[Openstack-operators] [Liberty] Hillary Clintons email server: (was Re: Manual router setup)
Christopher Hull
chrishull42 at gmail.com
Thu Mar 24 19:21:21 UTC 2016
This may also be useful. From within "Hillary Clintons email server", an
instance running on the public net.....
[root at maersk src]# nova list
+--------------------------------------+-------------------------------+--------+------------+-------------+---------------------+
| ID | Name |
Status | Task State | Power State | Networks |
+--------------------------------------+-------------------------------+--------+------------+-------------+---------------------+
| 23b643b3-8b0d-4b71-b435-76722cf7bc82 | CentOS Desktop |
ACTIVE | - | Running | public=172.22.10.11 |
| 256e6f21-78f1-4dc2-b9dd-ed5fd62027a6 | Hillary Clintons email server |
ACTIVE | - | Running | public=172.22.10.15 |
| ec46f589-aeb6-47c8-8427-7a0f0ecf874d | cirros |
ACTIVE | - | Running | public=172.22.10.12 |
+--------------------------------------+-------------------------------+--------+------------+-------------+---------------------+
[root at maersk src]# ssh root at 172.22.10.15
The authenticity of host '172.22.10.15 (172.22.10.15)' can't be established.
ECDSA key fingerprint is e3:9d:7e:f2:69:ff:44:21:38:64:14:1e:d2:2e:da:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.22.10.15' (ECDSA) to the list of known
hosts.
root at 172.22.10.15's password:
[root at host-172-22-10-15 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state
UP qlen 1000
link/ether fa:16:3e:52:6d:b4 brd ff:ff:ff:ff:ff:ff
inet 172.22.10.15/24 brd 172.22.10.255 scope global dynamic eth0
valid_lft 68858sec preferred_lft 68858sec
inet6 fe80::f816:3eff:fe52:6db4/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state
DOWN
link/ether 52:54:00:cc:7b:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master
virbr0 state DOWN qlen 500
link/ether 52:54:00:cc:7b:e8 brd ff:ff:ff:ff:ff:ff
[root at host-172-22-10-15 ~]# ping google.com
PING google.com (216.58.192.14) 56(84) bytes of data.
64 bytes from nuq04s29-in-f14.1e100.net (216.58.192.14): icmp_seq=1 ttl=55
time=25.4 ms
64 bytes from nuq04s29-in-f14.1e100.net (216.58.192.14): icmp_seq=2 ttl=55
time=24.5 ms
- Christopher T. Hull
I am presently seeking a new career opportunity Please see career page
http://chrishull.com/career
333 Orchard Ave, Sunnyvale CA. 94085
(415) 385 4865
chrishull42 at gmail.com
http://chrishull.com
On Thu, Mar 24, 2016 at 12:05 PM, Christopher Hull <chrishull42 at gmail.com>
wrote:
> Hmmm. Curiously enough, I now see this. This was not the case prior to
> the creation of the nets and subnets in OpenStack. OpenStack somehow did
> this.
>
> brq9ee73442-5a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> ---->>>>>> inet 172.22.10.99 <<<<<-------
> netmask 255.255.255.0 broadcast 172.22.10.255
> inet6 2602:306:31fd:1020:4815:7eff:fef4:99cf prefixlen 64
> scopeid 0x0<global>
> inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64
> scopeid 0x0<global>
> inet6 fe80::70b5:65ff:fea6:c5d9 prefixlen 64 scopeid 0x20<link>
> ether 4a:15:7e:f4:99:cf txqueuelen 0 (Ethernet)
> RX packets 188163 bytes 10141407 (9.6 MiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 14734 bytes 27696525 (26.4 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> Used to be here.
> inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20<link>
> ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
> RX packets 947280 bytes 1081759456 (1.0 GiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 504788 bytes 63547204 (60.6 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> So perhaps I need to change the setting in...
>
> | linuxbridge_agent
> | linux_bridge | physical_interface_mappings |
> public:enp3s0
>
> to public:brq9ee73442-5a ?
>
> -Chris
>
>
>
>
> - Christopher T. Hull
> I am presently seeking a new career opportunity Please see career page
> http://chrishull.com/career
> 333 Orchard Ave, Sunnyvale CA. 94085
> (415) 385 4865
> chrishull42 at gmail.com
> http://chrishull.com
>
>
>
> On Thu, Mar 24, 2016 at 11:58 AM, Christopher Hull <chrishull42 at gmail.com>
> wrote:
>
>> Hi James;
>>
>> As further proof that I'm just learning this stuff. :-) Been a dev for
>> decades, but this industry is vast. Would like to gather an end to end
>> understanding of how LinuxBridge, etc works sometime. Meanwhile, here is
>> the current state of my system as per your input.
>>
>> ... This looks bad. I'm assuming "enabled = no" isn't right. :-)
>> Have not yet moved static IP to br-?? from ephXXX (traditionally known as
>> eth0) yet.
>>
>> Please let me know what you see. Thanks! :-)
>>
>> [root at maersk src]# brctl show
>> bridge name bridge id STP enabled interfaces
>> brq573956a6-13 8000.72650bf7669c no tap74c0d2df-39
>> tapbb0ceef0-e6
>> vxlan-92
>> brq9ee73442-5a 8000.4a157ef499cf no enp3s0
>> tap788bdea8-02
>> tapb8f78b33-19
>> tapbc53b8c7-6a
>> tapd669011b-bf
>> virbr0 8000.5254003394b3 yes virbr0-nic
>>
>>
>>
>> [root at maersk src]# ./pluto.py list -p /etc
>> List of all Openstack conf files found under: /etc
>>
>> +----------------------------+-----------------------------------------------------+
>> | Name | Full
>> Path |
>>
>> +----------------------------+-----------------------------------------------------+
>> | glance-registry.conf |
>> /etc/glance/glance-registry.conf |
>> | dnsmasq-neutron.conf |
>> /etc/neutron/dnsmasq-neutron.conf |
>> | ml2_conf_ofa.ini |
>> /etc/neutron/plugins/ml2/ml2_conf_ofa.ini |
>> | glance-cache.conf |
>> /etc/glance/glance-cache.conf |
>> | ml2_conf_fslsdn.ini |
>> /etc/neutron/plugins/ml2/ml2_conf_fslsdn.ini |
>> | restproxy.ini |
>> /etc/neutron/plugins/ml2/restproxy.ini |
>> | dhcp_agent.ini |
>> /etc/neutron/dhcp_agent.ini |
>> | neutron.conf |
>> /etc/neutron/neutron.conf |
>> | keystone.conf |
>> /etc/keystone/keystone.conf |
>> | sriov_agent.ini |
>> /etc/neutron/plugins/ml2/sriov_agent.ini |
>> | logging.conf |
>> /etc/keystone/logging.conf |
>> | glance-api.conf |
>> /etc/glance/glance-api.conf |
>> | cinder.conf |
>> /etc/cinder/cinder.conf |
>> | metadata_agent.ini |
>> /etc/neutron/metadata_agent.ini |
>> | glance-scrubber.conf |
>> /etc/glance/glance-scrubber.conf |
>> | api-paste.ini |
>> /etc/cinder/api-paste.ini |
>> | linuxbridge_agent.ini |
