<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi all -<br>
<br>
if anyone's interested, the following patch provides the
functionality I needed. It's based on an older patch from
<a class="moz-txt-link-freetext" href="https://nfv.net/2015/02/network-neutron/">https://nfv.net/2015/02/network-neutron/</a><br>
<br>
Patch is for RDO package (liberty) python-neutron-7.0.1-1.el7.noarch<br>
<br>
<br>
<br>
--- ./usr/lib/python2.7/site-packages/neutron/agent/dhcp/config.py
2016-03-11 11:08:45.674664463 +0000<br>
+++
./usr/lib/python2.7/site-packages/neutron/agent/dhcp/config.py.modified
2016-03-11 11:24:44.686955075 +0000<br>
@@ -55,6 +55,8 @@<br>
help=_('Comma-separated list of the DNS servers
which will be '<br>
'used as forwarders.'),<br>
deprecated_name='dnsmasq_dns_server'),<br>
+ cfg.BoolOpt('dhcp_serve_subnet', default=False,<br>
+ help=_('DHCP will service any MAC on subnet')),<br>
cfg.BoolOpt('dhcp_delete_namespaces', default=True,<br>
help=_("Delete namespace after removing a dhcp
server."<br>
"This option is deprecated and "<br>
<br>
<br>
---
./usr/lib/python2.7/site-packages/neutron/agent/linux/dhcp.py
2016-02-29 15:59:45.591930854 +0000<br>
+++
./usr/lib/python2.7/site-packages/neutron/agent/linux/dhcp.py.modified
2016-03-11 11:50:16.599613303 +0000<br>
@@ -357,9 +357,25 @@<br>
# mode is optional and is not set - skip it<br>
if mode:<br>
if subnet.ip_version == 4:<br>
- cmd.append('--dhcp-range=%s%s,%s,%s,%s' %<br>
- ('set:', self._TAG_PREFIX % i,<br>
- cidr.network, mode, lease))<br>
+ # Change to use the entire dhcp-range as
allocation-pool<br>
+ # rather than just static<br>
+ # --dab<br>
+<br>
+ if (self.conf.dhcp_serve_subnet):<br>
+ for ap in subnet.allocation_pools:<br>
+
cmd.append('--dhcp-range=%s%s,%s,%s,%s' %<br>
+ ('set:',
self._TAG_PREFIX % i,<br>
+ getattr(ap,
'start'),<br>
+ getattr(ap, 'end'),<br>
+ lease))<br>
+ else:<br>
+
cmd.append('--dhcp-range=%s%s,%s,%s,%s' %<br>
+ ('set:', self._TAG_PREFIX %
i,<br>
+ cidr.network,<br>
+ mode,<br>
+ lease))<br>
+<br>
+<br>
else:<br>
cmd.append('--dhcp-range=%s%s,%s,%s,%d,%s' %<br>
('set:', self._TAG_PREFIX % i,<br>
<br>
<br>
<br>
<br>
Apply the patches, then add a config line to
/etc/neutron/dhcp_agent.ini on the network node (or wherever dhcp
agent is running) to use the new config parameter:<br>
---<br>
# to allow dhcp addresses to be given to non-openstack devices on
vlan tenant networks<br>
dhcp_serve_subnet = true<br>
---<br>
<br>
Then restart the neutron-dhcp-agent service.<br>
<br>
cheers<br>
Iain<br>
--<br>
<br>
<br>
<div class="moz-cite-prefix">On 09/03/16 17:36, iain smith wrote:<br>
</div>
<blockquote cite="mid:56E05F0A.6050603@3birds.co.uk" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
Hi George -<br>
<br>
Thanks for that - I can see that the host file specified in the
--dhcp-hostsfile argument fed to dnsmasq
(/var/lib/neutron/dhcp/UUID/host) gets populated by openstack as
follows:<br>
---<br>
fa:16:3e:58:17:53,host-10-20-50-202.openstacklocal.,10.20.50.202<br>
fa:16:3e:8a:d3:f8,host-10-20-50-201.openstacklocal.,10.20.50.201<br>
fa:16:3e:21:94:bf,host-10-20-50-205.openstacklocal.,10.20.50.205<br>
---<br>
<br>
- the dnsmasq process is also fed the argument<br>
--dhcp-range=set:tag0,10.20.50.0,static,86400s <br>
<br>
- the 'static' mode means that only hosts with MAC addresses/IPs
specified in the hosts file will get dhcp addresses - hence why no
dhcp range needs to be specified in the --dhcp-range argument,
only the network address.<br>
<br>
Effectively, openstack is managing the dhcp ip range and IP
address allocation outside of the dnsmasq process, by writing
entries into this hosts file every time anything that needs an ip
(a new VM or port/gateway) is created. <br>
<br>
Under this scheme, no dhcp addresses can be issued to hosts that
openstack/neutron doesn't know about (eg. on a vlan tenant network
that the tenant wants to connect other non-openstack kit to).<br>
<br>
/usr/lib/python2.7/site-packages/neutron/agent/linux/dhcp.py has
the 'static' argument for --dhcp-range hard coded into it for
ipv4. I tried a crude modification to this script as follows, to
remove the optional 'static' mode from dnsmasq's --dhcp-range
argument and instead insert the network broadcast address acting
as the end of the dhcp range (without mode set to static, a range
start AND END address *must* be specified to dnsmasq).<br>
<br>
<br>
--- dhcp.py 2016-02-29 15:59:45.591930854 +0000<br>
