Ask Your Question

David Schmelter's profile - activity

2019-05-16 10:52:08 -0500 received badge  Popular Question (source)
2019-05-14 10:13:20 -0500 asked a question DHCP in kolla-ansible / VMWare / DVS setting

Update 2019-05-15:

Some progress I believe. However, I still don't see dhcp requests from my test vm arriving at the OpenStack network nodes. What I do not quite understand: When I create a flat network in OpenStack a new VMWare port group on the VMWare distributed switch is created and the vm attaches to it. However:

  • First, the vm does not attached to any other OpenStack control network / VMWare port group (at least I don't see an appropriate nic)
  • Second, apparently none of the OpenStack network nodes attaches to the created flat network / VMWare port group.

Hence, I don't understand how vm dhcp requests are supposed to reach the network nodes in the first place. Do I have to create an appropriate nic on the vm or on the network nodes by myself?

Current status: I did notice that on my network nodes some deployment issues regarding the network interfaces must have happended since the ovs db was empty. A reboot of the network notes and re-deployment of OpenStack did seem to help.

Current ovs db:

root@network01:~# ovs-vsctl show
7465c5b6-6e70-43c7-843d-522214340362
    Bridge br-dvs
        Port br-dvs
            Interface br-dvs
                type: internal
        Port "tapde20750b-c2"
            tag: 4095
            Interface "tapde20750b-c2"
                type: internal
        Port "ens192"
            Interface "ens192"

Then, I saw that the neutron-dhcp-agent tried to apply some iptables rules. Initially that failed but I could fix it by loading the ip6-tables kernel module manually on the network nodes. However, when listing all iptables rules I cannot find any neutron-specific rules - Maybe this is an issue right now?

iptables:

root@network01:~# sudo iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (1 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

No dhcp request at network nodes:

root@network01:~# cat /var/log/syslog | grep DHCP
root@network01:~#

Dear community,

currently, we are in the process of deploying OpenStack Stein for evaluation purposes. Our target platform (hypervisor) is a VMWare environment in version 6.0.0 (only targeting provider networks without NSX for now). OpenStack nodes are deployed as VMWare VMs in one cluster (os: Ubuntu), tenant VMs should be spawned in a second cluster. We deploy OpenStack via kolla-ansible (8.0.0.0rc1) and followed a default multinode inventory with three control and two network nodes.

Our main problem is that VMs (cirros) can be spawned in a provider network created via OpenStack (dhcp enabled), however, they don't get an ip configuration via dhcp. Now, we are unsure how to ... (more)

2019-05-14 10:13:20 -0500 asked a question DHCP troubleshooting in kolla-ansible / VMWare / DVS setting

Dear community,

currently, we are in the process of deploying OpenStack Stein for evaluation purposes. Our target platform (hypervisor) is a VMWare environment in version 6.0.0 (only targeting provider networks without NSX for now). OpenStack nodes are deployed as VMWare VMs in one cluster (os: Ubuntu), tenant VMs should be spawned in a second cluster. We deploy OpenStack via kolla-ansible (8.0.0.0rc1) and followed a default multinode inventory with three control and two network nodes.

Our main problem is that VMs (cirros) can be spawned in a provider network created via OpenStack (dhcp enabled), however, they don't get an ip configuration via dhcp. Now, we are unsure how to debug our dhcp issues and would welcome any tips.

Many thanks for any help and best regards

David


Some more background on our current setup and performed tasks:

According to the kolla-ansible installation guide, each OpenStack node has two NICs for the 'network_interface' and 'neutron_external_interface' that attach to corresponding port groups on a VMWare distributed virtual switch 'OS-DVS'. All ESX hosts are attached to this DVS via physical NICs. The 'neutron_external_interface' port group has 'forged transmits' enabled.

We followed the following instructions on Neutron Networking with VMWare VSphere: https://docs.openstack.org/nova/stein/admin/configuration/hypervisor-vmware.html#networking-with-vmware-vsphere (https://docs.openstack.org/nova/stein...)

If you are using the OpenStack Networking Service: Before provisioning VMs, create a port group with the same name as the vmware.integration_bridge value in nova.conf (default is br-int). All VM NICs are attached to this port group for management by the OpenStack Networking plug-in.

But with the naming kolla-ansible demands, i.e., we created a port group named 'br-dvs' on the VMWare DVS which has forged transmits enabled: https://docs.openstack.org/kolla-ansible/queens/reference/vmware-guide.html#vmware-nsx-dvs (https://docs.openstack.org/kolla-ansi...)

For VMware DVS, the Neutron DHCP agent does not attaches to Open vSwitch inside VMware environment, but attach to the Open vSwitch bridge called br-dvs on the OpenStack side and replies to/receives DHCP packets through VLAN. Similar to what the DHCP agent does, Neutron metadata agent attaches to br-dvs bridge and works through VLAN.

The following snippet shows the network configuration of one of the network nodes. ens160 is the 'network_interface', ens192 is the 'neutron_external_interface', and ens224 corresponds to the VMWare port group 'br-dvs'.

openstack@network01:~$ sudo ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:b4:87:05 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.21/24 brd 10.10.10.255 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:feb4 ...
(more)