<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi George -<br>
<br>
Thanks for that - I can see that the host file specified in the
--dhcp-hostsfile argument fed to dnsmasq
(/var/lib/neutron/dhcp/UUID/host) gets populated by openstack as
follows:<br>
---<br>
fa:16:3e:58:17:53,host-10-20-50-202.openstacklocal.,10.20.50.202<br>
fa:16:3e:8a:d3:f8,host-10-20-50-201.openstacklocal.,10.20.50.201<br>
fa:16:3e:21:94:bf,host-10-20-50-205.openstacklocal.,10.20.50.205<br>
---<br>
<br>
- the dnsmasq process is also fed the argument<br>
--dhcp-range=set:tag0,10.20.50.0,static,86400s <br>
<br>
- the 'static' mode means that only hosts with MAC addresses/IPs
specified in the hosts file will get dhcp addresses - hence why no
dhcp range needs to be specified in the --dhcp-range argument, only
the network address.<br>
<br>
Effectively, openstack is managing the dhcp ip range and IP address
allocation outside of the dnsmasq process, by writing entries into
this hosts file every time anything that needs an ip (a new VM or
port/gateway) is created. <br>
<br>
Under this scheme, no dhcp addresses can be issued to hosts that
openstack/neutron doesn't know about (eg. on a vlan tenant network
that the tenant wants to connect other non-openstack kit to).<br>
<br>
/usr/lib/python2.7/site-packages/neutron/agent/linux/dhcp.py has the
'static' argument for --dhcp-range hard coded into it for ipv4. I
tried a crude modification to this script as follows, to remove the
optional 'static' mode from dnsmasq's --dhcp-range argument and
instead insert the network broadcast address acting as the end of
the dhcp range (without mode set to static, a range start AND END
address *must* be specified to dnsmasq).<br>
<br>
<br>
--- dhcp.py 2016-02-29 15:59:45.591930854 +0000<br>
+++ dhcp.py.modified 2016-03-03 11:54:35.479619644 +0000<br>
@@ -359,7 +359,7 @@<br>
if subnet.ip_version == 4:<br>
cmd.append('--dhcp-range=%s%s,%s,%s,%s' %<br>
('set:', self._TAG_PREFIX % i,<br>
- cidr.network, mode, lease))<br>
+ cidr.network, cidr.broadcast,
lease))<br>
else:<br>
cmd.append('--dhcp-range=%s%s,%s,%s,%d,%s' %<br>
('set:', self._TAG_PREFIX % i,<br>
<br>
<br>
This allows dnsmasq to allocate IP addresses to 'unknown' hosts, as
well as to hosts specified in the hosts file, since the 'static'
mode is not being specified. I tested it by connecting wireless
devices to an AP patched into a switch port on the tenant's vlan -
the devices all got dhcp addresses in the tenant-defined
dhcp-enabled subnet and could connect to the tenant's VM instances.
Great!<br>
<br>
The trouble with this crude hack is that dnsmasq is not aware of the
dhcp ip address allocation range set in the subnet config within
openstack, because it's not being specified in the --dhcp-range
argument (the cidr.network and cidr.broadcast addresses are being
used to define the dhcp range - ie. the whole network). So, dhcp
ip's issued to non-openstack devices can be given an ip address
outside of the specified dhcp range.<br>
<br>
What I need is to be able to retrieve the dhcp range set in
openstack for the network, and use those ip addresses in place of
cidr.network/cidr.broadcast in the patch above. Any pointers on how
best to do that - or advice on a better way of achieving the same
goal? Any feedback much appreciated.<br>
<br>
cheers<br>
Iain<br>
--<br>
<br>
<br>
<div class="moz-cite-prefix">On 26/02/16 16:48, George Mihaiescu
wrote:<br>
</div>
<blockquote
cite="mid:CAGckRDr=wQLK-eyYzaB8GwsXg8cBpCugasUgZ2czbGaHTKzOtw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>Hi Ian,<br>
<br>
</div>
Neutron dhcp server only serves IPs to the MACs defined in
its host file (/var/lib/neutron/dhcp/UUID/host).<br>
<br>
</div>
You can create a port for the physical server if you know
the MAC address and this make it work, check the help for
the "neutron port-create" command:<br>
neutron help port-create<br>
<br>
</div>
Cheers,<br>
</div>
George<br>
<div>
<div>
<div><br>
<br>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 26, 2016 at 11:33 AM, iain
smith <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:iain@3birds.co.uk" target="_blank">iain@3birds.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all -
I'm currently trying to get something working on my
openstack<br>
platform, wondering if anyone's come across this before.<br>
<br>
On a VLAN tenant network, how can I allow an external device
to pick up<br>
a dhcp address from neutron's dhcp service (the dhcp service
associated<br>
with the subnet created in the tenant vlan network)?<br>
<br>
- I'm using liberty, and have created some vlan networks as
admin user,<br>
and assigned them to the 'demo' project.<br>
- logged in as demo, I've created a dhcp-enabled subnet in
one of the<br>
vlan networks, and a security group that allows hosts in the
same subnet<br>
to connect to openstack guests in that subnet.<br>
- I've created some openstack guest VMs in the subnet - they
came up ok<br>
and picked up dhcp ip addresses. I can connect to these
guests from an<br>
external server on the same VLAN (a server outside of
openstack). I can<br>
connect to the external server from the openstack guest VMs.
All as<br>
expected.<br>
<br>
What I'm trying to do is to get an external (non-openstack)
device on<br>
the same vlan to pick up a dhcp ip address from the
openstack dhcp<br>
service for that subnet. Using wireshark I can see the dhcp
request<br>
packets from my device, on the correct vlan, reaching my
neutron network<br>
node where the dnsmasq dhcp service is running, but there's
never a<br>
reply. I've tried putting wide-open ingress rules in the
security group,<br>
but haven't got it to work yet (I'm not actually sure if the
security<br>
group has any bearing at the subnet level as per AWS, or if
it applies<br>
only to guest VMs... looks to me like it just applies to
VMs).<br>
<br>
Anyone know what I need to do? I'll keep at it meantime<br>
<br>
cheers<br>
Iain<br>
--<br>
<br>
<br>
_______________________________________________<br>
Mailing list: <a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a moz-do-not-send="true"
href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>