86f0b00 | | fa:16:3e:15:20:59 |
{"subnet_id": "f505a109-07a7-420a-ae6b-aa5995126be7", "ip_address":
"157.157.8.114"} |
root at opst-ctrl1-dev:/#
But I can't delete the port
root at opst-ctrl1-dev:/# neutron port-delete
220f1ad2-10bb-4d17-8cc5-3ad4f86f0b00
Port 220f1ad2-10bb-4d17-8cc5-3ad4f86f0b00 has owner network:floatingip and
therefore cannot be deleted directly via the port API. (HTTP 409)
(Request-ID: req-4823d685-6dd2-4f31-aa8c-0c8b8aa624a0)
There are no floating ip's left on the system (I've already deleted them)
root at opst-ctrl1-dev:/# neutron floatingip-list
thus the list is empty.
Listing this up in the db shows nothing either:
MariaDB [neutron]> select * from floatingips; Empty set (0.00 sec)
Can anyone help on this matter, i.e. how can I delete the port ( and also
the subnet) ?
Best regards
Yngvi
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.openstack.org/pipermail/openstack/attachments/20150908/e6d5024
b/attachment-0001.html>
------------------------------
Message: 3
Date: Tue, 08 Sep 2015 09:26:18 -0700
From: "John Dickinson" <me at not.mn>
To: "pragya jain" <prag_2648 at yahoo.co.in>
Cc: Aparna Datt <aparna.datt at gmail.com>, OpenStack Mailing List
<openstack at lists.openstack.org>, Anita Goel <goel.anita at gmail.com>
Subject: Re: [Openstack] Query regarding contribution for monitoring
of Nova and Swift
Message-ID: <BD31EA44-72B4-4510-B36A-5525C3CAE230 at not.mn>
Content-Type: text/plain; charset="utf-8"
I'm the Project Technical Lead for Swift, and I'd be happy to look over a
summary of your work about monitoring Swift. Feel free to email me directly
or find me in #openstack-swift on IRC (I'm notmyname).
--John
On 8 Sep 2015, at 3:20, pragya jain wrote:
> ?Hello all
> Me and my colleague, aparna are carrying out research in the area of
> cloud computing under Department of CS, University f Delhi.? We would
> like to contribute our research work regarding monitoring of Nova and
> Swift. We would appreciate if we can find the appropriate link with
> whom we can connect to know if our work is relevant for contribution.
> -----RegardsPragya JainDepartment of Computer ScienceUniversity of
> DelhiDelhi, India_______________________________________________
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.openstack.org/pipermail/openstack/attachments/20150908/4fd06d1
f/attachment-0001.pgp>
------------------------------
Message: 4
Date: Tue, 8 Sep 2015 12:42:33 -0400
From: Erik McCormick <emccormick at cirrusseven.com>
To: pragya jain <prag_2648 at yahoo.co.in>
Cc: Aparna Datt <aparna.datt at gmail.com>, OpenStack Mailing List
<openstack at lists.openstack.org>, Anita Goel <goel.anita at gmail.com>
Subject: Re: [Openstack] Query regarding contribution for monitoring
of Nova and Swift
Message-ID:
<CAHUi5cPO4q351bezn1XBwKXWg0rxnKL06JA6ci1utEvvECaceg at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
On Tue, Sep 8, 2015 at 6:20 AM, pragya jain <prag_2648 at yahoo.co.in> wrote:
> Hello all
>
> Me and my colleague, aparna are carrying out research in the area of
> cloud computing under Department of CS, University f Delhi. We would
> like to contribute our research work regarding monitoring of Nova and
> Swift. We would appreciate if we can find the appropriate link with
> whom we can connect to know if our work is relevant for contribution.
You may want to cross-post this to openstack-operators. There is a Tools &
Monitoring working group to help define best practices and share tools and
configurations. Here's a link to the WG wiki and some of the stuff they've
been working on.
https://wiki.openstack.org/wiki/Tools_and_Monitoring_WG
https://wiki.openstack.org/wiki/Operations/Monitoring
https://wiki.openstack.org/wiki/Operations/Tools
> -----
> Regards
> Pragya Jain
> Department of Computer Science
> University of Delhi
> Delhi, India
>
> _______________________________________________
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
-Erik
------------------------------
Message: 5
Date: Tue, 8 Sep 2015 12:45:27 -0400
From: Brian Haley <brian.haley at hp.com>
To: openstack at lists.openstack.org
Subject: Re: [Openstack] port-delete issue
Message-ID: <55EF10A7.5080607 at hp.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
On 09/08/2015 12:01 PM, Yngvi P?ll ?orfinnsson wrote:
> HI
>
> I can?t delete a subnet (id f505a109-07a7-420a-ae6b-aa5995126be7 ),
> because one port is still in use.
