Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Two-node RDO install with bridged external networking not working

OS=Linux Distro=CentOS7

I used RDO to set up a lab with two systems running inside of KVM; one compute node and a 'control' system running neutron, glance, keystone, horizon, etc. Each system has two network interfaces, eth0 and eth1, both on the same network: 192.168.122.0/24 On each server eth0 is assigned a static IP address and is used for management traffic. eth1 is for Neutron, and currently does not have an IP configuration on either host I want to assign eth1 to an OVS bridge named br-ex, which RDO installed by default, and have instances created on the compute node to be assigned IP addresses by the DHCP server running on my lab network, not by a router within OpenStack. As I understand it, this is referred to as a "service provider" network.

I ran the following on my 'control' node to associate eth1 with br-ex: ovs-vsctl add-port br-ex eth1

br-ex shows the following now:

Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth1"
        Interface "eth1"

I changed ifcfg-eth1 to look like this:

DEVICE=eth1
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes

And changed ifcfg-br-ex to look like this:

DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
ONBOOT=yes

1st question: I actually don't see 'br-ex' on my compute node when I run 'ovs-vsctl show' but I do see it on the 'control' node. Why is that? Is it normal?

I then tried to set up external bridged networking by following http://community.redhat.com/blog/2015/01/rdo-quickstart-doing-the-neutron-dance/

Then I ran these commands on my Neutron host:

root@openstack-control ~(keystone_admin)]# neutron net-create public --router:external=True
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | b1e9055c-3ded-4b45-a8ac-445de57d10c6 |
| mtu                       | 0                                    |
| name                      | public                               |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 57                                   |
| router:external           | True                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | 0290aec78d0045c981a740ee540e6be6     |
+---------------------------+--------------------------------------+


root@openstack-control ~(keystone_admin)]# neutron subnet-create --name public_subnet --enable_dhcp=False --allocation_pool start=192.168.122.100,end=192.168.122.130 --gateway=192.168.122.1 public 192.168.122.0/24
Created a new subnet:
+-------------------+--------------------------------------------------------+
| Field             | Value                                                  |
+-------------------+--------------------------------------------------------+
| allocation_pools  | {"start": "192.168.122.100", "end": "192.168.122.130"} |
| cidr              | 192.168.122.0/24                                       |
| dns_nameservers   |                                                        |
| enable_dhcp       | False                                                  |
| gateway_ip        | 192.168.122.1                                          |
| host_routes       |                                                        |
| id                | f1aee2ee-02c9-46c0-9fa9-5b1d53c36d55                   |
| ip_version        | 4                                                      |
| ipv6_address_mode |                                                        |
| ipv6_ra_mode      |                                                        |
| name              | public_subnet                                          |
| network_id        | b1e9055c-3ded-4b45-a8ac-445de57d10c6                   |
| subnetpool_id     |                                                        |
| tenant_id         | 0290aec78d0045c981a740ee540e6be6                       |
+-------------------+--------------------------------------------------------+


root@openstack-control ~(keystone_admin)]# neutron router-create router1
Created a new router:
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| admin_state_up        | True                                 |
| distributed           | False                                |
| external_gateway_info |                                      |
| ha                    | False                                |
| id                    | 4dadca55-88ae-4501-8530-6b5080832460 |
| name                  | router1                              |
| routes                |                                      |
| status                | ACTIVE                               |
| tenant_id             | 0290aec78d0045c981a740ee540e6be6     |
+-----------------------+--------------------------------------+


root@openstack-control ~(keystone_admin)]# neutron router-gateway-set router1 public
Set gateway for router router1

I created a security group called 'wide_open' that should allow any traffic:

root@openstack-control ~(keystone_admin)]# nova secgroup-list-rules wide_open
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp         | 1         | 65535   | 0.0.0.0/0 |              |
| tcp         | 1         | 65535   | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

I then created an instance using Fedora 23's cloud image, Fedora-Cloud-Base-23-20151030.x86_64.qcow2, and gave the instance a name of 'test', and associated it with the 'wide_open' security group:

