Openstack: Bridges and OVS

In these days I’m studying Openstack network components.
I already worked with OVS and bridges but I have the opportunity to deep them more as possible. For this purpose I’m looking for a good documentation on the web. I found this page about bridges. It explains clearly what is a bridge and how it works.
Have a look at this blog, it’s pretty good !!

Openstack exam preparation

In these days I began to study Openstack, because before September I would like to take the Redhat Openstack RHCSA exam. I already worked and designed a Openstack Undercloud/Overcloud but it was 2 years ago, I forgot several infos 🙂
Let’s work hard for this new challenge !! 😀

RHOSP 10 Composable Roles

I read about Redhat OpenStack 10 composable roles.
What I’m speaking about? The option to configure a single baremetal server with multiple roles, for example it can be both compute and controller at same time!!
This is fantastic and I can’t wait for play with those roles!

Redhat Openstack Kilo: How to backup the Overcloud objects?

The last week me and a collegue began to plan an Openstack hardware upgrade ( customer needs to increase compute nodes and ceph storage nodes ).
I immediatelly asked: what about if something goes wrong during the upgrade? Can we backup the overcloud objects? ( I mean routers, networks, subnets, definitions and all other objects )
Ceph side I tested RBD backup and restore procedure, it’s easy. What about overcloud?
Looking in the web I did not found anything, just the Undercloud official backup procedure.
For this purpose I made a SR to Redhat and they said me that there is still not an official overcloud backup procedure!!! They are still writing about it.
This is no good for us, so I began to study something and I think we can achieve this goal with:

1) Python scripts

I think the first one should be the best but I still don’t know Python. I know that is very important to learn it and I will soon. But basically now we have low time so I try to study the REST APIs.
Let’s see what will happen 🙂

Puppet use with OpenStack and cloudinit

I finally was able to use HEAT templates writing inside puppet manifests.
With this method I can cover automatic installation and configuration of middleware products after the first boot og the instance. .

Following some line from my code ( be careful , pasting lines here destroys the yaml format )

type: OS::Nova::Server
name: test_01
image: { get_param: image_id }
flavor: m1.medium
– port: { get_resource: server1_port }
user_data_format: RAW
get_resource: server_init


type: OS::Heat::SoftwareConfig
group: script
config: |
setenforce 0
sed -i ‘s/SELINUX=enforcing/SELINUX=permissive/’ /etc/selinux/config
rpm -ivh
yum -y install puppet
puppet apply /tmp/01-setup.pp


type: OS::Heat::CloudConfig
– path: “/tmp/01-setup.pp”
permissions: ‘0666’
owner: root:root
content: |
class utilities {

package { ‘wget’:
ensure => ‘present’,

Redhat Openstack Kilo: how let running instances use sctp protocol

The Last week I faced a comunication issue on Openstack Kilo. A couple of CentOS 7 instances were not able to comunicate each other via sctp protocol ( this was the first time I heard about sctp protocol! ).
It seems that standard security group policies don’t allow to define sctp protocol within the rules. Looking on the web I found an open bugzilla but I tought about some iptable rule on compute nodes.
After a couple of days of multiple tests , analysis I was able to solve the issue. How?

1) You must configure the allow of any traffic for the protocol number 132 ( see sctp RFC )
2) If the step 1 did not solve the issue , you can add iptable rules to neutron-openvswi-sg-fallback chain ( this chain is always called when top rules do not match any traffic type )
3) After step 2 , you must run the modprobe of ip_conntrack_proto_sctp module on each compute node you have.

What did I use for sctp test? I found one nice utility , here:

This is a perfect tool when you must test any sctp communication
I’m ready for the next challenge 🙂