>
> root at opst-ctrl1-dev:/# neutron subnet-delete
> f505a109-07a7-420a-ae6b-aa5995126be7
>
> Unable to complete operation on subnet
> f505a109-07a7-420a-ae6b-aa5995126be7. One or more ports have an IP
allocation from this subnet. (HTTP 409) (Request-ID:
> req-fbd64f19-2888-4d87-8e60-bc2cc920cd12)
Do you have a router on the subnet? Try deleting it.
-Brian
------------------------------
Message: 6
Date: Tue, 8 Sep 2015 17:08:16 +0000
From: Yngvi P?ll ?orfinnsson <yngvith at siminn.is>
To: Brian Haley <brian.haley at hp.com>, "openstack at lists.openstack.org"
<openstack at lists.openstack.org>
Subject: Re: [Openstack] port-delete issue
Message-ID: <e10fa1372973473fbe8d8f6ff1282e7e at simi-mbx-04.siminn.is>
Content-Type: text/plain; charset="iso-8859-1"
HI
I don't see a router attached :
root at opst-ctrl1-dev:/# neutron subnet-show ext-subnet
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "157.157.8.100", "end": "157.157.8.200"} |
| cidr | 157.157.8.0/24 |
| dns_nameservers | 212.30.200.199 |
| | 212.30.200.200 |
| enable_dhcp | True |
| gateway_ip | 157.157.8.1 |
| host_routes | |
| id | f505a109-07a7-420a-ae6b-aa5995126be7 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | ext-subnet |
| network_id | 523721c5-ea5d-42a1-8920-8bc75010f273 |
| tenant_id | 1dda2478e30d44dda0ca752c6047725d |
+-------------------+----------------------------------------------------+
root at opst-ctrl1-dev:/#
best regards
Yngvi
-----Original Message-----
From: Brian Haley [mailto:brian.haley at hp.com]
Sent: 8. september 2015 16:45
To: openstack at lists.openstack.org
Subject: Re: [Openstack] port-delete issue
On 09/08/2015 12:01 PM, Yngvi P?ll ?orfinnsson wrote:
> HI
>
> I can't delete a subnet (id f505a109-07a7-420a-ae6b-aa5995126be7 ),
> because one port is still in use.
>
> root at opst-ctrl1-dev:/# neutron subnet-delete
> f505a109-07a7-420a-ae6b-aa5995126be7
>
> Unable to complete operation on subnet
> f505a109-07a7-420a-ae6b-aa5995126be7. One or more ports have an IP
allocation from this subnet. (HTTP 409) (Request-ID:
> req-fbd64f19-2888-4d87-8e60-bc2cc920cd12)
Do you have a router on the subnet? Try deleting it.
-Brian
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
------------------------------
Message: 7
Date: Tue, 8 Sep 2015 17:17:04 +0000
From: Yngvi P?ll ?orfinnsson <yngvith at siminn.is>
To: Brian Haley <brian.haley at hp.com>, "openstack at lists.openstack.org"
<openstack at lists.openstack.org>
Subject: Re: [Openstack] port-delete issue
Message-ID: <60bec238c4b042acadc1c57a5701194d at simi-mbx-04.siminn.is>
Content-Type: text/plain; charset="iso-8859-1"
HI
I have cleared the gateway on all routers, but it did not help
root at opst-ctrl1-dev:/# neutron router-list
+--------------------------------------+-----------------+------------------
-----+-------------+-------+
| id | name |
external_gateway_info | distributed | ha |
+--------------------------------------+-----------------+------------------
-----+-------------+-------+
| 164ad471-5ab0-4109-acf5-f88de1e4b5f3 | gw | null
| False | False |
| 2371ae6e-8a07-464c-9b3e-3d7d35e96a59 | gw | null
| False | False |
| 45ab4a9a-c7fc-4cf6-844c-6265b5620121 | gw | null
| False | False |
| 50d16aec-adaf-431d-9b42-f8aff78ea5b8 | gw1 | null
| False | False |
| 546456aa-a312-48d5-8a3b-6031b1dcb3a9 | OskarTestRouter | null
| False | False |
| 78feb17a-9a29-4ddb-9477-914850d8f5d2 | ElasticRouter | null
| False | False |
| 7a06a85c-826a-4f00-a62f-5ae8586ea1fb | adminTest | null
| False | False |
| 7ba38ec5-49d9-4fc8-b77f-ef8a38e79af3 | Safni?-router | null
| False | False |
| 9e367dd6-ab2c-4949-a5e4-4d8d2787d84b | gw | null
| False | False |
| f05c4cc8-724e-4731-bea3-6ef68d794137 | gw1 | null
| False | False |
+--------------------------------------+-----------------+------------------
-----+-------------+-------+
But it did not help.
best regards
Yngvi
-----Original Message-----
From: Brian Haley [mailto:brian.haley at hp.com]
Sent: 8. september 2015 16:45
To: openstack at lists.openstack.org
Subject: Re: [Openstack] port-delete issue
On 09/08/2015 12:01 PM, Yngvi P?ll ?orfinnsson wrote:
> HI
>
> I can't delete a subnet (id f505a109-07a7-420a-ae6b-aa5995126be7 ),
> because one port is still in use.
