[Openstack-operators] Manual router setup
Christopher Hull
chrishull42 at gmail.com
Wed Mar 23 23:06:58 UTC 2016
Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My CentOS 7
install sees emp3s0 where eth0 would usually appear. But this may need to
be changed to br-ex? The IP address no longer apperas at enp3s0, so
perhaps that's the issue.
When I make changes, I tear down all the networks and rebuild them
according to instructions. I do this after restarting the machine. I
wonder if the database needs to be updated as well.
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf
\
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl stop neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl stop neutron-l3-agent.service
and restart.
Thanks for the help. Yes. It's a bit confusing. Why are router and
instance ports different? It is for this reason that I figured I could
just create my own instance/router. But why should I have to? Do
routers not work unless you use OpenVSwitch? The Liberty install
instructions (unlike Kilo) don't seem to require installing OpenVSwitch.
linux_bridge_agent.ini
inux_bridge | physical_interface_mappings | public:enp3s0
Perhaps br-ex? Or whereever I see my static IP when doing an ifconfig
:-) Was enp3s0 when CentOS was first installed, but I think thats changed
somehow.
+----------------------------+-----------------------------+--------------------------------------------------------------+
| linuxbridge_agent: Section | Key |
Value |
+----------------------------+-----------------------------+--------------------------------------------------------------+
| linux_bridge | physical_interface_mappings |
public:enp3s0 |
| vxlan | l2_population |
True |
| vxlan | local_ip |
172.22.10.99 |
| vxlan | enable_vxlan |
True |
| agent | prevent_arp_spoofing |
True |
| securitygroup | firewall_driver |
neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
| securitygroup | enable_security_group |
True |
+----------------------------+-----------------------------+--------------------------------------------------------------+
- Christopher T. Hull
I am presently seeking a new career opportunity Please see career page
http://chrishull.com/career
333 Orchard Ave, Sunnyvale CA. 94085
(415) 385 4865
chrishull42 at gmail.com
http://chrishull.com
On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <dsneddon at redhat.com> wrote:
> On 03/23/2016 03:05 PM, Christopher Hull wrote:
> > Hi Keven / all;
> >
> > Re: Getting a Neutron Router to work. (set external_network_bridge =
> > blank). Apologies if this got sent twice.
> >
> > Nope, not quite there yet re getting the damn router to work (week 3 on
> > this issue).
> >
> > The Liberty install instructions indeed say to set...
> > external_network_bridge =
> >
> > I'm so desperate that I thought the blank space after the = might be
> > the issue. No. Then I noticed these instructions in l3_agent.ini
> itself.
> > -----
> > # When external_network_bridge is set, each L3 agent can be associated
> > # with no more than one external network. This value should be set to
> > the UUID
> > # of that external network. To allow L3 agent support multiple external
> > # networks, both the external_network_bridge and
> > gateway_external_network_id
> > # must be left empty.
> > # gateway_external_network_id =
> > ----
> >
> > 1: Should gateway_external_network_id = be unoommented?
> > 2: Should I reupdate the database after these changes?
> > su -s /bin/sh -c "neutron-db-manage --config-file
> > /etc/neutron/neutron.conf \
> > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head"
> neutron
> >
> > 3: Should external_network_bridge in fact be set to the UUID of the
> > public network?
> >
> > 4. All instances Ports work just fine on public and private network.
> > WHAT is the difference between a Neutron router northbound port and an
> > instance port on the public net.
> >
> > Services restarted after config change (just removed space after =
> > actually just in case sloppy Python coding was involved here). In
> > fact, I rebooted the box just to be sure.
> >
> > Making my own instance based router is looking better and better all
> > the time. If Neutron Routers really work, maybe UFO's exist too.
> > :-) j/k
> >
> >
> > Seriously. Thank you for your help. Hope to help the community
> > soon too myself. Trying to get my Gerrit account up and running but
> > the OpenStack.org site won't allow me to sign the Contrib agreement
> > with out getting a server error.