+++ dhcp.py.modified 2016-03-03 11:54:35.479619644 +0000<br>
@@ -359,7 +359,7 @@<br>
if subnet.ip_version == 4:<br>
cmd.append('--dhcp-range=%s%s,%s,%s,%s' %<br>
('set:', self._TAG_PREFIX % i,<br>
- cidr.network, mode, lease))<br>
+ cidr.network, cidr.broadcast,
lease))<br>
else:<br>
cmd.append('--dhcp-range=%s%s,%s,%s,%d,%s' %<br>
('set:', self._TAG_PREFIX % i,<br>
<br>
<br>
This allows dnsmasq to allocate IP addresses to 'unknown' hosts,
as well as to hosts specified in the hosts file, since the
'static' mode is not being specified. I tested it by connecting
wireless devices to an AP patched into a switch port on the
tenant's vlan - the devices all got dhcp addresses in the
tenant-defined dhcp-enabled subnet and could connect to the
tenant's VM instances. Great!<br>
<br>
The trouble with this crude hack is that dnsmasq is not aware of
the dhcp ip address allocation range set in the subnet config
within openstack, because it's not being specified in the
--dhcp-range argument (the cidr.network and cidr.broadcast
addresses are being used to define the dhcp range - ie. the whole
network). So, dhcp ip's issued to non-openstack devices can be
given an ip address outside of the specified dhcp range.<br>
<br>
What I need is to be able to retrieve the dhcp range set in
openstack for the network, and use those ip addresses in place of
cidr.network/cidr.broadcast in the patch above. Any pointers on
how best to do that - or advice on a better way of achieving the
same goal? Any feedback much appreciated.<br>
<br>
cheers<br>
Iain<br>
--<br>
<br>
<br>
<div class="moz-cite-prefix">On 26/02/16 16:48, George Mihaiescu
wrote:<br>
</div>
<blockquote
cite="mid:CAGckRDr=wQLK-eyYzaB8GwsXg8cBpCugasUgZ2czbGaHTKzOtw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>Hi Ian,<br>
<br>
</div>
Neutron dhcp server only serves IPs to the MACs defined
in its host file (/var/lib/neutron/dhcp/UUID/host).<br>
<br>
</div>
You can create a port for the physical server if you know
the MAC address and this make it work, check the help for
the "neutron port-create" command:<br>
neutron help port-create<br>
<br>
</div>
Cheers,<br>
</div>
George<br>
<div>
<div>
<div><br>
<br>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 26, 2016 at 11:33 AM,
iain smith <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:iain@3birds.co.uk" target="_blank">iain@3birds.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all -
I'm currently trying to get something working on my
openstack<br>
platform, wondering if anyone's come across this before.<br>
<br>
On a VLAN tenant network, how can I allow an external
device to pick up<br>
a dhcp address from neutron's dhcp service (the dhcp
service associated<br>
with the subnet created in the tenant vlan network)?<br>
<br>
- I'm using liberty, and have created some vlan networks
as admin user,<br>
and assigned them to the 'demo' project.<br>
- logged in as demo, I've created a dhcp-enabled subnet in
one of the<br>
vlan networks, and a security group that allows hosts in
the same subnet<br>
to connect to openstack guests in that subnet.<br>
- I've created some openstack guest VMs in the subnet -
they came up ok<br>
and picked up dhcp ip addresses. I can connect to these
guests from an<br>
external server on the same VLAN (a server outside of
openstack). I can<br>
connect to the external server from the openstack guest
VMs. All as<br>
expected.<br>
<br>
What I'm trying to do is to get an external
(non-openstack) device on<br>
the same vlan to pick up a dhcp ip address from the
openstack dhcp<br>
service for that subnet. Using wireshark I can see the
dhcp request<br>
packets from my device, on the correct vlan, reaching my
neutron network<br>
node where the dnsmasq dhcp service is running, but
there's never a<br>
reply. I've tried putting wide-open ingress rules in the
security group,<br>
but haven't got it to work yet (I'm not actually sure if
the security<br>
group has any bearing at the subnet level as per AWS, or
if it applies<br>
only to guest VMs... looks to me like it just applies to
VMs).<br>
<br>
Anyone know what I need to do? I'll keep at it meantime<br>
<br>
cheers<br>
Iain<br>
--<br>
<br>
<br>
_______________________________________________<br>
Mailing list: <a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a moz-do-not-send="true"
href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</body>
</html>