>
> root at opst-ctrl1-dev:/# neutron subnet-delete
> f505a109-07a7-420a-ae6b-aa5995126be7
>
> Unable to complete operation on subnet
> f505a109-07a7-420a-ae6b-aa5995126be7. One or more ports have an IP
allocation from this subnet. (HTTP 409) (Request-ID:
> req-fbd64f19-2888-4d87-8e60-bc2cc920cd12)
Do you have a router on the subnet? Try deleting it.
-Brian
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
------------------------------
Message: 8
Date: Tue, 8 Sep 2015 13:32:43 -0400
From: Brian Haley <brian.haley at hp.com>
To: Yngvi P?ll ?orfinnsson <yngvith at siminn.is>,
"openstack at lists.openstack.org" <openstack at lists.openstack.org>
Subject: Re: [Openstack] port-delete issue
Message-ID: <55EF1BBB.2030807 at hp.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
My only other suggestion is to do a port-list with admin privs and look. I
can't tell if you're doing that as root != admin necessarily.
-Brian
On 09/08/2015 01:08 PM, Yngvi P?ll ?orfinnsson wrote:
> HI
> I don't see a router attached :
>
> root at opst-ctrl1-dev:/# neutron subnet-show ext-subnet
> +-------------------+----------------------------------------------------+
> | Field | Value |
> +-------------------+----------------------------------------------------+
> | allocation_pools | {"start": "157.157.8.100", "end": "157.157.8.200"} |
> | cidr | 157.157.8.0/24 |
> | dns_nameservers | 212.30.200.199 |
> | | 212.30.200.200 |
> | enable_dhcp | True |
> | gateway_ip | 157.157.8.1 |
> | host_routes | |
> | id | f505a109-07a7-420a-ae6b-aa5995126be7 |
> | ip_version | 4 |
> | ipv6_address_mode | |
> | ipv6_ra_mode | |
> | name | ext-subnet |
> | network_id | 523721c5-ea5d-42a1-8920-8bc75010f273 |
> | tenant_id | 1dda2478e30d44dda0ca752c6047725d |
> +-------------------+----------------------------------------------------+
> root at opst-ctrl1-dev:/#
>
> best regards
> Yngvi
>
>
> -----Original Message-----
> From: Brian Haley [mailto:brian.haley at hp.com]
> Sent: 8. september 2015 16:45
> To: openstack at lists.openstack.org
> Subject: Re: [Openstack] port-delete issue
>
> On 09/08/2015 12:01 PM, Yngvi P?ll ?orfinnsson wrote:
>> HI
>>
>> I can't delete a subnet (id f505a109-07a7-420a-ae6b-aa5995126be7 ),
>> because one port is still in use.
>>
>> root at opst-ctrl1-dev:/# neutron subnet-delete
>> f505a109-07a7-420a-ae6b-aa5995126be7
>>
>> Unable to complete operation on subnet
>> f505a109-07a7-420a-ae6b-aa5995126be7. One or more ports have an IP
allocation from this subnet. (HTTP 409) (Request-ID:
>> req-fbd64f19-2888-4d87-8e60-bc2cc920cd12)
>
> Do you have a router on the subnet? Try deleting it.
