<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
I tinkered with the Nova create call and things are (sort of) working)
<div><br>
</div>
<div>I changed the plugging to do this:</div>
<div><br>
</div>
<div>
<div>port_id = port['port']['id']</div>
<div><br>
</div>
<div>instance = {'uuid': vm_uuid}</div>
<div>network = {'bridge': 'br-int'}</div>
<div><br>
</div>
<div>class VeryDangerousHack(network_model.VIF):</div>
<div> def __init__(self, port_id, mac_addr, network):</div>
<div> super(VeryDangerousHack, self).__init__(</div>
<div> id=port_id, address=mac_addr, network=network,</div>
<div> type=network_model.VIF_TYPE_OVS,</div>
<div> details={'ovs_hybrid_plug': False, 'port_filter': False},</div>
<div> active=True)</div>
<div><br>
</div>
<div>vif = VeryDangerousHack(port_id, mac_addr, network)</div>
<div><br>
</div>
<div># For ML2 plugin</div>
<div>driver = vif_driver.LibvirtGenericVIFDriver({})</div>
<div>driver.plug(instance, vif)</div>
<div><br>
</div>
<div>It completed without errors, the interface is up, and I can ping over it. (Yay!) However, it still seems to show the hybrid plug and port filtering:</div>
<div><br>
</div>
<div>
<div><font face="Courier New">openstack@devstack-32:~/devstack$ neutron port-show private_p</font></div>
<div><font face="Courier New">+-----------------------+---------------------------------------------------------------------------------+</font></div>
<div><font face="Courier New">| Field | Value |</font></div>
<div><font face="Courier New">+-----------------------+---------------------------------------------------------------------------------+</font></div>
<div><font face="Courier New">| admin_state_up | True |</font></div>
<div><font face="Courier New">| allowed_address_pairs | |</font></div>
<div><font face="Courier New">| binding:host_id | devstack-32 |</font></div>
<div><font face="Courier New">| binding:profile | {} |</font></div>
<div><font face="Courier New"><b>| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} |</b></font></div>
<div><font face="Courier New">| binding:vif_type | ovs |</font></div>
<div><font face="Courier New">| binding:vnic_type | normal |</font></div>
<div><font face="Courier New">| device_id | 999a76ef-1111-2689-1234-b12a3c4d2a00 |</font></div>
<div><font face="Courier New">| device_owner | compute:None |</font></div>
<div><font face="Courier New">| extra_dhcp_opts | |</font></div>
<div><font face="Courier New">| fixed_ips | {"subnet_id": "5255dd92-ebd6-43ea-aff8-46f97349eb99", "ip_address": "10.1.0.6"} |</font></div>
<div><font face="Courier New">| id | 267a9936-4bc2-4838-9c06-22d84309596f |</font></div>
<div><font face="Courier New">| mac_address | 42:0c:c9:cb:4e:9f |</font></div>
<div><font face="Courier New">| name | private_p |</font></div>
<div><font face="Courier New">| network_id | df8305f2-9797-41ed-bd76-6f083575e0f7 |</font></div>
<div><font face="Courier New">| security_groups | 365a63ea-149c-4ff9-9aa2-8bcfe9dfb7e3 |</font></div>
<div><font face="Courier New">| status | ACTIVE |</font></div>
<div><font face="Courier New">| tenant_id | 78fe6c3b72a64595aa7d3c6c25d58c51 |</font></div>
<div><font face="Courier New">+-----------------------++</font></div>
</div>
<div><br>
</div>
<div>Can anyone enlightened me on what these settings imply?</div>
<div><br>
</div>
<div>From the review Irena mentioned:</div>
<div>"<span style="background-color: rgb(255, 255, 255); font-family: 'Lucida Console', 'Lucida Sans Typewriter', Monaco, monospace; font-size: 11px; white-space: pre;">Neutron can include 'ovs_hybrid_plug' and 'port_filter' boolean keys in</span></div>
<span style="font-family: 'Lucida Console', 'Lucida Sans Typewriter', Monaco, monospace; font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);">the binding:vif_details port attribute. 'port_filter' indicates whether</span><br style="font-family: 'Lucida Console', 'Lucida Sans Typewriter', Monaco, monospace; font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);">
