Ask Your Question
0

OpenStack "allinone" deployment using VLAN instead of local networks

asked 2015-04-29 10:39:42 -0500

holger-king gravatar image

updated 2015-04-30 03:11:05 -0500

Dear RDO community,

is there a possibility to allow the usage of VLAN tenant network segmentation when deploying OpenStack RDO via a custom packstack answer file where controller and compute hosts are running on the same host (= allinone)?

We tried with https://drive.google.com/file/d/0B6btT4vDRIz_Tjh3RGhIbGFjSGM/view?usp=sharing (the following) configuration file but could not get a CIRROS instance started properly as we get the following exception:

2015-04-29 15:41:20.738 2094 ERROR nova.scheduler.utils [req-80f4dafc-16ec-4c94-aeb0-896d2e47c330 None] [instance: be61eb85-7f86-494e-a095-9df274cc9500] Err or from last host: rb-openstack-d (node rb-openstack-d.de.bosch.com): [u'Traceback (most recent call last):\n', u'  File "/usr/lib/python2.7/site-packages/n ova/compute/manager.py", line 2033, in
_do_build_and_run_instance\n    filter_properties)\n', u'  File "/usr/lib/python2.7/site-packages/nova/compute/manage r.py", line 2164, in
_build_and_run_instance\n    instance_uuid=instance.uuid, reason=six.text_type(e))\n', u'RescheduledException: Build of instance be61eb 85-7f86-494e-a095-9df274cc9500 was re-scheduled: Unexpected vif_type=binding_failed\n']

Maybe there is a misconfiguration that leads to that effect although the deployment ended successfully.

The net topology looks like the following on the "localhost":

  • "eth0" -> connected with "br-ex"
  • "lo" (Loopback device) -> connected with "br-lo" (using a the physical network label "gw-bcn", see the configuration directives "CONFIG_NEUTRON_OVS_BRIDGE_IFACES" and "CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS")

The VLAN setting are done via "CONFIG_NEUTRON_ML2_TYPE_DRIVERS", "CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES" and ""CONFIG_NEUTRON_ML2_VLAN_RANGES".

The OpenStack packstack and OpenvSwitch packages we use on a RHEL 7.1 box are:

  • dnsmasq-2.66-13.el7_1.x86_64
  • openstack-packstack-2014.2-0.23.dev1468.gd049ea9.el7.noarch.rpm
  • openstack-packstack-puppet-2014.2-0.23.dev1468.gd049ea9.el7.noarch.rpm
  • openstack-puppet-modules-2014.2.15-1.el7.noarch.rpm
  • openvswitch-2.3.1-2.el7.x86_64

Your help is highly appreaciated :-)

edit retag flag offensive close merge delete

Comments

Could you upload to some place your answer-file ? Using "lo" doesn't look to me as a good idea.

andrew.shvartz gravatar imageandrew.shvartz ( 2015-04-29 12:31:24 -0500 )edit

Dear community,

after having terminated and re-created the instance the above problem with its Python exception has gone! But it re-occurs when restarting the host. Why?

@andrew.shvartz: The answer file has been uploaded as marked in the question above.

holger-king gravatar imageholger-king ( 2015-04-29 12:32:07 -0500 )edit

Now the problem is, I cannot route between the provider and the tenant net. When trying to show the NAT table for the qrouter namespace the command output blocks and does not show the NAT content :(

ip netns exec qrouter-03b237e5-8e7d-4298-bb2e-4443b007cf6e iptables -t nat -L

Any ideas?

holger-king gravatar imageholger-king ( 2015-04-29 13:07:37 -0500 )edit

If you are running firewalld attempt to switch to ipv4 iptables firewall . Details here :-
https://ask.openstack.org/en/question...

dbaxps gravatar imagedbaxps ( 2015-04-30 03:17:00 -0500 )edit

Default packstack install takes care of firewalld tuning for Juno. I am not sure that yours approach tuned firewalld, then service iptables save won't provide correct switching. Just try && check /etc/sysconfig/iptables after command above before starting service iptables.

dbaxps gravatar imagedbaxps ( 2015-04-30 03:24:44 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-05-06 07:51:12 -0500

dbaxps gravatar image

updated 2015-05-06 08:01:27 -0500

Finally you wrote :-

Is there a way to allow VLAN technology being used when deploying RDO via a custom packstack answer file where the controller and compute nodes stay on one single host (=localhost)? Currently, it seems to be problematic - escpecially in cases of "iptables" rules.