>
> -Brian
>
> _______________________________________________
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
------------------------------
Message: 9
Date: Tue, 8 Sep 2015 17:42:09 +0000
From: Yngvi P?ll ?orfinnsson <yngvith at siminn.is>
To: Brian Haley <brian.haley at hp.com>, "openstack at lists.openstack.org"
<openstack at lists.openstack.org>
Subject: Re: [Openstack] port-delete issue
Message-ID: <d2b7f0b84a664e88b340d120d923bcd1 at simi-mbx-04.siminn.is>
Content-Type: text/plain; charset="iso-8859-1"
Those are the routers in the system (admin sees this)
root at opst-ctrl1-dev:/# neutron router-list
+--------------------------------------+-----------------+------------------
-----+-------------+-------+
| id | name |
external_gateway_info | distributed | ha |
+--------------------------------------+-----------------+------------------
-----+-------------+-------+
| 164ad471-5ab0-4109-acf5-f88de1e4b5f3 | gw | null
| False | False |
| 2371ae6e-8a07-464c-9b3e-3d7d35e96a59 | gw | null
| False | False |
| 45ab4a9a-c7fc-4cf6-844c-6265b5620121 | gw | null
| False | False |
| 50d16aec-adaf-431d-9b42-f8aff78ea5b8 | gw1 | null
| False | False |
| 546456aa-a312-48d5-8a3b-6031b1dcb3a9 | OskarTestRouter | null
| False | False |
| 78feb17a-9a29-4ddb-9477-914850d8f5d2 | ElasticRouter | null
| False | False |
| 7a06a85c-826a-4f00-a62f-5ae8586ea1fb | adminTest | null
| False | False |
| 7ba38ec5-49d9-4fc8-b77f-ef8a38e79af3 | Safni?-router | null
| False | False |
| 9e367dd6-ab2c-4949-a5e4-4d8d2787d84b | gw | null
| False | False |
| f05c4cc8-724e-4731-bea3-6ef68d794137 | gw1 | null
| False | False |
+--------------------------------------+-----------------+------------------
-----+-------------+-------+
root at opst-ctrl1-dev:/#
but the port does not show up, when I list ports for each router with:
neutron router-port-list ROUTER-ID
but it does show up in the general port-list , like
root at opst-ctrl1-dev:/# neutron port-list | grep 157
| 220f1ad2-10bb-4d17-8cc5-3ad4f86f0b00 | | fa:16:3e:15:20:59 |
{"subnet_id": "f505a109-07a7-420a-ae6b-aa5995126be7", "ip_address":
"157.157.8.114"} |
Best regards
Yngvi
-----Original Message-----
From: Brian Haley [mailto:brian.haley at hp.com]
Sent: 8. september 2015 17:33
To: Yngvi P?ll ?orfinnsson <yngvith at siminn.is>;
openstack at lists.openstack.org
Subject: Re: [Openstack] port-delete issue
My only other suggestion is to do a port-list with admin privs and look. I
can't tell if you're doing that as root != admin necessarily.
-Brian
On 09/08/2015 01:08 PM, Yngvi P?ll ?orfinnsson wrote:
> HI
> I don't see a router attached :
>
> root at opst-ctrl1-dev:/# neutron subnet-show ext-subnet
> +-------------------+----------------------------------------------------+
> | Field | Value |
> +-------------------+----------------------------------------------------+
> | allocation_pools | {"start": "157.157.8.100", "end": "157.157.8.200"} |
> | cidr | 157.157.8.0/24 |
> | dns_nameservers | 212.30.200.199 |
> | | 212.30.200.200 |
> | enable_dhcp | True |
> | gateway_ip | 157.157.8.1 |
> | host_routes | |
> | id | f505a109-07a7-420a-ae6b-aa5995126be7 |
> | ip_version | 4 |
> | ipv6_address_mode | |
> | ipv6_ra_mode | |
> | name | ext-subnet |
> | network_id | 523721c5-ea5d-42a1-8920-8bc75010f273 |
> | tenant_id | 1dda2478e30d44dda0ca752c6047725d |
> +-------------------+----------------------------------------------------+
> root at opst-ctrl1-dev:/#
>
> best regards
> Yngvi
>
>
> -----Original Message-----
> From: Brian Haley [mailto:brian.haley at hp.com]
> Sent: 8. september 2015 16:45
> To: openstack at lists.openstack.org
> Subject: Re: [Openstack] port-delete issue
>
> On 09/08/2015 12:01 PM, Yngvi P?ll ?orfinnsson wrote:
>> HI
>>
>> I can't delete a subnet (id f505a109-07a7-420a-ae6b-aa5995126be7 ),
>> because one port is still in use.
>>
>> root at opst-ctrl1-dev:/# neutron subnet-delete
>> f505a109-07a7-420a-ae6b-aa5995126be7
>>
>> Unable to complete operation on subnet
>> f505a109-07a7-420a-ae6b-aa5995126be7. One or more ports have an IP
allocation from this subnet. (HTTP 409) (Request-ID:
>> req-fbd64f19-2888-4d87-8e60-bc2cc920cd12)
>
> Do you have a router on the subnet? Try deleting it.
