[Openstack] [Glance][Trove] Juno RC3 available

[Thierry Carrez]

Hello everyone,

Due to last-minute issues discovered in testing of the published Glance
and Trove 2014.2 RC2, we generated new Juno release candidates for these
projects. You can find the list of bugfixes in these RC3 and a link to a
source tarball at:

https://launchpad.net/glance/juno/juno-rc3
https://launchpad.net/trove/juno/juno-rc3

At this point, only show-stoppers would warrant a release candidate
respin, so these RC3 are very likely to be formally released as the
final Glance and Trove 2014.2 on Thursday. You are therefore strongly
encouraged to give these tarballs a last-minute test ride !

Alternatively, you can directly test the proposed/juno branch at:
https://github.com/openstack/glance/tree/proposed/juno
https://github.com/openstack/trove/tree/proposed/juno

If you find an issue that could be considered release-critical, please
file it at:

https://bugs.launchpad.net/glance/+filebug
https://bugs.launchpad.net/trove/+filebug

and tag it *juno-rc-potential* to bring it to the release crew's attention.

Regards,

-- 
Thierry Carrez (ttx)

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Centos 7 root pasword

[Steven Hardy]

On Tue, Oct 14, 2014 at 01:11:40PM +0530, Mridhul Pax wrote:
>Hi Friends,
>I have downloaded a centos 7 image from the following site and created a
>glance image. Im able to provison a server via that image and the server
>booted up fine. Any one know how to login to the server ?
>I tried combinations like root/centos , centos/centos but no luck
>I downloaded the QCOW2 image from the following link : 
>http://cloud.centos.org/centos/7/devel/

You've got some good suggestions already, bug FWIW I find virt-sysprep
invaluable in these sort of situations:

http://rwmj.wordpress.com/2013/08/02/new-in-virt-sysprep-set-root-and-user-passwords/

It can be used to (amongst other things) set a root password in a cloud
image for debugging, or run a firstboot script to, for example, disable a
troublesome service while you debug it.

Steve

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [Cinder] Juno RC3 available

[Thierry Carrez]

Hello everyone,

Due to three critical regressions discovered in testing of the published
Cinder 2014.2 RC2, we generated a new Juno release candidate. You can
find the list of bugfixes in this RC and a link to a source tarball at:

https://launchpad.net/cinder/juno/juno-rc3

At this point, only show-stoppers would warrant a release candidate
respin, so this RC3 is very likely to be formally released as the final
Cinder 2014.2 tomorrow. You are therefore strongly encouraged to
give a last-minute test round and validate this tarball !

Alternatively, you can directly test the proposed/juno branch at:
https://github.com/openstack/cinder/tree/proposed/juno

If you find an issue that could be considered release-critical, please
file it at:

https://bugs.launchpad.net/cinder/+filebug

and tag it *juno-rc-potential* to bring it to the release crew's attention.

Regards,

-- 
Thierry Carrez (ttx)

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [Cinder] Volume multi attachment

[Heiko Krämer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi guys.

at the moment Cinder doesn't allow to attach a volume twice.
I mean i need to build for each application cluster an extra storage
share point (NFS, glusterFS, ...) in the tenant.
Other way is to build a shared storage for all tenants.


Both options are more expensive than needed because:

* Cinder backend servers are highly redundant (maybe 3 times mirror) =>
data will be stored 3 times
* Creating 2 VM's for shared storage in a tenant with NFS + drbd => data
will be stored 6 times 2xNFS x 3xCinder

Better way would be to attach a volume directly on n instances. The
administrator must be solve write conflicts with known possibilities.

I've found two blueprints to this topic:

https://blueprints.launchpad.net/cinder/+spec/shared-volume
https://blueprints.launchpad.net/cinder/+spec/multi-attach-volume

Do anyone know if this will be include in Juno ? I didn't find any on
launchpad for the milestones.


Thanks and Cheers
Heiko

- -- 
anynines.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJUPm6GAAoJELxFogM4ixOFVA0IAJnmk2XN/p4fGpS4aWHmA0Tu
h8zVDbJKa7jL8Gmn/lTnefGDEMFA3La8Vj18eFW/4t6gPN6Y6J2t7mESmkho5hcp
Z7ld/K+qj3Ii+Mh2jWbQijNIWKNy8J2+H8axidyjVeGamftv/HlDE43jtsLl3/p6
qj0M5MqiiOifnh4UEBT7dIvrWbAdOpyRDQnqNnGiaGgZaLHdX5gtnVns6MtvrkJT
HmBEowHxZm3D/8bUTr/zW6IJwe1BlASNPUaeAK2k3uZ6jr6OR9xjMj2an7bJAtoD
vA0vv5WpO5nCfSaAQlfRycCsygrPnN4v2eKDJ9NZXcKLUY2bx4jhVWSNmx/u+Eg=
=Wagz
-END PGP SIGNATURE-



___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [qa] How to troubleshoot why a VM at Compute node won't response to ARP request from Neutron router

[Danny Choi (dannchoi)]

Hi James,

Instance did not get its IP from DHCP because the physical switch was not 
configured properly.

>From the instance’s console log, I did see the DHCP Discover failure:


Starting network...

udhcpc (v1.20.1) started

Sending discover...

Sending discover...

Sending discover...

No lease, failing  [FAILURE]

WARN: /etc/rc3.d/S40-network failed


What threw me off is that nova reports the instance is running, with a private 
address assigned.


localadmin@qa4:~/devstack$ nova list

+--+--+++-+--+

| ID   | Name | Status | Task State | Power 
State | Networks |

+--+--+++-+--+

| b8c3f406-1989-4d73-b711-286565bf9795 | vm   | ACTIVE | -  | Running   
  | private=10.0.0.5 |

+--+--+++-+--+



This is misleading.  It should not report the private address until the DHCP 
process is successful.

Am I missing something here?

Thanks,
Danny

From: James Denton 
mailto:james.den...@rackspace.com>>
Date: Monday, October 13, 2014 at 10:52 AM
To: Danny Choi mailto:dannc...@cisco.com>>, 
"openstack@lists.openstack.org" 
mailto:openstack@lists.openstack.org>>
Subject: Re: [Openstack] [qa] How to troubleshoot why a VM at Compute node 
won't response to ARP request from Neutron router

Hi Danny,

Did your instance get its IP from DHCP? This may be seen in the console log 
using ‘nova console-log ’. The output will vary depending on the 
instance's OS. To troubleshoot DHCP issues, use tcpdump across the different 
interfaces (taps, bridges, physical interfaces) to verify DHCP is working 
properly using ‘tcpdump –I  port 67 or port 68’.

James

From: "Danny Choi (dannchoi)" mailto:dannc...@cisco.com>>
Date: Sunday, October 12, 2014 at 11:25 AM
To: "openstack@lists.openstack.org" 
mailto:openstack@lists.openstack.org>>, 
"openstack-...@lists.openstack.org" 
mailto:openstack-...@lists.openstack.org>>
Subject: [Openstack] [qa] How to troubleshoot why a VM at Compute node won't 
response to ARP request from Neutron router

Hi,

Using devstack to deploy OpenStack, I have Controller + Network running at one 
physical node and Compute at a separate node.

I launched a VM at the Compute node with a private address 10.0.0.2 (Neutron 
router interface is 10.0.0.1).

At the Controller node, in the qrouter namespace, I could not ping the VM 
private address 10.0.0.2.

