Have been testing out GCE and the load balancing capabilities - however have been seeing some unexpected results.
The trial configuration involves 2 instances acting as DNS resolvers in a target pool with a 3rd test instance. There is also a http server running on the hosts. No health check scripts have been added.
DNS request to individual instance public IP (from ANY) - OK
HTTP request to individual instance public IP (from ANY) - OK
HTTP request to load balance IP (from ANY) - OK
DNS request to load balance IP (from an instance in the target pool) - OK
DNS request to load balance IP (from an instance in the same network - but not in the target pool) - NOK
DNS request to load balance IP (other) - NOK
I can see in the instance logs that the DNS request arrive for all cases and are distributed evenly - though the replies don't seem to get back to the originator.
The behavior seems unexpected. I've played with the session affinity with similar results - though the default behavior is the most desired option.
Have hit a wall. Are there some ideas to try?
Information on the setup:
$ gcutil listhttphealthchecks
+------+------+------+
| name | host | port |
+------+------+------+
$ gcutil listtargetpools
+----------+-------------+
| name | region |
+----------+-------------+
| dns-pool | us-central1 |
+----------+-------------+
$ gcutil listforwardingrules
+---------+-------------+-------------+
| name | region | ip |
+---------+-------------+-------------+
| dns-tcp | us-central1 | 8.34.215.45 |
+---------+-------------+-------------+
| dns-udp | us-central1 | 8.34.215.45 |
+---------+-------------+-------------+
| http | us-central1 | 8.34.215.45 |
+---------+-------------+-------------+
$ gcutil getforwardingrule dns-udp
+---------------+----------------------------------+
| name | dns-udp |
| description | |
| creation-time | 2013-12-28T12:28:05.816-08:00 |
| region | us-central1 |
| ip | 8.34.215.45 |
| protocol | UDP |
| port-range | 53-53 |
| target | us-central1/targetPools/dns-pool |
+---------------+----------------------------------+
$ gcutil gettargetpool dns-pool
+------------------+-------------------------------+
| name | dns-pool |
| description | |
| creation-time | 2013-12-28T11:48:08.896-08:00 |
| health-checks | |
| session-affinity | NONE |
| failover-ratio | |
| backup-pool | |
| instances | us-central1-a/instances/dns-1 |
| | us-central1-b/instances/dns-2 |
+------------------+-------------------------------+
[#dns-1 ~]$ curl "http://metadata/computeMetadata/v1/instance/network-interfaces/?recursive=true" -H "X-Google-Metadata-Request: True"
[{"accessConfigs":[{"externalIp":"162.222.178.116","type":"ONE_TO_ONE_NAT"}],"forwardedIps":["8.34.215.45"],"ip":"10.240.157.97","network":"projects/763472520840/networks/default"}]
[#dns-2 ~]$ curl "http://metadata/computeMetadata/v1/instance/network-interfaces/?recursive=true" -H "X-Google-Metadata-Request: True"
[{"accessConfigs":[{"externalIp":"8.34.215.162","type":"ONE_TO_ONE_NAT"}],"forwardedIps":["8.34.215.45"],"ip":"10.240.200.109","network":"projects/763472520840/networks/default"}]
$ gcutil getfirewall dns2
+---------------+------------------------------------+
| name | dns2 |
| description | Allow the incoming service traffic |
| creation-time | 2013-12-28T10:35:18.185-08:00 |
| network | default |
| source-ips | 0.0.0.0/0 |
| source-tags | |
| target-tags | |
| allowed | tcp: 53 |
| allowed | udp: 53 |
| allowed | tcp: 80 |
| allowed | tcp: 443 |
+---------------+------------------------------------+
The instances are CentOS and have their iptables firewalls disabled.
Reply from instance in target pool
#dns-1 ~]$ nslookup test 8.34.215.45 | grep answer
Non-authoritative answer:
#dns-1 ~]$
Reply from other instance in target pool
#dns-2 ~]$ nslookup test 8.34.215.45 | grep answer
Non-authoritative answer:
#dns-2 ~]$
No reply from instance not in the target pool on the load balanced IP. However it gets a reply from all other interfaces
#dns-3 ~]$ nslookup test 8.34.215.45 | grep answer
#dns-3 ~]$
#dns-3 ~]$ nslookup test 8.34.215.162 | grep answer
Non-authoritative answer:
#dns-3 ~]$ nslookup test 10.240.200.109 | grep answer
Non-authoritative answer:
#dns-3 ~]$ nslookup test 10.240.157.97 | grep answer
Non-authoritative answer:
#dns-3 ~]$ nslookup test 162.222.178.116 | grep answer
Non-authoritative answer:
-- Update --
Added a health check so that the instances wouldn't be marked as UNHEALTHY. However got the same result.
