________________________________________
From: Dan Sneddon <dsneddon(a)redhat.com
Sent:
Monday, November 16, 2015 11:39 AM
To: Boris Derzhavets; rdo-list(a)redhat.com
Subject: Re: [Rdo-list] Attempt to reproduce
https://github.com/beekhof/osp-ha-deploy/blob/master/HA-keepalived.md
Answers inline...
Thank you so much for your support. In meantime I can manage
HAProxy/Keepalived 3 VMs Controller
and one Compute VM ( nested kvm enabled ) via Nova && Neutron CLI with no problems
(RDO Liberty).
Dashboard is extremely slow ( i7 4790 CPU, 32 GB RAM). I still believe that problem is
4 Core desktop CPUs limitations. As soon as 3 Controllers get in sync and start working (
4 VCPUs each
one ,4 GB RAM ) graphics slows down immediately. Testing RDO Manager on desktops is
hardly
possible.
On 11/14/2015 12:35 AM, Boris Derzhavets wrote:
>
________________________________________
> From: Dan Sneddon <dsneddon(a)redhat.com
>
Sent: Friday, November 13, 2015 4:10 PM
> To: Boris Derzhavets; rdo-list(a)redhat.com
> Subject: Re: [Rdo-list] Attempt to reproduce
https://github.com/beekhof/osp-ha-deploy/blob/master/HA-keepalived.md
> On 11/13/2015 12:56 PM, Dan Sneddon wrote:
>> Hi Boris,
>
>> Let's keep this on-list, there may be others who
are having similar
>> issues who could find this discussion useful.
>
>> Answers inline...
>
>> On 11/13/2015 12:17 PM, Boris Derzhavets wrote:
>>
>>
>>> ________________________________________
>>> From: Dan Sneddon <dsneddon(a)redhat.com
>>> Sent: Friday, November 13, 2015 2:46 PM
>>> To: Boris Derzhavets; Javier Pena
>>> Cc: rdo-list(a)redhat.com
>>> Subject: Re: [Rdo-list] Attempt to reproduce
https://github.com/beekhof/osp-ha-deploy/blob/master/HA-keepalived.md
>>
>>> On 11/13/2015 11:38 AM,
Boris Derzhavets wrote:
>>>> I understand that in usual situation , creating ifcfg-br-ex and
ifcfg-eth2 ( as OVS bridge and OVS port) ,
>>>> `service network restart` should be run to make eth2 (no IP) OVS port of
br-ex (any IP which belongs ext net and is available)
>>>> What bad does NetworkManager when external network provider is used ?
>>>> Disabling it, I break routing via eth0's interfaces of cluster nodes
to 10.10.10.0/24 ( ext net),
>>>> so nothing is supposed to work :-
>>>>
http://blog.oddbit.com/2014/05/28/multiple-external-networks-wit/
>>>>
http://dbaxps.blogspot.com/2015/10/multiple-external-networks-with-single...
>>>> Either I am missing something here.
>>>> ________________________________________
>>>> From: rdo-list-bounces(a)redhat.com <rdo-list-bounces(a)redhat.com> on
behalf of Boris Derzhavets <bderzhavets(a)hotmail.com
>>>> Sent: Friday, November 13, 2015 1:09 PM
>>>> To: Javier Pena
>>>> Cc: rdo-list(a)redhat.com
>>>> Subject: [Rdo-list] Attempt to reproduce
https://github.com/beekhof/osp-ha-deploy/blob/master/HA-keepalived.md
>>>
>>>> Working on this
task I was able to build 3 node HAProxy/Keepalived Controller's cluster , create
compute node , launch CirrOS VM,
>>>> However, I cannot ping floating IP of VM running on compute ( total 4
CentOS 7.1 VMs, nested kvm enabled )
>>>> Looks like provider external networks doesn't work for me.
>>>
>>>> But , to have eth0
without IP (due to `ovs-vsctl add-port br-eth0 eth0 ) still allowing to ping 10.10.10.1,
>>>> I need NetworkManager active, rather then network.service
>>>
>>>> [root@hacontroller1
network-scripts]# systemctl status NetworkManager
>>>> NetworkManager.service - Network Manager
>>>> Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service;
enabled)
>>>> Active: active (running) since Fri 2015-11-13 20:39:21 MSK; 12min ago
>>>> Main PID: 808 (NetworkManager)
>>>> CGroup: /system.slice/NetworkManager.service
>>>> ├─ 808 /usr/sbin/NetworkManager --no-daemon
>>>> └─2325 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper
-pf /var/run/dhclient-eth0...
