<div dir="ltr"><div><div><div>Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My CentOS 7 install sees emp3s0 where eth0 would usually appear. But this may need to be changed to br-ex? The IP address no longer apperas at enp3s0, so perhaps that's the issue. <br><br></div>When I make changes, I tear down all the networks and rebuild them according to instructions. I do this after restarting the machine. I wonder if the database needs to be updated as well.<br><br>su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \<br> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron<br>systemctl stop neutron-server.service \<br> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \<br> neutron-metadata-agent.service<br>systemctl stop neutron-l3-agent.service<br></div>and restart.<br><br></div>Thanks for the help. Yes. It's a bit confusing. Why are router and instance ports different? It is for this reason that I figured I could just create my own instance/router. But why should I have to? Do routers not work unless you use OpenVSwitch? The Liberty install instructions (unlike Kilo) don't seem to require installing OpenVSwitch.<br><div><div><div><br><span style="font-family:arial black,sans-serif"><font size="2">linux_bridge_agent.ini<br>inux_bridge | physical_interface_mappings | public:enp3s0 <br><br></font></span></div><div><span style="font-family:arial black,sans-serif"><font size="2">Perhaps br-ex? Or whereever I see my static IP when doing an ifconfig :-) Was enp3s0 when CentOS was first installed, but I think thats changed somehow.<br></font></span></div><div><br><span style="font-family:monospace,monospace"><font size="1">+----------------------------+-----------------------------+--------------------------------------------------------------+<br>| linuxbridge_agent: Section | Key | Value |<br>+----------------------------+-----------------------------+--------------------------------------------------------------+<br>| linux_bridge | physical_interface_mappings | public:enp3s0 |<br>| vxlan | l2_population | True |<br>| vxlan | local_ip | 172.22.10.99 |<br>| vxlan | enable_vxlan | True |<br>| agent | prevent_arp_spoofing | True |<br>| securitygroup | firewall_driver | neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |<br>| securitygroup | enable_security_group | True |<br>+----------------------------+-----------------------------+--------------------------------------------------------------+<br></font></span><br><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><div>- Christopher T. Hull<br></div><div>I am presently seeking a new career opportunity Please see career page<br></div><div><a href="http://chrishull.com/career" target="_blank">http://chrishull.com/career</a><br></div><div>333 Orchard Ave, Sunnyvale CA. 94085<br><a href="tel:%28415%29%20385%204865" value="+14153854865" target="_blank">(415) 385 4865</a><br></div><div><a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a><br></div><a href="http://chrishull.com" target="_blank">http://chrishull.com</a><br><br></div></div><div><div><br></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <span dir="ltr"><<a href="mailto:dsneddon@redhat.com" target="_blank">dsneddon@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>On 03/23/2016 03:05 PM, Christopher Hull wrote:<br>
> Hi Keven / all;<br>
><br>
> Re: Getting a Neutron Router to work. (set external_network_bridge =<br>
> blank). Apologies if this got sent twice.<br>
><br>
> Nope, not quite there yet re getting the damn router to work (week 3 on<br>
> this issue).<br>
><br>
> The Liberty install instructions indeed say to set...<br>
> external_network_bridge =<br>
><br>
> I'm so desperate that I thought the blank space after the = might be<br>
> the issue. No. Then I noticed these instructions in l3_agent.ini itself.<br>
> -----<br>
> # When external_network_bridge is set, each L3 agent can be associated<br>
> # with no more than one external network. This value should be set to<br>
> the UUID<br>
> # of that external network. To allow L3 agent support multiple external<br>
> # networks, both the external_network_bridge and<br>
> gateway_external_network_id<br>
> # must be left empty.<br>
> # gateway_external_network_id =<br>
> ----<br>
><br>
> 1: Should gateway_external_network_id = be unoommented?<br>