At the Compute node, tcpdump of the tap interface indicated ARP requests were 
received.

However, it did not show any ARP response.

My understanding is that the VM’s virtual interface is directly connected to 
this tap interface.  Since the VM is unreachable, I cannot
launch its console to see if the ARP requests are received at the virtual 
interface.

Any suggestions on how to troubleshoot this?


localadmin@qa4:~/devstack$ nova show vm1

+--++

| Property | Value  
|

+--++

| OS-DCF:diskConfig| MANUAL 
|

| OS-EXT-AZ:availability_zone  | nova   
|

| OS-EXT-STS:power_state   | 1  
|

| OS-EXT-STS:task_state| -  
|

| OS-EXT-STS:vm_state  | active 
|

| OS-SRV-USG:launched_at   | 2014-10-12T14:25:15.00 
|

| OS-SRV-USG:terminated_at | -  
|

| accessIPv4   |
|

| accessIPv6   |
|

| config_drive |
|

| created  | 2014-10-12T14:23:30Z   
|

| flavor   | m1.tiny (1)
|

| hostId   | 
00ac69883737ebd290ad4f38cae979a6e268902333261ba6bfbade44   |

| id   | 04b5a345-cadf-4dee-9209-5bcf589b6a3c   
  

Re: [Openstack] [DevStack] Keystone not restarting

[Paul Carlton]

Nope the keystone files are there, not links.

I do not see rejoin starting apache and when I do it manually it doesn't 
listen on 5000, just 80


I've work around this problem by not using unstack anymore, just 
restarting the specific services impacted by my change


On 15/10/14 03:02, Борис Бобров wrote:

В сообщении от Tuesday 14 of October 2014 21:14:52 Paul написал:

Hi

I'm using devstack and doing 'unstack.sh' to stop devstack then making
code/config changes and doing 'rejoin_stack.sh' to restart it but it is
not starting apache or keystone processes.  I've tried restarting
apache myself before and after rejoin but no joy.

I can fix this by doing 'stack.sh' but then my nova.conf file changes
are lost.

Have a look at /etc/apache2/sites-available. For some reason
keystone's .conf files is not linked to /etc/apache2/sites-enabled, so it
doesn't go up when apache is restarted. Try creating symlink manually.

(sorry about private email earlier)



___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack


--
Paul Carlton
Software Engineer
Cloud Services
Hewlett Packard
BUK03:T242
Longdown Avenue
Stoke Gifford
Bristol BS34 8QZ

Office: +44 (0)117 316 2189
Mobile:+44 (0)7768 994283
Email:mailto:paul.carlt...@hp.com
Hewlett-Packard Limited registered Office: Cain Road, Bracknell, Berks RG12 1HN 
Registered No: 690597 England.
The contents of this message and any attachments to it are confidential and may be 
legally privileged. If you have received this message in error, you should delete it from 
your system immediately and advise the sender. To any recipient of this message within 
HP, unless otherwise stated you should consider this message and attachments as "HP 
CONFIDENTIAL".



smime.p7s
Description: S/MIME Cryptographic Signature
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Unable to launch an instance with ICEHOUSE

[Phani Bhushan]

Hi all,



I am very much new to the openstack and I am trying to get
some hands on experience on openstack. I installed openstack compute,
controller, network nodes on single ubuntu 14.04 64 bit server machine.

I have installed horizon. From pages of openstack, I failed to launch an
instance. I got an error message saying that “*Error:* Failed to launch
instance "test": Please try again later [Error: No valid host was found. ].
“



“Nova-manage service list” is showing every thing is fine



root@controller:~# nova-manage service list

Binary   Host Zone
Status State Updated_At

nova-certcontroller   internal
enabled:-)   2014-10-15 12:51:28

nova-consoleauth controller   internal
enabled:-)   2014-10-15 12:51:27

nova-scheduler   controller   internal
enabled:-)   2014-10-15 12:51:28

nova-conductor   controller   internal
enabled:-)   2014-10-15 12:51:18

nova-compute controller   nova
enabled:-)   2014-10-15 12:51:26





Attached the log files for the nova-api, nova-compute, nova-scheduler.log.



I have no hint why this error message is coming. Can anyone please help me
in resolving this issue.?





With Regards,

Phani Bhushan PV.


nova-api.log
Description: Binary data


nova-compute.log
Description: Binary data


nova-scheduler.log
Description: Binary data
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [qa] How to troubleshoot why a VM at Compute node won't response to ARP request from Neutron router

[Robert van Leeuwen]

> What threw me off is that nova reports the instance is running, with a 
> private address assigned.
>
> | b8c3f406-1989-4d73-b711-286565bf9795 | vm   | ACTIVE | -  | Running 
> | private=10.0.0.5 |
>
> This is misleading.  It should not report the private address until the DHCP 
> process is successful.

I disagree. 
I think It is just something you need to be aware of ( I never found this 
strange behaviour)
It is hugely useful to know what IP the machine should get, even if the machine 
is not (yet) running or suspended/stopped.

Cheers,
Robert van Leeuwen
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [devstack] Question about the "OVS_PHYSICAL_BRIDGE" attribute defined in localrc

[Danny Choi (dannchoi)]

Hi,

When I have "OVS_PHYSICAL_BRIDGE=br-p1p1” defined in localrc, devstack creates 
the OVS bridge "br-p1p1".

localadmin@qa4:~/devstack$ sudo ovs-vsctl show
5f845d2e-9647-47f2-b92d-139f6faaf39e
Bridge "br-p1p1" <
Port "phy-br-p1p1"
Interface "phy-br-p1p1"
type: patch
options: {peer="int-br-p1p1"}
Port "br-p1p1"
Interface "br-p1p1"
type: internal

However, no physical port is added to it.  I have to manually do it.

localadmin@qa4:~/devstack$ sudo ovs-vsctl add-port br-p1p1 p1p1
localadmin@qa4:~/devstack$ sudo ovs-vsctl show
5f845d2e-9647-47f2-b92d-139f6faaf39e
Bridge "br-p1p1"
Port "phy-br-p1p1"
Interface "phy-br-p1p1"
type: patch
options: {peer="int-br-p1p1"}
Port "br-p1p1"
Interface "br-p1p1"
type: internal
Port “p1p1” <
Interface “p1p1"


Is this expected behavior?

Thanks,
Danny
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Cinder] Volume multi attachment

[John Griffith]

On Wed, Oct 15, 2014 at 6:54 AM, Heiko Krämer  wrote:

> https://blueprints.launchpad.net/cinder/+spec/multi-attach-volume


Hi Heiko,

Nope, neither of those landed in Juno.
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [qa] "nova get-password" does not seem to work

[Danny Choi (dannchoi)]

Hi,

I used devstack to deploy Juno OpenStack.

I spin up an instance with cirros-0.3.2-x86_64-uec.