>
> -Brian
>
> _______________________________________________
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
------------------------------
Message: 10
Date: Tue, 8 Sep 2015 23:42:38 +0000
From: Tristan Cacqueray <tdecacqu at redhat.com>
To: openstack-announce at lists.openstack.org,
openstack at lists.openstack.org
Subject: [Openstack] [OSSA 2015-018] Neutron firewall rules bypass
through port update (CVE-2015-5240)
Message-ID: <55EF726E.9040407 at redhat.com>
Content-Type: text/plain; charset="utf-8"
================================================================
OSSA-2015-018: Neutron firewall rules bypass through port update
================================================================
:Date: September 08, 2015
:CVE: CVE-2015-5240
Affects
~~~~~~~
- Neutron: versions through 2014.2.3 and
2015.1 versions through 2015.1.1
Description
~~~~~~~~~~~
Kevin Benton from Mirantis reported a vulnerability in Neutron. By changing
the device owner of an instance's port right after it is created, an
authenticated user may prevent application of firewall rules and so avoid IP
anti-spoofing controls. All Neutron setups using the ML2 plugin or a plugin
that relies on the security groups AMQP API are affected.
Patches
~~~~~~~
- https://review.openstack.org/221345 (Juno)
- https://review.openstack.org/221344 (Kilo)
- https://review.openstack.org/221342 (Liberty)
Credits
~~~~~~~
- Kevin Benton from Mirantis (CVE-2015-5240)
References
~~~~~~~~~~
- https://launchpad.net/bugs/1489111
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5240
Notes
~~~~~
- This fix will be included in future 2014.2.4 (juno) and
2015.1.2 (kilo) releases.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.openstack.org/pipermail/openstack/attachments/20150908/de7365a
0/attachment-0001.pgp>
------------------------------
Message: 11
Date: Wed, 9 Sep 2015 12:09:04 +0530
From: saurabh suman <90.suman at gmail.com>
To: openstack at lists.openstack.org
Subject: [Openstack] Devstack multinode setup integration with
Opendaylight
Message-ID:
<CAHoSm6JfNKiFMvv_G3Z56iR9zLj8U6BscOnMZKqs5ZScdXNKmg at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi,
I have a working 2 node openstack setup through devstack. Controller +
Compute + Opendaylight -> 192.168.10.1 and Compute -> 192.168.10.2
I have br-int and br-tun on both compute and controller node with their
manager set to ODL and each bridge is connected to controller, as evident
from ODL GUI.
*On controller node*:
[image: Inline image 1]
On Compute node
[image: Inline image 1]
I am able to create a network.But when I launch a cirros VM, in the logs I
see, *udhcpc (v1.21.1) started Sending discover... Sending discover...
Sending discover...*
My DHCP server is running with IP 10.20.30.2 (IP allocated from network
created) and corresponding tap device is attached to br-int. when I run
ovs-ofctl dump-ports br-int , I do not see any traffic going to dhcp tap
though tap device created for VM is sending packets.
After few minutes "lease fail" message is displayed and IP is not allocated
to VM.
Can anyone help me out here.
Regards,
Saurav
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.openstack.org/pipermail/openstack/attachments/20150909/eb80ffd
3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Compute_OVS.JPG
Type: image/jpeg
Size: 54795 bytes
Desc: not available
URL:
<http://lists.openstack.org/pipermail/openstack/attachments/20150909/eb80ffd
3/attachment-0002.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: controller_OVS.JPG
Type: image/jpeg
Size: 79960 bytes
Desc: not available
URL:
<http://lists.openstack.org/pipermail/openstack/attachments/20150909/eb80ffd
3/attachment-0003.jpe>
------------------------------
Message: 12
Date: Wed, 9 Sep 2015 09:24:24 +0000
From: Yngvi P?ll ?orfinnsson <yngvith at siminn.is>
To: Brian Haley <brian.haley at hp.com>, "openstack at lists.openstack.org"
<openstack at lists.openstack.org>
Subject: Re: [Openstack] port-delete issue
Message-ID: <9ca3e2f111064ecf8eccd3fcf1ef351e at simi-mbx-04.siminn.is>
Content-Type: text/plain; charset="iso-8859-1"
Hi
This is the solution ;-)
https://ask.openstack.org/en/question/67752/unable-to-delete-port/
best regards
Yngvi
-----Original Message-----
From: Yngvi P?ll ?orfinnsson
Sent: 8. september 2015 17:42
To: Brian Haley <brian.haley at hp.com>; openstack at lists.openstack.org