$ gcutil gettargetpoolhealth dns-pool
+-------------------------------+-------------+--------------+
| instance | ip | health-state |
+-------------------------------+-------------+--------------+
| us-central1-a/instances/dns-1 | 8.34.215.45 | HEALTHY |
+-------------------------------+-------------+--------------+
| us-central1-b/instances/dns-2 | 8.34.215.45 | HEALTHY |
+-------------------------------+-------------+--------------+
-- Update --
Looks like the DNS service is not responding with the same IP that the request came in on. This is for sure be the reason it doens't appear to be responding.
0.000000 162.222.178.130 -> 8.34.215.45 DNS 82 Standard query 0x5323 A test.internal
2.081868 10.240.157.97 -> 162.222.178.130 DNS 98 Standard query response 0x5323 A 54.122.122.227
Looks like the DNS service is not responding with the same IP that the request came in on. This is for sure be the reason it doens't appear to be responding.
0.000000 162.222.178.130 -> 8.34.215.45 DNS 82 Standard query 0x5323 A test.internal
2.081868 10.240.157.97 -> 162.222.178.130 DNS 98 Standard query response 0x5323 A 54.122.122.227
Related
I downloaded the Mininet VM and I have two windows 7 vms. I want to use two windows 7 vms as hosts in Mininet. I searched the internet and found that I can use the hwintf.py example to use other vms as hosts in mininet. I tried using but still didn't work. I want to use pox as my controller. Please help. Below is the code of my hwintf.py
#!/usr/bin/python
"""
This example shows how to add an interface (for example a real
hardware interface) to a network after the network is created.
"""
import re
import sys
from mininet.cli import CLI
from mininet.log import setLogLevel, info, error
from mininet.net import Mininet
from mininet.link import Intf
from mininet.topolib import TreeTopo
from mininet.util import quietRun
def checkIntf( intf ):
"Make sure intf exists and is not configured."
config = quietRun( 'ifconfig %s 2>/dev/null' % intf, shell=True )
if not config:
error( 'Error:', intf, 'does not exist!\n' )
exit( 1 )
ips = re.findall( r'\d+\.\d+\.\d+\.\d+', config )
if ips:
error( 'Error:', intf, 'has an IP address,'
'and is probably in use!\n' )
exit( 1 )
if __name__ == '__main__':
setLogLevel( 'info' )
# try to get hw intf from the command line; by default, use eth1
intfName = sys.argv[ 1 ] if len( sys.argv ) > 1 else 'eth2'
info( '*** Connecting to hw intf: %s' % intfName )
info( '*** Checking', intfName, '\n' )
checkIntf( intfName )
info( '*** Creating network\n' )
net = Mininet()
c1 = net.addController( 'c1' )
s1 = net.addSwitch( 's1' )
h1 = net.addHost( 'h1' )
h2 = net.addHost( 'h2' )
net.addLink( h1, s1 )
net.addLink( h2, s1 )
switch = net.switches[ 0 ]
info( '*** Adding hardware interface', intfName, 'to switch',
switch.name, '\n' )
_intf = Intf( intfName, node=switch )
info( '*** Note: you may need to reconfigure the interfaces for '
'the Mininet hosts:\n', net.hosts, '\n' )
net.start()
CLI( net )
net.stop()
If you don't need Mininet hosts you shouldn't use Mininet. Alternatively, you could use standalone Open vSwitches.
Open vSwitch VM Commands:
$ apt install openvswitch-switch
$ apt remove openvswitch-testcontroller
$ ovs-vsctl add-br br0
$ ovs-vsctl add-port br0 eth0
$ ovs-vsctl add-port br0 eth1
$ ovs-vsctl add-controller br0 tcp:127.0.0.1:6653
Topology:
+-------------+ +------------------+ +--------------+
| Host 1 VM | | Open vSwitch VM | | Host 2 VM |
| | | | | |
| | vmnet1 | | vmnet2 | |
| +--+--+ +---++ +-------+ +-+----+ +---+--+ |
| |eth0 +--------+eth0+---+ br0 +---+eth1 +----+eth0 | |
| +-----+ +---++ +---+---+ +-+----+ +------+ |
| 10.0.0.1/8 | | | 10.0.0.2/8 |
| | | TCP | | |
| | | port 6653 | | |
+-------------+ | (OpenFlow) | +--------------+
| | |
| | |
| +----+-------+ |
| | SDN | |
| | Controller | |
| +------------+ |
| |
+------------------+
When I create a region using the following command and use describe afterwards, it doesn't show me region-time-to-live settings at all. Only when I use alter I can see the entry-time-to-live and region-time-to-live to be set properly.
