[Openstack] DHCP configuration with openvSwitch

Yu Xing YX Wang yuxingw at cn.ibm.com
Wed Apr 30 15:11:39 UTC 2014


Hi Akash,

 You should enable use_namespaces in ::::/etc/neutron/dhcp_agent.ini file.
                                                                      
 ::::/etc/neutron/dhcp_agent.ini                                      
                                                                      
 resync_interval = 5                                                  
 interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver  
 ovs_use_veth = True                                                  
 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq                       
 use_namespaces = True                                                
 enable_isolated_metadata = True                                      
 enable_metadata_network = False                                      
 dhcp_domain = openstacklocal                                         
 dnsmasq_config_file = /etc/neutron/dnsmasq.conf                      
 dnsmasq_lease_max = 16777216                                         
                                                                      




By the way Where and How to submit e-mail to ask a question in Openstack
community?

Thanks

YuxingWang( 王宇行 )
Software Enginner, GTS Offerings Development
IBM China Development Laboratory (CDL)
- Ring Bldg, #28 ZhongGuanCun Software Park, No.8 Dong Bei Wang West Road,
Haidian District Beijing, P.R.China 100193
( 86-10-82450791 + yuxingw at cn.ibm.com




From:	Akash Gunjal <akgunjal at in.ibm.com>
To:	Damon Wang <damon.devops at gmail.com>,
Cc:	"openstack at lists.openstack.org" <openstack at lists.openstack.org>
Date:	04/30/2014 10:05 PM
Subject:	Re: [Openstack] DHCP configuration with openvSwitch




Hi Damon,

I did some investigation on this issue and have current updates here. The
actual issue I feel is with the iptables. When I stopped the iptables
service on the compute, the dnsmasq service started for the private flat
network. Then my VM got the IP from the flat network subnet pool correctly.

Some observations:
(1) While loading the VM I see some error messages where it fails to
connect to the metadata due to network not reachable.
(2) When I assign the public floating IP to my VM, I cannot ping the
floating IP from my compute or controller and even from the VM I cannot
ping any external IP.

Some screen shots:
(1) nova list on controller:
      (Embedded image moved to file: pic04247.gif)

(2) ovs-vsctl show on compute:
      (Embedded image moved to file: pic27494.gif)

(3) cat /etc/sysconfig/iptables output
      (Embedded image moved to file: pic11300.gif)

I believe now we have narrowed down this issue where the iptables needs to
be corrected so we do these operations with iptables service running and
also able to connect to the VM from the floating IPs.
Hope this data helps you for further analysis.

Regards,
Akash




From:		 Akash Gunjal/India/IBM at IBMIN
To:		 Damon Wang <damon.devops at gmail.com>,
Cc:		 "openstack at lists.openstack.org"
<openstack at lists.openstack.org>
Date:		 04/30/2014 02:15 PM
Subject:		 Re: [Openstack] DHCP configuration with openvSwitch



Hi Damon,

Here is the data of /var/log/messages from my compute node.

(1) First I created a flat network and deployed a VM but I did not see the
DHCPREQUEST or DHCPACK logs. The private IP was not assigned on the actual
VM but it was seen on the controller against the VM.

(2) Second, I created a vlan network with a dummy segmentation_id 60 and
below logs are seen in messages log file. Even the private IP got assigned
on the VM correctly. But this IP assignment happens only when my compute
node iptables service is stopped.