Subject: Re: [Openstack] port-delete issue
Those are the routers in the system (admin sees this)
root at opst-ctrl1-dev:/# neutron router-list
+--------------------------------------+-----------------+------------------
-----+-------------+-------+
| id | name |
external_gateway_info | distributed | ha |
+--------------------------------------+-----------------+------------------
-----+-------------+-------+
| 164ad471-5ab0-4109-acf5-f88de1e4b5f3 | gw | null
| False | False |
| 2371ae6e-8a07-464c-9b3e-3d7d35e96a59 | gw | null
| False | False |
| 45ab4a9a-c7fc-4cf6-844c-6265b5620121 | gw | null
| False | False |
| 50d16aec-adaf-431d-9b42-f8aff78ea5b8 | gw1 | null
| False | False |
| 546456aa-a312-48d5-8a3b-6031b1dcb3a9 | OskarTestRouter | null
| False | False |
| 78feb17a-9a29-4ddb-9477-914850d8f5d2 | ElasticRouter | null
| False | False |
| 7a06a85c-826a-4f00-a62f-5ae8586ea1fb | adminTest | null
| False | False |
| 7ba38ec5-49d9-4fc8-b77f-ef8a38e79af3 | Safni?-router | null
| False | False |
| 9e367dd6-ab2c-4949-a5e4-4d8d2787d84b | gw | null
| False | False |
| f05c4cc8-724e-4731-bea3-6ef68d794137 | gw1 | null
| False | False |
+--------------------------------------+-----------------+------------------
-----+-------------+-------+
root at opst-ctrl1-dev:/#
but the port does not show up, when I list ports for each router with:
neutron router-port-list ROUTER-ID
but it does show up in the general port-list , like
root at opst-ctrl1-dev:/# neutron port-list | grep 157
| 220f1ad2-10bb-4d17-8cc5-3ad4f86f0b00 | | fa:16:3e:15:20:59 |
{"subnet_id": "f505a109-07a7-420a-ae6b-aa5995126be7", "ip_address":
"157.157.8.114"} |
Best regards
Yngvi
-----Original Message-----
From: Brian Haley [mailto:brian.haley at hp.com]
Sent: 8. september 2015 17:33
To: Yngvi P?ll ?orfinnsson <yngvith at siminn.is>;
openstack at lists.openstack.org
Subject: Re: [Openstack] port-delete issue
My only other suggestion is to do a port-list with admin privs and look. I
can't tell if you're doing that as root != admin necessarily.
-Brian
On 09/08/2015 01:08 PM, Yngvi P?ll ?orfinnsson wrote:
> HI
> I don't see a router attached :
>
> root at opst-ctrl1-dev:/# neutron subnet-show ext-subnet
> +-------------------+----------------------------------------------------+
> | Field | Value |
> +-------------------+----------------------------------------------------+
> | allocation_pools | {"start": "157.157.8.100", "end": "157.157.8.200"} |
> | cidr | 157.157.8.0/24 |
> | dns_nameservers | 212.30.200.199 |
> | | 212.30.200.200 |
> | enable_dhcp | True |
> | gateway_ip | 157.157.8.1 |
> | host_routes | |
> | id | f505a109-07a7-420a-ae6b-aa5995126be7 |
> | ip_version | 4 |
> | ipv6_address_mode | |
> | ipv6_ra_mode | |
> | name | ext-subnet |
> | network_id | 523721c5-ea5d-42a1-8920-8bc75010f273 |
> | tenant_id | 1dda2478e30d44dda0ca752c6047725d |
> +-------------------+----------------------------------------------------+
> root at opst-ctrl1-dev:/#
>
> best regards
> Yngvi
>
>
> -----Original Message-----
> From: Brian Haley [mailto:brian.haley at hp.com]
> Sent: 8. september 2015 16:45
> To: openstack at lists.openstack.org
> Subject: Re: [Openstack] port-delete issue
>
> On 09/08/2015 12:01 PM, Yngvi P?ll ?orfinnsson wrote:
>> HI
>>
>> I can't delete a subnet (id f505a109-07a7-420a-ae6b-aa5995126be7 ),
>> because one port is still in use.
>>
>> root at opst-ctrl1-dev:/# neutron subnet-delete
>> f505a109-07a7-420a-ae6b-aa5995126be7
>>
>> Unable to complete operation on subnet
>> f505a109-07a7-420a-ae6b-aa5995126be7. One or more ports have an IP
allocation from this subnet. (HTTP 409) (Request-ID:
>> req-fbd64f19-2888-4d87-8e60-bc2cc920cd12)
>
> Do you have a router on the subnet? Try deleting it.
>
> -Brian
>
> _______________________________________________
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
------------------------------
Message: 13
Date: Wed, 9 Sep 2015 17:26:59 +0800
From: hao wang <sxmatch1986 at gmail.com>
To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
Subject: [Openstack] [openstack][swift]Got error when installing swift
all in one.
Message-ID:
<CAOEh+o0714WzHCM1YFkoKS=o2bjPGh6T7cDcvhoS+Lzn0PrUBA at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Hi, all
I was installing swift all-in-one in my virtual machine, OS is ubuntu 14.04.