By default, useranme/password is cirrus/cubswin:)

When I execute the command “nova get-password”, nothing is returned.


localadmin@qa4:/etc/nova$ nova show vm1

+--++

| Property | Value  
|

+--++

| OS-DCF:diskConfig| MANUAL 
|

| OS-EXT-AZ:availability_zone  | nova   
|

| OS-EXT-STS:power_state   | 1  
|

| OS-EXT-STS:task_state| -  
|

| OS-EXT-STS:vm_state  | active 
|

| OS-SRV-USG:launched_at   | 2014-10-15T14:48:04.00 
|

| OS-SRV-USG:terminated_at | -  
|

| accessIPv4   |
|

| accessIPv6   |
|

| config_drive |
|

| created  | 2014-10-15T14:47:56Z   
|

| flavor   | m1.tiny (1)
|

| hostId   | 
ea715752b11cf96b95f9742513a351d2d6571c4fdb76f497d64ecddb   |

| id   | 1a3c487e-c3a3-4783-bd0b-e3c87bf22c3f   
|

| image| cirros-0.3.2-x86_64-uec 
(1dda953b-9319-4c43-bd20-1ef75b491553) |

| key_name | cirros-key 
|

| metadata | {} 
|

| name | vm1
|

| os-extended-volumes:volumes_attached | [] 
|

| private network  | 10.0.0.11  
|

| progress | 0  
|

| security_groups  | default
|

| status   | ACTIVE 
|

| tenant_id| c8daf9bd6dda40a982b074322c08da7d   
|

| updated  | 2014-10-15T14:48:04Z   
|

| user_id  | 2cbbafae01404d4ebeb6e6fbacfa6546   
|

+--++

localadmin@qa4:/etc/nova$ nova help get-password

usage: nova get-password  []


Get password for a server.


Positional arguments:

 Name or ID of server.

Private key (used locally to decrypt password) (Optional).

 When specified, the command displays the clear (decrypted) VM

 password. When not specified, the ciphered VM password is

 displayed.

localadmin@qa4:/etc/nova$ nova get-password vm1

  <[NOTHING RETURNED]

localadmin@qa4:/etc/nova$


Am I missing something?


Thanks,

Danny
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [openstack-dev] [qa] "nova get-password" does not seem to work

[Vishvananda Ishaya]

Get password only works if you have something in the guest generating the
encrypted password and posting it to the metadata server. Cloud-init for
windows (the primary use case) will do this for you. You can do something
similar for ubuntu using this script:

https://gist.github.com/vishvananda/4008762

If cirros has usermod and openssl installed it may work there as well. Note
that you can pass the script in as userdata (see the comments at the end).

Vish

On Oct 15, 2014, at 8:02 AM, Danny Choi (dannchoi)  wrote:

> Hi,
> 
> I used devstack to deploy Juno OpenStack.
> 
> I spin up an instance with cirros-0.3.2-x86_64-uec.
> 
> By default, useranme/password is cirrus/cubswin:)
> 
> When I execute the command “nova get-password”, nothing is returned.
> 
> localadmin@qa4:/etc/nova$ nova show vm1
> +--++
> | Property | Value
>   |
> +--++
> | OS-DCF:diskConfig| MANUAL   
>   |
> | OS-EXT-AZ:availability_zone  | nova 
>   |
> | OS-EXT-STS:power_state   | 1
>   |
> | OS-EXT-STS:task_state| -
>   |
> | OS-EXT-STS:vm_state  | active   
>   |
> | OS-SRV-USG:launched_at   | 2014-10-15T14:48:04.00   
>   |
> | OS-SRV-USG:terminated_at | -
>   |
> | accessIPv4   |  
>   |
> | accessIPv6   |  
>   |
> | config_drive |  
>   |
> | created  | 2014-10-15T14:47:56Z 
>   |
> | flavor   | m1.tiny (1)  
>   |
> | hostId   | 
> ea715752b11cf96b95f9742513a351d2d6571c4fdb76f497d64ecddb   |
> | id   | 1a3c487e-c3a3-4783-bd0b-e3c87bf22c3f 
>   |
> | image| cirros-0.3.2-x86_64-uec 
> (1dda953b-9319-4c43-bd20-1ef75b491553) |
> | key_name | cirros-key   
>   |
> | metadata | {}   
>   |
> | name | vm1  
>   |
> | os-extended-volumes:volumes_attached | []   
>   |
> | private network  | 10.0.0.11
>   |
> | progress | 0
>   |
> | security_groups  | default  
>   |
> | status   | ACTIVE   
>   |
> | tenant_id| c8daf9bd6dda40a982b074322c08da7d 
>   |
> | updated  | 2014-10-15T14:48:04Z 
>   |
> | user_id  | 2cbbafae01404d4ebeb6e6fbacfa6546 
>   |
> +--++
> localadmin@qa4:/etc/nova$ nova help get-password
> usage: nova get-password  []
> 
> Get password for a server.
> 
> Positional arguments:
>  Name or ID of server.
> Private key (used locally to decrypt password) (Optional).
>  When specified, the command displays the clear (decrypted) VM
>  password. When not specified, the ciphered VM password is
>  displayed.
> localadmin@qa4:/etc/nova$ nova get-password vm1 
>   <[NOTHING RETURNED]
> localadmin@qa4:/etc/nova$ 
> 
> Am I missing something?
> 
> Thanks,
> Danny
> ___
> OpenStack-dev mailing list
> openstack-...@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



signature.asc
Description: Message signed with OpenPGP using GPG

Re: [Openstack] [openstack-dev] [qa] "nova get-password" does not seem to work

[Alessandro Pilotti]

AFAIK cloud-init is not handling it ATM, while Cloudbase-Init supports it out 
of the box on Windows (and soon FreeBSD).

You need to deploy your instance with an SSH keypair and use HTTP metadata, 
required for POSTing back the encrypted password.
It does not work with ConfigDrive.

Alessandro


On 15 Oct 2014, at 18:17, Vishvananda Ishaya 
mailto:vishvana...@gmail.com>> wrote:

Get password only works if you have something in the guest generating the
encrypted password and posting it to the metadata server. Cloud-init for
windows (the primary use case) will do this for you. You can do something
similar for ubuntu using this script:

https://gist.github.com/vishvananda/4008762

If cirros has usermod and openssl installed it may work there as well. Note
that you can pass the script in as userdata (see the comments at the end).

Vish

On Oct 15, 2014, at 8:02 AM, Danny Choi (dannchoi) 
mailto:dannc...@cisco.com>> wrote:

Hi,

I used devstack to deploy Juno OpenStack.

I spin up an instance with cirros-0.3.2-x86_64-uec.

By default, useranme/password is cirrus/cubswin:)

When I execute the command “nova get-password”, nothing is returned.

localadmin@qa4:/etc/nova$ nova show vm1
+--++
| Property | Value  
|
+--++
| OS-DCF:diskConfig| MANUAL 
|
| OS-EXT-AZ:availability_zone  | nova   
|
| OS-EXT-STS:power_state   | 1  
|
| OS-EXT-STS:task_state| -  
|
| OS-EXT-STS:vm_state  | active 
|
| OS-SRV-USG:launched_at   | 2014-10-15T14:48:04.00 
|
| OS-SRV-USG:terminated_at | -  
|
| accessIPv4   |
|
| accessIPv6   |
|
| config_drive |
|
| created  | 2014-10-15T14:47:56Z   
|
| flavor   | m1.tiny (1)
|
| hostId   | 
ea715752b11cf96b95f9742513a351d2d6571c4fdb76f497d64ecddb   |
| id   | 1a3c487e-c3a3-4783-bd0b-e3c87bf22c3f   
|
| image| cirros-0.3.2-x86_64-uec 
(1dda953b-9319-4c43-bd20-1ef75b491553) |
| key_name | cirros-key 
|
| metadata | {} 
|
| name | vm1
|
| os-extended-volumes:volumes_attached | [] 
|
| private network  | 10.0.0.11  
|
| progress | 0  
|
| security_groups  | default
|
| status   | ACTIVE 
|
| tenant_id| c8daf9bd6dda40a982b074322c08da7d   
|
| updated  | 2014-10-15T14:48:04Z   
|
| user_id  | 2cbbafae01404d4ebeb6e6fbacfa6546   
|
+--++
localadmin@qa4:/etc/nova$ nova help get-password
usage: nova get-password  []

Get password for a server.