>> /etc/neutron/plugins/ml2/linuxbridge_agent.ini |
>> | rootwrap.conf |
>> /etc/cinder/rootwrap.conf |
>> | ml2_conf_sriov.ini |
>> /etc/neutron/plugins/ml2/ml2_conf_sriov.ini |
>> | l3_agent.ini |
>> /etc/neutron/l3_agent.ini |
>> | ml2_conf.ini |
>> /etc/neutron/plugins/ml2/ml2_conf.ini |
>> | nova.conf |
>> /etc/nova/nova.conf |
>> | plugin.ini |
>> /etc/neutron/plugin.ini |
>> | ml2_conf_brocade_fi_ni.ini |
>> /etc/neutron/plugins/ml2/ml2_conf_brocade_fi_ni.ini |
>> | ml2_conf_brocade.ini |
>> /etc/neutron/plugins/ml2/ml2_conf_brocade.ini |
>>
>> +----------------------------+-----------------------------------------------------+
>> [root at maersk src]# ./pluto.py show -p /etc linuxbridge_agent.ini
>> ml2_conf.ini ml2_conf_sriov.ini
>>
>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>> | linuxbridge_agent: Section | Key |
>> Value |
>>
>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>> | linux_bridge | physical_interface_mappings |
>> public:enp3s0 |
>> | vxlan | l2_population |
>> True |
>> | vxlan | local_ip |
>> 172.22.10.99 |
>> | vxlan | enable_vxlan |
>> True |
>> | agent | prevent_arp_spoofing |
>> True |
>> | securitygroup | firewall_driver |
>> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
>> | securitygroup | enable_security_group |
>> True |
>>
>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>> +-------------------+----------------------+--------------------------+
>> | ml2_conf: Section | Key | Value |
>> +-------------------+----------------------+--------------------------+
>> | ml2 | extension_drivers | port_security |
>> | ml2 | mechanism_drivers | linuxbridge,l2population |
>> | ml2 | tenant_network_types | vxlan |
>> | ml2 | type_drivers | flat,vlan,vxlan |
>> | ml2_type_flat | flat_networks | public |
>>
>> | ml2_type_vxlan | vni_ranges | 1:1000 |
>> | securitygroup | enable_ipset | True |
>> +-------------------+----------------------+--------------------------+
>> +-------------------------+-----+-------+
>> | ml2_conf_sriov: Section | Key | Value |
>> +-------------------------+-----+-------+
>> +-------------------------+-----+-------+
>>
>>
>>
>> [root at maersk src]# ip addr
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> valid_lft forever preferred_lft forever
>> inet6 ::1/128 scope host
>> valid_lft forever preferred_lft forever
>> 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> master brq9ee73442-5a state UP qlen 1000
>> link/ether ac:9e:17:ec:5d:95 brd ff:ff:ff:ff:ff:ff
>> inet6 fe80::ae9e:17ff:feec:5d95/64 scope link
>> valid_lft forever preferred_lft forever
>> 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
>> state DOWN
>> link/ether 52:54:00:33:94:b3 brd ff:ff:ff:ff:ff:ff
>> inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
>> valid_lft forever preferred_lft forever
>> 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master
>> virbr0 state DOWN qlen 500
>> link/ether 52:54:00:33:94:b3 brd ff:ff:ff:ff:ff:ff
>> 6: tapbb0ceef0-e6 at if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc
>> pfifo_fast master brq573956a6-13 state UP qlen 1000
>> link/ether ea:16:29:c8:99:25 brd ff:ff:ff:ff:ff:ff link-netnsid 0
>> inet6 fe80::e816:29ff:fec8:9925/64 scope link
>> valid_lft forever preferred_lft forever
>> 7: vxlan-92: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue
>> master brq573956a6-13 state UNKNOWN
>> link/ether da:88:38:4a:06:e1 brd ff:ff:ff:ff:ff:ff
>> inet6 fe80::d888:38ff:fe4a:6e1/64 scope link
>> valid_lft forever preferred_lft forever
>> 8: brq573956a6-13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc
>> noqueue state UP
>> link/ether 72:65:0b:f7:66:9c brd ff:ff:ff:ff:ff:ff
>> inet6 fe80::6469:36ff:fecc:a4d8/64 scope link
>> valid_lft forever preferred_lft forever
>> 9: tap74c0d2df-39 at if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc
>> pfifo_fast master brq573956a6-13 state UP qlen 1000
>> link/ether 72:65:0b:f7:66:9c brd ff:ff:ff:ff:ff:ff link-netnsid 1
>> inet6 fe80::7065:bff:fef7:669c/64 scope link
>> valid_lft forever preferred_lft forever
>> 10: brq9ee73442-5a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue state UP
>> link/ether 4a:15:7e:f4:99:cf brd ff:ff:ff:ff:ff:ff
>> inet 172.22.10.99/24 brd 172.22.10.255 scope global brq9ee73442-5a
>> valid_lft forever preferred_lft forever
>> inet6 2602:306:31fd:1020:4815:7eff:fef4:99cf/64 scope global
>> mngtmpaddr dynamic
>> valid_lft 2591681sec preferred_lft 604481sec
>> inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95/64 scope global
>> valid_lft 2536726sec preferred_lft 549526sec
>> inet6 fe80::70b5:65ff:fea6:c5d9/64 scope link
>> valid_lft forever preferred_lft forever
>> 11: tapb8f78b33-19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast master brq9ee73442-5a state UNKNOWN qlen 500
>> link/ether fe:16:3e:bc:ab:07 brd ff:ff:ff:ff:ff:ff
>> inet6 fe80::fc16:3eff:febc:ab07/64 scope link
>> valid_lft forever preferred_lft forever
>> 13: tap788bdea8-02: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast master brq9ee73442-5a state UNKNOWN qlen 500
>> link/ether fe:16:3e:11:ae:9e brd ff:ff:ff:ff:ff:ff
>> inet6 fe80::fc16:3eff:fe11:ae9e/64 scope link
>> valid_lft forever preferred_lft forever
>> 15: tapbc53b8c7-6a at if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast master brq9ee73442-5a state UP qlen 1000
>> link/ether 4a:15:7e:f4:99:cf brd ff:ff:ff:ff:ff:ff link-netnsid 2
>> inet6 fe80::4815:7eff:fef4:99cf/64 scope link
>> valid_lft forever preferred_lft forever
>> 16: tapd669011b-bf: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast master brq9ee73442-5a state UNKNOWN qlen 500
>> link/ether fe:16:3e:52:6d:b4 brd ff:ff:ff:ff:ff:ff
>> inet6 fe80::fc16:3eff:fe52:6db4/64 scope link
>> valid_lft forever preferred_lft forever
>>
>>
>>
>> - Christopher T. Hull
>> I am presently seeking a new career opportunity Please see career page
>> http://chrishull.com/career
>> 333 Orchard Ave, Sunnyvale CA. 94085
>> (415) 385 4865
>> chrishull42 at gmail.com
>> http://chrishull.com
>>
>>
>>
>> On Thu, Mar 24, 2016 at 10:21 AM, Christopher Hull <chrishull42 at gmail.com
>> > wrote:
>>
>>> James;
>>> Hey you know... I seem to remember zeroing out "eth0" IP 0.0.0.0 and
>>> setting the static IP on br-ex under Kilo and everything worked. That was
>>> using OVS. Perhaps I do the same, as you suggest, with LinuxBridge.
