1:45 a.m.
In previous successful attempt reproduce your schema on real F20 boxes I was able to start
neutron-server with
[root@dfw02 neutron(keystone_admin)]$ cat plugin.ini | grep -v ^# | grep -v ^$
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 192.168.1.127
[agent]
[securitygroup]
[DATABASE]
sql_connection = mysql://root:password@dfw02.localdomain/ovs_neutron
[SECURITYGROUP]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
and finally
[root@dfw02 ~]# ovs-vsctl show
7d78d536-3612-416e-bce6-24605088212f
Bridge br-int
Port br-int
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Bridge br-ex
Port "p37p1"
Interface "p37p1"
Port br-ex
Interface br-ex
type: internal
Bridge br-tun
Port br-tun
Interface br-tun
type: internal
Port "gre-2"
Interface "gre-2"
type: gre
options: {in_key=flow, local_ip="192.168.1.127", out_key=flow,
remote_ip="192.168.1.137"}
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
ovs_version: "2.0.0"
Compute node instances were able to obtain floating and internal ip addresses
I am running this TwoNode Cluster in mean time with all `yum updates` after
01/23/2014
In new attempt on fresh F20 instance Neutron-server may be started only with
[DATABASE]
sql_connection = mysql://root:password@localhost/ovs_neutron
Block like :-
Port "gre-2"
Interface "gre-2"
type: gre
options: {in_key=flow, local_ip="192.168.1.147", out_key=flow,
remote_ip="192.168.1.157"}
doesn't appear in `ovs-vsctl show` output . Nothing works on Compute all Configs are
the the same as in first attempt.
The error from mysql, which I get "Access denied fror
'root"@'new_hostname'
new_hostname as before is in /etc/hosts
192.168.1.147 new_hostname.localdomain new_hostname
and in /etc/hostname
new_hostname.localdomain
For me it looks like bug for neutron-server to be bind to 127.0.0.1 ,actually, connected
with MariaDB database.
I did 2 attempts to reproduce it from scratch building Controller and every time
Neutron-server start up limitation came up.
Kashyap, my question to you :-
Am I correct in my conclusions regarding Neutron-Server mysql credentials affecting
network abilities of Neutron or libvirtd daemon is a real carrier for metadata and schema
would work only on non-default libvirt's network for virtual machines ?
Then working real cluster is a kind of miracle. It's under testing on daily basis.
Thanks.
Boris.
PS. All snapshots done on first Cluster (successfully working in meantime with all updates
accepted from yum) may be viewed here :-
http://bderzhavets.blogspot.com/2014/01/setting-up-two-physical-node-open...
Date: Thu, 30 Jan 2014 10:45:29 +0530
From: kchamart(a)redhat.com
To: rdo-list(a)redhat.com
Subject: [Rdo-list] Neutron configuration files for a two node Neutron+GRE+OVS
Heya,
Just in case if it's useful for someone, here are my working Neutron
configuration files (and iptables rules) for a two node set-up based on
IceHouse-M2 on Fedora-20,
- Controller node: Nova, Keystone (token-based auth), Cinder,
Glance, Neutron (using Open vSwitch plugin and GRE tunneling).
- Compute node: Nova (nova-compute), Neutron (openvswitch-agent)
Controller node Neutron configurations
======================================
1. neutron.conf
---------------
$ cat /etc/neutron/neutron.conf | grep -v ^$ | grep -v ^#
[DEFAULT]
core_plugin
=neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
rpc_backend = neutron.openstack.common.rpc.impl_qpid
control_exchange = neutron
qpid_hostname = 192.169.142.49
auth_strategy = keystone
allow_overlapping_ips = True
dhcp_lease_duration = 120
allow_bulk = True
qpid_port = 5672
qpid_heartbeat = 60
qpid_protocol = tcp
qpid_tcp_nodelay = True
qpid_reconnect_limit=0
qpid_reconnect_interval_max=0
qpid_reconnect_timeout=0
qpid_reconnect=True
qpid_reconnect_interval_min=0
qpid_reconnect_interval=0
debug = False
verbose = False
[quotas]
[agent]
[keystone_authtoken]
admin_tenant_name = services
admin_user = neutron
admin_password = fedora
auth_host = 192.169.142.49
auth_port = 35357
auth_protocol = http
auth_uri=http://192.169.142.49:5000/
[database]
[service_providers]
[AGENT]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
2. (OVS) plugin.ini
-------------------
$ cat /etc/neutron/plugin.ini | grep -v ^$ | grep -v ^#
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 192.169.142.49
[agent]
[securitygroup]
[DATABASE]
sql_connection = mysql://neutron:fedora@node1-controller/ovs_neutron
sql_max_retries=10
reconnect_interval=2
sql_idle_timeout=3600
[SECURITYGROUP]
firewall_driver =
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
3. dhcp_agent.ini
-----------------
$ cat /etc/neutron/dhcp_agent.ini | grep -v ^$ | grep -v ^#
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = TRUE
external_network_bridge = br-ex
use_namespaces = True