Positional arguments:
 Name or ID of server.
Private key (used locally to decrypt password) (Optional).
 When specified, the command displays the clear (decrypted) VM
 password. When not specified, the ciphered VM password is
 displayed.
localadmin@qa4:/etc/nova$ nova get-password vm1
  <[NOTHING RETURNED]
localadmin@qa4:/etc/nova$

Am I missing something?

Thanks,
Danny
___

Re: [Openstack] periodic packet loss in openvswitch

[Rick Jones]

On 10/14/2014 09:10 PM, Michael Gale wrote:


I have seen something similar in the past under two conditions:
1. When a switch buffers have been overloaded due to excessive UDP
traffic, the switch ended up sending out the data on all ports.


Do you mean when a switch's forwarding table fills because it has 
started seeing more MAC addresses than it is designed to handle?


A switch which started flooding traffic because its packet buffers were 
full would be very, well, interesting :)


rick jones

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Unable to launch an instance with ICEHOUSE

[Anne Gentle]

On Wed, Oct 15, 2014 at 8:41 AM, Phani Bhushan 
wrote:

> Hi all,
>
>
>
> I am very much new to the openstack and I am trying to get
> some hands on experience on openstack. I installed openstack compute,
> controller, network nodes on single ubuntu 14.04 64 bit server machine.
>
> I have installed horizon. From pages of openstack, I failed to launch an
> instance. I got an error message saying that “*Error:* Failed to launch
> instance "test": Please try again later [Error: No valid host was found. ].
> “
>
>
>

This error means the scheduler couldn't find a node to launch an instance
on.


> “Nova-manage service list” is showing every thing is fine
>
>
>
> root@controller:~# nova-manage service list
>
> Binary   Host Zone
> Status State Updated_At
>
> nova-certcontroller   internal
> enabled:-)   2014-10-15 12:51:28
>
> nova-consoleauth controller   internal
> enabled:-)   2014-10-15 12:51:27
>
> nova-scheduler   controller   internal
> enabled:-)   2014-10-15 12:51:28
>
> nova-conductor   controller   internal
> enabled:-)   2014-10-15 12:51:18
>
> nova-compute controller   nova
> enabled:-)   2014-10-15 12:51:26
>
>
>
>
>
> Attached the log files for the nova-api, nova-compute, nova-scheduler.log.
>

I believe your nova-compute log shows a problem with rootwrap
configuration. See
http://docs.openstack.org/admin-guide-cloud/content/root-wrap-reference.html
for more info.

Anne


>
> I have no hint why this error message is coming. Can anyone please help me
> in resolving this issue.?
>
>
>
>
>
> With Regards,
>
> Phani Bhushan PV.
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [OSSA 2014-036] Potential leak of passwords into log files (CVE-2014-7230, CVE-2014-7231)

[Tristan Cacqueray]

OpenStack Security Advisory: 2014-036
CVE: CVE-2014-7230, CVE-2014-7231
Date: October 15, 2014
Title: Potential leak of passwords into log files
Reporter: Amrith Kumar (Tesora)
Products: Cinder and Nova (versions up to 2014.1.3)
Trove (versions up to 2014.1.2)

Description:
Amrith Kumar from Tesora reported two vulnerabilities in the
processutils.execute() and strutils.mask_password() functions available
from oslo-incubator that are copied into each project's code. An
attacker with read access to the services' logs may obtain passwords
used as a parameter of a command that has failed (CVE-2014-7230) or when
mask_password did not mask passwords properly (CVE-2014-7231). All
Cinder, Nova and Trove setups are affected.

Kilo (development branch) fixes:
https://review.openstack.org/116927 (Cinder)
https://review.openstack.org/126052 (Cinder ssh_execute)
https://review.openstack.org/116982 (Nova)
https://review.openstack.org/126047 (Nova   ssh_execute)
https://review.openstack.org/121417 (Trove)

Juno (proposed branch) fixes:
https://review.openstack.org/126594 (Nova   ssh_execute)
https://review.openstack.org/126592 (Cinder ssh_execute)

Icehouse fixes:
https://review.openstack.org/121382 (Cinder)
https://review.openstack.org/126665 (Cinder ssh_execute)
https://review.openstack.org/121096 (Nova)
https://review.openstack.org/126699 (Nova   ssh_execute)
https://review.openstack.org/121416 (Trove)

Notes:
The former patch did not cover the ssh_execute method used in Nova and
Cinder, thus two more patches are required for these projects.
Nova and Cinder fixes are included in the 2014.2rc2 release candidate
and will appear in a future 2014.1.4 release.
Trove fix was included in the 2014.2rc1 release candidate and 2014.1.3
release.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7231
https://launchpad.net/bugs/1377981
https://launchpad.net/bugs/1343604
https://launchpad.net/bugs/1345233

-- 
Tristan Cacqueray
OpenStack Vulnerability Management Team



signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Openstack-operators] [swift] How to encrypt account/container/object data that travels through storage nodes?

[Pete Zaitcev]

On Wed, 17 Sep 2014 15:16:22 -0300
Gui Maluf  wrote:

> Replicas are copied between storage nodes and swift presume all storage
> nodes are running in a secure network. Taking any scenario of a Globally
> Distributed OpenStack Swift Cluster
> ,
> how could nodes replicates through Regions, or even between zones, using
> VPN, SSL or any secure/encrypted way?

I'm afraid there's no other practical way but create VPNs between
datacenters and tunnel your back-end Swift traffic. Although it
could be possible to use SSL (with minimal changes), there's no
authentication or authorization in Swift back-end services.
If you let attackers on your replication network, it's game over.

-- Pete

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Centos 7 root pasword

[Juerg Haefliger]

On Wed, Oct 15, 2014 at 11:33 AM, Steven Hardy  wrote:
>
> On Tue, Oct 14, 2014 at 01:11:40PM +0530, Mridhul Pax wrote:
> >Hi Friends,
> >I have downloaded a centos 7 image from the following site and
created a
> >glance image. Im able to provison a server via that image and the
server
> >booted up fine. Any one know how to login to the server ?
> >I tried combinations like root/centos , centos/centos but no luck
> >I downloaded the QCOW2 image from the following link :
> >http://cloud.centos.org/centos/7/devel/

This being a CentOS question, you'd be better off asking for help on the
centos-devel mailing list. Anyways, there is no root and no password login
for CentOS cloud images. That's the case for most (CentOS, Fedora, Debian,
Ubuntu) community-built images which include the cloud-init package and
rely on a metadata service to provide a public SSH key for cloud-init to
fetch and inject into the instance. You need to create an SSH keypair in
OpenStack and specify the key name when launching an instance and then use
the private key to ssh to the instance, using user 'centos'.

