[openstack-dev] [Neutron] Problem plugging I/F into Neutron...

Paul Michali (pcm) pcm at cisco.com
Fri Mar 28 22:15:09 UTC 2014


I have a VM that I start up outside of OpenStack (as a short term solution, until we get it working inside a Nova VM), using KVM. It has scrips associated with the three interfaces that are created, to hook this VM into Neutron. One I/F is on br-ex (connected to the “public" network for DevStack), another to br-int (connected to a management network that is created), and a third is connected to br-int (connected to the “private” network for DevStack). It’s understood these are hacks to get things going and can be brittle.  With DevStack, I have a vanilla localrc, so using ML2, without any ML2 settings specified.

Now, the first two scripts use internal Neutron client calls to create the port, and then plug the VIF. The third, uses Neutron to create the port, and then Nova to plug the VIF. I don’t know why - I inherited the scripts.

On one system, where Nova is based on commit b3e2e05 (10 days ago), this all works just peachy. Interfaces are hooked in and I can ping to my hearts content. On another system, that I just reimaged today, using the latest and greatest OpenStack projects, the third script fails.

I talked to Nova folks, and the vic is now an object, instead of a plain dict, and therefore calls on the object fail (as the script just provides a dict). I started trying to convert the vif to an object, but in discussing with a co-worker, we thought that we could too use Neutron calls for all of the setup of this third interface.

Well, I tried, and the port is created, but unlike the other system, the port is DOWN, and I cannot ping to or from it (the other ports still work fine, with this newer OpenStack repo). One difference is that the port is showing  {"port_filter": true, "ovs_hybrid_plug": true} for binding:vif_details, in the neutron port-show output. On the older system this is empty (so must be new changes in Neutron?)

Here is the Neutron based code (trimmed) to do the create and plugging:

import neutron.agent.linux.interface as vif_driver
from neutronclient.neutron import client as qclient

qc = qclient.Client('2.0', auth_url=KEYSTONE_URL, username=user, tenant_name=tenant, password=pw)

prefix, net_name = interface.split('__')
port_name = net_name + '_p'
    nw_id = qc.list_networks(name=net_name)['networks'][0]['id']
except qcexp.NeutronClientException as e:

p_spec = {'port': {'admin_state_up': True,
                   'name': port_name,
                   'network_id': nw_id,
                   'mac_address': mac_addr,
                   'binding:host_id': hostname,
                   'device_id': vm_uuid,
                   'device_owner': 'compute:None'}}

    port = qc.create_port(p_spec)
except qcexp.NeutronClientException as e:

port_id = port['port']['id']
br_name = 'br-int'

conf = cfg.CONF

driver = vif_driver.OVSInterfaceDriver(cfg.CONF)
driver.plug(nw_id, port_id, interface, mac_addr, br_name)

Finally, here are the questions (hope you stuck with the long message)…

Any idea why the neutron version is not working? I know there were a bunch of recent changes.
Is there a way for me to turn off the ova_hybrid_plug and port_filter flags? Should I?
Should I go back to using Nova and build a VIF object?
If so, any reason why the Neutron version would not work?
Is there a way to do a similar thing, but via using Northbound APIs (so it isn’t as brittle)?

Thanks in advance!

PCM (Paul Michali)

MAIL …..…. pcm at cisco.com<mailto:pcm at cisco.com>
IRC ……..… pcm_ (irc.freenode.com<http://irc.freenode.com>)
TW ………... @pmichali
GPG Key … 4525ECC253E31A83
Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140328/40288d39/attachment.html>

More information about the OpenStack-dev mailing list