>>> Wow. Thanks. Will try. And if this doesn't work I'll respond with the
>>> diagnostic output you requested.
>>>
>>> Thanks to all of you;
>>> -Chris
>>>
>>>
>>> - Christopher T. Hull
>>> I am presently seeking a new career opportunity Please see career page
>>> http://chrishull.com/career
>>> 333 Orchard Ave, Sunnyvale CA. 94085
>>> (415) 385 4865
>>> chrishull42 at gmail.com
>>> http://chrishull.com
>>>
>>>
>>>
>>> On Wed, Mar 23, 2016 at 5:57 PM, James Denton <
>>> james.denton at rackspace.com> wrote:
>>>
>>>> Hi Christopher,
>>>>
>>>> Routers work under Liberty and LinuxBridge just fine, in my experience,
>>>> so don’t be too quick to give up on them. I promise you’ll have a tougher
>>>> go at it, at this point, using another virtual machine as a router.
>>>>
>>>> Some tips:
>>>>
>>>>
>>>> 1. Use the ‘ip’ command rather than ‘ifconfig’. Output of ‘ip addr’
>>>> would be more helpful here.
>>>> 2. Use ‘brctl show’ to see the virtual bridges and their members.
>>>> That output would be helpful here as well.
>>>>
>>>>
>>>> You have an IP configured on interface enp3s0, and I can’t tell what
>>>> you have set as the physical interface mappings in the ML2/LinuxBridge
>>>> agent config. On older email I see this:
>>>>
>>>> >> physical_interface_mappings | public:enp3s0
>>>>
>>>> If that’s still the case, you’re going to have a hard time. The
>>>> LinuxBridge agent expects to put the enp3s0 interface into the respective
>>>> brq-* bridge that corresponds to the public (flat) network. Once the
>>>> interface is in the bridge, you may lose connectivity to/from any address
>>>> on that interface. At that point, your host will be unable to communicate
>>>> with the router's gateway interface also in the bridge, and probably any
>>>> external host. In this configuration, you may consider moving the IP from
>>>> enp3s0 to the brq-* bridge temporarily. That should work. Give it a try and
>>>> let me know.
>>>>
>>>> James
>>>>
>>>> From: Christopher Hull <chrishull42 at gmail.com>
>>>> Date: Wednesday, March 23, 2016 at 7:21 PM
>>>> To: Dan Sneddon <dsneddon at redhat.com>
>>>> Cc: openstack-operators <openstack-operators at lists.openstack.org>
>>>> Subject: Re: [Openstack-operators] Manual router setup
>>>>
>>>> Conclusion. Neutron routers under Liberty (Linux Bridge) don't work.
>>>> Please prove me wrong..... Moving on to manual router creation.
>>>> 1: How can I assign a fixed IP to an instance?
>>>> 2: If I add routes will they get used? I probably have to create a
>>>> Port for every route (as Floating IPs do ).
>>>>
>>>>
>>>> ------ Session: Trying to create a working router for the 15th time.
>>>> :-) ----
>>>>
>>>>
>>>> [root at maersk src]# ifconfig
>>>> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>> inet 172.22.10.99 netmask 255.255.255.0 broadcast
>>>> 172.22.10.255
>>>> inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64
>>>> scopeid 0x0<global>
>>>> inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid
>>>> 0x20<link>
>>>> ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
>>>> RX packets 238 bytes 16020 (15.6 KiB)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 60 bytes 6650 (6.4 KiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>>> inet 127.0.0.1 netmask 255.0.0.0
>>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>>> loop txqueuelen 0 (Local Loopback)
>>>> RX packets 4985 bytes 1060267 (1.0 MiB)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 4985 bytes 1060267 (1.0 MiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
>>>> inet 192.168.122.1 netmask 255.255.255.0 broadcast
>>>> 192.168.122.255
>>>> ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
>>>> RX packets 0 bytes 0 (0.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 0 bytes 0 (0.0 B)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> [root at maersk src]# source admin-openrc.sh
>>>> [root at maersk src]# clear
>>>>
>>>> [root at maersk src]# neutron net-create public --shared
>>>> --provider:physical_network public \
>>>> > --provider:network_type flat
>>>> Created a new network:
>>>> +---------------------------+--------------------------------------+
>>>> | Field | Value |
>>>> +---------------------------+--------------------------------------+
>>>> | admin_state_up | True |
>>>> | id | 9ee73442-5a86-48c0-84da-8f650937fd08 |
>>>> | mtu | 0 |
>>>> | name | public |
>>>> | port_security_enabled | True |
>>>> | provider:network_type | flat |
>>>> | provider:physical_network | public |
>>>> | provider:segmentation_id | |
>>>> | router:external | False |
>>>> | shared | True |
>>>> | status | ACTIVE |
>>>> | subnets | |
>>>> | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
>>>> +---------------------------+--------------------------------------+
>>>> [root at maersk src]# neutron subnet-create public 172.22.10.0/24 --name
>>>> public \
>>>> > --allocation-pool start=172.22.10.10,end=172.22.10.90 \
>>>> > --dns-nameserver 172.22.10.254 --gateway 172.22.10.254
>>>> --enable_dhcp False
>>>> Created a new subnet:
>>>> +-------------------+--------------------------------------------------+
>>>> | Field | Value |
>>>> +-------------------+--------------------------------------------------+
>>>> | allocation_pools | {"start": "172.22.10.10", "end": "172.22.10.90"} |
>>>> | cidr | 172.22.10.0/24
>>>> |
>>>> | dns_nameservers | 172.22.10.254 |
>>>> | enable_dhcp | False |
>>>> | gateway_ip | 172.22.10.254 |
>>>> | host_routes | |
>>>> | id | 28683bfe-2410-4f9b-b805-ec3c7aee009a |
>>>> | ip_version | 4 |
>>>> | ipv6_address_mode | |
>>>> | ipv6_ra_mode | |
>>>> | name | public |
>>>> | network_id | 9ee73442-5a86-48c0-84da-8f650937fd08 |
>>>> | subnetpool_id | |
>>>> | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
>>>> +-------------------+--------------------------------------------------+
>>>> [root at maersk src]# ifconfig
>>>> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>> inet 172.22.10.99 netmask 255.255.255.0 broadcast
>>>> 172.22.10.255
>>>> inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64
>>>> scopeid 0x0<global>
>>>> inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid
>>>> 0x20<link>
>>>> ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
>>>> RX packets 5032 bytes 373870 (365.1 KiB)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 2602 bytes 3154215 (3.0 MiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>>> inet 127.0.0.1 netmask 255.0.0.0
>>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>>> loop txqueuelen 0 (Local Loopback)
>>>> RX packets 46701 bytes 12008341 (11.4 MiB)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 46701 bytes 12008341 (11.4 MiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
>>>> inet 192.168.122.1 netmask 255.255.255.0 broadcast
>>>> 192.168.122.255
>>>> ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
>>>> RX packets 0 bytes 0 (0.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 0 bytes 0 (0.0 B)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> [root at maersk src]# neutron net-list
>>>>
>>>> +--------------------------------------+--------+-----------------------------------------------------+
>>>> | id | name |
>>>> subnets |
>>>>
>>>> +--------------------------------------+--------+-----------------------------------------------------+
>>>> | 9ee73442-5a86-48c0-84da-8f650937fd08 | public |
>>>> 28683bfe-2410-4f9b-b805-ec3c7aee009a 172.22.10.0/24 |
>>>>
>>>> +--------------------------------------+--------+-----------------------------------------------------+
>>>> [root at maersk src]# source demo-openrc.sh
>>>> [root at maersk src]# neutron net-create private
>>>> Created a new network:
>>>> +-----------------------+--------------------------------------+
>>>> | Field | Value |
>>>> +-----------------------+--------------------------------------+
>>>> | admin_state_up | True |
>>>> | id | 573956a6-1378-4100-83c2-db5c3bf9a95c |
>>>> | mtu | 0 |
>>>> | name | private |
>>>> | port_security_enabled | True |
>>>> | router:external | False |
>>>> | shared | False |
>>>> | status | ACTIVE |
>>>> | subnets | |
>>>> | tenant_id | 7813be77b1de4196b1c6b77006afa21c |
>>>> +-----------------------+--------------------------------------+
>>>> [root at maersk src]# neutron subnet-create private 192.168.10.0/24 \
>>>> > --name private --dns-nameserver 172.22.10.254 --gateway
>>>> 192.168.10.1
>>>> Created a new subnet:
>>>>
>>>> +-------------------+----------------------------------------------------+
>>>> | Field |
>>>> Value |
>>>>
>>>> +-------------------+----------------------------------------------------+
>>>> | allocation_pools | {"start": "192.168.10.2", "end":
>>>> "192.168.10.254"} |
>>>> | cidr | 192.168.10.0/24
>>>> |
>>>> | dns_nameservers |
>>>> 172.22.10.254 |
>>>> | enable_dhcp |
>>>> True |
>>>> | gateway_ip |
>>>> 192.168.10.1 |
>>>> | host_routes
>>>> | |
>>>> | id |
>>>> 83f4f5e5-13b6-41f2-af07-b96d86847e2b |
>>>> | ip_version |
>>>> 4 |
>>>> | ipv6_address_mode
>>>> | |
>>>> | ipv6_ra_mode
>>>> | |
>>>> | name |
>>>> private |
>>>> | network_id |
>>>> 573956a6-1378-4100-83c2-db5c3bf9a95c |
>>>> | subnetpool_id
>>>> | |
>>>> | tenant_id |
>>>> 7813be77b1de4196b1c6b77006afa21c |
>>>>
>>>> +-------------------+----------------------------------------------------+
>>>> [root at maersk src]# ifconfig
>>>> brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
>>>> inet6 fe80::6469:36ff:fecc:a4d8 prefixlen 64 scopeid
>>>> 0x20<link>
>>>> ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
>>>> RX packets 4 bytes 264 (264.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 7 bytes 578 (578.0 B)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>> inet 172.22.10.99 netmask 255.255.255.0 broadcast
>>>> 172.22.10.255
>>>> inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64
>>>> scopeid 0x0<global>
>>>> inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid
>>>> 0x20<link>
>>>> ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
>>>> RX packets 5310 bytes 393373 (384.1 KiB)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 2661 bytes 3165497 (3.0 MiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>>> inet 127.0.0.1 netmask 255.0.0.0
>>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>>> loop txqueuelen 0 (Local Loopback)
>>>> RX packets 50779 bytes 13259383 (12.6 MiB)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 50779 bytes 13259383 (12.6 MiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
>>>> inet6 fe80::e816:29ff:fec8:9925 prefixlen 64 scopeid
>>>> 0x20<link>
>>>> ether ea:16:29:c8:99:25 txqueuelen 1000 (Ethernet)
>>>> RX packets 7 bytes 578 (578.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 13 bytes 1066 (1.0 KiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
>>>> inet 192.168.122.1 netmask 255.255.255.0 broadcast
>>>> 192.168.122.255
>>>> ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
>>>> RX packets 0 bytes 0 (0.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 0 bytes 0 (0.0 B)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
>>>> inet6 fe80::d888:38ff:fe4a:6e1 prefixlen 64 scopeid 0x20<link>
>>>> ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
>>>> RX packets 0 bytes 0 (0.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 0 bytes 0 (0.0 B)
>>>> TX errors 0 dropped 16 overruns 0 carrier 0 collisions 0
>>>>
>>>> [root at maersk src]# source admin-openrc.sh
>>>> [root at maersk src]# neutron net-update public --router:external
>>>> Updated network: public
>>>> [root at maersk src]# source demo-openrc.sh
>>>> [root at maersk src]# neutron router-create router
>>>> Created a new router:
>>>> +-----------------------+--------------------------------------+
>>>> | Field | Value |
>>>> +-----------------------+--------------------------------------+
>>>> | admin_state_up | True |
>>>> | external_gateway_info | |
>>>> | id | ff6a61f5-f497-43a1-b245-64ec8e87b488 |
>>>> | name | router |
>>>> | routes | |
>>>> | status | ACTIVE |
>>>> | tenant_id | 7813be77b1de4196b1c6b77006afa21c |
>>>> +-----------------------+--------------------------------------+
>>>> [root at maersk src]# neutron router-interface-add router private
>>>> Multiple router matches found for name 'router', use an ID to be more
>>>> specific.
