[Openstack-operators] Manual router setup

Christopher Hull chrishull42 at gmail.com
Wed Mar 23 23:14:32 UTC 2016


neutron net-create public --shared --provider:physical_network public \
   --provider:network_type flat
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | be6e920a-51aa-4293-bb95-7ac38aab9df6 |
| mtu                       | 0                                    |
| name                      | public                               |
| port_security_enabled     | True                                 |
| provider:network_type     | flat                                 |
| provider:physical_network | public                               |
| provider:segmentation_id  |                                      |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | fdf3f98a9b0c4e9e94603d8a84ea41a8     |
+---------------------------+--------------------------------------+


172.22.10.0/24 maps to physical net.  I take a slice out that is out of the
way of my ATT Router's DHCP range.  10 to 89.   Instances on this subnet
ping, run, see the internet.  Only the Router port is dead (DOWN). ??

neutron subnet-create public 172.22.10.0/24 --name public \
   --allocation-pool start=172.22.10.10,end=172.22.10.90 \
   --dns-nameserver 172.22.10.254 --gateway 172.22.10.254 --enable_dhcp
False

Created a new subnet:
+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "172.22.10.10", "end": "172.22.10.90"} |
| cidr              | 172.22.10.0/24                                   |
| dns_nameservers   | 172.22.10.254                                    |
| enable_dhcp       | True                                             |
| gateway_ip        | 172.22.10.254                                    |
| host_routes       |                                                  |
| id                | f227734a-eca3-4472-81f6-620e1bf1fac9             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              | public                                           |
| network_id        | be6e920a-51aa-4293-bb95-7ac38aab9df6             |
| subnetpool_id     |                                                  |
| tenant_id         | fdf3f98a9b0c4e9e94603d8a84ea41a8                 |
+-------------------+--------------------------------------------------+



- Christopher T. Hull
I am presently seeking a new career opportunity  Please see career page
http://chrishull.com/career
333 Orchard Ave, Sunnyvale CA. 94085
(415) 385 4865
chrishull42 at gmail.com
http://chrishull.com



On Wed, Mar 23, 2016 at 4:06 PM, Christopher Hull <chrishull42 at gmail.com>
wrote:

