<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>In previous successful attempt reproduce your schema on real F20 boxes I was able to start neutron-server with<br><br>[root@dfw02 neutron(keystone_admin)]$ cat plugin.ini | grep -v ^# | grep -v ^$<br>[ovs]<br>tenant_network_type = gre<br>tunnel_id_ranges = 1:1000<br>enable_tunneling = True<br>integration_bridge = br-int<br>tunnel_bridge = br-tun<br>local_ip = 192.168.1.127<br>[agent]<br>[securitygroup]<br>[DATABASE]<br>sql_connection = mysql://root:password@dfw02.localdomain/ovs_neutron<br>[SECURITYGROUP]<br>firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver<br><br>and finally<br><br>[root@dfw02 ~]# ovs-vsctl show<br>7d78d536-3612-416e-bce6-24605088212f<br> Bridge br-int<br> Port br-int<br> Interface br-int<br> type: internal<br> Port patch-tun<br> Interface patch-tun<br> type: patch<br> options: {peer=patch-int}<br> Bridge br-ex<br> Port "p37p1"<br> Interface "p37p1"<br> Port br-ex<br> Interface br-ex<br> type: internal<br> Bridge br-tun<br> Port br-tun<br> Interface br-tun<br> type: internal<br> Port "gre-2"<br> Interface "gre-2"<br> type: gre<br> options: {in_key=flow, local_ip="192.168.1.127", out_key=flow, remote_ip="192.168.1.137"}<br> Port patch-int<br> Interface patch-int<br> type: patch<br> options: {peer=patch-tun}<br> ovs_version: "2.0.0"<br><br>Compute node instances were able to obtain floating and internal ip addresses<br>I am running this TwoNode Cluster in mean time with all `yum updates` after<br>01/23/2014<br><br>In new attempt on fresh F20 instance Neutron-server may be started only with<br><br>[DATABASE]<br>sql_connection = mysql://root:password@localhost/ovs_neutron<br><br>Block like :-<br><br>Port "gre-2"<br> Interface "gre-2"<br> type: gre<br> options: {in_key=flow, local_ip="192.168.1.147", out_key=flow, remote_ip="192.168.1.157"}<br><br>doesn't appear in `ovs-vsctl show` output . Nothing works on Compute all Configs are the the same as in first attempt.<br><br>The error from mysql, which I get "Access denied fror 'root"@'new_hostname' <br>new_hostname as before is in /etc/hosts<br><br>192.168.1.147 new_hostname.localdomain new_hostname<br><br>and in /etc/hostname<br>new_hostname.localdomain<br><br>For me it looks like bug for neutron-server to be bind to 127.0.0.1 ,actually, connected with MariaDB database.<br><br>I did 2 attempts to reproduce it from scratch building Controller and every time Neutron-server start up limitation came up.<br><br>Kashyap, my question to you :-<br><br>Am I correct in my conclusions regarding Neutron-Server mysql credentials affecting<br>network abilities of Neutron or libvirtd daemon is a real carrier for metadata and schema would work only on non-default libvirt's network for virtual machines ?<br><br>Then working real cluster is a kind of miracle. It's under testing on daily basis.<br><br>Thanks.<br>Boris.<br><br>PS. All snapshots done on first Cluster (successfully working in meantime with all updates accepted from yum) may be viewed here :-<br><br><a href="http://bderzhavets.blogspot.com/2014/01/setting-up-two-physical-node-openstack.html" target="_blank">http://bderzhavets.blogspot.com/2014/01/setting-up-two-physical-node-openstack.html</a> <br><br><div>> Date: Thu, 30 Jan 2014 10:45:29 +0530<br>> From: kchamart@redhat.com<br>> To: rdo-list@redhat.com<br>> Subject: [Rdo-list] Neutron configuration files for a two node Neutron+GRE+OVS<br>> <br>> Heya,<br>> <br>> Just in case if it's useful for someone, here are my working Neutron<br>> configuration files (and iptables rules) for a two node set-up based on<br>> IceHouse-M2 on Fedora-20,<br>> <br>> - Controller node: Nova, Keystone (token-based auth), Cinder,<br>> Glance, Neutron (using Open vSwitch plugin and GRE tunneling).