Ask Your Question
0

Attach instance to Provider Network

asked 2017-07-05 12:48:45 -0500

Micha gravatar image

updated 2017-07-06 03:01:25 -0500

Hi all together,

I have a working Openstack Newton Cluster, running on Ubuntu 16.04.

I'm using OpenVSwitch for networking in general and VLAN for provider networks, VXLAN for tenant networks.

/etc/neutron/plugins/ml2/ml2 config.ini

[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security,dns
path_mtu = 9000
[ml2_type_flat]
flat_networks = *
[ml2_type_vlan]
network_vlan_ranges = vlannet:2003:2004
[ml2_type_vxlan]
vni_ranges = 65000:69999
[securitygroup]
firewall_driver = iptables_hybrid
enable_security_group = true
enable_ipset = true
--------------------------------------------------------------
/etc/neutron/plugins/ml2/openvswitch.ini

[DEFAULT]
[agent]
tunnel_types = vxlan
l2_population = true
[ovs]
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 192.168.2.41
bridge_mappings = vlannet:br-ex
[securitygroup]
firewall_driver = iptables_hybrid
enable_security_group = true
enable_ipset = true

I now created two networks:

neutron net-create Externes-Netz --provider:network_type vlan --provider:physical_network vlannet --router:external true --provider:segmentation_id 2003
neutron subnet-create Externes-Netz --disable-dhcp --ip-version 4 --gateway 192.168.10.1 --allocation-pool start=192.168.10.10,end=192.168.10.20 192.168.10.0/24

neutron net-create VPN-Netz --shared --provider:network_type vlan --provider:physical_network vlannet --router:external true --provider:segmentation_id 2004
neutron subnet-create VPN-Netz --enable-dhcp --ip-version 4 --gateway 10.10.0.1 --allocation-pool start=10.10.0.10,end=10.10.0.20 10.10.0.0/24

While connecting to 'Externes-Netz' should happen via Router and a tenant network (which works absolutly fine btw, including floating IPs), I want to connect instances directly to the 'VPN-Netz' since they will be reachable from a VPN without floating IPs. A for testing purposes created router on that network can ping reached via ping from the vpn net, which lets me think that the network side is fine.

However, I can't connect instances directly to the VPN-Netz. While I can use my regular user (not admin) to create a port, attaching a VM to it will fail with message': u'No valid host was found. There are not enough hosts available.', u'code': 500, u'created': u'2017-07-05T17:38:14Z

Can anyone give me a hint where to find the error? Log files are leaving me clueless too:

/var/log/nova/nova-compute.log

2017-07-05 19:38:11.689 1659 ERROR nova.compute.manager [req-3c336082-4b94-4598-9a8c-84b639921b74 3518016355da4f8e91b1b568f580fa6d d091b5e5309541b38897bd584833df30 - - -] Instance failed network setup after 1 attempt(s)
2017-07-05 19:38:11.689 1659 ERROR nova.compute.manager Traceback (most recent call last):
2017-07-05 19:38:11.689 1659 ERROR nova.compute.manager   File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 1401, in _allocate_network_async
2017-07-05 19:38:11.689 1659 ERROR nova.compute.manager     bind_host_id=bind_host_id)
2017-07-05 19:38:11.689 1659 ERROR nova.compute.manager   File "/usr/lib/python2.7/dist-packages/nova/network/neutronv2/api.py", line 881, in allocate_for_instance
2017-07-05 19:38:11.689 1659 ERROR nova.compute.manager     bind_host_id, dhcp_opts, available_macs)
2017-07-05 19:38:11.689 1659 ERROR nova.compute.manager   File "/usr/lib/python2.7/dist-packages/nova/network/neutronv2/api.py", line 1000, in _update_ports_for_instance
2017-07-05 19:38:11.689 1659 ERROR nova.compute.manager     vif.destroy()
2017-07-05 19:38:11.689 1659 ERROR nova.compute.manager   File "/usr/lib/python2 ...
(more)
edit retag flag offensive close merge delete

Comments

1

No messages about port id d76b153... anywhere else? Did you check the openvswitchagent log on the compute node?

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-05 17:52:59 -0500 )edit

Thank you for your input. I added some output to the initial post due the character limitation in the comment section :)

Micha gravatar imageMicha ( 2017-07-06 03:01:52 -0500 )edit

Yes, you need br-ex. See instructions. Instead of br-ex, the external bridge is named br-provider.

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-06 03:37:25 -0500 )edit
1

Ohhhhh, networking just got so much clearer to me. Awesome Bernd. I'ld like this to add a general Thank you for the amount of knowledge and tips you provide here. People like you are the reason I love working with OS projects rather than dark magic like Oracle or SAP <3

Micha gravatar imageMicha ( 2017-07-06 04:26:03 -0500 )edit

Grin. Well, I may not know much, but I know where to find info.

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-06 05:57:46 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-07-06 11:52:43 -0500

Micha gravatar image

It's working now - awesome, thank to Bernd Bausch! I created a br-ex, added the needed cfg parameters to the openvswitch-agent.ini/ml2_conf.ini and created the patch ports towards the int interface. And now, everything works like a charm - wonderful :)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2017-07-05 12:48:45 -0500

Seen: 412 times

Last updated: Jul 06 '17