>>>> [root at maersk src]# neutron router-list
>>>>
>>>> +--------------------------------------+--------+-----------------------+
>>>> | id | name | external_gateway_info
>>>> |
>>>>
>>>> +--------------------------------------+--------+-----------------------+
>>>> | 5939b796-cae6-4d72-8d34-66e20afb95aa | router | null
>>>> |
>>>> | ff6a61f5-f497-43a1-b245-64ec8e87b488 | router | null
>>>> |
>>>>
>>>> +--------------------------------------+--------+-----------------------+
>>>> [root at maersk src]# neutron router-delete
>>>> 5939b796-cae6-4d72-8d34-66e20afb95aa
>>>> Deleted router: 5939b796-cae6-4d72-8d34-66e20afb95aa
>>>> [root at maersk src]# neutron router-delete
>>>> ff6a61f5-f497-43a1-b245-64ec8e87b488
>>>> Deleted router: ff6a61f5-f497-43a1-b245-64ec8e87b488
>>>> [root at maersk src]# neutron router-create router
>>>> Created a new router:
>>>> +-----------------------+--------------------------------------+
>>>> | Field | Value |
>>>> +-----------------------+--------------------------------------+
>>>> | admin_state_up | True |
>>>> | external_gateway_info | |
>>>> | id | a1be1dbd-1a94-4a8c-8093-45a7af89140c |
>>>> | name | router |
>>>> | routes | |
>>>> | status | ACTIVE |
>>>> | tenant_id | 7813be77b1de4196b1c6b77006afa21c |
>>>> +-----------------------+--------------------------------------+
>>>> [root at maersk src]# neutron router-interface-add router private
>>>> Added interface 74c0d2df-3944-43d7-8be9-2ef0d9242edc to router router.
>>>> [root at maersk src]# neutron router-gateway-set router public
>>>> Set gateway for router router
>>>> [root at maersk src]# source admin-openrc.sh
>>>> [root at maersk src]# ip netns
>>>> qrouter-a1be1dbd-1a94-4a8c-8093-45a7af89140c (id: 1)
>>>> qdhcp-573956a6-1378-4100-83c2-db5c3bf9a95c (id: 0)
>>>> [root at maersk src]# neutron router-port-list router
>>>>
>>>> +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
>>>> | id | name | mac_address |
>>>> fixed_ips
>>>> |
>>>>
>>>> +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
>>>> | 21c8decf-e4c8-4467-9266-ca5cfb9c7c20 | | fa:16:3e:d6:29:b4 |
>>>> {"subnet_id": "28683bfe-2410-4f9b-b805-ec3c7aee009a", "ip_address":
>>>> "172.22.10.10"} |
>>>> | 74c0d2df-3944-43d7-8be9-2ef0d9242edc | | fa:16:3e:7b:d6:0f |
>>>> {"subnet_id": "83f4f5e5-13b6-41f2-af07-b96d86847e2b", "ip_address":
>>>> "192.168.10.1"} |
>>>>
>>>> +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
>>>> [root at maersk src]# ping 172.22.10.10
>>>> PING 172.22.10.10 (172.22.10.10) 56(84) bytes of data.
>>>> From 172.22.10.99 icmp_seq=1 Destination Host Unreachable
>>>> From 172.22.10.99 icmp_seq=2 Destination Host Unreachable
>>>> From 172.22.10.99 icmp_seq=3 Destination Host Unreachable
>>>> From 172.22.10.99 icmp_seq=4 Destination Host Unreachable
>>>> From 172.22.10.99 icmp_seq=5 Destination Host Unreachable
>>>> From 172.22.10.99 icmp_seq=6 Destination Host Unreachable
>>>> From 172.22.10.99 icmp_seq=7 Destination Host Unreachable
>>>> From 172.22.10.99 icmp_seq=8 Destination Host Unreachable
>>>> ^C
>>>> --- 172.22.10.10 ping statistics ---
>>>> 8 packets transmitted, 0 received, +8 errors, 100% packet loss, time
>>>> 7000ms
>>>> pipe 4
>>>> [root at maersk src]# ifconfig
>>>> brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
>>>> inet6 fe80::6469:36ff:fecc:a4d8 prefixlen 64 scopeid
>>>> 0x20<link>
>>>> ether 72:65:0b:f7:66:9c txqueuelen 0 (Ethernet)
>>>> RX packets 6 bytes 348 (348.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 8 bytes 648 (648.0 B)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>> inet 172.22.10.99 netmask 255.255.255.0 broadcast
>>>> 172.22.10.255
>>>> inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64
>>>> scopeid 0x0<global>
>>>> inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid
>>>> 0x20<link>
>>>> ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
>>>> RX packets 6360 bytes 464736 (453.8 KiB)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 2867 bytes 3196849 (3.0 MiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>>> inet 127.0.0.1 netmask 255.0.0.0
>>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>>> loop txqueuelen 0 (Local Loopback)
>>>> RX packets 65582 bytes 17827940 (17.0 MiB)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 65582 bytes 17827940 (17.0 MiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> tap74c0d2df-39: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
>>>> inet6 fe80::7065:bff:fef7:669c prefixlen 64 scopeid 0x20<link>
>>>> ether 72:65:0b:f7:66:9c txqueuelen 1000 (Ethernet)
>>>> RX packets 10 bytes 864 (864.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 8 bytes 648 (648.0 B)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
>>>> inet6 fe80::e816:29ff:fec8:9925 prefixlen 64 scopeid
>>>> 0x20<link>
>>>> ether ea:16:29:c8:99:25 txqueuelen 1000 (Ethernet)
>>>> RX packets 8 bytes 648 (648.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 16 bytes 1248 (1.2 KiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
>>>> inet 192.168.122.1 netmask 255.255.255.0 broadcast
>>>> 192.168.122.255
>>>> ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
>>>> RX packets 0 bytes 0 (0.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 0 bytes 0 (0.0 B)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
>>>> inet6 fe80::d888:38ff:fe4a:6e1 prefixlen 64 scopeid 0x20<link>
>>>> ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
>>>> RX packets 0 bytes 0 (0.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 0 bytes 0 (0.0 B)
>>>> TX errors 0 dropped 19 overruns 0 carrier 0 collisions 0
>>>>
>>>>
>>>>
>>>>
>>>> - Christopher T. Hull
>>>> I am presently seeking a new career opportunity Please see career page
>>>> http://chrishull.com/career
>>>> 333 Orchard Ave, Sunnyvale CA. 94085
>>>> (415) 385 4865
>>>> chrishull42 at gmail.com
>>>> http://chrishull.com
>>>>
>>>>
>>>>
>>>> On Wed, Mar 23, 2016 at 4:34 PM, Dan Sneddon <dsneddon at redhat.com>
>>>> wrote:
>>>>
>>>>> On 03/23/2016 04:06 PM, Christopher Hull wrote:
>>>>> > Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My
>>>>> CentOS
>>>>> > 7 install sees emp3s0 where eth0 would usually appear. But this may
>>>>> > need to be changed to br-ex? The IP address no longer apperas at
>>>>> > enp3s0, so perhaps that's the issue.
>>>>> >
>>>>> > When I make changes, I tear down all the networks and rebuild them
>>>>> > according to instructions. I do this after restarting the
>>>>> machine. I
>>>>> > wonder if the database needs to be updated as well.
>>>>> >
>>>>> > su -s /bin/sh -c "neutron-db-manage --config-file
>>>>> > /etc/neutron/neutron.conf \
>>>>> > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head"
>>>>> neutron
>>>>> > systemctl stop neutron-server.service \
>>>>> > neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>>>>> > neutron-metadata-agent.service
>>>>> > systemctl stop neutron-l3-agent.service
>>>>> > and restart.