<br>> <br>> - Compute node: Nova (nova-compute), Neutron (openvswitch-agent)<br>> <br>> <br>> Controller node Neutron configurations<br>> ======================================<br>> <br>> 1. neutron.conf<br>> ---------------<br>> <br>> $ cat /etc/neutron/neutron.conf | grep -v ^$ | grep -v ^#<br>> [DEFAULT]<br>> core_plugin<br>> =neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2<br>> rpc_backend = neutron.openstack.common.rpc.impl_qpid<br>> control_exchange = neutron<br>> qpid_hostname = 192.169.142.49<br>> auth_strategy = keystone<br>> allow_overlapping_ips = True<br>> dhcp_lease_duration = 120<br>> allow_bulk = True<br>> qpid_port = 5672<br>> qpid_heartbeat = 60<br>> qpid_protocol = tcp<br>> qpid_tcp_nodelay = True<br>> qpid_reconnect_limit=0<br>> qpid_reconnect_interval_max=0<br>> qpid_reconnect_timeout=0<br>> qpid_reconnect=True<br>> qpid_reconnect_interval_min=0<br>> qpid_reconnect_interval=0<br>> debug = False<br>> verbose = False<br>> [quotas]<br>> [agent]<br>> [keystone_authtoken]<br>> admin_tenant_name = services<br>> admin_user = neutron<br>> admin_password = fedora<br>> auth_host = 192.169.142.49<br>> auth_port = 35357<br>> auth_protocol = http<br>> auth_uri=http://192.169.142.49:5000/<br>> [database]<br>> [service_providers]<br>> [AGENT]<br>> root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf<br>> <br>> 2. (OVS) plugin.ini<br>> -------------------<br>> <br>> $ cat /etc/neutron/plugin.ini | grep -v ^$ | grep -v ^#<br>> [ovs]<br>> tenant_network_type = gre<br>> tunnel_id_ranges = 1:1000<br>> enable_tunneling = True<br>> integration_bridge = br-int<br>> tunnel_bridge = br-tun<br>> local_ip = 192.169.142.49<br>> [agent]<br>> [securitygroup]<br>> [DATABASE]<br>> sql_connection = mysql://neutron:fedora@node1-controller/ovs_neutron<br>> sql_max_retries=10<br>> reconnect_interval=2<br>> sql_idle_timeout=3600<br>> [SECURITYGROUP]<br>> firewall_driver =<br>> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver<br>> <br>> 3. dhcp_agent.ini<br>> -----------------<br>> <br>> $ cat /etc/neutron/dhcp_agent.ini | grep -v ^$ | grep -v ^#<br>> [DEFAULT]<br>> interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver<br>> handle_internal_only_routers = TRUE<br>> external_network_bridge = br-ex<br>> use_namespaces = True<br>> dnsmasq_config_file = /etc/neutron/dnsmasq.conf<br>> <br>> 4. l3_agent.ini<br>> ---------------<br>> <br>> $ cat /etc/neutron/dhcp_agent.ini | grep -v ^$ | grep -v ^#<br>> [DEFAULT]<br>> interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver<br>> handle_internal_only_routers = TRUE<br>> external_network_bridge = br-ex<br>> use_namespaces = True<br>> dnsmasq_config_file = /etc/neutron/dnsmasq.conf<br>> <br>> 5. dnsmasq.conf<br>> ---------------<br>> <br>> This logs dnsmasq output is to a file, instead of journalctl):<br>> <br>> $ cat /etc/neutron/dnsmasq.conf | grep -v ^$ | grep -v ^#<br>> log-facility = /var/log/neutron/dnsmasq.log<br>> log-dhcp<br>> <br>> 6. api-paste.ini<br>> ----------------<br>> <br>> $ cat /etc/neutron/api-paste.ini | grep -v ^$ | grep -v ^#<br>> [composite:neutron]<br>> use = egg:Paste#urlmap<br>> /: neutronversions<br>> /v2.0: neutronapi_v2_0<br>> [composite:neutronapi_v2_0]<br>> use = call:neutron.auth:pipeline_factory<br>> noauth = extensions neutronapiapp_v2_0<br>> keystone = authtoken keystonecontext extensions neutronapiapp_v2_0<br>> [filter:keystonecontext]<br>> paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory<br>> [filter:authtoken]<br>> paste.filter_factory =<br>> keystoneclient.middleware.auth_token:filter_factory<br>> admin_user=neutron<br>> auth_port=35357<br>> admin_password=fedora<br>> auth_protocol=http<br>> auth_uri=http://192.169.142.49:5000/<br>> admin_tenant_name=services<br>> auth_host = 192.169.142.49<br>> [filter:extensions]<br>> paste.filter_factory =<br>> neutron.api.extensions:plugin_aware_extension_middleware_factory<br>> [app:neutronversions]<br>> paste.app_factory = neutron.api.versions:Versions.factory<br>> [app:neutronapiapp_v2_0]<br>> paste.app_factory = neutron.api.v2.router:APIRouter.factory<br>> <br>> 7. metadata_agent.ini<br>> ---------------------<br>> <br>> $ cat /etc/neutron/metadata_agent.ini | grep -v ^$ | grep -v ^#<br>> [DEFAULT]<br>> auth_url = http://192.169.142.49:35357/v2.0/<br>> auth_region = regionOne<br>> admin_tenant_name = services<br>> admin_user = neutron<br>> admin_password = fedora<br>> nova_metadata_ip = 192.168.142.49<br>> nova_metadata_port = 8775<br>> metadata_proxy_shared_secret = fedora<br>> <br>> <br>> Compute node Neutron configurations<br>> ===================================<br>> <br>> 1. neutron.conf<br>> ---------------<br>> <br>> $ cat /etc/neutron/neutron.conf | grep -v ^$ | grep -v ^#<br>> [DEFAULT]<br>> core_plugin<br>> =neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2<br>> rpc_backend = neutron.openstack.common.rpc.impl_qpid<br>> qpid_hostname = 192.169.142.49<br>> auth_strategy = keystone<br>> allow_overlapping_ips = True<br>> qpid_port = 5672<br>> debug = True<br>> verbose = True<br>> [quotas]<br>> [agent]<br>> [keystone_authtoken]<br>> admin_tenant_name = services<br>> admin_user = neutron<br>> admin_password = fedora<br>> auth_host = 192.169.142.49<br>> [database]<br>> [service_providers]<br>> [AGENT]<br>> root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf<br>> <br>> 2. (OVS) plugin.ini<br>> -------------------<br>> <br>> $ cat plugin.ini | grep -v ^$ | grep -v ^#<br>> [ovs]<br>> tenant_network_type = gre<br>> tunnel_id_ranges = 1:1000<br>> enable_tunneling = True<br>> integration_bridge = br-int<br>> tunnel_bridge = br-tun<br>> local_ip = 192.169.142.57<br>> [DATABASE]<br>> sql_connection = mysql://neutron:fedora@node1-controller/ovs_neutron<br>> [SECURITYGROUP]<br>> firewall_driver =<br>> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver<br>> [agent]<br>> [securitygroup]<br>> <br>> 3. metadata_agent.ini<br>> ---------------------<br>> <br>> $ cat metadata_agent.ini | grep -v ^$ | grep -v ^#<br>> [DEFAULT]<br>> auth_url = http://localhost:5000/v2.0<br>> auth_region = RegionOne<br>> admin_tenant_name = %SERVICE_TENANT_NAME%<br>> admin_user = %SERVICE_USER%<br>> admin_password = %SERVICE_PASSWORD%<br>> <br>> <br>> iptables rules on both Controller and Compute nodes<br>> ===================================================<br>> <br>> iptables on Controller node<br>> ---------------------------<br>> <br>> $ cat /etc/sysconfig/iptables<br>> *filter<br>> :INPUT ACCEPT [0:0]<br>> :FORWARD ACCEPT [0:0]<br>> :OUTPUT ACCEPT [0:0]<br>> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br>> -A INPUT -p icmp -j ACCEPT<br>> -A INPUT -i lo -j ACCEPT<br>> -A INPUT -p tcp -m multiport --dports 3260 -m comment --comment "001<br>> cinder incoming" -j ACCEPT<br>> -A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001<br>> horizon incoming" -j ACCEPT<br>> -A INPUT -p tcp -m multiport --dports 9292 -m comment --comment "001<br>> glance incoming" -j ACCEPT<br>> -A INPUT -p tcp -m multiport --dports 5000,35357 -m comment<br>> --comment "001 keystone incoming" -j ACCEPT<br>> -A INPUT -p tcp -m multiport --dports 3306 -m comment --comment "001<br>> mariadb incoming" -j ACCEPT<br>> -A INPUT -p tcp -m multiport --dports 6080 -m comment --comment "001<br>> novncproxy incoming" -j ACCEPT<br>> -A INPUT -p tcp -m multiport --dports 8770:8780 -m comment --comment<br>> "001 novaapi incoming" -j ACCEPT<br>> -A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001<br>> neutron incoming" -j ACCEPT<br>> -A INPUT -p tcp -m multiport --dports 5672 -m comment --comment "001<br>> qpid incoming" -j ACCEPT<br>> -A INPUT -p tcp -m multiport --dports 8700 -m comment --comment "001<br>> metadata incoming" -j ACCEPT<br>> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT<br>> -A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5999 -j ACCEPT<br>> -A INPUT -j REJECT --reject-with icmp-host-prohibited<br>> -A INPUT -p gre -j ACCEPT<br>> -A OUTPUT -p gre -j ACCEPT<br>> -A FORWARD -j REJECT --reject-with icmp-host-prohibited<br>> COMMIT<br>> <br>> iptables on Compute node<br>> ------------------------<br>> <br>> $ cat /etc/sysconfig/iptables<br>> *filter<br>> :INPUT ACCEPT [0:0]<br>> :FORWARD ACCEPT [0:0]<br>> :OUTPUT ACCEPT [0:0]<br>> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br>> -A INPUT -p icmp -j ACCEPT<br>> -A INPUT -i lo -j ACCEPT<br>> -A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5999 -j ACCEPT<br>> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT<br>> -A INPUT -p gre -j ACCEPT<br>> -A INPUT -j REJECT --reject-with icmp-host-prohibited<br>> -A OUTPUT -p gre -j ACCEPT<br>> -A FORWARD -j REJECT --reject-with icmp-host-prohibited<br>> COMMIT<br>> <br>> <br>> <br>> [1] Also here --<br>> http://kashyapc.fedorapeople.org/virt/openstack/neutron-configs-GRE-OVS-two-node.txt<br>> <br>> <br>> -- <br>> /kashyap<br>> <br>> _______________________________________________<br>> Rdo-list mailing list<br>> Rdo-list@redhat.com<br>> https://www.redhat.com/mailman/listinfo/rdo-list<br><br></div> </div></body>
</html>