...Juerg


> You've got some good suggestions already, bug FWIW I find virt-sysprep
> invaluable in these sort of situations:
>
>
http://rwmj.wordpress.com/2013/08/02/new-in-virt-sysprep-set-root-and-user-passwords/
>
> It can be used to (amongst other things) set a root password in a cloud
> image for debugging, or run a firstboot script to, for example, disable a
> troublesome service while you debug it.
>
> Steve
>
> ___
> Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] ml2 vlan provider network help

[Brandon Sawyers]

As a follow-up to my post:

We figured out was going on today. Nothing exciting, our test vlan we were
using was not configured properly by the network team. It was untagged
instead of being tagged. Once that was fixed, everything began working as
we expected it to.

Cheers!
Brandon

On Tue, Oct 14, 2014 at 11:00 AM, Brandon Sawyers 
wrote:

> Hello everyone:
>
> I believe that I have a correct config for using vlan provider networks in
> place (Thanks Thiago!), but my instances fail to ping other systems on the
> vlan. A quick description of what I'm trying to accomplish: My team does
> not control the network, so we wish to use the in place vlans in our
> instances for access to the world. We can't use dhcp on these vlans either.
>
> Here are the steps I've taken to attempt to troubleshoot this issue:
>
> -- Plumbed vlans on controller (neutron lives here) and computes. Using
> tcpdump I can see the vlan traffic from both nodes.
> -- Create instance with a single interface on the vlan provider network.
> -- Create appropriate security rules to allow ping/ssh.
> -- Start ping from instance to external host on the vlan.
> -- Start ping from external host to my instance.
> -- Using tcpdump listen at the following locations... (tcpdump -qnni
>  host  or host )
> --- tap interface for the guest: I see arps from my guest requesting the
> external server mac.
> --- source bridge of ovs created bridge for guest: I see arps from my
> guest requesting the external server mac.
> --- br-int integration bridge: I see arps from my guest requesting the
> external server mac.
> --- int-br-eth3 (part of veth pair to connect to actual bridge): I see
> arps from both my instance and the external host requesting mac addresses
> for each other.
> --- phy-br-eth3 (part of veth pair to connect to actual bridge): I see
> arps from both my instance and the external host requesting mac addresses
> for each other.
> --- br-eth3 (actual bridge I created for openstack use): I see arps from
> both my instance and the external host requesting mac addresses for each
> other.
> --- eth3:  I see arps from both my instance and the external host
> requesting mac addresses for each other.
> -- Nothing in the logs look incorrect.
> -- GRE tunnels for private networks work without issue.
>
> I've posted some output from my setup at http://pastebin.com/Mf2qMTSM.
>
> Thanks for the help!
> Brandon
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [QA] How to attach multiple NICs to an instance VM?

[Danny Choi (dannchoi)]

Hi,

“nova help boot” shows the following:


  --nic 


Create a NIC on the server. Specify option

multiple times to create multiple NICs. net-

id: attach NIC to network with this UUID

(either port-id or net-id must be provided),

v4-fixed-ip: IPv4 fixed address for NIC

(optional), v6-fixed-ip: IPv6 fixed address

for NIC (optional), port-id: attach NIC to

port with this UUID (either port-id or net-id

must be provided).


NOTE: > Specify option multiple times to create multiple NICs. <


I have two private networks and one public network (for floating IPs) 
configured.


localadmin@qa4:~/devstack$ nova net-list

+--+---+--+

| ID   | Label | CIDR |

+--+---+--+

| 6905cf7d-74d7-455b-b9d0-8cea972ec522 | private   | None |

| 8c25e33b-47be-47eb-a945-e0ac2ad6756a | Private_net20 | None |

| faa138e6-4774-41ad-8b5f-9795788eca43 | public| None |

+--+---+--+

When I launch an instance, I specify the “—nic” option twice.


localadmin@qa4:~/devstack$ nova boot --image cirros-0.3.2-x86_64-uec --flavor 1 
--nic net-id=6905cf7d-74d7-455b-b9d0-8cea972ec522 --nic 
net-id=8c25e33b-47be-47eb-a945-e0ac2ad6756a vm10


And then I associate a floating IP to the instance.


localadmin@qa4:~/devstack$ nova list

+--+--+++-+--+

| ID   | Name | Status | Task State | Power 
State | Networks |

+--+--+++-+--+

| e6a13d2e-756b-4b96-bf0c-438c2c875675 | vm10 | ACTIVE | -  | Running   
  | Private_net20=20.0.0.10; private=10.0.0.7, 172.29.173.13 |


localadmin@qa4:~/devstack$ nova show vm10

+--++

| Property | Value  
|

+--++

| OS-DCF:diskConfig| MANUAL 
|

| OS-EXT-AZ:availability_zone  | nova   
|

| OS-EXT-STS:power_state   | 1  
|

| OS-EXT-STS:task_state| -  
|

| OS-EXT-STS:vm_state  | active 
|

| OS-SRV-USG:launched_at   | 2014-10-15T20:22:50.00 
|

| OS-SRV-USG:terminated_at | -  
|

| Private_net20 network| 20.0.0.10  
|

| accessIPv4   |
|

| accessIPv6   |
|

| config_drive |
|

| created  | 2014-10-15T20:21:54Z   
|

| flavor   | m1.tiny (1)
|

| hostId   | 
4660a679d319992f764bcb245b71048212fe8cd67b769400d82382b7   |

| id   | e6a13d2e-756b-4b96-bf0c-438c2c875675   
|

| image| cirros-0.3.2-x86_64-uec 
(feaec710-c1cc-4071-aefa-c3dc2b915ab1) |

| key_name | -  
|

| metadata | {} 
|

| name | vm10   
|

| os-extended-volumes:volumes_attached | [] 
|

| private network  | 10.0.0.7, 172.29.173.13
|

| progress | 0   

Re: [Openstack] [Openstack-operators] vxlan network and windows on guests

[Sławek Kapłoński]

Hello,

I found also that when I capture traffic from tap interface and check it in 
wireshark then I see a lot of TCP DUP ACK packets before disconnection.
Guys, really anyone has got similar problem with vxlan and windows guests? or 
anyone is using windows on such instances? 

---
Best regards
Sławek Kapłoński
sla...@kaplonski.pl

Dnia wtorek, 14 października 2014 20:30:28 Sławek Kapłoński pisze:
> Hello,
> 
> I was trying with newest driver downloaded from
> http://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/
> and also on older version.
> 
> I did small test with two instances on one host. Then all traffic is going
> only via br-int bridge in ovs (no any vxlan tunnel) and problem was the
> same. But when I manually remove both tap interfeces from ovs and put it
> into linux bridge than I not have this issue. So imho there is some problem
> with openvswitch.
> I'm using 1.11 version of opensvitch but yesterday I build from sources
> version 2.3.0 and still is the same :/
> I'm using kernel 3.13 on compute hosts.
> Really anyone have got such issue with vxlan tunnels and windows guests?
> 
> ---
> Best regards
> Sławek Kapłoński
> sla...@kaplonski.pl
> 
> Dnia wtorek, 14 października 2014 07:15:24 piszesz:
> > Which virtio drivers are you using in your Windows guest?
> > 
> > P
> > 
> > On Oct 10, 2014 3:56 PM, "Sławek Kapłoński"  wrote:
> > > Hello,
> > > 
> > > I have neutron with vxlan tenant networks. I'm using openvswitch to make
> > > vxlan
> > > tunnels.
> > > Today I found strange problem with instances with Windows server
> > > installed
> > > on
> > > guests. First problem is that tcp sessions (like RDP connection beetween
> > > two
> > > servers) in such tenant network are sometimes disconnected for a while
> > > (like
> > > packet loss in network). Second issue is that I have not good
> > > performance
> > > on
> > > windows. My hosts have got 10Gbps network cards, I have set jumbo frames
> > > (mtu=9000 on hosts) and if I set for example mtu=8950 on linux guests
> > > than
> > > I
> > > have about 9Gbps when test with iperf. On windows I have about 2-2.5Gbps
> > > with
> > > mtu=1500 and even less with bigger mtu.
> > > Do You maybe have such problems with windows guests using vxlan tunnels
> > > network?
> > > I'm testing it on Windows server 2012 R2.
> > > 
> > > ---
> > > Best regards
> > > Sławek Kapłoński
> > > sla...@kaplonski.pl
> > > ___
> > > OpenStack-operators mailing list
> > > openstack-operat...@lists.openstack.org
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

signature.asc
Description: This is a digitally signed message part.
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Trouble adding volume to instance

