Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

External network and floating IPs

Hello,

I'm going to install a Openstack cloud using "packstack" in the following scenario: a server that will act as controller node and network node simultaniously, with 3 NICs. First NIC has (and-need-to-has) a public IP and will be connected into the management network (yes, management network with public IP); second NIC will be for VM data; third NIC will be for external network (floating IPs) but, in this case, this external network need to be (must be) a subnet from my management network because as I have explained before, my management network is also public network. two compute nodes with 2 NICs. First NIC connected to the management network (and, also, with public IPs); second NIC for VM data.

With this answer file:

> CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
> CONFIG_DEFAULT_PASSWORD=MYPASSWORD
> CONFIG_MARIADB_INSTALL=y
> CONFIG_GLANCE_INSTALL=y
> CONFIG_CINDER_INSTALL=n
> CONFIG_MANILA_INSTALL=n
> CONFIG_NOVA_INSTALL=y
> CONFIG_NEUTRON_INSTALL=y
> CONFIG_HORIZON_INSTALL=y
> CONFIG_SWIFT_INSTALL=n
> CONFIG_CEILOMETER_INSTALL=n
> CONFIG_HEAT_INSTALL=n
> CONFIG_SAHARA_INSTALL=n
> CONFIG_TROVE_INSTALL=n
> CONFIG_IRONIC_INSTALL=n
> CONFIG_CLIENT_INSTALL=y
> CONFIG_NTP_SERVERS=ntp-server
> CONFIG_NAGIOS_INSTALL=n
> EXCLUDE_SERVERS= CONFIG_DEBUG_MODE=n
> CONFIG_CONTROLLER_HOST=CONTROLLER
> CONFIG_COMPUTE_HOSTS=COMPUTE-1,COMPUTE-2
> CONFIG_NETWORK_HOSTS=CONTROLLER
> CONFIG_VMWARE_BACKEND=n
> CONFIG_UNSUPPORTED=n
> CONFIG_VCENTER_HOST=
> CONFIG_VCENTER_USER=
> CONFIG_VCENTER_PASSWORD=
> CONFIG_VCENTER_CLUSTER_NAME=
> CONFIG_STORAGE_HOST=CONTROLLER
> CONFIG_SAHARA_HOST=CONTROLLER
> CONFIG_USE_EPEL=n CONFIG_REPO=
> CONFIG_RH_USER= CONFIG_SATELLITE_URL=
> CONFIG_RH_PW= CONFIG_RH_OPTIONAL=y
> CONFIG_RH_PROXY= CONFIG_RH_PROXY_PORT=
> CONFIG_RH_PROXY_USER=
> CONFIG_RH_PROXY_PW=
> CONFIG_SATELLITE_USER=
> CONFIG_SATELLITE_PW=
> CONFIG_SATELLITE_AKEY=
> CONFIG_SATELLITE_CACERT=
> CONFIG_SATELLITE_PROFILE=
> CONFIG_SATELLITE_FLAGS=
> CONFIG_SATELLITE_PROXY=
> CONFIG_SATELLITE_PROXY_USER=
> CONFIG_SATELLITE_PROXY_PW=
> CONFIG_AMQP_BACKEND=rabbitmq
> CONFIG_AMQP_HOST=CONTROLLER
> CONFIG_AMQP_ENABLE_SSL=n
> CONFIG_AMQP_ENABLE_AUTH=n
> CONFIG_AMQP_NSS_CERTDB_PW=PW_PLACEHOLDER
> CONFIG_AMQP_SSL_PORT=5671
> CONFIG_AMQP_SSL_CACERT_FILE=/etc/pki/tls/certs/amqp_selfcert.pem
> CONFIG_AMQP_SSL_CERT_FILE=/etc/pki/tls/certs/amqp_selfcert.pem
> CONFIG_AMQP_SSL_KEY_FILE=/etc/pki/tls/private/amqp_selfkey.pem CONFIG_AMQP_SSL_SELF_SIGNED=y
> CONFIG_AMQP_AUTH_USER=amqp_user
> CONFIG_AMQP_AUTH_PASSWORD=PW_PLACEHOLDER
> CONFIG_MARIADB_HOST=CONTROLLER
> CONFIG_MARIADB_USER=root
> CONFIG_MARIADB_PW=MYPASSWORD
> CONFIG_KEYSTONE_DB_PW=MYPASSWORD
> CONFIG_KEYSTONE_REGION=RegionOne
> CONFIG_KEYSTONE_ADMIN_TOKEN=3f87ef703c8443e0bffea9f14c49a615
> CONFIG_KEYSTONE_ADMIN_EMAIL=root@localhost
> CONFIG_KEYSTONE_ADMIN_USERNAME=admin
> CONFIG_KEYSTONE_ADMIN_PW=password
> CONFIG_KEYSTONE_DEMO_PW=demo
> CONFIG_KEYSTONE_API_VERSION=v2.0
> CONFIG_KEYSTONE_TOKEN_FORMAT=UUID
> CONFIG_KEYSTONE_SERVICE_NAME=httpd
> CONFIG_KEYSTONE_IDENTITY_BACKEND=sql
> CONFIG_KEYSTONE_LDAP_URL=ldap://CONTROLLER
> CONFIG_KEYSTONE_LDAP_USER_DN=
> CONFIG_KEYSTONE_LDAP_USER_PASSWORD=
> CONFIG_KEYSTONE_LDAP_SUFFIX=
> CONFIG_KEYSTONE_LDAP_QUERY_SCOPE=one
> CONFIG_KEYSTONE_LDAP_PAGE_SIZE=-1
> CONFIG_KEYSTONE_LDAP_USER_SUBTREE=
> CONFIG_KEYSTONE_LDAP_USER_FILTER=
> CONFIG_KEYSTONE_LDAP_USER_OBJECTCLASS=
> CONFIG_KEYSTONE_LDAP_USER_ID_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_USER_NAME_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE= CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK=-1
> CONFIG_KEYSTONE_LDAP_USER_ENABLED_DEFAULT=TRUE
> CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT=n
> CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE=
> CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE=n
> CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE=n
> CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE=n
> CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN=
> CONFIG_KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING=
> CONFIG_KEYSTONE_LDAP_GROUP_SUBTREE=
> CONFIG_KEYSTONE_LDAP_GROUP_FILTER=
> CONFIG_KEYSTONE_LDAP_GROUP_OBJECTCLASS=
> CONFIG_KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE= CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE= CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE=n
> CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE=n
> CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE=n
> CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING=
> CONFIG_KEYSTONE_LDAP_USE_TLS=n
> CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR=
> CONFIG_KEYSTONE_LDAP_TLS_CACERTFILE=
> CONFIG_KEYSTONE_LDAP_TLS_REQ_CERT=demand
> CONFIG_GLANCE_DB_PW=MYPASSWORD
> CONFIG_GLANCE_KS_PW=MYPASSWORD
> CONFIG_GLANCE_BACKEND=file
> CONFIG_CINDER_DB_PW=PW_PLACEHOLDER
> CONFIG_CINDER_KS_PW=PW_PLACEHOLDER
> CONFIG_CINDER_BACKEND=lvm
> CONFIG_CINDER_VOLUMES_CREATE=y
> CONFIG_CINDER_VOLUMES_SIZE=20G
> CONFIG_CINDER_GLUSTER_MOUNTS=
> CONFIG_CINDER_NFS_MOUNTS=
> CONFIG_CINDER_NETAPP_LOGIN=
> CONFIG_CINDER_NETAPP_PASSWORD=
> CONFIG_CINDER_NETAPP_HOSTNAME=
> CONFIG_CINDER_NETAPP_SERVER_PORT=80
> CONFIG_CINDER_NETAPP_STORAGE_FAMILY=ontap_cluster
> CONFIG_CINDER_NETAPP_TRANSPORT_TYPE=http
> CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL=nfs
> CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER=1.0
> CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES=720
> CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START=20
> CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP=60
> CONFIG_CINDER_NETAPP_NFS_SHARES=
> CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG=/etc/cinder/shares.conf CONFIG_CINDER_NETAPP_VOLUME_LIST=
> CONFIG_CINDER_NETAPP_VFILER=
> CONFIG_CINDER_NETAPP_PARTNER_BACKEND_NAME=
> CONFIG_CINDER_NETAPP_VSERVER=
> CONFIG_CINDER_NETAPP_CONTROLLER_IPS=
> CONFIG_CINDER_NETAPP_SA_PASSWORD=
> CONFIG_CINDER_NETAPP_ESERIES_HOST_TYPE=linux_dm_mp
> CONFIG_CINDER_NETAPP_WEBSERVICE_PATH=/devmgr/v2
> CONFIG_CINDER_NETAPP_STORAGE_POOLS=
> CONFIG_MANILA_DB_PW=PW_PLACEHOLDER
> CONFIG_MANILA_KS_PW=PW_PLACEHOLDER
> CONFIG_MANILA_BACKEND=generic
> CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS=false
> CONFIG_MANILA_NETAPP_TRANSPORT_TYPE=https
> CONFIG_MANILA_NETAPP_LOGIN=admin
> CONFIG_MANILA_NETAPP_PASSWORD=
> CONFIG_MANILA_NETAPP_SERVER_HOSTNAME=
> CONFIG_MANILA_NETAPP_STORAGE_FAMILY=ontap_cluster
> CONFIG_MANILA_NETAPP_SERVER_PORT=443
> CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN=(.*)
> CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE=
> CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME=root
> CONFIG_MANILA_NETAPP_VSERVER=
> CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS=true
> CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE=manila-share-%s
> CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH=/shares
> CONFIG_MANILA_SERVICE_IMAGE_LOCATION=https://www.dropbox.com/s/vi5oeh10q1qkckh/ubuntu_1204_nfs_cifs.qcow2
> CONFIG_MANILA_SERVICE_INSTANCE_USER=ubuntu
> CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD=ubuntu
> CONFIG_MANILA_NETWORK_TYPE=neutron
> CONFIG_MANILA_NETWORK_STANDALONE_GATEWAY=
> CONFIG_MANILA_NETWORK_STANDALONE_NETMASK=
> CONFIG_MANILA_NETWORK_STANDALONE_SEG_ID=
> CONFIG_MANILA_NETWORK_STANDALONE_IP_RANGE=
> CONFIG_MANILA_NETWORK_STANDALONE_IP_VERSION=4
> CONFIG_IRONIC_DB_PW=PW_PLACEHOLDER
> CONFIG_IRONIC_KS_PW=PW_PLACEHOLDER
> CONFIG_NOVA_DB_PW=MYPASSWORD
> CONFIG_NOVA_KS_PW=MYPASSWORD
> CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0
> CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
> CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL=tcp
> CONFIG_NOVA_COMPUTE_MANAGER=nova.compute.manager.ComputeManager
> CONFIG_NOVA_COMPUTE_PRIVIF=eth1
> CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
> CONFIG_NOVA_NETWORK_PUBIF=eth0
> CONFIG_NOVA_NETWORK_PRIVIF=eth1
> CONFIG_NOVA_NETWORK_FIXEDRANGE=192.168.32.0/22
# really, I don't know if I need to change that range because I will use Neutron and not nova-network !?!?!?!
> CONFIG_NOVA_NETWORK_FLOATRANGE=10.3.4.0/22
# really, I don't know if I need to change that range because I will use Neutron and not nova-network !?!?!?!
> CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=n
> CONFIG_NOVA_NETWORK_VLAN_START=100
> CONFIG_NOVA_NETWORK_NUMBER=1
> CONFIG_NOVA_NETWORK_SIZE=255
> CONFIG_NEUTRON_KS_PW=MYPASSWORD
> CONFIG_NEUTRON_DB_PW=MYPASSWORD
> CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
> CONFIG_NEUTRON_METADATA_PW=MYPASSWORD
> CONFIG_LBAAS_INSTALL=n
> CONFIG_NEUTRON_METERING_AGENT_INSTALL=n
> CONFIG_NEUTRON_FWAAS=n
> CONFIG_NEUTRON_ML2_TYPE_DRIVERS=gre
> CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=gre
> CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
> CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
> CONFIG_NEUTRON_ML2_VLAN_RANGES=
> CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES=1:1000
> CONFIG_NEUTRON_ML2_VXLAN_GROUP=
> CONFIG_NEUTRON_ML2_VNI_RANGES=10:100
> CONFIG_NEUTRON_L2_AGENT=openvswitch
> CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
> CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=
> CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
> CONFIG_NEUTRON_OVS_TUNNEL_IF=
> CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789
> CONFIG_HORIZON_SSL=n CONFIG_SSL_CERT=
> CONFIG_SSL_KEY= CONFIG_SSL_CACHAIN=
> CONFIG_SWIFT_KS_PW=PW_PLACEHOLDER
> CONFIG_SWIFT_STORAGES=
> CONFIG_SWIFT_STORAGE_ZONES=1
> CONFIG_SWIFT_STORAGE_REPLICAS=1
> CONFIG_SWIFT_STORAGE_FSTYPE=ext4
> CONFIG_SWIFT_HASH=fc48236bdc424e7a
> CONFIG_SWIFT_STORAGE_SIZE=2G
> CONFIG_HEAT_DB_PW=PW_PLACEHOLDER
> CONFIG_HEAT_AUTH_ENC_KEY=9718cd51c52d47fd
> CONFIG_HEAT_KS_PW=PW_PLACEHOLDER
> CONFIG_HEAT_CLOUDWATCH_INSTALL=n
> CONFIG_HEAT_CFN_INSTALL=n
> CONFIG_HEAT_DOMAIN=heat
> CONFIG_HEAT_DOMAIN_ADMIN=heat_admin
> CONFIG_HEAT_DOMAIN_PASSWORD=PW_PLACEHOLDER
> CONFIG_PROVISION_DEMO=y
> CONFIG_PROVISION_TEMPEST=n
> CONFIG_PROVISION_DEMO_FLOATRANGE=X.Y.Z.189/29
# a small subnet from my public network. Controller IP is X.Y.Z.173/20, but eth0 will have a route table and eth2 will be down and only for br-ex bridge, isn't it?
> CONFIG_PROVISION_IMAGE_NAME=cirros
> CONFIG_PROVISION_IMAGE_URL=http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
> CONFIG_PROVISION_IMAGE_FORMAT=qcow2
> CONFIG_PROVISION_IMAGE_SSH_USER=cirros
> CONFIG_PROVISION_TEMPEST_USER=
> CONFIG_PROVISION_TEMPEST_USER_PW=PW_PLACEHOLDER
> CONFIG_PROVISION_TEMPEST_FLOATRANGE=172.24.4.224/28
# I have not modified that value...
> CONFIG_PROVISION_TEMPEST_REPO_URI=https://github.com/openstack/tempest.git
> CONFIG_PROVISION_TEMPEST_REPO_REVISION=master
> CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE=y
> CONFIG_CEILOMETER_SECRET=51d90381bb934f41
> CONFIG_CEILOMETER_KS_PW=PW_PLACEHOLDER
> CONFIG_CEILOMETER_COORDINATION_BACKEND=redis CONFIG_MONGODB_HOST=CONTROLLER
> CONFIG_REDIS_MASTER_HOST=CONTROLLER
> CONFIG_REDIS_PORT=6379
> CONFIG_REDIS_HA=n
> CONFIG_REDIS_SLAVE_HOSTS=
> CONFIG_REDIS_SENTINEL_HOSTS=
> CONFIG_REDIS_SENTINEL_CONTACT_HOST=
> CONFIG_REDIS_SENTINEL_PORT=26379
> CONFIG_REDIS_SENTINEL_QUORUM=2
> CONFIG_REDIS_MASTER_NAME=mymaster
> CONFIG_SAHARA_DB_PW=PW_PLACEHOLDER
> CONFIG_SAHARA_KS_PW=PW_PLACEHOLDER
> CONFIG_TROVE_DB_PW=PW_PLACEHOLDER
> CONFIG_TROVE_KS_PW=PW_PLACEHOLDER
> CONFIG_TROVE_NOVA_USER=admin
> CONFIG_TROVE_NOVA_TENANT=services
> CONFIG_TROVE_NOVA_PW=PW_PLACEHOLDER
> CONFIG_NAGIOS_PW=PW_PLACEHOLDER