<span style="font-family: 'Lucida Console', 'Lucida Sans Typewriter', Monaco, monospace; font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);">or not neutron is handling port filtering for nova to determine if it needs</span><br style="font-family: 'Lucida Console', 'Lucida Sans Typewriter', Monaco, monospace; font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);">
<span style="font-family: 'Lucida Console', 'Lucida Sans Typewriter', Monaco, monospace; font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);">to filter for that port. 'ovs_hybrid_plug' can be set to True to indicate</span><br style="font-family: 'Lucida Console', 'Lucida Sans Typewriter', Monaco, monospace; font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);">
<span style="font-family: 'Lucida Console', 'Lucida Sans Typewriter', Monaco, monospace; font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);">that the neutron plugin still requires the bridge plugging strategy to attach</span><br style="font-family: 'Lucida Console', 'Lucida Sans Typewriter', Monaco, monospace; font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);">
<span style="font-family: 'Lucida Console', 'Lucida Sans Typewriter', Monaco, monospace; font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);">firewall rules.</span><font face="Lucida Console, Lucida Sans Typewriter, Monaco, monospace"><span style="font-size: 11px; white-space: pre;"></span></font></div>
<div><font face="Lucida Console, Lucida Sans Typewriter, Monaco, monospace"><span style="font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);"><br>
</span></font></div>
<div><span style="font-size: 11px; white-space: pre; background-color: rgb(255, 255, 255);"><font face="Lucida Console, Lucida Sans Typewriter, Monaco, monospace"><br>
</font></span>
<div>I have security groups disabled for Neutron and am using Nova (with ICMP and SSH allowed). Does that mean the port_filter is ignored?</div>
<div>Is the same true for the ovs_hybrid_plug, for the same reason?</div>
<div><br>
</div>
<div>Any idea why my settings for details are being ignored in the call?</div>
<div><br>
</div>
<div>I still have more checking, as the public_ip, although I can ping the local and remote Neutron routers (172.24.4.11 and 172.24.4.21), I cannot ping the far end VM that is running the same setup (outside of Nova, hooked into Neutron - though using the older
versions and original scripts). May just be a setup issue.</div>
<div><br>
</div>
<div>Looking better though!</div>
<div><br>
</div>
<div apple-content-edited="true">
<div>
<div>PCM (Paul Michali)</div>
<div><br>
</div>
<div>MAIL
..
. <a href="mailto:pcm@cisco.com">pcm@cisco.com</a></div>
<div>IRC
..
pcm_ (<a href="http://irc.freenode.com">irc.freenode.com</a>)</div>
<div>TW
... @pmichali</div>
<div>GPG Key
4525ECC253E31A83</div>
<div>Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83</div>
</div>
<div><br>
</div>
<br class="Apple-interchange-newline">
</div>
<br>
<div>
<div>On Mar 31, 2014, at 9:56 AM, Paul Michali (pcm) <<a href="mailto:pcm@cisco.com">pcm@cisco.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
Hi Darragh,
<div><br>
</div>
<div>Yes (I should included more background), I have a VM started in KVM, and it has I/Fs associated with scripts for I/F up and down:</div>
<div><br>
</div>
<div>
<div>IFNAME_ETH0=$NAME"__mgmt"</div>
<div>IFNAME_ETH1=$NAME"__public"</div>
<div>IFNAME_ETH2=$NAME"__private"</div>
<div><br>
</div>
<div>kvm -m 8192 -name $NAME \</div>
<div>-smp 4 \</div>
<div>-serial telnet:$TELNET_ACCESS,server,nowait \</div>
<div>-net nic,macaddr=$MACADDR_ETH0,model=e1000,vlan=0 \</div>
<div>-net tap,ifname=$IFNAME_ETH0,vlan=0,script=osn-ifup-mgmt,downscript=osn-ifdown-mgmt \</div>
<div>-net nic,macaddr=$MACADDR_ETH1,model=e1000,vlan=1 \</div>
<div>-net tap,ifname=$IFNAME_ETH1,vlan=1,script=osn-ifup-br-ex,downscript=osn-ifdown-br-ex \</div>
<div>-net nic,macaddr=$MACADDR_ETH2,model=e1000,vlan=2 \</div>
<div>-net tap,ifname=$IFNAME_ETH2,vlan=2,script=osn-ifup-br-int,downscript=osn-ifdown-br-int \</div>
<div>-drive file=$IMAGE \</div>
<div>-boot c \</div>
<div>-vga cirrus \</div>
<div>-vnc $VNC_ACCESS</div>
<div><br>
</div>
