Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Hi, dough.

I just spent a lot of frustration getting this exact thing to work as well, so I hope I can share what worked for me. (Also taking this opportunity for my own sake to write down what actually worked.)

I am also using packstack on CentOS 7 (I didn't end up getting it to work correctly with devstack that I tried initially.)

Some of my terminology might be wrong since I'm still learning myself. Also, I might be missing a step or two, since this is from my (rather fresh) memory.

VirtualBox Networking Setup

First of all, I configured two network interfaces in VirtualBox, both of them bridged to my home LAN, the plan being to use the first NIC (enp0s3 in my setup) as the NIC for management and API traffic, and using the second nic (enp0s8 in my example) as an uplink to the OpenSwitch OVS into the physical network. In my lab (and probably in yours also) these should be the same, although they can be different.

I configured the second network interface to allow promiscious mode in VirtualBox. This is neccessary to allow VM traffic to work. This is done through the VM settings inside of the VirtualBox GUI.

Management / API network setup

You will need to setup a static IP address from one of your 5 addresses for use as your packstack box's IP address. This is accomplished using the standard methods on CentOS. On my machine, this is how my /etc/sysconfig/network-scripts/ifcfg-enp0s3 file looks:

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="enp0s3"
UUID="635501cf-47d5-47ab-96f1-8e2c5eac7eb1"
DEVICE="enp0s3"
ONBOOT="yes"
IPADDR="192.168.1.240"
PREFIX="24"
GATEWAY="192.168.1.1"
DNS1="192.168.1.1"
IPV6_PRIVACY="no"
[pvz@localhost ~]$

Neutron router / subnet setup

By default on Packstack, there is already a router1 router that is present, but uses the wrong subnet.

What you need to do is to create a new subnet, specifying the default gateway and netmask, as well as giving it the range of 5 IP addresses provided to you by your school. You'll need to use the openstack CLI for this. Before running the openstack cli, you'll need to source /root/keystonerc_admin.

To actually achieve this state in the CLI refer to the docs, instead I'll show you how my working setup works:

[root@localhost pvz(keystone_admin)]# openstack router list
+--------------------------------------+---------+--------+-------+-------------+-------+----------------------------------+
| ID                                   | Name    | Status | State | Distributed | HA    | Project                          |
+--------------------------------------+---------+--------+-------+-------------+-------+----------------------------------+
| 4b194196-b644-46b1-af1f-40825886c0a9 | router1 | ACTIVE | UP    | False       | False | a17f01bc783445f5b352209283f4cc02 |
+--------------------------------------+---------+--------+-------+-------------+-------+----------------------------------+
[root@localhost pvz(keystone_admin)]# openstack router show 4b194196-b644-46b1-af1f-40825886c0a9
+-------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field                   | Value                                                                                                                                                                                     |
+-------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up          | UP                                                                                                                                                                                        |
| availability_zone_hints |                                                                                                                                                                                           |
| availability_zones      | nova                                                                                                                                                                                      |
| created_at              | 2019-02-10T17:15:48Z                                                                                                                                                                      |
| description             |                                                                                                                                                                                           |
| distributed             | False                                                                                                                                                                                     |
| external_gateway_info   | {"network_id": "40083a3e-15c6-451d-9185-076c8cc4b055", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "295c727c-83a9-4fce-985d-0476f95fc387", "ip_address": "192.168.1.244"}]} |
| flavor_id               | None                                                                                                                                                                                      |
| ha                      | False                                                                                                                                                                                     |
| id                      | 4b194196-b644-46b1-af1f-40825886c0a9                                                                                                                                                      |
| interfaces_info         | [{"subnet_id": "467f2fa8-b1cb-40d5-b86b-3f029712faf4", "ip_address": "10.0.0.1", "port_id": "5aa4107a-711e-4c08-b0ec-e0a30de06718"}]                                                      |
| name                    | router1                                                                                                                                                                                   |
| project_id              | a17f01bc783445f5b352209283f4cc02                                                                                                                                                          |
| revision_number         | 9                                                                                                                                                                                         |
| routes                  |                                                                                                                                                                                           |
| status                  | ACTIVE                                                                                                                                                                                    |
| tags                    |                                                                                                                                                                                           |
| updated_at              | 2019-02-10T18:12:16Z                                                                                                                                                                      |
+-------------------------+----------------------------------------------------------------------------------------------------------------------