>>>>> >
>>>>> > Thanks for the help. Yes. It's a bit confusing. Why are router
>>>>> and
>>>>> > instance ports different? It is for this reason that I figured I
>>>>> could
>>>>> > just create my own instance/router. But why should I have to? Do
>>>>> > routers not work unless you use OpenVSwitch? The Liberty install
>>>>> > instructions (unlike Kilo) don't seem to require installing
>>>>> OpenVSwitch.
>>>>> >
>>>>> > linux_bridge_agent.ini
>>>>> > inux_bridge | physical_interface_mappings |
>>>>> public:enp3s0
>>>>> >
>>>>> > Perhaps br-ex? Or whereever I see my static IP when doing an
>>>>> > ifconfig :-) Was enp3s0 when CentOS was first installed, but I
>>>>> think
>>>>> > thats changed somehow.
>>>>> >
>>>>> >
>>>>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>>> > | linuxbridge_agent: Section | Key |
>>>>> > Value |
>>>>> >
>>>>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>>> > | linux_bridge | physical_interface_mappings |
>>>>> > public:enp3s0 |
>>>>> > | vxlan | l2_population |
>>>>> > True |
>>>>> > | vxlan | local_ip |
>>>>> > 172.22.10.99 |
>>>>> > | vxlan | enable_vxlan |
>>>>> > True |
>>>>> > | agent | prevent_arp_spoofing |
>>>>> > True |
>>>>> > | securitygroup | firewall_driver |
>>>>> > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
>>>>> > | securitygroup | enable_security_group |
>>>>> > True |
>>>>> >
>>>>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>>> >
>>>>> >
>>>>> >
>>>>> > - Christopher T. Hull
>>>>> > I am presently seeking a new career opportunity Please see career
>>>>> page
>>>>> > http://chrishull.com/career
>>>>> > 333 Orchard Ave, Sunnyvale CA. 94085
>>>>> > (415) 385 4865 <tel:%28415%29%20385%204865>
>>>>> > chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>
>>>>> > http://chrishull.com
>>>>> >
>>>>> >
>>>>> >
>>>>> > On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <dsneddon at redhat.com
>>>>> > <mailto:dsneddon at redhat.com>> wrote:
>>>>> >
>>>>> > On 03/23/2016 03:05 PM, Christopher Hull wrote:
>>>>> > > Hi Keven / all;
>>>>> > >
>>>>> > > Re: Getting a Neutron Router to work. (set
>>>>> external_network_bridge =
>>>>> > > blank). Apologies if this got sent twice.
>>>>> > >
>>>>> > > Nope, not quite there yet re getting the damn router to work
>>>>> > (week 3 on
>>>>> > > this issue).
>>>>> > >
>>>>> > > The Liberty install instructions indeed say to set...
>>>>> > > external_network_bridge =
>>>>> > >
>>>>> > > I'm so desperate that I thought the blank space after the =
>>>>> might be
>>>>> > > the issue. No. Then I noticed these instructions in
>>>>> > l3_agent.ini itself.
>>>>> > > -----
>>>>> > > # When external_network_bridge is set, each L3 agent can be
>>>>> > associated
>>>>> > > # with no more than one external network. This value should be
>>>>> set to
>>>>> > > the UUID
>>>>> > > # of that external network. To allow L3 agent support multiple
>>>>> > external
>>>>> > > # networks, both the external_network_bridge and
>>>>> > > gateway_external_network_id
>>>>> > > # must be left empty.
>>>>> > > # gateway_external_network_id =
>>>>> > > ----
>>>>> > >
>>>>> > > 1: Should gateway_external_network_id = be unoommented?
>>>>> > > 2: Should I reupdate the database after these changes?
>>>>> > > su -s /bin/sh -c "neutron-db-manage --config-file
>>>>> > > /etc/neutron/neutron.conf \
>>>>> > > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade
>>>>> > head" neutron
>>>>> > >
>>>>> > > 3: Should external_network_bridge in fact be set to the UUID
>>>>> of the
>>>>> > > public network?
>>>>> > >
>>>>> > > 4. All instances Ports work just fine on public and private
>>>>> network.
>>>>> > > WHAT is the difference between a Neutron router northbound port
>>>>> > and an
>>>>> > > instance port on the public net.
>>>>> > >
>>>>> > > Services restarted after config change (just removed space
>>>>> after =
>>>>> > > actually just in case sloppy Python coding was involved
>>>>> here). In
>>>>> > > fact, I rebooted the box just to be sure.
>>>>> > >
>>>>> > > Making my own instance based router is looking better and
>>>>> better all
>>>>> > > the time. If Neutron Routers really work, maybe UFO's exist
>>>>> too.
>>>>> > > :-) j/k
>>>>> > >
>>>>> > >
>>>>> > > Seriously. Thank you for your help. Hope to help the
>>>>> community
>>>>> > > soon too myself. Trying to get my Gerrit account up and
>>>>> running but
>>>>> > > the OpenStack.org site won't allow me to sign the Contrib
>>>>> agreement
>>>>> > > with out getting a server error.