<div>ETH2, using osn-ifup-br-int, does this:</div>
<div><br>
</div>
<div>
<div>#!/bin/bash</div>
<div><br>
</div>
<div>source config.ini</div>
<div><br>
</div>
<div>/sbin/ifconfig $1 0.0.0.0 up</div>
<div>if_mac=`ifconfig $1 | awk '{ if ($4 == "HWaddr") print $5 }'`</div>
<div>info_str=`<b>./plug_vif.py</b> ${HOST} ${USER} ${PASSWORD} ${TENANT} ${UUID} ${if_mac} ${HOSTNAME} $1`</div>
<div>if [ "$info_str" == "" ]; then</div>
<div> echo "VIF plugging failed ($1)! Exiting ..." >&2</div>
<div> exit 1</div>
<div>fi</div>
<div><br>
</div>
<div># Write for file for later clean-up by osn-ifdown</div>
<div>echo "$1 ${if_mac} ${UUID} $info_str" >> .instance_info</div>
<div><br>
</div>
<div>IFS=' ' read -a info <<< "$info_str"</div>
<div>switch=${info[0]}</div>
<div>echo "Plugging interface: $1 into switch: ${switch}"</div>
<div>ovs-vsctl add-port ${switch} $1</div>
</div>
<div><br>
</div>
<div>Note: T original that used Nova for the plugging of VIF used this for the last line, instead of ovs-vsctl:</div>
<div><br>
</div>
<div>brctl addif ${switch} $1</div>
<div><br>
</div>
<div><br>
</div>
<div>Regards,</div>
<div><br>
</div>
<div><br>
</div>
<div apple-content-edited="true">
<div>
<div>PCM (Paul Michali)</div>
<div><br>
</div>
<div>MAIL
..
. <a href="mailto:pcm@cisco.com">pcm@cisco.com</a></div>
<div>IRC
..
pcm_ (<a href="http://irc.freenode.com/">irc.freenode.com</a>)</div>
<div>TW
... @pmichali</div>
<div>GPG Key
4525ECC253E31A83</div>
<div>Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83</div>
</div>
<div><br>
</div>
<br class="Apple-interchange-newline">
</div>
<br>
<div>
<div>On Mar 31, 2014, at 9:26 AM, Darragh O'Reilly <<a href="mailto:dara2002-openstack@yahoo.com">dara2002-openstack@yahoo.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div>
<div style="background-color: rgb(255, 255, 255); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;">
<div><span>Hi Paul,</span></div>
<div style="font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">
<br>
<span></span></div>
<div style="font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">
<span>tbh I'm not exactly sure what you are trying to do overall. But from your script it seems to me that you are trying to create an OVS port so a libvirt instance outside of Nova control can use it. And you don't need the linux bridge for security group
iptables.<br>
<br>
AFAIK the tap must be created first using the ip command. Then when 'ovs-vsctl add-port' is called with the same name as the tap device for the port name, the tap device will be enslaved properly in the OVS bridge.<br>
<br>
<a href="https://github.com/openstack/nova/blob/304df046eaaad6d64ee16898b1eaa76918e98878/nova/virt/libvirt/vif.py#L420-L423">https://github.com/openstack/nova/blob/304df046eaaad6d64ee16898b1eaa76918e98878/nova/virt/libvirt/vif.py#L420-L423</a></span></div>
<div style="font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">
<br>
<span></span></div>
<div style="font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">
<span>Regards, Darragh.<br>
</span></div>
<div style="display: block;" class="yahoo_quoted">
<div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 12pt;">
<div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size:
12pt;">
<div dir="ltr"><font size="2" face="Arial">On Monday, 31 March 2014, 12:36, Paul Michali (pcm) <<a href="mailto:pcm@cisco.com">pcm@cisco.com</a>> wrote:<br>
</font></div>
<blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;">
<div class="y_msg_container">
<div id="yiv7857866124">Hi Darragh,
<div><br clear="none">
</div>
<div>Can you elaborate on what the set interface arguments do in OVS? Just trying to understand why it is not desired, when plugging into this interface (note I have a management interface on the br-int and it works fine
this one, which is also on br-int,
but needs to tie to the existing private network that devstack sets up, does not work.</div>
<div><br clear="none">
</div>
<div>Regards,</div>
<div><br clear="none">
<div>
<div>
<div>PCM (Paul Michali)</div>
<div><br clear="none">
</div>
<div>MAIL
..