gfsh>create region --name=myRegion --type=REPLICATE --enable-statistics=true --entry-time-to-live-expiration=200 --region-time-to-live-expiration=2000
gfsh>describe region --name
Region | entry-time-to-live.timeout | 2000
| data-policy | REPLICATE
| size | 0
| statistics-enabled | true
| scope | distributed-ack
gfsh>alter region --name=myRegion --entry-time-to-live-expiration=200 --region-time-to-live-expiration=2000
gfsh>describe region --name
Region | entry-time-to-live.timeout | 200
| data-policy | REPLICATE
| region-time-to-live.timeout| 2000
| size | 0
| statistics-enabled | true
| scope | distributed-ack
I believe this bug was already solved in the latest develop branch from GEODE, specifically through GEODE-1897. Below is the output I see:
_________________________ __
/ _____/ ______/ ______/ /____/ /
/ / __/ /___ /_____ / _____ /
/ /__/ / ____/ _____/ / / / /
/______/_/ /______/_/ /_/ 1.5.0-SNAPSHOT
Monitor and Manage Apache Geode
gfsh>start locator --name=locator1
gfsh>start server --name=server1
gfsh>create region --name=myRegion --type=REPLICATE --enable-statistics=true --entry-time-to-live-expiration=200 --region-time-to-live-expiration=2000
Member | Status
------- | ---------------------------------------
server1 | Region "/myRegion" created on "server1"
gfsh>describe region --name=/myRegion
..........................................................
Name : myRegion
Data Policy : replicate
Hosting Members : server1
Non-Default Attributes Shared By Hosting Members
Type | Name | Value
------ | --------------------------- | ---------------
Region | entry-time-to-live.timeout | 200
| data-policy | REPLICATE
| region-time-to-live.timeout | 2000
| size | 0
| scope | distributed-ack
| statistics-enabled | true
Hope this helps.
Cheers.
I have installed MariaDB server:
$ mysql --version
mysql Ver 15.1 Distrib 10.0.32-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
and have created new user 'alex':
> SELECT User, Host FROM mysql.user;
+------------------+-----------+
| User | Host |
+------------------+-----------+
| root | 127.0.0.1 |
| root | ::1 |
| alex | localhost |
| debian-sys-maint | localhost |
| root | localhost |
| root | myhost |
+------------------+-----------+
I can connect to the server as 'alex'#'localhost' using DBeaver client but I cannot do the same from console:
$ mysql -h localhost --user=alex --password=...
ERROR 1045 (28000): Access denied for user 'alex'#'localhost' (using password: YES)
I can connect as 'root' from console but not as 'alex'. Permissions are OK when I connected with DBeaver.
I can't reproduce the problem:
$ mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 44
Server version: 10.0.32-MariaDB mariadb.org binary distribution
MariaDB [(none)]> CREATE USER 'alex'#'localhost';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> SELECT `User`, `Host` FROM `mysql`.`user`;
+------------------+-----------+
| User | Host |
+------------------+-----------+
| root | 127.0.0.1 |
| root | ::1 |
| alex | localhost |
| debian-sys-maint | localhost |
| root | localhost |
| root | myhost |
+------------------+-----------+
6 rows in set (0.01 sec)
MariaDB [(none)]> exit
Bye
$ mysql -h localhost --user=alex --password
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 48
Server version: 10.0.32-MariaDB mariadb.org binary distribution
MariaDB [(none)]>
I'm trying to run the monitoring service in openstack, but I'm receiving this error:
~$ monasca metric-list
Authorization failed: The resource could not be found. (HTTP 404)
When I check the log file this is why I found:
2016-09-20 10:27:36.357 27771 WARNING keystonemiddleware.auth_token [-] Fetch revocation list failed, fallback to online validation.