> 2: Should I reupdate the database after these changes?<br>
> su -s /bin/sh -c "neutron-db-manage --config-file<br>
> /etc/neutron/neutron.conf \<br>
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron<br>
><br>
> 3: Should external_network_bridge in fact be set to the UUID of the<br>
> public network?<br>
><br>
> 4. All instances Ports work just fine on public and private network.<br>
> WHAT is the difference between a Neutron router northbound port and an<br>
> instance port on the public net.<br>
><br>
> Services restarted after config change (just removed space after =<br>
> actually just in case sloppy Python coding was involved here). In<br>
> fact, I rebooted the box just to be sure.<br>
><br>
> Making my own instance based router is looking better and better all<br>
> the time. If Neutron Routers really work, maybe UFO's exist too.<br>
> :-) j/k<br>
><br>
><br>
> Seriously. Thank you for your help. Hope to help the community<br>
> soon too myself. Trying to get my Gerrit account up and running but<br>
> the OpenStack.org site won't allow me to sign the Contrib agreement<br>
> with out getting a server error.<br>
><br>
><br>
> ==== Config Details ======<br>
> Issue Neutron Router Northbound Port won't Ping, is Down<br>
><br>
> [root@maersk src]# ./pluto.py show -p /etc neutron rootwrap.conf<br>
> ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini<br>
> +-----------------------+------------------------------------+-------------------------------------------------+<br>
> | neutron: Section | Key |<br>
> Value |<br>
> +-----------------------+------------------------------------+-------------------------------------------------+<br>
> | DEFAULT | verbose |<br>
> True |<br>
> | DEFAULT | nova_url |<br>
> <a href="http://controller:8774/v2" rel="noreferrer" target="_blank">http://controller:8774/v2</a> |<br>
> | DEFAULT | notify_nova_on_port_data_changes |<br>
> True |<br>
> | DEFAULT | notify_nova_on_port_status_changes |<br>
> True |<br>
> | DEFAULT | auth_strategy |<br>
> keystone |<br>
> | DEFAULT | rpc_backend |<br>
> rabbit |<br>
> | DEFAULT | allow_overlapping_ips |<br>
> True |<br>
> | DEFAULT | service_plugins |<br>
> router |<br>
> | DEFAULT | core_plugin |<br>
> ml2 |<br>
> | keystone_authtoken | password |<br>
> mk4968small23buggidntpass |<br>
> | keystone_authtoken | username |<br>
> neutron |<br>
> | keystone_authtoken | project_name |<br>
> service |<br>
> | keystone_authtoken | user_domain_id |<br>
> default |<br>
> | keystone_authtoken | project_domain_id |<br>
> default |<br>
> | keystone_authtoken | auth_plugin |<br>
> password |<br>
> | keystone_authtoken | auth_url |<br>
> <a href="http://controller:35357" rel="noreferrer" target="_blank">http://controller:35357</a> |<br>
> | keystone_authtoken | auth_uri |<br>
> <a href="http://controller:5000" rel="noreferrer" target="_blank">http://controller:5000</a> |<br>
> | database | connection |<br>
> mysql://neutron:sleestack191@controller/neutron |<br>
> | nova | password |<br>
> mk4968small23buggidntpass |<br>
> | nova | username |<br>
> nova |<br>
> | nova | project_name |<br>
> service |<br>
> | nova | region_name |<br>
> RegionOne |<br>
> | nova | user_domain_id |<br>
> default |<br>
> | nova | project_domain_id |<br>
> default |<br>
> | nova | auth_plugin |<br>
> password |<br>
> | nova | auth_url |<br>
> <a href="http://controller:35357" rel="noreferrer" target="_blank">http://controller:35357</a> |<br>
> | oslo_concurrency | lock_path |<br>
> /var/lib/neutron/tmp |<br>
> | oslo_messaging_rabbit | rabbit_password |<br>
> open.g00dke232 |<br>
> | oslo_messaging_rabbit | rabbit_userid |<br>
> openstack |<br>
> | oslo_messaging_rabbit | rabbit_host |<br>
> controller |<br>
> +-----------------------+------------------------------------+-------------------------------------------------+<br>
> +-------------------+---------------------+--------------------------------------------------------------+<br>
> | rootwrap: Section | Key |<br>
> Value |<br>
> +-------------------+---------------------+--------------------------------------------------------------+<br>
> | DEFAULT | filters_path |<br>
> /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap |<br>
> | DEFAULT | exec_dirs |<br>
> /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |<br>
> | DEFAULT | use_syslog |<br>
> False |<br>
