[openstack-dev] [Neutron] Problem plugging I/F into Neutron...
Paul Michali (pcm)
pcm at cisco.com
Mon Mar 31 14:41:57 UTC 2014
I tinkered with the Nova create call and things are (sort of) working)…
I changed the plugging to do this:
port_id = port['port']['id']
instance = {'uuid': vm_uuid}
network = {'bridge': 'br-int'}
class VeryDangerousHack(network_model.VIF):
def __init__(self, port_id, mac_addr, network):
super(VeryDangerousHack, self).__init__(
id=port_id, address=mac_addr, network=network,
type=network_model.VIF_TYPE_OVS,
details={'ovs_hybrid_plug': False, 'port_filter': False},
active=True)
vif = VeryDangerousHack(port_id, mac_addr, network)
# For ML2 plugin
driver = vif_driver.LibvirtGenericVIFDriver({})
driver.plug(instance, vif)
It completed without errors, the interface is up, and I can ping over it. (Yay!) However, it still seems to show the hybrid plug and port filtering:
openstack at devstack-32:~/devstack$ neutron port-show private_p
+-----------------------+---------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+---------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | devstack-32 |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} |
| binding:vif_type | ovs |
| binding:vnic_type | normal |
| device_id | 999a76ef-1111-2689-1234-b12a3c4d2a00 |
| device_owner | compute:None |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "5255dd92-ebd6-43ea-aff8-46f97349eb99", "ip_address": "10.1.0.6"} |
| id | 267a9936-4bc2-4838-9c06-22d84309596f |
| mac_address | 42:0c:c9:cb:4e:9f |
| name | private_p |
| network_id | df8305f2-9797-41ed-bd76-6f083575e0f7 |
| security_groups | 365a63ea-149c-4ff9-9aa2-8bcfe9dfb7e3 |
| status | ACTIVE |
| tenant_id | 78fe6c3b72a64595aa7d3c6c25d58c51 |
+-----------------------+————————————————————————————————————————+
Can anyone enlightened me on what these settings imply?
>From the review Irena mentioned:
"Neutron can include 'ovs_hybrid_plug' and 'port_filter' boolean keys in
the binding:vif_details port attribute. 'port_filter' indicates whether
or not neutron is handling port filtering for nova to determine if it needs
to filter for that port. 'ovs_hybrid_plug' can be set to True to indicate
that the neutron plugin still requires the bridge plugging strategy to attach
firewall rules.”
I have security groups disabled for Neutron and am using Nova (with ICMP and SSH allowed). Does that mean the port_filter is ignored?
Is the same true for the ovs_hybrid_plug, for the same reason?
Any idea why my settings for details are being ignored in the call?
I still have more checking, as the public_ip, although I can ping the local and remote Neutron routers (172.24.4.11 and 172.24.4.21), I cannot ping the far end VM that is running the same setup (outside of Nova, hooked into Neutron - though using the older versions and original scripts). May just be a setup issue.
Looking better though!