2016-09-20 10:27:36.376 27771 ERROR keystonemiddleware.auth_token [-] Bad response code while validating token: 403
2016-09-20 10:27:36.377 27771 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "You are not authorized to perform the requested action, identity:validate_token.", "code": 403, "title": "Forbidden"}}
2016-09-20 10:27:36.377 27771 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Failed to fetch token data from identity server
This is the services, projects, users , role and endpoints in keystone
+----------------------------------+----------+------------+
| ID | Name | Type |
+----------------------------------+----------+------------+
| 1c38cf31124d404783561793fc1fb7f0 | monasca | monitoring |
| 1eb72109ea604b6e8f2bd264787ca370 | keystone | identity |
+----------------------------------+----------+------------+
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 733a0a1369f94f6ab31b8875ef19e0ee | service |
| 9e732f1a2aca48e098daf62bb230f85e | monasca |
| f2df2111f893434f83fda7d5bd6cac4a | admin |
+----------------------------------+---------+
+----------------------------------+---------------+
| ID | Name |
+----------------------------------+---------------+
| 3a1b8582a11f4e07b3a21e84e9fb7c23 | monasca-user |
| 559752237e824d81a6133494b63c5789 | monasca-agent |
| 5bcf19af4e8e4067a5679e6a0f2f88f1 | admin |
+----------------------------------+---------------+
+----------------------------------+---------------+
| ID | Name |
+----------------------------------+---------------+
| 1679c1c099b543db96ac4412be21b15a | admin |
| 6ca31578625c49568085284dee72e4b8 | monasca-agent |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| a3267f589e7342ceaedef57ea9e4aac2 | monasca-user |
+----------------------------------+---------------+
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
| 3fbfc68e9f894e47846b896c6c8d3f3e | RegionOne | keystone | identity | True | internal | http://controller:5000/v2.0 |
| 470043a7f6364add902548df6fb7b60e | RegionOne | monasca | monitoring | True | public | http://localhost:8082/v2.0 |
| 9e68606b37084cbeb95106ff1bede0cb | RegionOne | monasca | monitoring | True | internal | http://localhost:8082/v2.0 |
| b4273c72671e4fac99e7d2bc6334156c | RegionOne | monasca | monitoring | True | admin | http://localhost:8082/v2.0 |
| d27bb34d619443658ca745b9fee1c967 | RegionOne | keystone | identity | True | admin | http://controller:35357/v2.0 |
| f736ebca8ac24b78bdf1dff60ac86ab1 | RegionOne | keystone | identity | True | public | http://controller:5000/v2.0 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
this is the keystone section in my api.conf file:
[keystone_authtoken]
identity_uri = http://controller:35357
auth_uri = http://controller:5000/v3
admin_password = PASSWORD
admin_user = monasca-user
admin_tenant_name = monasca
cafile =
certfile =
keyfile =
insecure = false
file to get the token for the identity service
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=PASSWORD
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
and for the monitoring service
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=monasca
export OS_TENANT_NAME=monasca
export OS_USERNAME=monasca-user
export OS_PASSWORD=PASSWORD
export OS_AUTH_URL=http://controller:35357/
export OS_IDENTITY_API_VERSION=3
I can find what is wrong with the configuration
Are you able to run the following command?
openstack token issue
Why do you have localhost in endpoint?
you can use --debug option for monasca commands to get more details
I think the problem is that you register keystone endpoint with version specified while in env var the version is another one. it is recommended that not include version number in endpoint, especially the keystone one. Please check install manuals and follow its instructions
Is it possible to view RabbitMQ message contents directly from the command line?
sudo rabbitmqctl list_queues lists the queues.
Is there any command like sudo rabbitmqctl list_queue_messages <queue_name>?
You should enable the management plugin.
rabbitmq-plugins enable rabbitmq_management
See here:
http://www.rabbitmq.com/plugins.html
And here for the specifics of management.
http://www.rabbitmq.com/management.html
Finally once set up you will need to follow the instructions below to install and use the rabbitmqadmin tool. Which can be used to fully interact with the system.
http://www.rabbitmq.com/management-cli.html
For example:
rabbitmqadmin get queue=<QueueName> requeue=false
will give you the first message off the queue.