> | DEFAULT | syslog_log_facility |<br>
> syslog |<br>
> | DEFAULT | syslog_log_level |<br>
> ERROR |<br>
> +-------------------+---------------------+--------------------------------------------------------------+<br>
> +-------------------+----------------------+--------------------------+<br>
> | ml2_conf: Section | Key | Value |<br>
> +-------------------+----------------------+--------------------------+<br>
> | ml2 | extension_drivers | port_security |<br>
> | ml2 | mechanism_drivers | linuxbridge,l2population |<br>
> | ml2 | tenant_network_types | vxlan |<br>
> | ml2 | type_drivers | flat,vlan,vxlan |<br>
> | ml2_type_flat | flat_networks | public |<br>
> | ml2_type_vxlan | vni_ranges | 1:1000 |<br>
> | securitygroup | enable_ipset | True |<br>
> +-------------------+----------------------+--------------------------+<br>
> +-------------------+--------------------------+-----------------------------------------------------+<br>
> | l3_agent: Section | Key |<br>
> Value |<br>
> +-------------------+--------------------------+-----------------------------------------------------+<br>
> | DEFAULT | external_network_bridge<br>
> | |<br>
> | DEFAULT | verbose |<br>
> True |<br>
> | DEFAULT | interface_driver |<br>
> neutron.agent.linux.interface.BridgeInterfaceDriver |<br>
> +-------------------+--------------------------+-----------------------------------------------------+<br>
> +----------------------------+-----------------------------+--------------------------------------------------------------+<br>
> | linuxbridge_agent: Section | Key |<br>
> Value |<br>
> +----------------------------+-----------------------------+--------------------------------------------------------------+<br>
> | linux_bridge | physical_interface_mappings |<br>
> public:enp3s0 |<br>
> | vxlan | l2_population |<br>
> True |<br>
> | vxlan | local_ip |<br>
> 172.22.10.99 |<br>
> | vxlan | enable_vxlan |<br>
> True |<br>
> | agent | prevent_arp_spoofing |<br>
> True |<br>
> | securitygroup | firewall_driver |<br>
> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |<br>
> | securitygroup | enable_security_group |<br>
> True |<br>
> +----------------------------+-----------------------------+--------------------------------------------------------------+<br>
> +---------------------+--------------------------+-----------------------------------------------------+<br>
> | dhcp_agent: Section | Key |<br>
> Value |<br>
> +---------------------+--------------------------+-----------------------------------------------------+<br>
> | DEFAULT | dnsmasq_config_file |<br>
> /etc/neutron/dnsmasq-neutron.conf |<br>
> | DEFAULT | verbose |<br>
> True |<br>
> | DEFAULT | enable_isolated_metadata |<br>
> True |<br>
> | DEFAULT | dhcp_driver |<br>
> neutron.agent.linux.dhcp.Dnsmasq |<br>
> | DEFAULT | interface_driver |<br>
> neutron.agent.linux.interface.BridgeInterfaceDriver |<br>
> +---------------------+--------------------------+-----------------------------------------------------+<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> - Christopher T. Hull<br>
> I am presently seeking a new career opportunity Please see career page<br>
> <a href="http://chrishull.com/career" rel="noreferrer" target="_blank">http://chrishull.com/career</a><br>
> 333 Orchard Ave, Sunnyvale CA. 94085<br>
> <a href="tel:%28415%29%20385%204865" value="+14153854865" target="_blank">(415) 385 4865</a><br>
</div></div>> <a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a> <mailto:<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a>><br>
<span>> <a href="http://chrishull.com" rel="noreferrer" target="_blank">http://chrishull.com</a><br>
><br>
><br>
><br>
> On Wed, Mar 23, 2016 at 8:50 AM, <<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a><br>
</span><span>> <mailto:<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a>>> wrote:<br>
><br>
> Thanks. Will check that.<br>
> When I create an instance in the public or private nets they ping.<br>
> Why do router ports behave differently than instance ports? Only<br>
> the Northbound router port is down and won't ping. Will check<br>
> settings ASAP thanks<br>
><br>
> Chris.<br>
><br>
> Sent from my iPhone<br>
><br>
> On Mar 23, 2016, at 7:52 AM, Kevin Benton <kevin@benton.pub<br>
</span><span>> <mailto:<a href="mailto:kevin@benton.pub" target="_blank">kevin@benton.pub</a>>> wrote:<br>