At the moment follow https://www.rdoproject.org/RDO_test_d...
Run:-

packstack --answer-file= --> press enter
packstack will ask you a lot of question , in particular IP's of controller,network,compute nodes, which type of driver flat,gre,vlan,vxlan you intend to setup and so on .. and so on .. finally will show a table been built based on your answers ( actually prepared answer-file) and prompt you proceed with settings been setup per your responses or no ?

It will also take care of switching from firewalld to ipv4 iptables firewall. On my system packstack just completed multi node deployment :-

[root@ip-192-169-142-127 ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: inactive (dead)

May 06 14:10:56 ip-192-169-142-127.ip.secureserver.net systemd[1]: Starting firewalld - dynami...
May 06 14:10:57 ip-192-169-142-127.ip.secureserver.net systemd[1]: Started firewalld - dynamic...
May 06 14:45:54 ip-192-169-142-127.ip.secureserver.net systemd[1]: Stopping firewalld - dynami...
May 06 14:45:55 ip-192-169-142-127.ip.secureserver.net systemd[1]: Stopped firewalld - dynamic...
Hint: Some lines were ellipsized, use -l to show in full.
[root@ip-192-169-142-127 ~]# systemctl status iptables
iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
   Active: active (exited) since Wed 2015-05-06 14:46:05 MSK; 1h 0min ago
 Main PID: 19307 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/iptables.service

May 06 14:46:05 ip-192-169-142-127.ip.secureserver.net systemd[1]: Starting IPv4 firewall with...
May 06 14:46:05 ip-192-169-142-127.ip.secureserver.net iptables.init[19307]: iptables: Applyin...
May 06 14:46:05 ip-192-169-142-127.ip.secureserver.net systemd[1]: Started IPv4 firewall with ...
Hint: Some lines were ellipsized, use -l to show in full.
edit flag offensive delete link more

Comments

I suggest your generate answer-file for RDO Juno ML2&OVS&VLAN deployment via packstack, rather then then pick it up from some location as you did. Am I correct ?

dbaxps gravatar imagedbaxps ( 2015-05-06 12:09:32 -0500 )edit

No offence, my trust to https://drive.google.com/file/d/0B6bt... is equal zero

dbaxps gravatar imagedbaxps ( 2015-05-06 12:11:56 -0500 )edit

We just retried the re-creation of an instance - and now it worked - event with the local VLAN network usage. So, this problem is solved! What really helped? Unclear :(

holger-king gravatar imageholger-king ( 2015-05-06 12:15:21 -0500 )edit

What works ? ip netns exec qrouter-xxxxxx iptables -t nat -L (-S) ?
It was your last complain , first was dnsmasq issue ( fixed via logging enabled ;)). I stop follow you.

dbaxps gravatar imagedbaxps ( 2015-05-06 13:04:38 -0500 )edit

Dear "dbaxps",

now, the execution of the command "ip netns exec qrouter-xxxxx iptables -t nat -L" does work again.

The problem regarding the DHCP has been adressed here: https://ask.openstack.org/en/question/65860/dhcp-discover-requests-not-answered/ (https://ask.openstack.org/en/question...)

and is solved when enabling the log.

holger-king gravatar imageholger-king ( 2015-05-10 15:10:59 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-04-29 10:39:42 -0500

Seen: 846 times

Last updated: May 06 '15