Here are the commands I use to get the contents of the queue:
RabbitMQ version 3.1.5 on Fedora linux using https://www.rabbitmq.com/management-cli.html
Here are my exchanges:
eric#dev ~ $ sudo python rabbitmqadmin list exchanges
+-------+--------------------+---------+-------------+---------+----------+
| vhost | name | type | auto_delete | durable | internal |
+-------+--------------------+---------+-------------+---------+----------+
| / | | direct | False | True | False |
| / | kowalski | topic | False | True | False |
+-------+--------------------+---------+-------------+---------+----------+
Here is my queue:
eric#dev ~ $ sudo python rabbitmqadmin list queues
+-------+----------+-------------+-----------+---------+------------------------+---------------------+--------+----------+----------------+-------------------------+---------------------+--------+---------+
| vhost | name | auto_delete | consumers | durable | exclusive_consumer_tag | idle_since | memory | messages | messages_ready | messages_unacknowledged | node | policy | status |
+-------+----------+-------------+-----------+---------+------------------------+---------------------+--------+----------+----------------+-------------------------+---------------------+--------+---------+
| / | myqueue | False | 0 | True | | 2014-09-10 13:32:18 | 13760 | 0 | 0 | 0 |rabbit#ip-11-1-52-125| | running |
+-------+----------+-------------+-----------+---------+------------------------+---------------------+--------+----------+----------------+-------------------------+---------------------+--------+---------+
Cram some items into myqueue:
curl -i -u guest:guest http://localhost:15672/api/exchanges/%2f/kowalski/publish -d '{"properties":{},"routing_key":"abcxyz","payload":"foobar","payload_encoding":"string"}'
HTTP/1.1 200 OK
Server: MochiWeb/1.1 WebMachine/1.10.0 (never breaks eye contact)
Date: Wed, 10 Sep 2014 17:46:59 GMT
content-type: application/json
Content-Length: 15
Cache-Control: no-cache
{"routed":true}
RabbitMQ see messages in queue:
eric#dev ~ $ sudo python rabbitmqadmin get queue=myqueue requeue=true count=10
+-------------+----------+---------------+---------------------------------------+---------------+------------------+------------+-------------+
| routing_key | exchange | message_count | payload | payload_bytes | payload_encoding | properties | redelivered |
+-------------+----------+---------------+---------------------------------------+---------------+------------------+------------+-------------+
| abcxyz | kowalski | 10 | foobar | 6 | string | | True |
| abcxyz | kowalski | 9 | {'testdata':'test'} | 19 | string | | True |
| abcxyz | kowalski | 8 | {'mykey':'myvalue'} | 19 | string | | True |
| abcxyz | kowalski | 7 | {'mykey':'myvalue'} | 19 | string | | True |
+-------------+----------+---------------+---------------------------------------+---------------+------------------+------------+-------------+
I wrote rabbitmq-dump-queue which allows dumping messages from a RabbitMQ queue to local files and requeuing the messages in their original order.
Example usage (to dump the first 50 messages of queue incoming_1):
rabbitmq-dump-queue -url="amqp://user:password#rabbitmq.example.com:5672/" -queue=incoming_1 -max-messages=50 -output-dir=/tmp
If you want multiple messages from a queue, say 10 messages, the command to use is:
rabbitmqadmin get queue=<QueueName> ackmode=ack_requeue_true count=10
This is how it looks on front interface avalable on http://localhost:15672 :
If you don't want the messages requeued, just change ackmode to ack_requeue_false.
you can use RabbitMQ API to get count or messages :
/api/queues/vhost/name/get
Get messages from a queue. (This is not an HTTP GET as it will alter the state of the queue.) You should post a body looking like:
{"count":5,"requeue":true,"encoding":"auto","truncate":50000}
count controls the maximum number of messages to get. You may get fewer messages than this if the queue cannot immediately provide them.
requeue determines whether the messages will be removed from the queue. If requeue is true they will be requeued - but their redelivered flag will be set.
encoding must be either "auto" (in which case the payload will be returned as a string if it is valid UTF-8, and base64 encoded otherwise), or "base64" (in which case the payload will always be base64 encoded).
If truncate is present it will truncate the message payload if it is larger than the size given (in bytes).
truncate is optional; all other keys are mandatory.
Please note that the publish / get paths in the HTTP API are intended for injecting test messages, diagnostics etc - they do not implement reliable delivery and so should be treated as a sysadmin's tool rather than a general API for messaging.
http://hg.rabbitmq.com/rabbitmq-management/raw-file/rabbitmq_v3_1_3/priv/www/api/index.html
a bit late to this, but yes rabbitmq has a build in tracer that allows you to see the incomming messages in a log. When enabled, you can just tail -f /var/tmp/rabbitmq-tracing/.log (on mac) to watch the messages.
the detailed discription is here http://www.mikeobrien.net/blog/tracing-rabbitmq-messages