[Amit Anand]

Some more trouble shooting on this (and still no progress) I see this when I 
reboot (or use targetcli which is below this log):


[root@block1 Python-2014-09-30-15:11:51-7481]# more backtrace
node.py:60:_create_in_cfs_ine:RTSLibError: Could not create NetworkPortal in 
configFS.

Traceback (most recent call last):
  File "/bin/cinder-rtstool", line 238, in 
sys.exit(main())
  File "/bin/cinder-rtstool", line 203, in main
create(backing_device, name, userid, password, initiator_iqns)
  File "/bin/cinder-rtstool", line 95, in create
rtslib.NetworkPortal(tpg_new, '0.0.0.0', 3260, mode='any')
  File "/usr/lib/python2.7/site-packages/rtslib/target.py", line 694, in 
__init__
self._create_in_cfs_ine(mode)
  File "/usr/lib/python2.7/site-packages/rtslib/node.py", line 60, in 
_create_in_cfs_ine
% self.__class__.__name__)
RTSLibError: Could not create NetworkPortal in configFS.

Local variables in innermost frame:
self: 
mode: 'any'


FROM targetcli:

/iscsi/iqn.20.../tpg1/portals> ls
o- portals 

 [Portals: 0]
/iscsi/iqn.20.../tpg1/portals> create ip_address=10.7.5.41
Using default IP port 3260
Could not create NetworkPortal in configFS.



On Tuesday, October 7, 2014 11:07 AM, Amit Anand  wrote:
 


Hi all,

Been troubleshooting this for a while now and cant seem to figure out what 
wrong, reaching out here hoping that maybe someone would have some input/advice 
on how to fix. I am trying to add a volume to an instance and it keeps failing 
with the following errors below. Would appreciate any insight as I am wits end 
and I apologize in advance if this is not a place to ask questions such as 
these - Ive tried the AskOpenstack and have gotten nothing. Thanks!!

[root@block1 tgt]# cinder list
+--+---+--+--+-+--+-+
|  ID  |   Status  | Display Name | Size | 
Volume Type | Bootable | Attached to |
+--+---+--+--+-+--+-+
| 4c6e1b15-2c7e-4bca-aae4-925cc054db8d | available |   myVolume   |  1   | 
None|  false   | |
| b8df2a1a-48df-443c-a078-bec907d8462d | available |   amitvol|  20  | 
None|  false   | |
+--+---+--+--+-+--+-+



Block node error log:

2014-10-07 10:58:46.720 31375 ERROR cinder.brick.iscsi.iscsi 
[req-d5e26671-6ca3-45d8-a9ca-730913c87010 8748be7fb9d544c088a7192137422231
bb7ce560d1e9482b862679cefaf5ae69 - - -] Failed to create iscsi target for 
volume id:volume-b8df2a1a-48df-443c-a078-bec907d8462d.

2014-10-07 10:58:46.721 31375 ERROR cinder.brick.iscsi.iscsi 
[req-d5e26671-6ca3-45d8-a9ca-730913c87010 8748be7fb9d544c088a7192137422231
bb7ce560d1e9482b862679cefaf5ae69 - - -] Unexpected error while running command.
Command: sudo cinder-rootwrap /etc/cinder/rootwrap.conf cinder-rtstool create 
/dev/cinder-volumes/volume-b8df2a1a-48df-443c-a078-bec907   d8462d 
iqn.2010-10.org.openstack:volume-b8df2a1a-48df-443c-a078-bec907d8462d 
8HayuR8mAq7QpK9y7soB iZypk62NhziXmfvdZMDf
Exit code: 1
Stdout: 'Error creating NetworkPortal: ensure port 3260 is not in use by 
another service.\n'
Stderr: 'Traceback (most recent call last):\n  File "/bin/cinder-rtstool", line 
238, in \nsys.exit(main())\n  File "/bin/ci   nder-rtstool", line 
203, in main\ncreate(backing_device, name, userid, password, 
initiator_iqns)\n  File "/bin/cinder-rtstool", lin   e 95, in create\n
rtslib.NetworkPortal(tpg_new, \'0.0.0.0\', 3260, mode=\'any\')\n  File 
"/usr/lib/python2.7/site-packages/rtslib/ta   rget.py", line 694, in __init__\n 
   self._create_in_cfs_ine(mode)\n  File 
"/usr/lib/python2.7/site-packages/rtslib/node.py", line 60,in 
_create_in_cfs_ine\n% self.__class__.__name__)\nrtslib.utils.RTSLibError: 
Could not create NetworkPortal in configFS.\n'

2014-10-07 10:58:46.721 31375 ERROR oslo.messaging.rpc.dispatcher 
[req-d5e26671-6ca3-45d8-a9ca-730913c87010 8748be7fb9d544c088a71921374   22231 
bb7ce560d1e9482b862679cefaf5ae69 - - -] Exception during message handling: 
Failed to create iscsi target for volume volume-b8df2a   
1a-48df-443c-a078-bec907d8462d.

2014-10-07 10:58:46.721 31375 TRACE oslo.messaging.rpc.dispatcher   File 
"/usr/lib/python2.7/site-packages/cinder/brick/iscsi/iscsi.py"   , line 540, in 
create_iscsi_target

2014-10-07 10:58:46.721 31375 TRACE oslo.messaging.rpc.dispatcher raise 
exception.ISCSITargetCreateFailed(volume_id=vol_id)

2014-10-07 10:58:46.721 31375 TRACE oslo.messaging.rpc.dispatcher 
ISCSITargetCreateFailed: Failed to create iscsi target for volume vol   
ume-b8df2a1a-48df-443c-a078-bec907d8462d.

2014-10-07 10:58:46.721 31375 TRACE oslo.messaging.rpc.dispatcher

2014-10-07 10:58:46.724 31375 

[Openstack] Zenoss Auth failure

[Guillermo Alvarado]

Hello I am trying the zenoss plugin to monitoring openstack,but I am not
able to connect to Openstack from zenoss

2014-10-15 16:41:54,924 INFO zen.Job: 2014-10-15 16:41:54,851 ERROR
zen.ZenDisc: Unable to fill collection slots: [Failure instance: Traceback
(failure with no frames): :
Unauthorized (HTTP 401)


I am  following this http://wiki.zenoss.org/ZenPack:OpenStack_Cloud_Monitor
and using this credentials:

USERNAME=admin
PASSWORD=12345
AUTH_URL=http://service-stack:35357/v2.0

I am asuming that  API Key - Can be found by going to "Your Account/API
Access"  is my own password.