---------------------------------------------------------------------+
[root@localhost pvz(keystone_admin)]# openstack network list
+--------------------------------------+---------+--------------------------------------+
| ID                                   | Name    | Subnets                              |
+--------------------------------------+---------+--------------------------------------+
| 0be68353-6a91-4509-aa6d-56c9c173aecb | private | 467f2fa8-b1cb-40d5-b86b-3f029712faf4 |
| 40083a3e-15c6-451d-9185-076c8cc4b055 | public  | 295c727c-83a9-4fce-985d-0476f95fc387 |
+--------------------------------------+---------+--------------------------------------+
[root@localhost pvz(keystone_admin)]# openstack network show public
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2019-02-10T17:15:37Z                 |
| description               |                                      |
| dns_domain                | None                                 |
| id                        | 40083a3e-15c6-451d-9185-076c8cc4b055 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| is_default                | False                                |
| is_vlan_transparent       | None                                 |
| mtu                       | 1500                                 |
| name                      | public                               |
| port_security_enabled     | True                                 |
| project_id                | 2e7a4f44a17847d8ad413b01b3a88ef7     |
| provider:network_type     | flat                                 |
| provider:physical_network | extnet                               |
| provider:segmentation_id  | None                                 |
| qos_policy_id             | None                                 |
| revision_number           | 10                                   |
| router:external           | External                             |
| segments                  | None                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   | 295c727c-83a9-4fce-985d-0476f95fc387 |
| tags                      |                                      |
| updated_at                | 2019-02-10T19:03:36Z                 |
+---------------------------+--------------------------------------+

[root@localhost pvz(keystone_admin)]# openstack subnet list
+--------------------------------------+----------------+--------------------------------------+----------------+
| ID                                   | Name           | Network                              | Subnet         |
+--------------------------------------+----------------+--------------------------------------+----------------+
| 295c727c-83a9-4fce-985d-0476f95fc387 | public_subnet  | 40083a3e-15c6-451d-9185-076c8cc4b055 | 192.168.1.0/24 |
| 467f2fa8-b1cb-40d5-b86b-3f029712faf4 | private_subnet | 0be68353-6a91-4509-aa6d-56c9c173aecb | 10.0.0.0/24    |
+--------------------------------------+----------------+--------------------------------------+----------------+
[root@localhost pvz(keystone_admin)]# openstack subnet show 295c727c-83a9-4fce-985d-0476f95fc387
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| allocation_pools  | 192.168.1.241-192.168.1.254          |
| cidr              | 192.168.1.0/24                       |
| created_at        | 2019-02-10T18:05:29Z                 |
| description       |                                      |
| dns_nameservers   |                                      |
| enable_dhcp       | False                                |
| gateway_ip        | 192.168.1.1                          |
| host_routes       |                                      |
| id                | 295c727c-83a9-4fce-985d-0476f95fc387 |
| ip_version        | 4                                    |
| ipv6_address_mode | None                                 |
| ipv6_ra_mode      | None                                 |
| name              | public_subnet                        |
| network_id        | 40083a3e-15c6-451d-9185-076c8cc4b055 |
| project_id        | 2e7a4f44a17847d8ad413b01b3a88ef7     |
| revision_number   | 3                                    |
| segment_id        | None                                 |
| service_types     |                                      |
| subnetpool_id     | None                                 |
| tags              |                                      |
| updated_at        | 2019-02-10T19:03:36Z                 |
+-------------------+--------------------------------------+
[root@localhost pvz(keystone_admin)]#

The openstack CLI tool can edit (not just show) the settings. You'll need to use the openstack CLI to:

  • Create a new subnet on the public network, using the appropriate settings. (IMPORTANT: Make sure to put enable_dhcp=False or you might break your school network.)
  • Edit the router1 router to use your new subnet as its gateway.
  • Delete the old public subnet.

Before proceeding to the next step, poke through your setup and make sure that it looks fine. It's safe to poke around in this state, because we have not actually yet interconnected neutron with your school network.

Connect the OpenSwitch OVS to your physical interface

At this point, there is an OpenSwitch that's created on your VM that is connected to this public network. However, it is not actually connected to any physical network interface. To get this to work, I created a configuration for it under /etc/sysconfig/network-scripts/ifcfg-enp0s8 (in my case ifcfg-enp0s8 was the name of my second NIC):

DEVICE=enp0s8
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes

This will cause the enp0s8 NIC to become a port on the br-ex OVS Bridge (which is where public is connected). There's probably a way to get this configuration to be loaded immediately, but I just rebooted. You can verify that the config looks good by using the ovs-vsctl show command. Mine looks like this (only looking at the Bridge br-ex section):

    Bridge br-ex
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "enp0s8"
            Interface "enp0s8"
        Port br-ex
            Interface br-ex
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}

At this point, you should be good to go. In order to verify functionality, check the IP address of router1. (You'll find this under openstack router show router1, check under external_gateway_info -> external_fixed_ips -> subnetid -> ip_address). You should be able to ping this IP address from your openstack box, from your workstation, and from another machine on the same network.

Fix DNS resolution for instances

I noticed in my setup, I had to do an extra step to get DNS resolution to work properly. I found that I had to set dnsmasq_local_resolv = true inside /etc/neutron/dhcp_agent.ini.

Test with a workload!

After this, you should be able to start an instance inside of the demo project (which will connect it to the network that's already there). Make sure to edit the security group to permit SSH traffic from the outside for testing. Assign a floating IP (it should get it from the public subnet that you configured above) and then you should be able to reach that as well.

Done?

I hope this helps, and that you're able to get this working, and that maybe my struggles over the weekend to get the exact same thing working for myself is helpful for you also. :-)