After executing "packstack", controller (that is network) node has these brigdes:

> Bridge br-int
>     fail_mode: secure
>     Port "tap7a58eb54-db"
>         tag: 1
>         Interface "tap7a58eb54-db"
>             type: internal
>     Port "qr-7c71c26f-50"
>         tag: 1
>         Interface "qr-7c71c26f-50"
>             type: internal
>     Port br-int
>         Interface br-int
>             type: internal
>     Port patch-tun
>         Interface patch-tun
>             type: patch
>             options: {peer=patch-int}
>     Port "qr-32438720-05"
>         tag: 1
>         Interface "qr-32438720-05"
>             type: internal Bridge br-ex
>     Port br-ex
>         Interface br-ex
>             type: internal Bridge br-tun
>     fail_mode: secure
>     Port "gre-9e6d41b1"
>         Interface "gre-9e6d41b1"
>             type: gre
>             options: {df_default="true", in_key=flow, local_ip="CONTROLLER", out_key=flow, remote_ip="COMPUTE-1"}
>     Port br-tun
>         Interface br-tun
>             type: internal
>     Port patch-int
>         Interface patch-int
>             type: patch
>             options: {peer=patch-tun}
>     Port "gre-9e6d41b2"
>         Interface "gre-9e6d41b2"
>             type: gre
>             options: {df_default="true", in_key=flow, local_ip="CONTROLLER", out_key=flow, remote_ip="COMPUTE-2"}

As you can see, there is no port "eth2" in br-ex ?!?!?!

Then, if I launch an instance with only private network, all works fine. But if I try to add a floating IP to that instace, IP is added correctly but that IP address is unreacheable. It seems there is no system (controller/network neither computes) that "takes" that IP address. I suppose problem is with br-ex... or routing table for the external network, but now I'm very confused and I need HELP.

Please, could you help me?

Thanks.