Log messages:
Apr 30 02:26:45 imm-9-37-88-152 kernel: qbrd3ca0758-8f: port 2
(tapd3ca0758-8f) entering disabled state
Apr 30 02:26:45 imm-9-37-88-152 kernel: device tapd3ca0758-8f left
promiscuous mode
Apr 30 02:26:45 imm-9-37-88-152 kernel: qbrd3ca0758-8f: port 2
(tapd3ca0758-8f) entering disabled state
Apr 30 02:26:46 imm-9-37-88-152 kernel: qbrd3ca0758-8f: port 1
(qvbd3ca0758-8f) entering disabled state
Apr 30 02:26:46 imm-9-37-88-152 kernel: (null): Dropping TSO features since
no CSUM feature.
Apr 30 02:26:46 imm-9-37-88-152 kernel: (null): Dropping TSO6 features
since no CSUM feature.
Apr 30 02:26:46 imm-9-37-88-152 ovs-vsctl: ovs|00001|vsctl|INFO|Called
as /usr/bin/ovs-vsctl --timeout=120 del-port br-int qvod3ca0758-8f
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]: started, version 2.68
cachesize 150
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]: compile time options: IPv6
GNU-getopt DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset
auth
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]: LOUD WARNING: listening on
60.60.60.200 may accept requests via interfaces other than tapdb330b1c-6c
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]: LOUD WARNING: use
--bind-dynamic rather than --bind-interfaces to avoid DNS amplification
attacks via these interface(s)
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]: warning: no upstream
servers configured
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCP, static leases
only on 60.60.60.0, lease time 1d
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCP, sockets bound
exclusively to interface tapdb330b1c-6c
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/addn_hosts
- 2 addresses
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq-dhcp[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/host
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq-dhcp[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/opts
Apr 30 02:30:40 imm-9-37-88-152 dnsmasq[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/addn_hosts
- 3 addresses
Apr 30 02:30:40 imm-9-37-88-152 dnsmasq-dhcp[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/host
Apr 30 02:30:40 imm-9-37-88-152 dnsmasq-dhcp[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/opts
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled rdmsr:
0x345
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x680 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x6c0 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x681 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x6c1 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x682 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x6c2 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x683 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x6c3 data 0
Apr 30 02:30:45 imm-9-37-88-152 kernel: qbr60d8754c-a9: Dropping TSO
features since no CSUM feature.
Apr 30 02:30:45 imm-9-37-88-152 kernel: qbr60d8754c-a9: Dropping TSO6
features since no CSUM feature.
Apr 30 02:30:45 imm-9-37-88-152 NetworkManager[2172]:
<warn> /sys/devices/virtual/net/qvo60d8754c-a9: couldn't determine device
driver; ignoring...
Apr 30 02:30:45 imm-9-37-88-152 kernel: ADDRCONF(NETDEV_UP):
qvb60d8754c-a9: link is not ready
Apr 30 02:30:45 imm-9-37-88-152 NetworkManager[2172]:
<warn> /sys/devices/virtual/net/qvb60d8754c-a9: couldn't determine device
driver; ignoring...
Apr 30 02:30:45 imm-9-37-88-152 kernel: device qvb60d8754c-a9 entered
promiscuous mode
Apr 30 02:30:45 imm-9-37-88-152 kernel: ADDRCONF(NETDEV_CHANGE):
qvb60d8754c-a9: link becomes ready
Apr 30 02:30:45 imm-9-37-88-152 kernel: device qvo60d8754c-a9 entered
promiscuous mode
Apr 30 02:30:46 imm-9-37-88-152 kernel: (null): Dropping TSO features since
no CSUM feature.
Apr 30 02:30:46 imm-9-37-88-152 kernel: (null): Dropping TSO6 features
since no CSUM feature.
Apr 30 02:30:46 imm-9-37-88-152 kernel: 8021q: adding VLAN 0 to HW filter
on device qbr60d8754c-a9
Apr 30 02:30:46 imm-9-37-88-152 kernel: qbr60d8754c-a9: port 1
(qvb60d8754c-a9) entering forwarding state
Apr 30 02:30:46 imm-9-37-88-152 ovs-vsctl: ovs|00001|vsctl|INFO|Called
as /usr/bin/ovs-vsctl --timeout=120 -- --if-exists del-port qvo60d8754c-a9
-- add-port br-int qvo60d8754c-a9 -- set Interface qvo60d8754c-a9
external-ids:iface-id=60d8754c-a9be-407b-838f-6d596aa24d03
external-ids:iface-status=active
external-ids:attached-mac=fa:16:3e:4e:67:58
external-ids:vm-uuid=f7d2222b-c4d6-4577-b49c-6c57365697c1
Apr 30 02:30:46 imm-9-37-88-152 kernel: device tap60d8754c-a9 entered
promiscuous mode
Apr 30 02:30:46 imm-9-37-88-152 kernel: qbr60d8754c-a9: port 2
(tap60d8754c-a9) entering forwarding state
Apr 30 02:30:46 imm-9-37-88-152 NetworkManager[2172]:
<warn> /sys/devices/virtual/net/tap60d8754c-a9: couldn't determine device
driver; ignoring...
Apr 30 02:30:46 imm-9-37-88-152 qemu-kvm: Could not find keytab
file: /etc/qemu/krb5.tab: No such file or directory
Apr 30 02:30:47 imm-9-37-88-152 ovs-vsctl: ovs|00001|vsctl|INFO|Called
as /usr/bin/ovs-vsctl --timeout=10 set Port qvo60d8754c-a9 tag=4
Apr 30 02:30:48 imm-9-37-88-152 kernel: __ratelimit: 26 callbacks
suppressed
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled rdmsr:
0x345
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x680 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x6c0 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x681 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x6c1 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x682 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x6c2 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x683 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x6c3 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x684 data 0
Apr 30 02:30:54 imm-9-37-88-152 kernel: __ratelimit: 60 callbacks
suppressed
Apr 30 02:30:54 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:31:00 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPDISCOVER
(tapdb330b1c-6c) fa:16:3e:4e:67:58
Apr 30 02:31:00 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPOFFER
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:31:00 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:31:00 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:31:18 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:31:28 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:31:28 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:31:53 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:32:03 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:32:03 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:32:34 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:32:44 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:32:44 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:32:57 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:33:04 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:33:04 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:33:20 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:33:28 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:33:28 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:33:48 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:33:55 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:33:55 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:34:30 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:35:09 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:35:09 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207

After my exercise with vlan, I created a external network of type local and
using router I assigned a public IP to the VM which was created using
private VLAN network. I was only able to ping the public IP from controller
but not
from compute. I tried to ping an external IP from the VM but it failed.

With VLAN network I am able to proceed a little but with flat network its
still blocked. I want to create a VM with private flat network and then
assign the public IP using external network for providing internet access
to the VM.

Additional info:
(1) Compute node has RHEL 6.5 KVM
(2) The VM is deployed using Centos 6.5 image.
(3) The controller is hosted on RHEL 6.5

Regards,
Akash



From:		 		  Damon Wang <damon.devops at gmail.com>
To:		 		  Akash Gunjal/India/IBM at IBMIN,
Cc:		 		  "openstack at lists.openstack.org"
<openstack at lists.openstack.org>
Date:		 		  04/30/2014 06:06 AM
Subject:		 		  Re: [Openstack] DHCP configuration with
openvSwitch



Hi Akash,

Can you paste your log of /etc/message, normally, you'll see something like
this:

"Apr 27 09:21:48 gd60 dnsmasq-dhcp[8872]: DHCPREQUEST(tapce4121ff-d6)
192.168.220.6 fa:16:3e:21:1f:58
"Apr 27 09:21:48 gd60 dnsmasq-dhcp[8872]: DHCPACK(tapce4121ff-d6)
192.168.220.6 fa:16:3e:21:1f:58 host-192-168-220-6
"Apr 27 21:21:48 gd60 dnsmasq-dhcp[8872]: DHCPREQUEST(tapce4121ff-d6)
192.168.220.6 fa:16:3e:21:1f:58
"Apr 27 21:21:48 gd60 dnsmasq-dhcp[8872]: DHCPACK(tapce4121ff-d6)
192.168.220.6 fa:16:3e:21:1f:58 host-192-168-220-6"

Besides, try to check iptables, you can use raw table to trace data path in
iptables.

Hope it helps,
Damon


2014-04-30 2:05 GMT+08:00 Akash Gunjal <akgunjal at in.ibm.com>:

  Hello,

  I am using icehouse version for doing my network setup using openvSwitch
  agent with ML2 plugin. I want to configure flat network with DHCP server
  so
  the IP gets assigned to the guest VMs after deployment. As part of this I
  have started the dhcp and openvSwitch agents on my compute node and
  created
  a flat private network and deployed the virtual machine on the compute.
  The
  VM gets deployed but it fails to get the IP from the controller even
  though
  I see the IP assigned on the controller for that VM.

  I see an error message on the VM boot up stating that its cannot connect
  to
  169.254.169.254

  I see the dnsmasq process running on my compute node. Please point me to
  the error here and if my dhcp setup is correct.

  Regards,
  Akash


  _______________________________________________
  Mailing list:
  http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
  Post to     : openstack at lists.openstack.org
  Unsubscribe :
  http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack



_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[attachment "pic04247.gif" deleted by Yu Xing YX Wang/China/IBM]
[attachment "pic27494.gif" deleted by Yu Xing YX Wang/China/IBM]
[attachment "pic11300.gif" deleted by Yu Xing YX Wang/China/IBM]
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140430/78befc4b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140430/78befc4b/attachment.gif>


More information about the Openstack mailing list