dnsmasq_config_file = /etc/neutron/dnsmasq.conf
4. l3_agent.ini
---------------
$ cat /etc/neutron/dhcp_agent.ini | grep -v ^$ | grep -v ^#
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = TRUE
external_network_bridge = br-ex
use_namespaces = True
dnsmasq_config_file = /etc/neutron/dnsmasq.conf
5. dnsmasq.conf
---------------
This logs dnsmasq output is to a file, instead of journalctl):
$ cat /etc/neutron/dnsmasq.conf | grep -v ^$ | grep -v ^#
log-facility = /var/log/neutron/dnsmasq.log
log-dhcp
6. api-paste.ini
----------------
$ cat /etc/neutron/api-paste.ini | grep -v ^$ | grep -v ^#
[composite:neutron]
use = egg:Paste#urlmap
/: neutronversions
/v2.0: neutronapi_v2_0
[composite:neutronapi_v2_0]
use = call:neutron.auth:pipeline_factory
noauth = extensions neutronapiapp_v2_0
keystone = authtoken keystonecontext extensions neutronapiapp_v2_0
[filter:keystonecontext]
paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
[filter:authtoken]
paste.filter_factory =
keystoneclient.middleware.auth_token:filter_factory
admin_user=neutron
auth_port=35357
admin_password=fedora
auth_protocol=http
auth_uri=http://192.169.142.49:5000/
admin_tenant_name=services
auth_host = 192.169.142.49
[filter:extensions]
paste.filter_factory =
neutron.api.extensions:plugin_aware_extension_middleware_factory
[app:neutronversions]
paste.app_factory = neutron.api.versions:Versions.factory
[app:neutronapiapp_v2_0]
paste.app_factory = neutron.api.v2.router:APIRouter.factory
7. metadata_agent.ini
---------------------
$ cat /etc/neutron/metadata_agent.ini | grep -v ^$ | grep -v ^#
[DEFAULT]
auth_url = http://192.169.142.49:35357/v2.0/
auth_region = regionOne
admin_tenant_name = services
admin_user = neutron
admin_password = fedora
nova_metadata_ip = 192.168.142.49
nova_metadata_port = 8775
metadata_proxy_shared_secret = fedora
Compute node Neutron configurations
===================================
1. neutron.conf
---------------
$ cat /etc/neutron/neutron.conf | grep -v ^$ | grep -v ^#
[DEFAULT]
core_plugin
=neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
rpc_backend = neutron.openstack.common.rpc.impl_qpid
qpid_hostname = 192.169.142.49
auth_strategy = keystone
allow_overlapping_ips = True
qpid_port = 5672
debug = True
verbose = True
[quotas]
[agent]
[keystone_authtoken]
admin_tenant_name = services
admin_user = neutron
admin_password = fedora
auth_host = 192.169.142.49
[database]
[service_providers]
[AGENT]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
2. (OVS) plugin.ini
-------------------
$ cat plugin.ini | grep -v ^$ | grep -v ^#
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 192.169.142.57
[DATABASE]
sql_connection = mysql://neutron:fedora@node1-controller/ovs_neutron
[SECURITYGROUP]
firewall_driver =
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[agent]
[securitygroup]
3. metadata_agent.ini
---------------------
$ cat metadata_agent.ini | grep -v ^$ | grep -v ^#
[DEFAULT]
auth_url = http://localhost:5000/v2.0
auth_region = RegionOne
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
iptables rules on both Controller and Compute nodes
===================================================
iptables on Controller node
---------------------------
$ cat /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3260 -m comment --comment "001
cinder incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001
horizon incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9292 -m comment --comment "001
glance incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 5000,35357 -m comment
--comment "001 keystone incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306 -m comment --comment "001
mariadb incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 6080 -m comment --comment "001
novncproxy incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8770:8780 -m comment --comment
"001 novaapi incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001
neutron incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 5672 -m comment --comment "001
qpid incoming" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8700 -m comment --comment "001
metadata incoming" -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5999 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p gre -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
iptables on Compute node
------------------------
$ cat /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5999 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p gre -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[1] Also here --
http://kashyapc.fedorapeople.org/virt/openstack/neutron-configs-GRE-OVS-t...
--
/kashyap
_______________________________________________
Rdo-list mailing list
Rdo-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/rdo-list