But I got errors when I start the swift service by using "startmain" script:
liberasurecode[2969]: liberasurecode_backend_open: dynamic linking error
libJerasure.so: cannot open shared object file: No such file or directory
Traceback (most recent call last):
File "/usr/local/bin/swift-object-server", line 6, in <module>
exec(compile(open(__file__).read(), __file__, 'exec'))
File "/swift/bin/swift-object-server", line 19, in <module>
from swift.common.wsgi import run_wsgi
File "/swift/swift/common/wsgi.py", line 39, in <module>
from swift.common.storage_policy import BindPortsCache
File "/swift/swift/common/storage_policy.py", line 738, in <module>
reload_storage_policies()
File "/swift/swift/common/storage_policy.py", line 730, in
reload_storage_policies
_POLICIES = parse_storage_policies(policy_conf)
File "/swift/swift/common/storage_policy.py", line 686, in
parse_storage_policies
policy = policy_cls.from_config(policy_index, config_options)
File "/swift/swift/common/storage_policy.py", line 251, in from_config
return cls(policy_index, **policy_options)
File "/swift/swift/common/storage_policy.py", line 387, in __init__
ec_type=self._ec_type)
File "/usr/local/lib/python2.7/dist-packages/pyeclib/ec_iface.py",
line 172, in __init__
chksum_type=self.chksum_type)
File "/usr/local/lib/python2.7/dist-packages/pyeclib/utils.py", line 73,
in create_instance
instance = object_class(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/pyeclib/core.py", line 61, in
__init__
self.algsig_chksum)
pyeclib.Error: Invalid arguments passed to liberasurecode_instance_create
I'm sure the libjerasure2 has been installed. So is there a solution to fix
this issue?
Thanks.
--
Best Wishes For You!
------------------------------
Message: 14
Date: Wed, 09 Sep 2015 18:40:42 +0900
From: Kota TSUYUZAKI <tsuyuzaki.kota at lab.ntt.co.jp>
To: hao wang <sxmatch1986 at gmail.com>
Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
Subject: Re: [Openstack] [openstack][swift]Got error when installing
swift all in one.
Message-ID: <55EFFE9A.7030002 at lab.ntt.co.jp>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi, Hao
Did you already do the setting for where shared jerasure library located?
The log message looks that Linux system doesn't have a seach path for that.
Like:
- Add /usr/local/lib path (if you installed libJerasure.so in another
location, you should set the path here) into /etc/ld.so.conf
- sudo ldconfig
That helps Linux system to search shared object library.
Details is described in here. [1]
1: https://bitbucket.org/kmgreen2/pyeclib
Best
Kota
(2015/09/09 18:26), hao wang wrote:
> Hi, all
>
> I was installing swift all-in-one in my virtual machine, OS is ubuntu
14.04.
>
> But I got errors when I start the swift service by using "startmain"
script:
>
> liberasurecode[2969]: liberasurecode_backend_open: dynamic linking
> error libJerasure.so: cannot open shared object file: No such file or
> directory
> Traceback (most recent call last):
> File "/usr/local/bin/swift-object-server", line 6, in <module>
> exec(compile(open(__file__).read(), __file__, 'exec'))
> File "/swift/bin/swift-object-server", line 19, in <module>
> from swift.common.wsgi import run_wsgi
> File "/swift/swift/common/wsgi.py", line 39, in <module>
> from swift.common.storage_policy import BindPortsCache
> File "/swift/swift/common/storage_policy.py", line 738, in <module>
> reload_storage_policies()
> File "/swift/swift/common/storage_policy.py", line 730, in
> reload_storage_policies
> _POLICIES = parse_storage_policies(policy_conf)
> File "/swift/swift/common/storage_policy.py", line 686, in
> parse_storage_policies
> policy = policy_cls.from_config(policy_index, config_options)
> File "/swift/swift/common/storage_policy.py", line 251, in from_config
> return cls(policy_index, **policy_options)
> File "/swift/swift/common/storage_policy.py", line 387, in __init__
> ec_type=self._ec_type)
> File "/usr/local/lib/python2.7/dist-packages/pyeclib/ec_iface.py",
> line 172, in __init__
> chksum_type=self.chksum_type)
> File "/usr/local/lib/python2.7/dist-packages/pyeclib/utils.py", line
> 73, in create_instance
> instance = object_class(*args, **kwargs)
> File "/usr/local/lib/python2.7/dist-packages/pyeclib/core.py", line
> 61, in __init__
> self.algsig_chksum)
> pyeclib.Error: Invalid arguments passed to liberasurecode_instance_create
>
>
> I'm sure the libjerasure2 has been installed. So is there a solution
> to fix this issue?
