Open Stack

Hi Janis,

Thanks for the detailed report.  Responses inline.

dan

On Tue, Oct 2, 2012 at 7:13 AM, Jānis Ģeņģeris <janis.gengeris at gmail.com> wrote:
> Hello all,
>
> I'm trying to set up quantum+openvswitch with the Folsom release. The
> intended configuration is fixed IP network 10.0.1.0/24 and floating IP
> network 85.254.50.0/24. And am a little stuck with connection problems to
> VMs.
>
> My config is the following:
>
> 1) Controller node that is running rabbit, mysql, quantum-server, nova-api,
> nova-scheduler, nova-volume, keystone, etc. Have two net interfaces, one for
> service network (192.168.164.1) and other for outside world connections.
>
> 2) Compute node, which is working also as quantum network node, and is
> running: kvm, nova-compute, quantum-l3-agent, quantum-dchp-agent. Have two
> net interfaces, one is from service network 192.168.164.101, and the other
> is for floating ips 85.254.50.0/24, bridged into openvswitch. And using
> libvirt 0.9.11.

That all makes sense.

>
> I wonder if local_ip in ovs_quantum_plugin.ini might break something,
> because the docs say that it should be set only on hypervisors, but I have
> merged hypervisor with network node.
>
> ovs_quantum_plugin.ini fragment:
> [OVS]
> enable_tunneling = True
> tenant_network_type = gre
> tunnel_id_ranges = 1:1000
> local_ip = 192.168.164.101

that should be fine.  besides, the communication that is not working
is all within one device, based on your description.

>
> nova.conf fragment:
> libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchVirtualPortDriver
> libvirt_use_virtio_for_bridges=True
>
> The VMs are getting created successfully, nova-compute.log and console-log
> for each vm looks ok.
>
> Here are the dumps of current network configuration:
>
> ovs-vsctl show - http://pastebin.com/0V6kRw1N
> ip addr (on default namespace) - http://pastebin.com/VTLbit11
> output from router and dhcp namespaces - http://pastebin.com/pDmjpmLE
>
> pings for gateways in router namespace work ok:
> # ip netns exec qrouter-3442d231-2e00-4d26-823e-1feb5d02a798 ping 10.0.1.1
> # ip netns exec qrouter-3442d231-2e00-4d26-823e-1feb5d02a798 ping
> 85.254.50.1
>
> But it is not possible to ping any of the instances in fixed network from
> router namespace (floating network is also not working of course).
>
> a) Can this be an iptables/NAT problem?
> b) What about libvirt nwfilters, they are also active.

unlikely, given that you're using the integrated OVS vif driver, which
doesn't invoke iptables hooks.

> c) What else could be wrong?


Two questions:

1) have you confirmed that the VMs got an IP via DHCP?  You can do
this by looking at the console log, or by using VNC to access the
instances.
2) if so, can you confirm that you can ping the DHCP IP address in the
subnet from the router namespace?

It would also be good to run tcpdump on the linux device that
corresponds to the VM you are pinging (i.e., vnetX for VM X).

Its possible this is related to the specific vif-driver, which is
using the new libvirt integrated support for OVS.

For example, you could try:

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

but remember that when you do this, you will also want to open up the
default security group:

nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

Dan


>
> Any help and comments how to fix this are welcome.
>
> Regards,
> --janis
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dan Wendlandt
Nicira, Inc: www.nicira.com
twitter: danwendlandt
~~~~~~~~~~~~~~~~~~~~~~~~~~~