><br>
>> Ok. The same settings should apply to Linux bridge.<br>
>><br>
>> Make sure you have external_network_bridge defined in your L3<br>
>> agent as an empty value.<br>
>><br>
>> Then your external network should be created with the provider<br>
>> type of 'flat' and the physical network corresponding to the one<br>
>> you have defined in your bridge mappings in the L2 agent that<br>
>> attaches to the bridge going to your external physical network.<br>
>><br>
>> On Mar 23, 2016 7:25 AM, <<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a><br>
</span><span>>> <mailto:<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a>>> wrote:<br>
>><br>
>> Kevin;<br>
>> Thank you Very much. I'll check. I did a manual Liberty<br>
>> install so I may have done something wrong. I am using<br>
>> LinuxBridge (not OpenVSwitch) if that helps. Will post<br>
>> results to list soon. Would like to be able to use floating<br>
>> IPs, a more convenient form of ipTables basically.<br>
>><br>
>> Chris.<br>
>><br>
>> Sent from my iPhone<br>
>><br>
>> On Mar 23, 2016, at 7:16 AM, Kevin Benton <kevin@benton.pub<br>
</span><span>>> <mailto:<a href="mailto:kevin@benton.pub" target="_blank">kevin@benton.pub</a>>> wrote:<br>
>><br>
>>> Do you have external_network_bridge set to an empty value in<br>
>>> the l3 agent config? If not, the l3 agent will use a legacy<br>
>>> mode of wiring up the port and it's status field may not be<br>
>>> ACTIVE.<br>
>>><br>
>>> The routers are tested thousands of times in the gate every<br>
>>> day, so they work. It's just a matter of getting your<br>
>>> configuration correct.<br>
>>><br>
>>> Yes, you can use a VM to route as well.<br>
>>><br>
>>> On Mar 23, 2016 7:06 AM, <<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a><br>
</span><span>>>> <mailto:<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a>>> wrote:<br>
>>><br>
>>> Hi all;<br>
>>> It appears that Liberty Neutron routers do not work.<br>
>>> The Northbound port is always Down.<br>
>>><br>
>>> What I'd like to do is dedicate an instance (CentOS) to<br>
>>> routing between the Public net and other nets. Has<br>
>>> anyone done this. Setting up the router is trivial.<br>
>>> But I'm a little worried about interaction with Neutron<br>
>>> Ports. I need to assign fixed IPs so I can route from<br>
>>> the Internet to a server instance.<br>
>>><br>
>>> Ideas?<br>
>>><br>
>>> Thanks<br>
>>> - Chris.<br>
>>><br>
>>> Sent from my iPhone<br>
>>> _______________________________________________<br>
>>> OpenStack-operators mailing list<br>
>>> <a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br>
</span>>>> <mailto:<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a>><br>
>>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
<span>>>><br>
><br>
><br>
><br>
> _______________________________________________<br>
> OpenStack-operators mailing list<br>
> <a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
><br>
<br>
</span>Definitely the external_network_bridge needs to be explicitly set to<br>
nothing. That's not the default. I've never had to change the default<br>
gateway_external_network_id when I set external_network_bridge to a<br>
blank value.<br>
<br>
Note that after making changes to external_network_bridge, I've have to<br>
delete and recreate the router/port/network that was created before<br>
that change.<br>
<br>
I assume that your bridge mappings are correct in<br>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:<br>
<br>
bridge_mappings =datacentre:br-ex # or whatever you have locally<br>
<br>
And that the physical_network of the external network matches the<br>
network name in the bridge_mappings that corresponds to the bridge<br>
containing the physical interface? Probably your instance ports<br>
wouldn't work if those things weren't correct, but those are also areas<br>
where I see failures similar to this.<br>
<span><font color="#888888"><br>
--<br>
Dan Sneddon | Principal OpenStack Engineer<br>
<a href="mailto:dsneddon@redhat.com" target="_blank">dsneddon@redhat.com</a> | <a href="http://redhat.com/openstack" rel="noreferrer" target="_blank">redhat.com/openstack</a><br>
<a href="tel:650.254.4025" value="+16502544025" target="_blank">650.254.4025</a> | dsneddon:irc @dxs:twitter<br>
</font></span></blockquote></div><br></div></div>