>>>>> > >
>>>>> > >
>>>>> > > ==== Config Details ======
>>>>> > > Issue Neutron Router Northbound Port won't Ping, is Down
>>>>> > >
>>>>> > > [root at maersk src]# ./pluto.py show -p /etc neutron
>>>>> rootwrap.conf
>>>>> > > ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini
>>>>> > >
>>>>> >
>>>>> +-----------------------+------------------------------------+-------------------------------------------------+
>>>>> > > | neutron: Section | Key |
>>>>> > > Value |
>>>>> > >
>>>>> >
>>>>> +-----------------------+------------------------------------+-------------------------------------------------+
>>>>> > > | DEFAULT | verbose |
>>>>> > > True |
>>>>> > > | DEFAULT | nova_url |
>>>>> > > http://controller:8774/v2 |
>>>>> > > | DEFAULT | notify_nova_on_port_data_changes |
>>>>> > > True |
>>>>> > > | DEFAULT | notify_nova_on_port_status_changes |
>>>>> > > True |
>>>>> > > | DEFAULT | auth_strategy |
>>>>> > > keystone |
>>>>> > > | DEFAULT | rpc_backend |
>>>>> > > rabbit |
>>>>> > > | DEFAULT | allow_overlapping_ips |
>>>>> > > True |
>>>>> > > | DEFAULT | service_plugins |
>>>>> > > router |
>>>>> > > | DEFAULT | core_plugin |
>>>>> > > ml2 |
>>>>> > > | keystone_authtoken | password |
>>>>> > > mk4968small23buggidntpass |
>>>>> > > | keystone_authtoken | username |
>>>>> > > neutron |
>>>>> > > | keystone_authtoken | project_name |
>>>>> > > service |
>>>>> > > | keystone_authtoken | user_domain_id |
>>>>> > > default |
>>>>> > > | keystone_authtoken | project_domain_id |
>>>>> > > default |
>>>>> > > | keystone_authtoken | auth_plugin |
>>>>> > > password |
>>>>> > > | keystone_authtoken | auth_url |
>>>>> > > http://controller:35357 |
>>>>> > > | keystone_authtoken | auth_uri |
>>>>> > > http://controller:5000 |
>>>>> > > | database | connection |
>>>>> > > mysql://neutron:sleestack191@controller/neutron |
>>>>> > > | nova | password |
>>>>> > > mk4968small23buggidntpass |
>>>>> > > | nova | username |
>>>>> > > nova |
>>>>> > > | nova | project_name |
>>>>> > > service |
>>>>> > > | nova | region_name |
>>>>> > > RegionOne |
>>>>> > > | nova | user_domain_id |
>>>>> > > default |
>>>>> > > | nova | project_domain_id |
>>>>> > > default |
>>>>> > > | nova | auth_plugin |
>>>>> > > password |
>>>>> > > | nova | auth_url |
>>>>> > > http://controller:35357 |
>>>>> > > | oslo_concurrency | lock_path |
>>>>> > > /var/lib/neutron/tmp |
>>>>> > > | oslo_messaging_rabbit | rabbit_password |
>>>>> > > open.g00dke232 |
>>>>> > > | oslo_messaging_rabbit | rabbit_userid |
>>>>> > > openstack |
>>>>> > > | oslo_messaging_rabbit | rabbit_host |
>>>>> > > controller |
>>>>> > >
>>>>> >
>>>>> +-----------------------+------------------------------------+-------------------------------------------------+
>>>>> > >
>>>>> >
>>>>> +-------------------+---------------------+--------------------------------------------------------------+
>>>>> > > | rootwrap: Section | Key |
>>>>> > > Value |
>>>>> > >
>>>>> >
>>>>> +-------------------+---------------------+--------------------------------------------------------------+
>>>>> > > | DEFAULT | filters_path |
>>>>> > > /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap |
>>>>> > > | DEFAULT | exec_dirs |
>>>>> > > /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
>>>>> > > | DEFAULT | use_syslog |
>>>>> > > False |
>>>>> > > | DEFAULT | syslog_log_facility |
>>>>> > > syslog |
>>>>> > > | DEFAULT | syslog_log_level |
>>>>> > > ERROR |
>>>>> > >
>>>>> >
>>>>> +-------------------+---------------------+--------------------------------------------------------------+
>>>>> > >
>>>>> >
>>>>> +-------------------+----------------------+--------------------------+
>>>>> > > | ml2_conf: Section | Key | Value
>>>>> > |
>>>>> > >
>>>>> >
>>>>> +-------------------+----------------------+--------------------------+
>>>>> > > | ml2 | extension_drivers | port_security
>>>>> > |
>>>>> > > | ml2 | mechanism_drivers |
>>>>> > linuxbridge,l2population |
>>>>> > > | ml2 | tenant_network_types | vxlan
>>>>> > |
>>>>> > > | ml2 | type_drivers | flat,vlan,vxlan
>>>>> > |
>>>>> > > | ml2_type_flat | flat_networks | public
>>>>> > |
>>>>> > > | ml2_type_vxlan | vni_ranges | 1:1000
>>>>> > |
>>>>> > > | securitygroup | enable_ipset | True
>>>>> > |
>>>>> > >
>>>>> >
>>>>> +-------------------+----------------------+--------------------------+
>>>>> > >
>>>>> >
>>>>> +-------------------+--------------------------+-----------------------------------------------------+
>>>>> > > | l3_agent: Section | Key |
>>>>> > > Value |
>>>>> > >
>>>>> >
>>>>> +-------------------+--------------------------+-----------------------------------------------------+
>>>>> > > | DEFAULT | external_network_bridge
>>>>> > > | |
>>>>> > > | DEFAULT | verbose |
>>>>> > > True |
>>>>> > > | DEFAULT | interface_driver |
>>>>> > > neutron.agent.linux.interface.BridgeInterfaceDriver |
>>>>> > >
>>>>> >
>>>>> +-------------------+--------------------------+-----------------------------------------------------+
>>>>> > >
>>>>> >
>>>>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>>> > > | linuxbridge_agent: Section | Key |
>>>>> > > Value |
>>>>> > >
>>>>> >
>>>>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>>> > > | linux_bridge | physical_interface_mappings |
>>>>> > > public:enp3s0 |
>>>>> > > | vxlan | l2_population |
>>>>> > > True |
>>>>> > > | vxlan | local_ip |
>>>>> > > 172.22.10.99 |
>>>>> > > | vxlan | enable_vxlan |
>>>>> > > True |
>>>>> > > | agent | prevent_arp_spoofing |
>>>>> > > True |
>>>>> > > | securitygroup | firewall_driver |
>>>>> > > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
>>>>> > > | securitygroup | enable_security_group |
>>>>> > > True |
>>>>> > >
>>>>> >
>>>>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>>> > >
>>>>> >
>>>>> +---------------------+--------------------------+-----------------------------------------------------+
>>>>> > > | dhcp_agent: Section | Key |
>>>>> > > Value |
>>>>> > >
>>>>> >
>>>>> +---------------------+--------------------------+-----------------------------------------------------+
>>>>> > > | DEFAULT | dnsmasq_config_file |
>>>>> > > /etc/neutron/dnsmasq-neutron.conf |
>>>>> > > | DEFAULT | verbose |
>>>>> > > True |
>>>>> > > | DEFAULT | enable_isolated_metadata |
>>>>> > > True |
>>>>> > > | DEFAULT | dhcp_driver |
>>>>> > > neutron.agent.linux.dhcp.Dnsmasq |
>>>>> > > | DEFAULT | interface_driver |
>>>>> > > neutron.agent.linux.interface.BridgeInterfaceDriver |
>>>>> > >
>>>>> >
>>>>> +---------------------+--------------------------+-----------------------------------------------------+
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > > - Christopher T. Hull
>>>>> > > I am presently seeking a new career opportunity Please see
>>>>> > career page
>>>>> > > http://chrishull.com/career
>>>>> > > 333 Orchard Ave, Sunnyvale CA. 94085
>>>>> > > (415) 385 4865 <tel:%28415%29%20385%204865>
>>>>> > > chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>
>>>>> > <mailto:chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>>
>>>>> > > http://chrishull.com
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > > On Wed, Mar 23, 2016 at 8:50 AM, <chrishull42 at gmail.com
>>>>> <mailto:chrishull42 at gmail.com>
>>>>> > > <mailto:chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>>>
>>>>> wrote:
>>>>> > >
>>>>> > > Thanks. Will check that.
>>>>> > > When I create an instance in the public or private nets
>>>>> they ping.
>>>>> > > Why do router ports behave differently than instance
>>>>> ports? Only
>>>>> > > the Northbound router port is down and won't ping. Will
>>>>> check
>>>>> > > settings ASAP thanks
>>>>> > >
>>>>> > > Chris.