If a make a curl from the same machine with that credentials I receive a
200 OK response form Openstack.

Please provide some information that helps me to connect zenoss with
Openstack,

The best,
~GA
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Trouble adding volume to instance

[Amit Anand]

**Resending as another Openstack user informed me this was being directed to 
Spam in Gmail** 

Thanks Boris!

Hi all,

Some more trouble shooting on this (and still no progress) I see this when I 
reboot (or use targetcli which is below this log):


[root@block1 Python-2014-09-30-15:11:51-7481]# more backtrace
node.py:60:_create_in_cfs_ine:RTSLibError: Could not create NetworkPortal in 
configFS.

Traceback (most recent call last):
  File "/bin/cinder-rtstool", line 238, in 
sys.exit(main())
  File "/bin/cinder-rtstool", line 203, in main
create(backing_device, name, userid, password, initiator_iqns)
  File "/bin/cinder-rtstool", line 95, in create
rtslib.NetworkPortal(tpg_new, '0.0.0.0', 3260, mode='any')
  File "/usr/lib/python2.7/site-packages/rtslib/target.py", line 694, in 
__init__
self._create_in_cfs_ine(mode)
  File "/usr/lib/python2.7/site-packages/rtslib/node.py", line 60, in 
_create_in_cfs_ine
% self.__class__.__name__)
RTSLibError: Could not create NetworkPortal in configFS.

Local variables in innermost frame:
self: 
mode: 'any'


FROM targetcli:

/iscsi/iqn.20.../tpg1/portals> ls
o- portals 

 [Portals: 0]
/iscsi/iqn.20.../tpg1/portals> create ip_address=10.7.5.41
Using default IP port 3260
Could not create NetworkPortal in configFS.


On Wednesday, October 15, 2014 5:38 PM, Amit Anand  
wrote:
 


Some more trouble shooting on this (and still no progress) I see this when I 
reboot (or use targetcli which is below this log):


[root@block1 Python-2014-09-30-15:11:51-7481]# more backtrace
node.py:60:_create_in_cfs_ine:RTSLibError: Could not create NetworkPortal in 
configFS.

Traceback (most recent call last):
  File "/bin/cinder-rtstool", line 238, in 
sys.exit(main())
  File "/bin/cinder-rtstool", line 203, in main
create(backing_device, name, userid, password, initiator_iqns)
  File "/bin/cinder-rtstool", line 95, in create
rtslib.NetworkPortal(tpg_new, '0.0.0.0', 3260, mode='any')
  File "/usr/lib/python2.7/site-packages/rtslib/target.py", line 694, in 
__init__
self._create_in_cfs_ine(mode)
  File "/usr/lib/python2.7/site-packages/rtslib/node.py", line 60, in 
_create_in_cfs_ine
% self.__class__.__name__)
RTSLibError: Could not create NetworkPortal in configFS.

Local variables in innermost frame:
self: 
mode: 'any'


FROM targetcli:

/iscsi/iqn.20.../tpg1/portals> ls
o- portals 

 [Portals: 0]
/iscsi/iqn.20.../tpg1/portals> create ip_address=10.7.5.41
Using default IP port 3260
Could not create NetworkPortal in configFS.



On Tuesday, October 7, 2014 11:07 AM, Amit Anand  wrote:
 


Hi all,

Been troubleshooting this for a while now and cant seem to figure out what 
wrong, reaching out here hoping that maybe someone would have some input/advice 
on how to fix. I am trying to add a volume to an instance and it keeps failing 
with the following errors below. Would appreciate any insight as I am wits end 
and I apologize in advance if this is not a place to ask questions such as 
these - Ive tried the AskOpenstack and have gotten nothing. Thanks!!

[root@block1 tgt]# cinder list
+--+---+--+--+-+--+-+
|  ID  |   Status  | Display Name | Size | 
Volume Type | Bootable | Attached to |
+--+---+--+--+-+--+-+
| 4c6e1b15-2c7e-4bca-aae4-925cc054db8d | available |   myVolume   |  1   | 
None|  false   | |
| b8df2a1a-48df-443c-a078-bec907d8462d | available |   amitvol|  20  | 
None|  false   | |
+--+---+--+--+-+--+-+



Block node error log:

2014-10-07 10:58:46.720 31375 ERROR cinder.brick.iscsi.iscsi 
[req-d5e26671-6ca3-45d8-a9ca-730913c87010 8748be7fb9d544c088a7192137422231
bb7ce560d1e9482b862679cefaf5ae69 - - -] Failed to create iscsi target for 
volume id:volume-b8df2a1a-48df-443c-a078-bec907d8462d.

2014-10-07 10:58:46.721 31375 ERROR cinder.brick.iscsi.iscsi 
[req-d5e26671-6ca3-45d8-a9ca-730913c87010 8748be7fb9d544c088a7192137422231
bb7ce560d1e9482b862679cefaf5ae69 - - -] Unexpected error while running command.
Command: sudo cinder-rootwrap /etc/cinder/rootwrap.conf cinder-rtstool create 
/dev/cinder-volumes/volume-b8df2a1a-48df-443c-a078-bec907   d8462d 
iqn.2010-10.org.openstack:volume-b8df2a1a-48df-443c-a078-bec907d8462d 
8HayuR8mAq7QpK9y7soB iZypk62NhziXmfvdZMDf
Exit code: 1
Stdout: 'Error creating NetworkPortal: ensure port 3260 is not in use by 
another service.\n'
Stderr: 'Traceback (most recent call last):\n  File "/bin/cinder-rtstool", line 
238, in \nsys.exit(main())\n  Fi

Re: [Openstack] Trouble adding volume to instance

[Amit Anand]

So looks like it went again to spam. Ive put the errors Im getting here:



Paste #121364 | LodgeIt!

  
  
Paste #121364 | LodgeIt!
[root@block1 Python-2014-09-30-15:11:51-7481]# more backtrace
node.py:60:_create_in_cfs_ine:RTSLibError: Could not create NetworkPortal in 
configFS.   
View on paste.openstack.org Preview by Yahoo  
  
 
Hi all,

Some more trouble shooting on this (and still no progress) I see this when I 
reboot (or use targetcli which is below this log):



On Wednesday, October 15, 2014 6:21 PM, Борис Бобров  
wrote:
 


В сообщении от Thursday 16 of October 2014 02:11:55 Amit написал:
> **Resending as another Openstack user informed me this was being
> directed to Spam in Gmail**

Went to spam again.

Maybe you should put all the logs to http://paste.openstack.org?

-- 
Regards,

Boris___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] ml2 vlan provider network help

[Martinx - ジェームズ]

Awesome!!   :-D

Same here, I'm using tagged VLANs, one for each tenant...

Each tenant here have 1 "net", and 2 "subnets" (IPv4 and IPv6).

