New subject: [openstack-ansible] OpenStack Ansible deployment fails due to lxc containers not having network connection

21 Sep 2020

      Hi Jonathan,
thank you for your reply! I probably should have specified that I
already changed some default values in
/etc/ansible/roles/lxc_hosts/defaults/main.yml to prevent a conflict
with my storage network.
Here's the part that I changed:
```
lxc_net_address: 10.255.255.1
lxc_net_netmask: 255.255.255.0
lxc_net_dhcp_range: 10.255.255.2,10.255.255.253
```
Could there be some other reference to the original default address
range which causes the error?
I'm also confused about dnsmasq: Running 'apt-get install dnsmasq' I
discovered that it wasn't installed on the infra host yet (though
installing it also didn't solve the problem). Moreover, I couldn't find
dnsmasq in the prerequisites in the OSA deployment guide.
Kind regards,
Oliver
On 03/09/2020 18:38, openstack-discuss-request@lists.openstack.org wrote:
...
Message: 1
Date: Thu, 3 Sep 2020 16:51:51 +0100
From: Jonathan Rosser jonathan.rosser@rd.bbc.co.uk
To: openstack-discuss@lists.openstack.org
Subject: Re: [openstack-ansible] OpenStack Ansible deployment fails
   due to lxc containers not having network connection
Message-ID: e6746294-ada6-0f29-cdfb-59538396a0e0@rd.bbc.co.uk
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Oliver,
The default route would normally be via eth0 in the container, which I 
suspect has some issue.
This is given an address by dnsmasq/dhcp on the host and attached to 
lxcbr0. This is where I would start to look. I am straight seeing that 
the default address range used for eth0 is in conflict with your storage 
network, so perhaps this is also something to look at. See 
https://github.com/openstack/openstack-ansible-lxc_hosts/blob/master/default... 
https://github.com/openstack/openstack-ansible-lxc_hosts/blob/master/defaults/main.yml#L104
You join us on irc at #openstack-ansible for some 'real-time' assistance 
if necessary.
Regards,
Jonathan.
On 03/09/2020 16:18, Oliver Wenz wrote:
...
I'm trying to deploy OpenStack Ansible. When running the first playbook
```openstack-ansible setup-hosts.yml```, there are errors for all
containers during the task ```[openstack_hosts : Remove the blacklisted
packages]``` (see below) and the playbook fails.
fatal: [infra1_repo_container-1f1565cd]: FAILED! => {"changed": false,
"cmd": "apt-get update", "msg": "E: The repository
'http://ubuntu.mirror.lrz.de/ubuntu bionic Release' no longer has a
Release file.
E: The repository 'http://ubuntu.mirror.lrz.de/ubuntu bionic-updates
Release' no longer has a Release file.
E: The repository 'http://ubuntu.mirror.lrz.de/ubuntu bionic-backports
Release' no longer has a Release file.
E: The repository 'http://ubuntu.mirror.lrz.de/ubuntu bionic-security
Release' no longer has a Release file.", "rc": 100, "stderr": "E: The
repository 'http://ubuntu.mirror.lrz.de/ubuntu bionic Release' no longer
has a Release file.
E: The repository 'http://ubuntu.mirror.lrz.de/ubuntu bionic-updates
Release' no longer has a Release file.
E: The repository 'http://ubuntu.mirror.lrz.de/ubuntu bionic-backports
Release' no longer has a Release file.
E: The repository 'http://ubuntu.mirror.lrz.de/ubuntu bionic-security
Release' no longer has a Release file.
", "stderr_lines": ["E: The repository
'http://ubuntu.mirror.lrz.de/ubuntu bionic Release' no longer has a
Release file.", "E: The repository 'http://ubuntu.mirror.lrz.de/ubuntu
bionic-updates Release' no longer has a Release file.", "E: The
repository 'http://ubuntu.mirror.lrz.de/ubuntu bionic-backports Release'
no longer has a Release file.", "E: The repository
'http://ubuntu.mirror.lrz.de/ubuntu bionic-security Release' no longer
has a Release file."], "stdout": "Ign:1
http://ubuntu.mirror.lrz.de/ubuntu bionic InRelease
Ign:2 http://ubuntu.mirror.lrz.de/ubuntu bionic-updates InRelease
Ign:3 http://ubuntu.mirror.lrz.de/ubuntu bionic-backports InRelease
Ign:4 http://ubuntu.mirror.lrz.de/ubuntu bionic-security InRelease
Err:5 http://ubuntu.mirror.lrz.de/ubuntu bionic Release
   Cannot initiate the connection to 192.168.100.6:8000 (192.168.100.6).
- connect (101: Network is unreachable)
Err:6 http://ubuntu.mirror.lrz.de/ubuntu bionic-updates Release
   Cannot initiate the connection to 192.168.100.6:8000 (192.168.100.6).
- connect (101: Network is unreachable)
Err:7 http://ubuntu.mirror.lrz.de/ubuntu bionic-backports Release
   Cannot initiate the connection to 192.168.100.6:8000 (192.168.100.6).
- connect (101: Network is unreachable)
Err:8 http://ubuntu.mirror.lrz.de/ubuntu bionic-security Release
   Cannot initiate the connection to 192.168.100.6:8000 (192.168.100.6).
- connect (101: Network is unreachable)
Reading package lists...