PCM (Paul Michali)
MAIL …..…. pcm at cisco.com<mailto:pcm at cisco.com>
IRC ……..… pcm_ (irc.freenode.com<http://irc.freenode.com>)
TW ………... @pmichali
GPG Key … 4525ECC253E31A83
Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
On Mar 31, 2014, at 9:56 AM, Paul Michali (pcm) <pcm at cisco.com<mailto:pcm at cisco.com>> wrote:
Hi Darragh,
Yes (I should included more background), I have a VM started in KVM, and it has I/Fs associated with scripts for I/F up and down:
IFNAME_ETH0=$NAME"__mgmt"
IFNAME_ETH1=$NAME"__public"
IFNAME_ETH2=$NAME"__private"
kvm -m 8192 -name $NAME \
-smp 4 \
-serial telnet:$TELNET_ACCESS,server,nowait \
-net nic,macaddr=$MACADDR_ETH0,model=e1000,vlan=0 \
-net tap,ifname=$IFNAME_ETH0,vlan=0,script=osn-ifup-mgmt,downscript=osn-ifdown-mgmt \
-net nic,macaddr=$MACADDR_ETH1,model=e1000,vlan=1 \
-net tap,ifname=$IFNAME_ETH1,vlan=1,script=osn-ifup-br-ex,downscript=osn-ifdown-br-ex \
-net nic,macaddr=$MACADDR_ETH2,model=e1000,vlan=2 \
-net tap,ifname=$IFNAME_ETH2,vlan=2,script=osn-ifup-br-int,downscript=osn-ifdown-br-int \
-drive file=$IMAGE \
-boot c \
-vga cirrus \
-vnc $VNC_ACCESS
ETH2, using osn-ifup-br-int, does this:
#!/bin/bash
source config.ini
/sbin/ifconfig $1 0.0.0.0 up
if_mac=`ifconfig $1 | awk '{ if ($4 == "HWaddr") print $5 }'`
info_str=`./plug_vif.py ${HOST} ${USER} ${PASSWORD} ${TENANT} ${UUID} ${if_mac} ${HOSTNAME} $1`
if [ "$info_str" == "" ]; then
echo "VIF plugging failed ($1)! Exiting ..." >&2
exit 1
fi
# Write for file for later clean-up by osn-ifdown
echo "$1 ${if_mac} ${UUID} $info_str" >> .instance_info
IFS=' ' read -a info <<< "$info_str"
switch=${info[0]}
echo "Plugging interface: $1 into switch: ${switch}"
ovs-vsctl add-port ${switch} $1
Note: T original that used Nova for the plugging of VIF used this for the last line, instead of ovs-vsctl:
brctl addif ${switch} $1
Regards,
PCM (Paul Michali)
MAIL …..…. pcm at cisco.com<mailto:pcm at cisco.com>
IRC ……..… pcm_ (irc.freenode.com<http://irc.freenode.com/>)
TW ………... @pmichali
GPG Key … 4525ECC253E31A83
Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
On Mar 31, 2014, at 9:26 AM, Darragh O'Reilly <dara2002-openstack at yahoo.com<mailto:dara2002-openstack at yahoo.com>> wrote:
Hi Paul,
tbh I'm not exactly sure what you are trying to do overall. But from your script it seems to me that you are trying to create an OVS port so a libvirt instance outside of Nova control can use it. And you don't need the linux bridge for security group iptables.
AFAIK the tap must be created first using the ip command. Then when 'ovs-vsctl add-port' is called with the same name as the tap device for the port name, the tap device will be enslaved properly in the OVS bridge.
https://github.com/openstack/nova/blob/304df046eaaad6d64ee16898b1eaa76918e98878/nova/virt/libvirt/vif.py#L420-L423
Regards, Darragh.
On Monday, 31 March 2014, 12:36, Paul Michali (pcm) <pcm at cisco.com<mailto:pcm at cisco.com>> wrote:
Hi Darragh,
Can you elaborate on what the “set interface” arguments do in OVS? Just trying to understand why it is not desired, when plugging into this interface (note I have a management interface on the br-int and it works fine…this one, which is also on br-int, but needs to tie to the existing “private” network that devstack sets up, does not work.
Regards,
PCM (Paul Michali)
MAIL …..…. pcm at cisco.com<mailto:pcm at cisco.com>
IRC ……..… pcm_ (irc.freenode.com<http://irc.freenode.com/>)
TW ………... @pmichali
GPG Key … 4525ECC253E31A83
Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
On Mar 31, 2014, at 4:20 AM, Darragh O'Reilly <dara2002-openstack at yahoo.com<mailto:dara2002-openstack at yahoo.com>> wrote:
Hi Paul,
the OVSInterfaceDriver creates interfaces with type internal so agents like DHCP/L3 etc can put IP addresses on them. But I don't think type internal will work for instances. You could try subclassing and overriding so it does not do this:
https://github.com/openstack/neutron/blob/2541ff7cad19941b62dace7e9951a56a16e53f3e/neutron/agent/linux/interface.py#L150
Regards,
Darragh.
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140331/4f018fc2/attachment.html>
More information about the OpenStack-dev
mailing list