>
> Thanks.
------------------------------
Message: 15
Date: Wed, 09 Sep 2015 18:24:31 +0800
From: Ludwig Tirazona <ljtirazona at codebridge.com.ph>
To: openstack at lists.openstack.org
Subject: [Openstack] Cannot Attach Volumes Via Horizon
Message-ID: <55F008DF.9040807 at codebridge.com.ph>
Content-Type: text/plain; charset=utf-8
Hello Everyone,
I devstacked a deployment, just for PoC purposes. I have a problem
wherein I can't attach volumes to instances via Horizon, but can do so
via the nova CLI tool, so it seems that Cinder and Nova are set up
properly. Right after attempting to attach a volume, Horizon gives me
this error: "Error: Unable to attach volume."
I took a look at the nova API logs, and I see this log:
2015-09-09 18:01:00.704 DEBUG nova.api.openstack.wsgi
[req-8bde1423-b8cf-4a7f-a743-92c2a5a26ae4 admin admin] Returning 400 to
user: Invalid input for field/attribute device. Value: . u'' does not
match '(^/dev/x{0,1}[a-z]{0,1}d{0,1})([a-z]+)[0-9]*$' from (pid=25349)
__call__ /opt/stack/nova/nova/api/openstack/wsgi.py:1175
It looks like nova-api is looking for a "/dev/something" value for u,
but Horizon only passes a blank value.
The following link has the logs for Horizon.
http://pastebin.com/DiwzW0tD
What can I do to fix this? Inelegant solutions are very much welcome, I
just want this to get working as soon as possible.
Help would be greatly appreciated. Thanks!
------------------------------
Message: 16
Date: Wed, 9 Sep 2015 13:41:00 +0200
From: Heiko Kr?mer <hkraemer at anynines.com>
To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
Subject: [Openstack] Neutron with apache2 wsgi module don't ack
rabbitMQ messages
Message-ID: <55F01ACC.8060008 at anynines.com>
Content-Type: text/plain; charset=utf-8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
another day, another problem :).
* Icehouse
* Apache2.4
* Ubuntu 14.04
I'm scaling our Neutron API endpoints to different servers to reach more
throughput. In this case i decided to use apache2 with WSGI module to
run the server in multi threaded mode to use optimal all CPU cores and
handle more parallel requests.
I create a vHost and a wsgi startup script file
script:
|from neutron.openstack.common import log as logging
from neutron.common import config
logging.setup('neutron')
config.parse(['--config-file', '/etc/neutron/neutron.conf',
'--config-file', '/etc/neutron/plugins/ml2/ml2_conf.ini'])
application = config.load_paste_app("neutron")|
vhost:
|Listen *:9696
<VirtualHost *:9696>
WSGIScriptAlias / /var/www/cgi-bin/neutron
WSGIDaemonProcess neutron-public user=neutron group=neutron
processes=3 threads=10
WSGIProcessGroup neutron-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLog /var/log/apache2/neutron-error.log
CustomLog /var/log/apache2/neutron-access.log combined
</VirtualHost>|
So the server is running well, all requests are working well but i see
on the messaging bus (rabbitmq) unack messages in two queues as far as
the apache2 is running. The unack messages on both queues
(n-lbaas-plugin & q-metering-plugin) is increasing over time. As soon as
i switch to the build-IN webserver of Neutron all messages on both
queues will ack and deliver.
Is there any trick or is that a problem with multi thread ?
Cheers and thanks
Heiko
- --
anynines.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJV8BrMAAoJELxFogM4ixOF8WIH/Aw+nXtaIAzZIyHn6XdvDQqf
P2qDnGO460CtnKVYUBtLxxeTqOj0w2/g7A5ijvAXY97D0dSKmE08xwXFj1XA8zq9
kTT5IKOf6M6OhXkYnNJWVWD+qNSseL8svRrUOhjVCu+PQBlm2k7EDRtyG3OySWQo
M6RR9UvOUWZfnr8FJzA/p/K7Zha4POCoFjW3MxWJ9TC/Gv8+jhhO2HRBHz3H+OTE
abq1CFv8f7/RwDJ1z05ZVoy7QolACLCd2mEAjaUmvAGp+iqy7gU/NRwNagDjExHw
imwEO/DMYppz7//FUWCWQwNlu731sKIKBTx8DX2WeZz//rip0fi4vD8sys8NSsQ=
=HQfo
-----END PGP SIGNATURE-----
------------------------------
_______________________________________________
Openstack mailing list
openstack at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
End of Openstack Digest, Vol 27, Issue 8
****************************************
More information about the Openstack
mailing list