", "stdout_lines": ["Ign:1 http://ubuntu.mirror.lrz.de/ubuntu bionic
InRelease", "Ign:2 http://ubuntu.mirror.lrz.de/ubuntu bionic-updates
InRelease", "Ign:3 http://ubuntu.mirror.lrz.de/ubuntu bionic-backports
InRelease", "Ign:4 http://ubuntu.mirror.lrz.de/ubuntu bionic-security
InRelease", "Err:5 http://ubuntu.mirror.lrz.de/ubuntu bionic Release",
"  Cannot initiate the connection to 192.168.100.6:8000 (192.168.100.6).
- connect (101: Network is unreachable)", "Err:6
http://ubuntu.mirror.lrz.de/ubuntu bionic-updates Release", "  Cannot
initiate the connection to 192.168.100.6:8000 (192.168.100.6). - connect
(101: Network is unreachable)", "Err:7
http://ubuntu.mirror.lrz.de/ubuntu bionic-backports Release", "  Cannot
initiate the connection to 192.168.100.6:8000 (192.168.100.6). - connect
(101: Network is unreachable)", "Err:8
http://ubuntu.mirror.lrz.de/ubuntu bionic-security Release", "  Cannot
initiate the connection to 192.168.100.6:8000 (192.168.100.6). - connect
(101: Network is unreachable)", "Reading package lists..."]}

When I attach to any container and run ```ping 192.168.100.6``` (local
DNS), I get the same error (```connect: Network is unreachable```).
However, when I specify an interface by running ```ping -I eth1
192.168.100.6``` there is a successful connection.
Running ```ip r``` on the infra_cinder container yields:
10.0.3.0/24 dev eth2 proto kernel scope link src 10.0.3.5
192.168.110.0/24 dev eth1 proto kernel scope link src 192.168.110.232

so there seems to be no default route which is why the connection fails
(similar for the other infra containers). Shouldn't OSA automatically
configure this? I didn't find anything regarding a default route on
containers in the Docs.
Here's my openstack_user_config.yml:
cidr_networks:
   container: 192.168.110.0/24
   tunnel: 192.168.32.0/24
   storage: 10.0.3.0/24

used_ips:
   - "192.168.110.1,192.168.110.2"
   - "192.168.110.111"
   - "192.168.110.115"
   - "192.168.110.117,192.168.110.118"
   - "192.168.110.131,192.168.110.140"
   - "192.168.110.201,192.168.110.207"
   - "192.168.32.1,192.168.32.2"
   - "192.168.32.201,192.168.32.207"
   - "10.0.3.1"
   - "10.0.3.11,10.0.3.14"
   - "10.0.3.21,10.0.3.24"
   - "10.0.3.31,10.0.3.42"
   - "10.0.3.201,10.0.3.207"

global_overrides:
   # The internal and external VIP should be different IPs, however they
   # do not need to be on separate networks.
   external_lb_vip_address: 192.168.100.168
   internal_lb_vip_address: 192.168.110.201
   management_bridge: "br-mgmt"
   provider_networks:
     - network:
         container_bridge: "br-mgmt"
         container_type: "veth"
         container_interface: "eth1"
         ip_from_q: "container"
         type: "raw"
         group_binds:
           - all_containers
           - hosts
         is_container_address: true
     - network:
         container_bridge: "br-vxlan"
         container_type: "veth"
         container_interface: "eth10"
         ip_from_q: "tunnel"
         type: "vxlan"
         range: "1:1000"
         net_name: "vxlan"
         group_binds:
           - neutron_linuxbridge_agent
     - network:
         container_bridge: "br-ext1"
         container_type: "veth"
         container_interface: "eth12"
         host_bind_override: "eth12"
         type: "flat"
         net_name: "ext_net"
         group_binds:
           - neutron_linuxbridge_agent
     - network:
         container_bridge: "br-storage"
         container_type: "veth"
         container_interface: "eth2"
         ip_from_q: "storage"
         type: "raw"
         group_binds:
           - glance_api
           - cinder_api
           - cinder_volume
           - nova_compute
           - swift-proxy

###
### Infrastructure
###

# galera, memcache, rabbitmq, utility
shared-infra_hosts:
   infra1:
     ip: 192.168.110.201

# repository (apt cache, python packages, etc)
repo-infra_hosts:
   infra1:
     ip: 192.168.110.201

# load balancer
haproxy_hosts:
   infra1:
     ip: 192.168.110.201

###
### OpenStack
###

os-infra_hosts:
    infra1:
      ip: 192.168.110.201

identity_hosts:
    infra1:
      ip: 192.168.110.201

network_hosts:
    infra1:
      ip: 192.168.110.201

compute_hosts:
    compute1:
      ip: 192.168.110.204
    compute2:
      ip: 192.168.110.205
    compute3:
      ip: 192.168.110.206
    compute4:
      ip: 192.168.110.207

storage-infra_hosts:
    infra1:
      ip: 192.168.110.201

storage_hosts:
    lvm-storage1:
      ip: 192.168.110.202
      container_vars:
        cinder_backends:
          lvm:
            volume_backend_name: LVM_iSCSI
            volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver
            volume_group: cinder_volumes
            iscsi_ip_address: "{{ cinder_storage_address }}"
          limit_container_types: cinder_volume

I also asked this question on the server fault stackexchange:
https://serverfault.com/questions/1032573/openstack-ansible-deployment-fails...
Kind regards,
Oliver

Re: Re: [openstack-ansible] OpenStack Ansible deployment fails due to lxc containers not having network connection

Oliver Wenz

Jonathan Rosser

tags (0)

participants (2)