>>>>> > >
>>>>> > > Sent from my iPhone
>>>>> > >
>>>>> > > On Mar 23, 2016, at 7:52 AM, Kevin Benton <
>>>>> kevin at benton.pub
>>>>> > > <mailto:kevin at benton.pub <mailto:kevin at benton.pub>>>
>>>>> wrote:
>>>>> > >
>>>>> > >> Ok. The same settings should apply to Linux bridge.
>>>>> > >>
>>>>> > >> Make sure you have external_network_bridge defined in
>>>>> your L3
>>>>> > >> agent as an empty value.
>>>>> > >>
>>>>> > >> Then your external network should be created with the
>>>>> provider
>>>>> > >> type of 'flat' and the physical network corresponding to
>>>>> the one
>>>>> > >> you have defined in your bridge mappings in the L2 agent
>>>>> that
>>>>> > >> attaches to the bridge going to your external physical
>>>>> network.
>>>>> > >>
>>>>> > >> On Mar 23, 2016 7:25 AM, <chrishull42 at gmail.com <mailto:
>>>>> chrishull42 at gmail.com>
>>>>> > >> <mailto:chrishull42 at gmail.com <mailto:
>>>>> chrishull42 at gmail.com>>> wrote:
>>>>> > >>
>>>>> > >> Kevin;
>>>>> > >> Thank you Very much. I'll check. I did a manual
>>>>> Liberty
>>>>> > >> install so I may have done something wrong. I am
>>>>> using
>>>>> > >> LinuxBridge (not OpenVSwitch) if that helps. Will
>>>>> post
>>>>> > >> results to list soon. Would like to be able to use
>>>>> floating
>>>>> > >> IPs, a more convenient form of ipTables basically.
>>>>> > >>
>>>>> > >> Chris.
>>>>> > >>
>>>>> > >> Sent from my iPhone
>>>>> > >>
>>>>> > >> On Mar 23, 2016, at 7:16 AM, Kevin Benton <
>>>>> kevin at benton.pub
>>>>> > >> <mailto:kevin at benton.pub <mailto:kevin at benton.pub>>>
>>>>> wrote:
>>>>> > >>
>>>>> > >>> Do you have external_network_bridge set to an empty
>>>>> value in
>>>>> > >>> the l3 agent config? If not, the l3 agent will use a
>>>>> legacy
>>>>> > >>> mode of wiring up the port and it's status field may
>>>>> not be
>>>>> > >>> ACTIVE.
>>>>> > >>>
>>>>> > >>> The routers are tested thousands of times in the
>>>>> gate every
>>>>> > >>> day, so they work. It's just a matter of getting your
>>>>> > >>> configuration correct.
>>>>> > >>>
>>>>> > >>> Yes, you can use a VM to route as well.
>>>>> > >>>
>>>>> > >>> On Mar 23, 2016 7:06 AM, <chrishull42 at gmail.com
>>>>> <mailto:chrishull42 at gmail.com>
>>>>> > >>> <mailto:chrishull42 at gmail.com <mailto:
>>>>> chrishull42 at gmail.com>>> wrote:
>>>>> > >>>
>>>>> > >>> Hi all;
>>>>> > >>> It appears that Liberty Neutron routers do not
>>>>> work.
>>>>> > >>> The Northbound port is always Down.
>>>>> > >>>
>>>>> > >>> What I'd like to do is dedicate an instance
>>>>> (CentOS) to
>>>>> > >>> routing between the Public net and other nets.
>>>>> Has
>>>>> > >>> anyone done this. Setting up the router is
>>>>> trivial.
>>>>> > >>> But I'm a little worried about interaction with
>>>>> Neutron
>>>>> > >>> Ports. I need to assign fixed IPs so I can
>>>>> route from
>>>>> > >>> the Internet to a server instance.
>>>>> > >>>
>>>>> > >>> Ideas?
>>>>> > >>>
>>>>> > >>> Thanks
>>>>> > >>> - Chris.
>>>>> > >>>
>>>>> > >>> Sent from my iPhone
>>>>> > >>> _______________________________________________
>>>>> > >>> OpenStack-operators mailing list
>>>>> > >>> OpenStack-operators at lists.openstack.org
>>>>> > <mailto:OpenStack-operators at lists.openstack.org>
>>>>> > >>> <mailto:OpenStack-operators at lists.openstack.org
>>>>> > <mailto:OpenStack-operators at lists.openstack.org>>
>>>>> > >>>
>>>>> >
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>>> > >>>
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > > _______________________________________________
>>>>> > > OpenStack-operators mailing list
>>>>> > > OpenStack-operators at lists.openstack.org
>>>>> > <mailto:OpenStack-operators at lists.openstack.org>
>>>>> > >
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>>> > >
>>>>> >
>>>>> > Definitely the external_network_bridge needs to be explicitly
>>>>> set to
>>>>> > nothing. That's not the default. I've never had to change the
>>>>> default
>>>>> > gateway_external_network_id when I set external_network_bridge
>>>>> to a
>>>>> > blank value.
>>>>> >
>>>>> > Note that after making changes to external_network_bridge, I've
>>>>> have to
>>>>> > delete and recreate the router/port/network that was created
>>>>> before
>>>>> > that change.
>>>>> >
>>>>> > I assume that your bridge mappings are correct in
>>>>> > /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:
>>>>> >
>>>>> > bridge_mappings =datacentre:br-ex # or whatever you have locally
>>>>> >
>>>>> > And that the physical_network of the external network matches the
>>>>> > network name in the bridge_mappings that corresponds to the
>>>>> bridge
>>>>> > containing the physical interface? Probably your instance ports
>>>>> > wouldn't work if those things weren't correct, but those are
>>>>> also areas
>>>>> > where I see failures similar to this.
>>>>> >
>>>>> > --
>>>>> > Dan Sneddon | Principal OpenStack Engineer
>>>>> > dsneddon at redhat.com <mailto:dsneddon at redhat.com> |
>>>>> > redhat.com/openstack <http://redhat.com/openstack>
>>>>> > 650.254.4025 <tel:650.254.4025> | dsneddon:irc
>>>>> @dxs:twitter
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > OpenStack-operators mailing list
>>>>> > OpenStack-operators at lists.openstack.org
>>>>> >
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>>> >
>>>>>
>>>>> I didn't mean to confuse you by assuming that you were running Open
>>>>> vSwitch. You don't have to run Open vSwitch, and some things do work
>>>>> differently when using Linux bridge.
>>>>>
>>>>> If your IP address is no longer on enp3s0, then that might be an
>>>>> indicator that you have a bridge subsuming enp3s0. In that case, I'm
>>>>> pretty sure that the physical_interface_mapping should be
>>>>> public:<bridge>. I spend a lot more time with OVS deployments, though.
>>>>>
>>>>> --
>>>>> Dan Sneddon | Principal OpenStack Engineer
>>>>> dsneddon at redhat.com | redhat.com/openstack
>>>>> 650.254.4025 | dsneddon:irc @dxs:twitter
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-operators mailing list
>>>>> OpenStack-operators at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160324/7b4de78e/attachment-0001.html>
More information about the OpenStack-operators
mailing list