Open Stack

Dear list,

i found the mistake by myself. i just had an inconsistent mapping in the 
section [linux_bridge] in the configuration option 
'physical_interface_mappings'. changed it to the correct settings. Now 
everything works as expected.



Am 29.01.2016 um 15:16 schrieb Joerg Streckfuss:
> Dear list,
>
> i got problems with a virtual router gateway ip.
>
> I setup a 3-node openstack-setup (one controller, two compute nodes),
> using liberty on centos7 carefully following the instructions under
> http://docs.openstack.org/liberty/install-guide-rdo/.
>
> I'm using self-service networks with one flat provider-network for
> external communication. I use VXLAN for overlay-networks. As mechanism
> drivers I use linuxbridge and l2population.
> I can create project-networks and initiate instances, with will get ips
> from the dhcp-server.
>
> So far, so good. When I try to create a virtual router to ssh to my vm,
> i can't ping the external gateway ip of the router on the controller node.
>
> As you can see the router has a gateway-port with an external ip
> (10.11.200.1). The second one is the ip from the project network:
>
> <snip>
> [root at controller ~]# source admin-openrc.sh
> [root at controller ~]# neutron router-port-list router
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
> | id                                   | name | mac_address       |
> fixed_ips
>              |
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
> | 89724c5b-d8eb-45ed-a45d-051412d9cf2d |      | fa:16:3e:71:d2:7c |
> {"subnet_id": "ec0d4301-53b2-4eab-90c9-a03e1b784717", "ip_address":
> "10.11.200.1"} |
> | b1aeaf23-1bae-4f63-899d-30a50513c3c1 |      | fa:16:3e:d1:df:2e |
> {"subnet_id": "fc6a8af9-c510-4665-a083-b190989f75de", "ip_address":
> "172.16.1.1"}  |
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
> <snap>
>
> This ip is not pingable neither from outside nor on the controller node.
> The needed netnamespaces are available:
>
> <snip>
> [root at controller ~]# ip netns show
> qrouter-7236dab3-6653-4df7-90cc-b441df2ae75d
> qdhcp-1ff83e09-1777-4d53-95d8-bc3251eddbb1
> qdhcp-b7e5b2dd-0b8c-43ab-911a-107bf23858d6
> <snap>
>
> But I can ping the ip inside the router namespace:
>
> <snip>
> [root at controller ~]# ip netns exec
> qrouter-7236dab3-6653-4df7-90cc-b441df2ae75d ping -c1 10.11.200.1
> PING 10.11.200.1 (10.11.200.1) 56(84) bytes of data.
> 64 bytes from 10.11.200.1: icmp_seq=1 ttl=64 time=0.049 ms
> <snap>
>
> In /var/log/neutron/server.log I found the following interesting logs
> when creating the external provider network:
>
> <snip>
> 2016-01-29 13:35:58.842 8337 ERROR neutron.plugins.ml2.managers
> [req-6502530b-eb91-4c1d-85db-5555c9820e62 - - - - -] Failed to bind port
> 041d3057-44a1-4aa5-ba00-aa97a28b3d64 on host
> controller.openstack.dfn-cert.de
> 2016-01-29 13:35:58.842 8337 ERROR neutron.plugins.ml2.managers
> [req-6502530b-eb91-4c1d-85db-5555c9820e62 - - - - -] Failed to bind port
> 041d3057-44a1-4aa5-ba00-aa97a28b3d64 on host
> controller.openstack.dfn-cert.de
> 2016-01-29 13:35:58.864 8337 INFO neutron.plugins.ml2.plugin
> [req-6502530b-eb91-4c1d-85db-5555c9820e62 - - - - -] Attempt 2 to bind
> port 041d3057-44a1-4aa5-ba00-aa97a28b3d64
> 2016-01-29 13:36:00.230 8337 WARNING neutron.plugins.ml2.rpc
> [req-de947767-5bba-43f9-9313-26941c0a24d9 - - - - -] Device
> tap041d3057-44 requested by agent lb00221954bc3f on network
> 1ff83e09-1777-4d53-95d8-bc3251eddbb1 not
> bound, vif_type: binding_failed
> <snap>
>
> Here are the relevant configs:
>
> <snip>
> # cat /etc/neutron/plugins/ml2/ml2_conf.ini
> [ml2]
> type_drivers = flat,vlan,vxlan
> tenant_network_types = vxlan
> mechanism_drivers = linuxbridge,l2population
> extension_drivers = port_security
>
> [ml2_type_flat]
> flat_networks = testnet
>
> [ml2_type_vxlan]
> vni_ranges = 1:1000
>
> [securitygroup]
> enable_ipset = True
> <snap>
>
> <snip>
> # cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
> [linux_bridge]
> physical_interface_mappings = testnet:eth0
>
> [vxlan]
> enable_vxlan = True
> local_ip = 192.168.0.1
> l2_population = True
>
> [agent]
> prevent_arp_spoofing = True
>
> [securitygroup]
> enable_security_group = True
> firewall_driver =
> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
> <snap>
>
> I guess there is somthing broken with a missing bridge. Perhaps a bridge
> which connects to the external, physical interface eth0.
>
> When list the bridges on the controller I got this:
>
> <snip>
> [root at controller ~]# brctl show
> bridge name     bridge id               STP enabled     interfaces
> brqb7e5b2dd-0b          8000.0285d4793974       no      tap1f5c2967-bd
>                                                           tapb1aeaf23-1b
>                                                           vxlan-55
> <snap>
>
> As I mentioned I'm missing the external device eth0, which points to the
> external net.
>
> somebody has an idea about this?
>
> Many thanks in advance!
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>