. <a rel="nofollow" shape="rect" ymailto="mailto:pcm@cisco.com" target="_blank" href="mailto:pcm@cisco.com">
pcm@cisco.com</a></div>
<div>IRC
..
pcm_ (<a rel="nofollow" shape="rect" target="_blank" href="http://irc.freenode.com/">irc.freenode.com</a>)</div>
<div>TW
... @pmichali</div>
<div>GPG Key
4525ECC253E31A83</div>
<div>Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83</div>
</div>
<div><br clear="none">
</div>
<br class="yiv7857866124Apple-interchange-newline" clear="none">
</div>
<br clear="none">
<div>
<div class="yiv7857866124yqt0585424631" id="yiv7857866124yqt76644">
<div>On Mar 31, 2014, at 4:20 AM, Darragh O'Reilly <<a rel="nofollow" shape="rect" ymailto="mailto:dara2002-openstack@yahoo.com" target="_blank" href="mailto:dara2002-openstack@yahoo.com">dara2002-openstack@yahoo.com</a>> wrote:</div>
<br class="yiv7857866124Apple-interchange-newline" clear="none">
<blockquote type="cite">
<div>
<div style="background-color:rgb(255, 255, 255);font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;font-size:12pt;">
Hi Paul,<span style="color:rgb(68, 85, 136);font-family:Consolas, 'Liberation Mono', Courier, monospace;font-size:12px;font-style:normal;font-variant:normal;font-weight:bold;letter-spacing:normal;line-height:18px;text-indent:0px;text-transform:none;white-space:pre;word-spacing:0px;background-color:rgb(255, 255, 255);display:inline;float:none;"></span><br clear="none">
<br clear="none">
the OVSInterfaceDriver creates interfaces with type internal so agents like DHCP/L3 etc can put IP addresses on them. But I don't think type internal will work for instances. You could try subclassing and overriding so it does not do this:<br clear="none">
<br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="https://github.com/openstack/neutron/blob/2541ff7cad19941b62dace7e9951a56a16e53f3e/neutron/agent/linux/interface.py#L150">https://github.com/openstack/neutron/blob/2541ff7cad19941b62dace7e9951a56a16e53f3e/neutron/agent/linux/interface.py#L150</a>
<div><br clear="none">
</div>
<div style="font-size:16px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;">
Regards,</div>
<div style="font-size:16px;font-family:HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;background-color:transparent;font-style:normal;">
Darragh.<br clear="none">
</div>
</div>
</div>
_______________________________________________<br clear="none">
OpenStack-dev mailing list<br clear="none">
<a rel="nofollow" shape="rect" ymailto="mailto:OpenStack-dev@lists.openstack.org" target="_blank" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br clear="none">
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br clear="none">
</blockquote>
</div>
</div>
<br clear="none">
</div>
</div>
<br>
<br>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<br>
</blockquote>
</div>
<br>
</div>
</body>
</html>