> Hmmm.   Well I'm not using OpenVSwitch.  Just LinuxBridge.   My CentOS 7
> install sees emp3s0 where eth0 would usually appear.   But this may need to
> be changed to br-ex?  The IP address no longer apperas at enp3s0, so
> perhaps that's the issue.
>
> When I make changes, I tear down all the networks and rebuild them
> according to instructions.   I do this after restarting the machine.  I
> wonder if the database needs to be updated as well.
>
> su -s /bin/sh -c "neutron-db-manage --config-file
> /etc/neutron/neutron.conf \
>   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
> systemctl stop neutron-server.service \
>   neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>   neutron-metadata-agent.service
> systemctl stop neutron-l3-agent.service
> and restart.
>
> Thanks for the help.   Yes.  It's a bit confusing.   Why are router and
> instance ports different?  It is for this reason that I figured I could
> just create my own instance/router.  But why should I have to?    Do
> routers not work unless you use OpenVSwitch?   The Liberty install
> instructions (unlike Kilo) don't seem to require installing OpenVSwitch.
>
> linux_bridge_agent.ini
> inux_bridge               | physical_interface_mappings | public:enp3s0
>
> Perhaps br-ex?   Or whereever I see my static IP when doing an ifconfig
> :-)  Was enp3s0 when CentOS was first installed, but I think thats changed
> somehow.
>
>
> +----------------------------+-----------------------------+--------------------------------------------------------------+
> | linuxbridge_agent: Section | Key                         |
> Value                                                        |
>
> +----------------------------+-----------------------------+--------------------------------------------------------------+
> | linux_bridge               | physical_interface_mappings |
> public:enp3s0                                                |
> | vxlan                      | l2_population               |
> True                                                         |
> | vxlan                      | local_ip                    |
> 172.22.10.99                                                 |
> | vxlan                      | enable_vxlan                |
> True                                                         |
> | agent                      | prevent_arp_spoofing        |
> True                                                         |
> | securitygroup              | firewall_driver             |
> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
> | securitygroup              | enable_security_group       |
> True                                                         |
>
> +----------------------------+-----------------------------+--------------------------------------------------------------+
>
>
>
> - Christopher T. Hull
> I am presently seeking a new career opportunity  Please see career page
> http://chrishull.com/career
> 333 Orchard Ave, Sunnyvale CA. 94085
> (415) 385 4865
> chrishull42 at gmail.com
> http://chrishull.com
>
>
>
> On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <dsneddon at redhat.com> wrote:
>
>> On 03/23/2016 03:05 PM, Christopher Hull wrote:
>> > Hi Keven / all;
>> >
>> > Re: Getting a Neutron Router to work.  (set external_network_bridge =
>> > blank).  Apologies if this got sent twice.
>> >
>> > Nope, not quite there yet re getting the damn router to work (week 3 on
>> > this issue).
>> >
>> > The Liberty install instructions indeed say to set...
>> > external_network_bridge =
>> >
>> > I'm so desperate that I thought the blank space after the = might be
>> > the issue.  No.   Then I noticed these instructions in l3_agent.ini
>> itself.
>> > -----
>> > # When external_network_bridge is set, each L3 agent can be associated
>> > # with no more than one external network. This value should be set to
>> > the UUID
>> > # of that external network. To allow L3 agent support multiple external
>> > # networks, both the external_network_bridge and
>> > gateway_external_network_id
>> > # must be left empty.
>> > # gateway_external_network_id =
>> > ----
>> >
>> > 1: Should gateway_external_network_id = be unoommented?
>> > 2: Should I reupdate the database after these changes?
>> > su -s /bin/sh -c "neutron-db-manage --config-file
>> > /etc/neutron/neutron.conf \
>> >   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head"
>> neutron
>> >
>> > 3: Should external_network_bridge in fact be set to the UUID of the
>> > public network?
>> >
>> > 4. All instances Ports work just fine on public and private network.
>> > WHAT is the difference between a Neutron router northbound port and an
>> > instance port on the public net.
>> >
>> > Services restarted after config change (just removed space after =
>> > actually just in case sloppy Python coding was involved here).  In
>> > fact, I rebooted the box just to be sure.
>> >
>> > Making my own instance based router is looking better and better all
>> > the time.   If Neutron Routers really work, maybe UFO's exist too.
>> > :-)   j/k
>> >
>> >
>> > Seriously.  Thank you for your help.     Hope to help the community
>> > soon too myself.  Trying to get my Gerrit account up and running but
>> > the OpenStack.org site won't allow me to sign the Contrib agreement
>> > with out getting a server error.
>> >
>> >
>> > ====  Config Details ======
>> > Issue   Neutron Router Northbound Port won't Ping, is Down
>> >
>> > [root at maersk src]# ./pluto.py show  -p /etc neutron  rootwrap.conf
>> > ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini
>> > +-----------------------+-----------------------------------
>> -+-------------------------------------------------+
>> > | neutron: Section      | Key                                |
>> > Value                                           |
>> > +-----------------------+-----------------------------------
>> -+-------------------------------------------------+
>> > | DEFAULT               | verbose                            |
>> > True                                            |
>> > | DEFAULT               | nova_url                           |
>> > http://controller:8774/v2                       |
>> > | DEFAULT               | notify_nova_on_port_data_changes   |
>> > True                                            |
>> > | DEFAULT               | notify_nova_on_port_status_changes |
>> > True                                            |
>> > | DEFAULT               | auth_strategy                      |
>> > keystone                                        |
>> > | DEFAULT               | rpc_backend                        |
>> > rabbit                                          |
>> > | DEFAULT               | allow_overlapping_ips              |