[root@openstack-control ~(keystone_admin)]# nova show test
+--------------------------------------+----------------------------------------------------------+
| Property                             | Value                                                    |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig                    | AUTO                                                     |
| OS-EXT-AZ:availability_zone          | nova                                                     |
| OS-EXT-SRV-ATTR:host                 | openstack-compute                                        |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | openstack-compute                                        |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000004                                        |
| OS-EXT-STS:power_state               | 1                                                        |
| OS-EXT-STS:task_state                | -                                                        |
| OS-EXT-STS:vm_state                  | active                                                   |
| OS-SRV-USG:launched_at               | 2016-01-13T00:26:53.000000                               |
| OS-SRV-USG:terminated_at             | -                                                        |
| accessIPv4                           |                                                          |
| accessIPv6                           |                                                          |
| config_drive                         |                                                          |
| created                              | 2016-01-13T00:26:32Z                                     |
| flavor                               | m1.medium (3)                                            |
| hostId                               | d592d6863597edc220dfa6d8b3c096483ef3d8459253d68c9de3825b |
| id                                   | 13a89b83-ff81-4050-a44c-8937110e968e                     |
| image                                | Fedora 23 (00294b30-7285-4526-9dd9-a0656fadf732)         |
| key_name                             | root_key                                                 |
| metadata                             | {}                                                       |
| name                                 | test                                                     |
| os-extended-volumes:volumes_attached | []                                                       |
| progress                             | 0                                                        |
| public network                       | 192.168.122.103                                          |
| security_groups                      | wide_open                                                |
| status                               | ACTIVE                                                   |
| tenant_id                            | 0290aec78d0045c981a740ee540e6be6                         |
| updated                              | 2016-01-13T00:26:53Z                                     |
| user_id                              | 5a4f6e7398944653acd5cebdfa305910                         |
+--------------------------------------+----------------------------------------------------------+

However, I can not ping the instance's IP address from my compute node or from my management node. I also can't ping it from the KVM host.

If I go to Horizon and go to Network -> Networks -> public, it shows port 20c7b9be-895a, with IP 192.168.122.100, attached device 'network:router_gateway', Status = Down, Admin State = Up

Let's get some more information about that port in the Neutron CLI:

(neutron) port-list
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                              |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
| 20c7b9be-895a-44e5-b5bb-17d08d54b497 |      | fa:16:3e:c6:f8:e2 | {"subnet_id": "f1aee2ee-02c9-46c0-9fa9-5b1d53c36d55", "ip_address": "192.168.122.100"} |
| 74ff1e0e-468f-4520-b9a7-44e48e4cff56 |      | fa:16:3e:d1:a6:0f | {"subnet_id": "f1aee2ee-02c9-46c0-9fa9-5b1d53c36d55", "ip_address": "192.168.122.103"} |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+


(neutron) port-show 20c7b9be-895a-44e5-b5bb-17d08d54b497
+-----------------------+-----------------------------------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                                                 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                                                  |
| allowed_address_pairs |                                                                                                                       |
| binding:host_id       | openstack-control                                                                                                     |
| binding:profile       | {}                                                                                                                    |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                                                        |
| binding:vif_type      | ovs                                                                                                                   |
| binding:vnic_type     | normal                                                                                                                |
| device_id             | 4dadca55-88ae-4501-8530-6b5080832460                                                                                  |
| device_owner          | network:router_gateway                                                                                                |
| dns_assignment        | {"hostname": "host-192-168-122-100", "ip_address": "192.168.122.100", "fqdn": "host-192-168-122-100.openstacklocal."} |
| dns_name              |                                                                                                                       |
| extra_dhcp_opts       |                                                                                                                       |
| fixed_ips             | {"subnet_id": "f1aee2ee-02c9-46c0-9fa9-5b1d53c36d55", "ip_address": "192.168.122.100"}                                |
| id                    | 20c7b9be-895a-44e5-b5bb-17d08d54b497                                                                                  |
| mac_address           | fa:16:3e:c6:f8:e2                                                                                                     |
| name                  |                                                                                                                       |
| network_id            | b1e9055c-3ded-4b45-a8ac-445de57d10c6                                                                                  |
| security_groups       |                                                                                                                       |
| status                | DOWN                                                                                                                  |
| tenant_id             |                                                                                                                       |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------+

Why does it show as "DOWN" ? Did I configure my networking incorrectly? Thanks, and sorry for the long post, I just wanted to include as much detail as possible!