> >
> >
> > ==== Config Details ======
> > Issue Neutron Router Northbound Port won't Ping, is Down
> >
> > [root at maersk src]# ./pluto.py show -p /etc neutron rootwrap.conf
> > ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini
> >
> +-----------------------+------------------------------------+-------------------------------------------------+
> > | neutron: Section | Key |
> > Value |
> >
> +-----------------------+------------------------------------+-------------------------------------------------+
> > | DEFAULT | verbose |
> > True |
> > | DEFAULT | nova_url |
> > http://controller:8774/v2 |
> > | DEFAULT | notify_nova_on_port_data_changes |
> > True |
> > | DEFAULT | notify_nova_on_port_status_changes |
> > True |
> > | DEFAULT | auth_strategy |
> > keystone |
> > | DEFAULT | rpc_backend |
> > rabbit |
> > | DEFAULT | allow_overlapping_ips |
> > True |
> > | DEFAULT | service_plugins |
> > router |
> > | DEFAULT | core_plugin |
> > ml2 |
> > | keystone_authtoken | password |
> > mk4968small23buggidntpass |
> > | keystone_authtoken | username |
> > neutron |
> > | keystone_authtoken | project_name |
> > service |
> > | keystone_authtoken | user_domain_id |
> > default |
> > | keystone_authtoken | project_domain_id |
> > default |
> > | keystone_authtoken | auth_plugin |
> > password |
> > | keystone_authtoken | auth_url |
> > http://controller:35357 |
> > | keystone_authtoken | auth_uri |
> > http://controller:5000 |
> > | database | connection |
> > mysql://neutron:sleestack191@controller/neutron |
> > | nova | password |
> > mk4968small23buggidntpass |
> > | nova | username |
> > nova |
> > | nova | project_name |
> > service |
> > | nova | region_name |
> > RegionOne |
> > | nova | user_domain_id |
> > default |
> > | nova | project_domain_id |
> > default |
> > | nova | auth_plugin |
> > password |
> > | nova | auth_url |
> > http://controller:35357 |
> > | oslo_concurrency | lock_path |
> > /var/lib/neutron/tmp |
> > | oslo_messaging_rabbit | rabbit_password |
> > open.g00dke232 |
> > | oslo_messaging_rabbit | rabbit_userid |
> > openstack |
> > | oslo_messaging_rabbit | rabbit_host |
> > controller |
> >
> +-----------------------+------------------------------------+-------------------------------------------------+
> >
> +-------------------+---------------------+--------------------------------------------------------------+
> > | rootwrap: Section | Key |
> > Value |
> >
> +-------------------+---------------------+--------------------------------------------------------------+
> > | DEFAULT | filters_path |
> > /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap |
> > | DEFAULT | exec_dirs |
> > /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
> > | DEFAULT | use_syslog |
> > False |
> > | DEFAULT | syslog_log_facility |
> > syslog |
> > | DEFAULT | syslog_log_level |
> > ERROR |
> >
> +-------------------+---------------------+--------------------------------------------------------------+
> > +-------------------+----------------------+--------------------------+
> > | ml2_conf: Section | Key | Value |
> > +-------------------+----------------------+--------------------------+
> > | ml2 | extension_drivers | port_security |
> > | ml2 | mechanism_drivers | linuxbridge,l2population |
> > | ml2 | tenant_network_types | vxlan |
> > | ml2 | type_drivers | flat,vlan,vxlan |
> > | ml2_type_flat | flat_networks | public |
> > | ml2_type_vxlan | vni_ranges | 1:1000 |
> > | securitygroup | enable_ipset | True |
> > +-------------------+----------------------+--------------------------+
> >
> +-------------------+--------------------------+-----------------------------------------------------+
> > | l3_agent: Section | Key |
> > Value |
> >
> +-------------------+--------------------------+-----------------------------------------------------+
> > | DEFAULT | external_network_bridge
> > | |
> > | DEFAULT | verbose |
> > True |
> > | DEFAULT | interface_driver |
> > neutron.agent.linux.interface.BridgeInterfaceDriver |
> >
> +-------------------+--------------------------+-----------------------------------------------------+
> >
> +----------------------------+-----------------------------+--------------------------------------------------------------+
> > | linuxbridge_agent: Section | Key |
> > Value |
> >
> +----------------------------+-----------------------------+--------------------------------------------------------------+
> > | linux_bridge | physical_interface_mappings |
> > public:enp3s0 |
> > | vxlan | l2_population |
> > True |
> > | vxlan | local_ip |
> > 172.22.10.99 |
> > | vxlan | enable_vxlan |
> > True |
> > | agent | prevent_arp_spoofing |
> > True |
> > | securitygroup | firewall_driver |
> > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
> > | securitygroup | enable_security_group |
> > True |
> >
> +----------------------------+-----------------------------+--------------------------------------------------------------+
> >
> +---------------------+--------------------------+-----------------------------------------------------+
> > | dhcp_agent: Section | Key |
> > Value |
> >
> +---------------------+--------------------------+-----------------------------------------------------+
> > | DEFAULT | dnsmasq_config_file |
> > /etc/neutron/dnsmasq-neutron.conf |
> > | DEFAULT | verbose |
> > True |
> > | DEFAULT | enable_isolated_metadata |
> > True |
> > | DEFAULT | dhcp_driver |
> > neutron.agent.linux.dhcp.Dnsmasq |
> > | DEFAULT | interface_driver |
> > neutron.agent.linux.interface.BridgeInterfaceDriver |
> >
> +---------------------+--------------------------+-----------------------------------------------------+
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > - Christopher T. Hull
> > I am presently seeking a new career opportunity Please see career page
> > http://chrishull.com/career
> > 333 Orchard Ave, Sunnyvale CA. 94085
> > (415) 385 4865
> > chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>
> > http://chrishull.com
> >
> >
> >
> > On Wed, Mar 23, 2016 at 8:50 AM, <chrishull42 at gmail.com
> > <mailto:chrishull42 at gmail.com>> wrote:
> >
> > Thanks. Will check that.
> > When I create an instance in the public or private nets they ping.
> > Why do router ports behave differently than instance ports? Only
> > the Northbound router port is down and won't ping. Will check
> > settings ASAP thanks
> >
> > Chris.
> >
> > Sent from my iPhone
> >
> > On Mar 23, 2016, at 7:52 AM, Kevin Benton <kevin at benton.pub
> > <mailto:kevin at benton.pub>> wrote:
> >
> >> Ok. The same settings should apply to Linux bridge.
> >>
> >> Make sure you have external_network_bridge defined in your L3
> >> agent as an empty value.
> >>
> >> Then your external network should be created with the provider
> >> type of 'flat' and the physical network corresponding to the one
> >> you have defined in your bridge mappings in the L2 agent that
> >> attaches to the bridge going to your external physical network.
> >>
> >> On Mar 23, 2016 7:25 AM, <chrishull42 at gmail.com
> >> <mailto:chrishull42 at gmail.com>> wrote:
> >>
> >> Kevin;
> >> Thank you Very much. I'll check. I did a manual Liberty
> >> install so I may have done something wrong. I am using
> >> LinuxBridge (not OpenVSwitch) if that helps. Will post
> >> results to list soon. Would like to be able to use floating
> >> IPs, a more convenient form of ipTables basically.
> >>
> >> Chris.
> >>
> >> Sent from my iPhone
> >>
> >> On Mar 23, 2016, at 7:16 AM, Kevin Benton <kevin at benton.pub
> >> <mailto:kevin at benton.pub>> wrote:
> >>
> >>> Do you have external_network_bridge set to an empty value in
> >>> the l3 agent config? If not, the l3 agent will use a legacy
> >>> mode of wiring up the port and it's status field may not be
> >>> ACTIVE.
> >>>
> >>> The routers are tested thousands of times in the gate every
> >>> day, so they work. It's just a matter of getting your
> >>> configuration correct.
> >>>
> >>> Yes, you can use a VM to route as well.
> >>>
> >>> On Mar 23, 2016 7:06 AM, <chrishull42 at gmail.com
> >>> <mailto:chrishull42 at gmail.com>> wrote:
> >>>
> >>> Hi all;
> >>> It appears that Liberty Neutron routers do not work.
> >>> The Northbound port is always Down.
> >>>
> >>> What I'd like to do is dedicate an instance (CentOS) to
> >>> routing between the Public net and other nets. Has
> >>> anyone done this. Setting up the router is trivial.
> >>> But I'm a little worried about interaction with Neutron
> >>> Ports. I need to assign fixed IPs so I can route from
> >>> the Internet to a server instance.
> >>>
> >>> Ideas?
> >>>
> >>> Thanks
> >>> - Chris.
> >>>
> >>> Sent from my iPhone
> >>> _______________________________________________
> >>> OpenStack-operators mailing list
> >>> OpenStack-operators at lists.openstack.org
> >>> <mailto:OpenStack-operators at lists.openstack.org>
> >>>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> >>>
> >
> >
> >
> > _______________________________________________
> > OpenStack-operators mailing list
> > OpenStack-operators at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> >
>
> Definitely the external_network_bridge needs to be explicitly set to
> nothing. That's not the default. I've never had to change the default
> gateway_external_network_id when I set external_network_bridge to a
> blank value.
>
> Note that after making changes to external_network_bridge, I've have to
> delete and recreate the router/port/network that was created before
> that change.
>
> I assume that your bridge mappings are correct in
> /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:
>
> bridge_mappings =datacentre:br-ex # or whatever you have locally
>
> And that the physical_network of the external network matches the
> network name in the bridge_mappings that corresponds to the bridge
> containing the physical interface? Probably your instance ports
> wouldn't work if those things weren't correct, but those are also areas
> where I see failures similar to this.
>
> --
> Dan Sneddon | Principal OpenStack Engineer
> dsneddon at redhat.com | redhat.com/openstack
> 650.254.4025 | dsneddon:irc @dxs:twitter
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160323/b984384b/attachment-0001.html>
More information about the OpenStack-operators
mailing list