>> > True                                            |
>> > | DEFAULT               | service_plugins                    |
>> > router                                          |
>> > | DEFAULT               | core_plugin                        |
>> > ml2                                             |
>> > | keystone_authtoken    | password                           |
>> > mk4968small23buggidntpass                       |
>> > | keystone_authtoken    | username                           |
>> > neutron                                         |
>> > | keystone_authtoken    | project_name                       |
>> > service                                         |
>> > | keystone_authtoken    | user_domain_id                     |
>> > default                                         |
>> > | keystone_authtoken    | project_domain_id                  |
>> > default                                         |
>> > | keystone_authtoken    | auth_plugin                        |
>> > password                                        |
>> > | keystone_authtoken    | auth_url                           |
>> > http://controller:35357                         |
>> > | keystone_authtoken    | auth_uri                           |
>> > http://controller:5000                          |
>> > | database              | connection                         |
>> > mysql://neutron:sleestack191@controller/neutron |
>> > | nova                  | password                           |
>> > mk4968small23buggidntpass                       |
>> > | nova                  | username                           |
>> > nova                                            |
>> > | nova                  | project_name                       |
>> > service                                         |
>> > | nova                  | region_name                        |
>> > RegionOne                                       |
>> > | nova                  | user_domain_id                     |
>> > default                                         |
>> > | nova                  | project_domain_id                  |
>> > default                                         |
>> > | nova                  | auth_plugin                        |
>> > password                                        |
>> > | nova                  | auth_url                           |
>> > http://controller:35357                         |
>> > | oslo_concurrency      | lock_path                          |
>> > /var/lib/neutron/tmp                            |
>> > | oslo_messaging_rabbit | rabbit_password                    |
>> > open.g00dke232                                  |
>> > | oslo_messaging_rabbit | rabbit_userid                      |
>> > openstack                                       |
>> > | oslo_messaging_rabbit | rabbit_host                        |
>> > controller                                      |
>> > +-----------------------+-----------------------------------
>> -+-------------------------------------------------+
>> > +-------------------+---------------------+-----------------
>> ---------------------------------------------+
>> > | rootwrap: Section | Key                 |
>> > Value                                                        |
>> > +-------------------+---------------------+-----------------
>> ---------------------------------------------+
>> > | DEFAULT           | filters_path        |
>> > /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap            |
>> > | DEFAULT           | exec_dirs           |
>> > /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
>> > | DEFAULT           | use_syslog          |
>> > False                                                        |
>> > | DEFAULT           | syslog_log_facility |
>> > syslog                                                       |
>> > | DEFAULT           | syslog_log_level    |
>> > ERROR                                                        |
>> > +-------------------+---------------------+-----------------
>> ---------------------------------------------+
>> > +-------------------+----------------------+--------------------------+
>> > | ml2_conf: Section | Key                  | Value                    |
>> > +-------------------+----------------------+--------------------------+
>> > | ml2               | extension_drivers    | port_security            |
>> > | ml2               | mechanism_drivers    | linuxbridge,l2population |
>> > | ml2               | tenant_network_types | vxlan                    |
>> > | ml2               | type_drivers         | flat,vlan,vxlan          |
>> > | ml2_type_flat     | flat_networks        | public                   |
>> > | ml2_type_vxlan    | vni_ranges           | 1:1000                   |
>> > | securitygroup     | enable_ipset         | True                     |
>> > +-------------------+----------------------+--------------------------+
>> > +-------------------+--------------------------+------------
>> -----------------------------------------+
>> > | l3_agent: Section | Key                      |
>> > Value                                               |
>> > +-------------------+--------------------------+------------
>> -----------------------------------------+
>> > | DEFAULT           | external_network_bridge
>> > |                                                     |
>> > | DEFAULT           | verbose                  |
>> > True                                                |
>> > | DEFAULT           | interface_driver         |
>> > neutron.agent.linux.interface.BridgeInterfaceDriver |
>> > +-------------------+--------------------------+------------
>> -----------------------------------------+
>> > +----------------------------+-----------------------------+
>> --------------------------------------------------------------+
>> > | linuxbridge_agent: Section | Key                         |
>> > Value                                                        |
>> > +----------------------------+-----------------------------+
>> --------------------------------------------------------------+
>> > | linux_bridge               | physical_interface_mappings |
>> > public:enp3s0                                                |
>> > | vxlan                      | l2_population               |
>> > True                                                         |
>> > | vxlan                      | local_ip                    |
>> > 172.22.10.99                                                 |
>> > | vxlan                      | enable_vxlan                |
>> > True                                                         |
>> > | agent                      | prevent_arp_spoofing        |