Cheers!
Thiago

On 15 October 2014 18:07, Brandon Sawyers  wrote:

> As a follow-up to my post:
>
> We figured out was going on today. Nothing exciting, our test vlan we were
> using was not configured properly by the network team. It was untagged
> instead of being tagged. Once that was fixed, everything began working as
> we expected it to.
>
> Cheers!
> Brandon
>
> On Tue, Oct 14, 2014 at 11:00 AM, Brandon Sawyers 
> wrote:
>
>> Hello everyone:
>>
>> I believe that I have a correct config for using vlan provider networks
>> in place (Thanks Thiago!), but my instances fail to ping other systems on
>> the vlan. A quick description of what I'm trying to accomplish: My team
>> does not control the network, so we wish to use the in place vlans in our
>> instances for access to the world. We can't use dhcp on these vlans either.
>>
>> Here are the steps I've taken to attempt to troubleshoot this issue:
>>
>> -- Plumbed vlans on controller (neutron lives here) and computes. Using
>> tcpdump I can see the vlan traffic from both nodes.
>> -- Create instance with a single interface on the vlan provider network.
>> -- Create appropriate security rules to allow ping/ssh.
>> -- Start ping from instance to external host on the vlan.
>> -- Start ping from external host to my instance.
>> -- Using tcpdump listen at the following locations... (tcpdump -qnni
>>  host  or host )
>> --- tap interface for the guest: I see arps from my guest requesting the
>> external server mac.
>> --- source bridge of ovs created bridge for guest: I see arps from my
>> guest requesting the external server mac.
>> --- br-int integration bridge: I see arps from my guest requesting the
>> external server mac.
>> --- int-br-eth3 (part of veth pair to connect to actual bridge): I see
>> arps from both my instance and the external host requesting mac addresses
>> for each other.
>> --- phy-br-eth3 (part of veth pair to connect to actual bridge): I see
>> arps from both my instance and the external host requesting mac addresses
>> for each other.
>> --- br-eth3 (actual bridge I created for openstack use): I see arps from
>> both my instance and the external host requesting mac addresses for each
>> other.
>> --- eth3:  I see arps from both my instance and the external host
>> requesting mac addresses for each other.
>> -- Nothing in the logs look incorrect.
>> -- GRE tunnels for private networks work without issue.
>>
>> I've posted some output from my setup at http://pastebin.com/Mf2qMTSM.
>>
>> Thanks for the help!
>> Brandon
>>
>>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Openstack-operators] vxlan network and windows on guests

[George Mihaiescu]

To see where the problem lies you could do an iperf test between two
instances of the same tenant running on the same compute node.

The traffic would still pass through openvswitch, but not across the Vxlan
tunnel.
On Oct 15, 2014 5:29 PM, "Sławek Kapłoński"  wrote:

> Hello,
>
> I found also that when I capture traffic from tap interface and check it in
> wireshark then I see a lot of TCP DUP ACK packets before disconnection.
> Guys, really anyone has got similar problem with vxlan and windows guests?
> or
> anyone is using windows on such instances?
>
> ---
> Best regards
> Sławek Kapłoński
> sla...@kaplonski.pl
>
> Dnia wtorek, 14 października 2014 20:30:28 Sławek Kapłoński pisze:
> > Hello,
> >
> > I was trying with newest driver downloaded from
> > http://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/
> > and also on older version.
> >
> > I did small test with two instances on one host. Then all traffic is
> going
> > only via br-int bridge in ovs (no any vxlan tunnel) and problem was the
> > same. But when I manually remove both tap interfeces from ovs and put it
> > into linux bridge than I not have this issue. So imho there is some
> problem
> > with openvswitch.
> > I'm using 1.11 version of opensvitch but yesterday I build from sources
> > version 2.3.0 and still is the same :/
> > I'm using kernel 3.13 on compute hosts.
> > Really anyone have got such issue with vxlan tunnels and windows guests?
> >
> > ---
> > Best regards
> > Sławek Kapłoński
> > sla...@kaplonski.pl
> >
> > Dnia wtorek, 14 października 2014 07:15:24 piszesz:
> > > Which virtio drivers are you using in your Windows guest?
> > >
> > > P
> > >
> > > On Oct 10, 2014 3:56 PM, "Sławek Kapłoński" 
> wrote:
> > > > Hello,
> > > >
> > > > I have neutron with vxlan tenant networks. I'm using openvswitch to
> make
> > > > vxlan
> > > > tunnels.
> > > > Today I found strange problem with instances with Windows server
> > > > installed
> > > > on
> > > > guests. First problem is that tcp sessions (like RDP connection
> beetween
> > > > two
> > > > servers) in such tenant network are sometimes disconnected for a
> while
> > > > (like
> > > > packet loss in network). Second issue is that I have not good
> > > > performance
> > > > on
> > > > windows. My hosts have got 10Gbps network cards, I have set jumbo
> frames
> > > > (mtu=9000 on hosts) and if I set for example mtu=8950 on linux guests
> > > > than
> > > > I
> > > > have about 9Gbps when test with iperf. On windows I have about
> 2-2.5Gbps
> > > > with
> > > > mtu=1500 and even less with bigger mtu.
> > > > Do You maybe have such problems with windows guests using vxlan
> tunnels
> > > > network?
> > > > I'm testing it on Windows server 2012 R2.
> > > >
> > > > ---
> > > > Best regards
> > > > Sławek Kapłoński
> > > > sla...@kaplonski.pl
> > > > ___
> > > > OpenStack-operators mailing list
> > > > openstack-operat...@lists.openstack.org
> > > >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [Heat][Nova]Error while creating a nova instance from heat stack

[Sadia Bashir]

Hi Everyone,

I am trying to launch a new instance from a very simple heat template
(please see attached) but it yields me following error while creating a new
stack:

Log from /var/log/heat/heat-engine.log

2014-10-16 10:21:22.804 30952 INFO urllib3.connectionpool [-] Starting new
HTTP connection (1): 193.168.4.121
2014-10-16 10:21:36.981 30952 INFO heat.engine.service [-] validate_template
2014-10-16 10:22:02.018 30952 INFO heat.engine.service [-] template is
{u'outputs': {u'server0_ip': {u'description': u'IP of the server', u'val$
2014-10-16 10:22:02.034 30952 INFO heat.engine.resource [-] Validating
Server "http_client"
2014-10-16 10:22:06.570 30952 INFO urllib3.connectionpool [-] Starting new
HTTP connection (1): 193.168.4.121
2014-10-16 10:22:06.706 30952 INFO urllib3.connectionpool [-] Starting new
HTTP connection (1): 193.168.4.121
2014-10-16 10:22:06.845 30952 INFO urllib3.connectionpool [-] Starting new
HTTP connection (1): 193.168.4.121
2014-10-16 10:22:07.391 30952 INFO heat.engine.resource [-] creating Server
"http_client"
2014-10-16 10:22:09.464 30952 ERROR heat.engine.resource [-] CREATE :
Server "http_client"
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource Traceback (most
recent call last):
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 371, in
_do_ac$
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource while not
check(handle_data):
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/heat/engine/resources/server.py", line
239, i$
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource return
self._check_active(server)
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/heat/engine/resources/server.py", line
243, i$
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource if
server.status != 'ACTIVE':
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/heat/engine/resources/server.py", line
243, i$
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource if
server.status != 'ACTIVE':
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource   File
"/usr/lib/python2.7/bdb.py", line 48, in trace_dispatch
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource return
self.dispatch_line(frame)
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource   File
"/usr/lib/python2.7/bdb.py", line 67, in dispatch_line
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource if
self.quitting: raise BdbQuit
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource BdbQuit
2014-10-16 10:22:09.464 30952 TRACE heat.engine.resource
2014-10-16 10:22:09.901 30952 WARNING heat.engine.service [-] Stack create
failed, status FAILED

Any suggestions to get rid of this error will be highly appreciated. Thanks!

--
Regards,
*Sadia Bashir*


test.yaml
Description: application/yaml
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack