[Openstack] DHCP configuration with openvSwitch
Akash Gunjal
akgunjal at in.ibm.com
Mon May 5 10:55:52 UTC 2014
Hi,
I tried the below option but still I cannot ping my VM from the floating IP
from my controller. However, the command ip netns list on the compute node
shows me the dhcp record for the private network I created on the
controller. The command ip netns exec <qdhcp-uuid> ping <VM IP> will ping
the VM.
I have only dhcp and L2 agents running on my compute. Is there any other
config required to ping the public IP of the VM from my controller?
Regards,
Akash
From: Yu Xing YX Wang <yuxingw at cn.ibm.com>
To: Akash Gunjal/India/IBM at IBMIN,
Cc: Damon Wang <damon.devops at gmail.com>,
"openstack at lists.openstack.org" <openstack at lists.openstack.org>
Date: 04/30/2014 08:43 PM
Subject: Re: [Openstack] DHCP configuration with openvSwitch
Hi Akash,
You should enable use_namespaces in ::::/etc/neutron/dhcp_agent.ini file.
::::/etc/neutron/dhcp_agent.ini
resync_interval = 5
interface_driver =
neutron.agent.linux.interface.OVSInterfaceDriver
ovs_use_veth = True
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
enable_isolated_metadata = True
enable_metadata_network = False
dhcp_domain = openstacklocal
dnsmasq_config_file = /etc/neutron/dnsmasq.conf
dnsmasq_lease_max = 16777216
By the way Where and How to submit e-mail to ask a question in Openstack
community?
Thanks
YuxingWang( 王宇行 )
Software Enginner, GTS Offerings Development
IBM China Development Laboratory (CDL)
- Ring Bldg, #28 ZhongGuanCun Software Park, No.8 Dong Bei Wang West Road,
Haidian District Beijing, P.R.China 100193
( 86-10-82450791 + yuxingw at cn.ibm.com
(Embedded image moved to file: pic14710.gif)Inactive hide details for Akash
Gunjal ---04/30/2014 10:05:41 PM---Hi Damon, I did some investigation on
this issue and have cuAkash Gunjal ---04/30/2014 10:05:41 PM---Hi Damon, I
did some investigation on this issue and have current updates here. The
From: Akash Gunjal <akgunjal at in.ibm.com>
To: Damon Wang <damon.devops at gmail.com>,
Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
Date: 04/30/2014 10:05 PM
Subject: Re: [Openstack] DHCP configuration with openvSwitch
Hi Damon,
I did some investigation on this issue and have current updates here. The
actual issue I feel is with the iptables. When I stopped the iptables
service on the compute, the dnsmasq service started for the private flat
network. Then my VM got the IP from the flat network subnet pool correctly.
Some observations:
(1) While loading the VM I see some error messages where it fails to
connect to the metadata due to network not reachable.
(2) When I assign the public floating IP to my VM, I cannot ping the
floating IP from my compute or controller and even from the VM I cannot
ping any external IP.
Some screen shots:
(1) nova list on controller:
(Embedded image moved to file: pic04247.gif)
(2) ovs-vsctl show on compute:
(Embedded image moved to file: pic27494.gif)
(3) cat /etc/sysconfig/iptables output
(Embedded image moved to file: pic11300.gif)
I believe now we have narrowed down this issue where the iptables needs to
be corrected so we do these operations with iptables service running and
also able to connect to the VM from the floating IPs.
Hope this data helps you for further analysis.
Regards,
Akash
From: Akash Gunjal/India/IBM at IBMIN
To: Damon Wang <damon.devops at gmail.com>,
Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
Date: 04/30/2014 02:15 PM
Subject: Re: [Openstack] DHCP configuration with openvSwitch
Hi Damon,
Here is the data of /var/log/messages from my compute node.
(1) First I created a flat network and deployed a VM but I did not see the
DHCPREQUEST or DHCPACK logs. The private IP was not assigned on the actual
VM but it was seen on the controller against the VM.
(2) Second, I created a vlan network with a dummy segmentation_id 60 and
below logs are seen in messages log file. Even the private IP got assigned
on the VM correctly. But this IP assignment happens only when my compute
node iptables service is stopped.
Log messages:
Apr 30 02:26:45 imm-9-37-88-152 kernel: qbrd3ca0758-8f: port 2
(tapd3ca0758-8f) entering disabled state
Apr 30 02:26:45 imm-9-37-88-152 kernel: device tapd3ca0758-8f left
promiscuous mode
Apr 30 02:26:45 imm-9-37-88-152 kernel: qbrd3ca0758-8f: port 2
(tapd3ca0758-8f) entering disabled state
Apr 30 02:26:46 imm-9-37-88-152 kernel: qbrd3ca0758-8f: port 1
(qvbd3ca0758-8f) entering disabled state
Apr 30 02:26:46 imm-9-37-88-152 kernel: (null): Dropping TSO features since
no CSUM feature.
Apr 30 02:26:46 imm-9-37-88-152 kernel: (null): Dropping TSO6 features
since no CSUM feature.
Apr 30 02:26:46 imm-9-37-88-152 ovs-vsctl: ovs|00001|vsctl|INFO|Called
as /usr/bin/ovs-vsctl --timeout=120 del-port br-int qvod3ca0758-8f
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]: started, version 2.68
cachesize 150
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]: compile time options: IPv6
GNU-getopt DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset
auth
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]: LOUD WARNING: listening on
60.60.60.200 may accept requests via interfaces other than tapdb330b1c-6c
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]: LOUD WARNING: use
--bind-dynamic rather than --bind-interfaces to avoid DNS amplification
attacks via these interface(s)
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]: warning: no upstream
servers configured
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCP, static leases
only on 60.60.60.0, lease time 1d
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCP, sockets bound
exclusively to interface tapdb330b1c-6c
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/addn_hosts
- 2 addresses
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq-dhcp[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/host
Apr 30 02:26:49 imm-9-37-88-152 dnsmasq-dhcp[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/opts
Apr 30 02:30:40 imm-9-37-88-152 dnsmasq[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/addn_hosts
- 3 addresses
Apr 30 02:30:40 imm-9-37-88-152 dnsmasq-dhcp[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/host
Apr 30 02:30:40 imm-9-37-88-152 dnsmasq-dhcp[31049]:
read /var/lib/neutron/dhcp/0c4aa9c8-35b3-4509-859b-6cb2e74c623f/opts
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled rdmsr:
0x345
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x680 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x6c0 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x681 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x6c1 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x682 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x6c2 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x683 data 0
Apr 30 02:30:42 imm-9-37-88-152 kernel: kvm: 31581: cpu0 unhandled wrmsr:
0x6c3 data 0
Apr 30 02:30:45 imm-9-37-88-152 kernel: qbr60d8754c-a9: Dropping TSO
features since no CSUM feature.
Apr 30 02:30:45 imm-9-37-88-152 kernel: qbr60d8754c-a9: Dropping TSO6
features since no CSUM feature.
Apr 30 02:30:45 imm-9-37-88-152 NetworkManager[2172]:
<warn> /sys/devices/virtual/net/qvo60d8754c-a9: couldn't determine device
driver; ignoring...
Apr 30 02:30:45 imm-9-37-88-152 kernel: ADDRCONF(NETDEV_UP):
qvb60d8754c-a9: link is not ready
Apr 30 02:30:45 imm-9-37-88-152 NetworkManager[2172]:
<warn> /sys/devices/virtual/net/qvb60d8754c-a9: couldn't determine device
driver; ignoring...
Apr 30 02:30:45 imm-9-37-88-152 kernel: device qvb60d8754c-a9 entered
promiscuous mode
Apr 30 02:30:45 imm-9-37-88-152 kernel: ADDRCONF(NETDEV_CHANGE):
qvb60d8754c-a9: link becomes ready
Apr 30 02:30:45 imm-9-37-88-152 kernel: device qvo60d8754c-a9 entered
promiscuous mode
Apr 30 02:30:46 imm-9-37-88-152 kernel: (null): Dropping TSO features since
no CSUM feature.
Apr 30 02:30:46 imm-9-37-88-152 kernel: (null): Dropping TSO6 features
since no CSUM feature.
Apr 30 02:30:46 imm-9-37-88-152 kernel: 8021q: adding VLAN 0 to HW filter
on device qbr60d8754c-a9
Apr 30 02:30:46 imm-9-37-88-152 kernel: qbr60d8754c-a9: port 1
(qvb60d8754c-a9) entering forwarding state
Apr 30 02:30:46 imm-9-37-88-152 ovs-vsctl: ovs|00001|vsctl|INFO|Called
as /usr/bin/ovs-vsctl --timeout=120 -- --if-exists del-port qvo60d8754c-a9
-- add-port br-int qvo60d8754c-a9 -- set Interface qvo60d8754c-a9
external-ids:iface-id=60d8754c-a9be-407b-838f-6d596aa24d03
external-ids:iface-status=active
external-ids:attached-mac=fa:16:3e:4e:67:58
external-ids:vm-uuid=f7d2222b-c4d6-4577-b49c-6c57365697c1
Apr 30 02:30:46 imm-9-37-88-152 kernel: device tap60d8754c-a9 entered
promiscuous mode
Apr 30 02:30:46 imm-9-37-88-152 kernel: qbr60d8754c-a9: port 2
(tap60d8754c-a9) entering forwarding state
Apr 30 02:30:46 imm-9-37-88-152 NetworkManager[2172]:
<warn> /sys/devices/virtual/net/tap60d8754c-a9: couldn't determine device
driver; ignoring...
Apr 30 02:30:46 imm-9-37-88-152 qemu-kvm: Could not find keytab
file: /etc/qemu/krb5.tab: No such file or directory
Apr 30 02:30:47 imm-9-37-88-152 ovs-vsctl: ovs|00001|vsctl|INFO|Called
as /usr/bin/ovs-vsctl --timeout=10 set Port qvo60d8754c-a9 tag=4
Apr 30 02:30:48 imm-9-37-88-152 kernel: __ratelimit: 26 callbacks
suppressed
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled rdmsr:
0x345
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x680 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x6c0 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x681 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x6c1 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x682 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x6c2 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x683 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x6c3 data 0
Apr 30 02:30:48 imm-9-37-88-152 kernel: kvm: 31757: cpu0 unhandled wrmsr:
0x684 data 0
Apr 30 02:30:54 imm-9-37-88-152 kernel: __ratelimit: 60 callbacks
suppressed
Apr 30 02:30:54 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:31:00 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPDISCOVER
(tapdb330b1c-6c) fa:16:3e:4e:67:58
Apr 30 02:31:00 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPOFFER
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:31:00 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:31:00 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:31:18 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:31:28 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:31:28 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:31:53 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:32:03 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:32:03 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:32:34 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:32:44 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:32:44 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:32:57 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:33:04 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:33:04 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:33:20 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:33:28 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:33:28 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:33:48 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:33:55 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:33:55 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
Apr 30 02:34:30 imm-9-37-88-152 kernel: kvm: 31715: cpu0 unhandled wrmsr:
0x391 data 2000000f
Apr 30 02:35:09 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPREQUEST
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58
Apr 30 02:35:09 imm-9-37-88-152 dnsmasq-dhcp[31049]: DHCPACK
(tapdb330b1c-6c) 60.60.60.207 fa:16:3e:4e:67:58 host-60-60-60-207
After my exercise with vlan, I created a external network of type local and
using router I assigned a public IP to the VM which was created using
private VLAN network. I was only able to ping the public IP from controller
but not
from compute. I tried to ping an external IP from the VM but it failed.
With VLAN network I am able to proceed a little but with flat network its
still blocked. I want to create a VM with private flat network and then
assign the public IP using external network for providing internet access
to the VM.
Additional info:
(1) Compute node has RHEL 6.5 KVM
(2) The VM is deployed using Centos 6.5 image.
(3) The controller is hosted on RHEL 6.5
Regards,
Akash
From: Damon Wang <damon.devops at gmail.com>
To: Akash Gunjal/India/IBM at IBMIN,
Cc: "openstack at lists.openstack.org"
<openstack at lists.openstack.org>
Date: 04/30/2014 06:06 AM
Subject: Re: [Openstack] DHCP configuration with openvSwitch
Hi Akash,
Can you paste your log of /etc/message, normally, you'll see something like
this:
"Apr 27 09:21:48 gd60 dnsmasq-dhcp[8872]: DHCPREQUEST(tapce4121ff-d6)
192.168.220.6 fa:16:3e:21:1f:58
"Apr 27 09:21:48 gd60 dnsmasq-dhcp[8872]: DHCPACK(tapce4121ff-d6)
192.168.220.6 fa:16:3e:21:1f:58 host-192-168-220-6
"Apr 27 21:21:48 gd60 dnsmasq-dhcp[8872]: DHCPREQUEST(tapce4121ff-d6)
192.168.220.6 fa:16:3e:21:1f:58
"Apr 27 21:21:48 gd60 dnsmasq-dhcp[8872]: DHCPACK(tapce4121ff-d6)
192.168.220.6 fa:16:3e:21:1f:58 host-192-168-220-6"
Besides, try to check iptables, you can use raw table to trace data path in
iptables.
Hope it helps,
Damon
2014-04-30 2:05 GMT+08:00 Akash Gunjal <akgunjal at in.ibm.com>:
Hello,
I am using icehouse version for doing my network setup using openvSwitch
agent with ML2 plugin. I want to configure flat network with DHCP server
so
the IP gets assigned to the guest VMs after deployment. As part of this I
have started the dhcp and openvSwitch agents on my compute node and
created
a flat private network and deployed the virtual machine on the compute.
The
VM gets deployed but it fails to get the IP from the controller even
though
I see the IP assigned on the controller for that VM.
I see an error message on the VM boot up stating that its cannot connect
to
169.254.169.254
I see the dnsmasq process running on my compute node. Please point me to
the error here and if my dhcp setup is correct.
Regards,
Akash
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[attachment "pic04247.gif" deleted by Yu Xing YX Wang/China/IBM]
[attachment "pic27494.gif" deleted by Yu Xing YX Wang/China/IBM]
[attachment "pic11300.gif" deleted by Yu Xing YX Wang/China/IBM]
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic14710.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140505/1fd05d38/attachment.gif>
More information about the Openstack
mailing list