>> > True                                                         |
>> > | securitygroup              | firewall_driver             |
>> > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
>> > | securitygroup              | enable_security_group       |
>> > True                                                         |
>> > +----------------------------+-----------------------------+
>> --------------------------------------------------------------+
>> > +---------------------+--------------------------+----------
>> -------------------------------------------+
>> > | dhcp_agent: Section | Key                      |
>> > Value                                               |
>> > +---------------------+--------------------------+----------
>> -------------------------------------------+
>> > | DEFAULT             | dnsmasq_config_file      |
>> > /etc/neutron/dnsmasq-neutron.conf                   |
>> > | DEFAULT             | verbose                  |
>> > True                                                |
>> > | DEFAULT             | enable_isolated_metadata |
>> > True                                                |
>> > | DEFAULT             | dhcp_driver              |
>> > neutron.agent.linux.dhcp.Dnsmasq                    |
>> > | DEFAULT             | interface_driver         |
>> > neutron.agent.linux.interface.BridgeInterfaceDriver |
>> > +---------------------+--------------------------+----------
>> -------------------------------------------+
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > - Christopher T. Hull
>> > I am presently seeking a new career opportunity  Please see career page
>> > http://chrishull.com/career
>> > 333 Orchard Ave, Sunnyvale CA. 94085
>> > (415) 385 4865
>> > chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>
>> > http://chrishull.com
>> >
>> >
>> >
>> > On Wed, Mar 23, 2016 at 8:50 AM, <chrishull42 at gmail.com
>> > <mailto:chrishull42 at gmail.com>> wrote:
>> >
>> >     Thanks. Will check that.
>> >     When I create an instance in the public or private nets they ping.
>> >     Why do router ports behave differently than instance ports?  Only
>> >     the Northbound router port is down and won't ping.   Will check
>> >     settings ASAP thanks
>> >
>> >     Chris.
>> >
>> >     Sent from my iPhone
>> >
>> >     On Mar 23, 2016, at 7:52 AM, Kevin Benton <kevin at benton.pub
>> >     <mailto:kevin at benton.pub>> wrote:
>> >
>> >>     Ok. The same settings should apply to Linux bridge.
>> >>
>> >>     Make sure you have external_network_bridge defined in your L3
>> >>     agent as an empty value.
>> >>
>> >>     Then your external network should be created with the provider
>> >>     type of 'flat' and the physical network corresponding to the one
>> >>     you have defined in your bridge mappings in the L2 agent  that
>> >>     attaches to the bridge going to your external physical network.
>> >>
>> >>     On Mar 23, 2016 7:25 AM, <chrishull42 at gmail.com
>> >>     <mailto:chrishull42 at gmail.com>> wrote:
>> >>
>> >>         Kevin;
>> >>         Thank you Very much.  I'll check.   I did a manual Liberty
>> >>         install so I may have done something wrong.  I am using
>> >>         LinuxBridge (not OpenVSwitch) if that helps.  Will post
>> >>         results to list soon.  Would like to be able to use floating
>> >>         IPs, a more convenient form of ipTables basically.
>> >>
>> >>         Chris.
>> >>
>> >>         Sent from my iPhone
>> >>
>> >>         On Mar 23, 2016, at 7:16 AM, Kevin Benton <kevin at benton.pub
>> >>         <mailto:kevin at benton.pub>> wrote:
>> >>
>> >>>         Do you have external_network_bridge set to an empty value in
>> >>>         the l3 agent config? If not, the l3 agent will use a legacy
>> >>>         mode of wiring up the port and it's status field may not be
>> >>>         ACTIVE.
>> >>>
>> >>>         The routers are tested thousands of times in the gate every
>> >>>         day, so they work. It's just a matter of getting your
>> >>>         configuration correct.
>> >>>
>> >>>         Yes, you can use a VM to route as well.
>> >>>
>> >>>         On Mar 23, 2016 7:06 AM, <chrishull42 at gmail.com
>> >>>         <mailto:chrishull42 at gmail.com>> wrote:
>> >>>
>> >>>             Hi all;
>> >>>             It appears that Liberty Neutron routers do not work.
>> >>>             The Northbound port is always Down.
>> >>>
>> >>>             What I'd like to do is dedicate an instance (CentOS) to
>> >>>             routing between the Public net and other nets.  Has
>> >>>             anyone done this.  Setting up the router is trivial.
>> >>>             But I'm a little worried about interaction with Neutron
>> >>>             Ports.  I need to assign fixed IPs so I can route from
>> >>>             the Internet to a server instance.
>> >>>
>> >>>             Ideas?
>> >>>
>> >>>             Thanks
>> >>>             - Chris.
>> >>>
>> >>>             Sent from my iPhone
>> >>>             _______________________________________________
>> >>>             OpenStack-operators mailing list
>> >>>             OpenStack-operators at lists.openstack.org
>> >>>             <mailto:OpenStack-operators at lists.openstack.org>
>> >>>
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>> >>>
>> >
>> >
>> >
>> > _______________________________________________
>> > OpenStack-operators mailing list
>> > OpenStack-operators at lists.openstack.org
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>> >
>>
>> Definitely the external_network_bridge needs to be explicitly set to
>> nothing. That's not the default. I've never had to change the default
>> gateway_external_network_id when I set external_network_bridge to a
>> blank value.
>>
>> Note that after making changes to external_network_bridge, I've have to
>> delete and recreate the router/port/network that was created before
>> that change.
>>
>> I assume that your bridge mappings are correct in
>> /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:
>>
>> bridge_mappings =datacentre:br-ex  # or whatever you have locally
>>
>> And that the physical_network of the external network matches the
>> network name in the bridge_mappings that corresponds to the bridge
>> containing the physical interface? Probably your instance ports
>> wouldn't work if those things weren't correct, but those are also areas
>> where I see failures similar to this.
>>
>> --
>> Dan Sneddon         |  Principal OpenStack Engineer
>> dsneddon at redhat.com |  redhat.com/openstack
>> 650.254.4025        |  dsneddon:irc   @dxs:twitter
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160323/47b85c3a/attachment.html>


More information about the OpenStack-operators mailing list