I want to use Neutron Meter with gnocchi to report the egress bandwidht used for public traffic.
So I created neutron meter labels and neutron meter rules to include all ipv4 traffic:
+-------------------+----------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------------------------------------------------------+
| direction | egress |
| id | f2c9b9a8-0af3-40a5-a718-6e841bad111d |
| is_excluded | False |
| location | cloud='', project.domain_id='default', project.domain_name=, |
| | project.id='80120067cd7949908e44dce45aeb7712', project.name='billing', region_name='xxx', |
| | zone= |
| metering_label_id | d0068fc8-4a3e-4108-aa11-e3c171d4d1e1 |
| name | None |
| project_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
+-------------------+----------------------------------------------------------------------------------------------------+
And excluded all private nets:
+-------------------+----------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------------------------------------------------------+
| direction | egress |
| id | 838c9631-665b-42b6-b1e9-539983a38573 |
| is_excluded | True |
| location | cloud='', project.domain_id='default', project.domain_name=, |
| | project.id='80120067cd7949908e44dce45aeb7712', project.name='billing', region_name='xxx', |
| | zone= |
| metering_label_id | 435652e6-e985-4351-a31a-954bace9eea0 |
| name | None |
| project_id | None |
| remote_ip_prefix | 10.0.0.0/8 |
+-------------------+----------------------------------------------------------------------------------------------------+
It works fine for just one project but if I apply it to all projects it fails and no measures are recorded in gnocchi.
The neutron-metering-agent.log shows the following warning:
Feb 13 09:14:18 xxx_host neutron-metering-agent: 2020-02-13 09:14:09.648 4732 WARNING neutron.agent.linux.iptables_manager [req-4c38f1f5-2db4-4d4a-9c1f-9585b1b50427 65c6d4bdcbc7469a910f6361b7f70f27 80120067cd7949908e44dce45aeb7712 - - -] Duplicate iptables rule detected. This may indicate a bug in the iptables rule generation code. Line: -A neutron-meter-r-28155d45-d16 -s 10.0.0.0/8 -o qg-c61bafef-ea -j RETURN
I would expect that it is possible to have similar rules for different projects.
What do you think? Is it part of the rule creation code?
In the iptables_manager code the function is criticised: https://github.com/openstack/neutron/blob/86e4f141159072421a19080455caba1b0efef776/neutron/agent/linux/iptables_manager.py
# TODO(kevinbenton): remove this function and the next one. They are
# just oversized brooms to sweep bugs under the rug!!! We generate the
# rules and we shouldn't be generating duplicates.
def _weed_out_duplicates(line):
if line in seen_lines: thing = 'chain' if line.startswith(':') else 'rule' LOG.warning("Duplicate iptables %(thing)s detected. This " "may indicate a bug in the iptables " "%(thing)s generation code. Line: %(line)s", {'thing': thing, 'line': line}) return False seen_lines.add(line)
# Leave it alone
return True
I want to use Neutron Meter with gnocchi to report the egress bandwidht used for public traffic. ------- ------+ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- --+ ------- ------+ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- --+ 0af3-40a5- a718-6e841bad11 1d | domain_ id='default' , project. domain_ name=, | id='80120067cd7 949908e44dce45a eb7712' , project. name='billing' , region_name='xxx', | 4a3e-4108- aa11-e3c171d4d1 e1 | ------- ------+ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- --+
So I created neutron meter labels and neutron meter rules to include all ipv4 traffic:
+------
| Field | Value |
+------
| direction | egress |
| id | f2c9b9a8-
| is_excluded | False |
| location | cloud='', project.
| | project.
| | zone= |
| metering_label_id | d0068fc8-
| name | None |
| project_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
+------
And excluded all private nets: ------- ------+ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- --+ ------- ------+ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- --+ 665b-42b6- b1e9-539983a385 73 | domain_ id='default' , project. domain_ name=, | id='80120067cd7 949908e44dce45a eb7712' , project. name='billing' , region_name='xxx', | e985-4351- a31a-954bace9ee a0 | ------- ------+ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- --+
+------
| Field | Value |
+------
| direction | egress |
| id | 838c9631-
| is_excluded | True |
| location | cloud='', project.
| | project.
| | zone= |
| metering_label_id | 435652e6-
| name | None |
| project_id | None |
| remote_ip_prefix | 10.0.0.0/8 |
+------
It works fine for just one project but if I apply it to all projects it fails and no measures are recorded in gnocchi.
The neutron- metering- agent.log shows the following warning: metering- agent: 2020-02-13 09:14:09.648 4732 WARNING neutron. agent.linux. iptables_ manager [req-4c38f1f5- 2db4-4d4a- 9c1f-9585b1b504 27 65c6d4bdcbc7469 a910f6361b7f70f 27 80120067cd79499 08e44dce45aeb77 12 - - -] Duplicate iptables rule detected. This may indicate a bug in the iptables rule generation code. Line: -A neutron- meter-r- 28155d45- d16 -s 10.0.0.0/8 -o qg-c61bafef-ea -j RETURN
Feb 13 09:14:18 xxx_host neutron-
I would expect that it is possible to have similar rules for different projects.
What do you think? Is it part of the rule creation code?
In the iptables_manager code the function is criticised: /github. com/openstack/ neutron/ blob/86e4f14115 9072421a1908045 5caba1b0efef776 /neutron/ agent/linux/ iptables_ manager. py duplicates( line):
thing = 'chain' if line.startswith (':') else 'rule'
LOG.warning( "Duplicate iptables %(thing)s detected. This "
"may indicate a bug in the iptables "
"%(thing) s generation code. Line: %(line)s",
{'thing' : thing, 'line': line})
return False
seen_ lines.add( line)
https:/
# TODO(kevinbenton): remove this function and the next one. They are
# just oversized brooms to sweep bugs under the rug!!! We generate the
# rules and we shouldn't be generating duplicates.
def _weed_out_
if line in seen_lines:
# Leave it alone
return True