>>>
>>>> Nov 13 20:39:22
hacontroller1.example.com NetworkManager[808]: <info> NetworkManager state is
n...L
>>>> Nov 13 20:39:22
hacontroller1.example.com dhclient[2325]: bound to
10.10.10.216 -- renewal in 1...s.
>>>> Nov 13 20:39:22
hacontroller1.example.com NetworkManager[808]:
<info> (eth0): Activation: succe....
>>>> Nov 13 20:39:25
hacontroller1.example.com NetworkManager[808]:
<info> startup complete
>>>
>>>> [root@hacontroller1
network-scripts]# systemctl status network.service
>>>> network.service - LSB: Bring up/down networking
>>>> Loaded: loaded (/etc/rc.d/init.d/network)
>>>> Active: inactive (dead)
>>>
>>>> [root@hacontroller1
network-scripts]# cat ifcfg-eth0
>>>> TYPE="Ethernet"
>>>> BOOTPROTO="static"
>>>> NAME="eth0"
>>>> DEVICE=eth0
>>>> ONBOOT="yes"
>>>
>>>> [root@hacontroller1
network-scripts]# ping -c 3 10.10.10.1
>>>> PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
>>>> 64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=0.087 ms
>>>> 64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.128 ms
>>>> 64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=0.117 ms
>>>
>>>> --- 10.10.10.1 ping
statistics ---
>>>> 3 packets transmitted, 3 received, 0% packet loss, time 1999ms
>>>> rtt min/avg/max/mdev = 0.087/0.110/0.128/0.021 ms
>>>
>>>> If I disable
NetworkManager and enable network this feature will be lost. Eth0 would have to have
static IP or dhcp lease,
>>>> to provide route to 10.10.10.0/24.
>>>
>>>> Thank you.
>>>> Boris.
>>>
>>>>
_______________________________________________
>>>> Rdo-list mailing list
>>>> Rdo-list(a)redhat.com
>>>>
https://www.redhat.com/mailman/listinfo/rdo-list
>>>
>>>> To unsubscribe:
rdo-list-unsubscribe(a)redhat.com
>>>
>>
>>> OK, a few things here. First of all, you don't
actually need to have an
>>> IP address on the host system to use a VLAN or interface as an external
>>> provider network. The Neutron router will have an IP on the right
>>> network, and within its namespace will be able to reach the 10.10.10.x
>>> network.
>>
>>>> It looks to me like
NetworkManager is running dhclient for eth0, even
>>>> though you have BOOTPROTO="static". This is causing an IP
address to be
>>>> added to eth0, so you are able to ping 10.10.10.x from the host. When
>>>> you turn off NetworkManager, this unexpected behavior goes away, *but
>>>> you should still be able to use provider networks*.
>>
>>> Here I am quoting
Lars Kellogg Stedman
>>>
http://blog.oddbit.com/2014/05/28/multiple-external-networks-wit/
>>> The bottom statement in blog post above states :-
>>> "This assumes that eth1 is connected to a network using 10.1.0.0/24
and eth2 is connected to a network using 10.2.0.0/24, and that each network has a gateway
sitting at the corresponding .1 address."
>
>> Right, what Lars means is that eth1 is physically
connected to a
>> network with the 10.1.0.0/24 subnet, and eth2 is physically connected
>> to a network with the 10.2.0.0/24 subnet.
>
>> You might notice that in Lars's instructions, he
never puts a host IP
>> on either interface.
>
>>>> Try creating a Neutron router with an IP on
10.10.10.x, and then you
>>>> should be able to ping that network from the router namespace.
>>
>>> " When I issue
`neutron router-creater --ha True --tenant-id xxxxxx RouterHA` , i cannot specify
router's
>>> IP "
>
>> Let me refer you to this page, which explains the
basics of creating
>> and managing Neutron networks:
>
>>
http://docs.openstack.org/user-guide/cli_create_and_manage_networks.html
>
>> You will have to create an external network, which you
will associate
>> with a physical network via a bridge mapping. The default bridge
>> mapping for br-ex is datacentre:br-ex.
>
>> Using the name of the physical network
"datacentre", we can create an
> 1. Javier is using external network provider ( and so
did I , following him)
> #. /root/keystonerc_admin
> # neutron net-create public --provider:network_type flat --provider:physical_network
physnet1 --router:external
> # neutron subnet-create --gateway 10.10.10.1 --allocation-pool
start=10.10.10.100,end=10.10.10.150 --disable-dhcp --name public_subnet public
10.10.10.0/24
That looks like it would be OK if physnet1 is a flat connection (native
VLAN on the interface). If you want to create a provider network on,
for example VLAN 104, you can use this command:
neutron net-create --provider:physical_network physnet1
--provider:network_type vlan --provider:segmentation_id 104
--router:external public
Your subnet-create statement looks correct.
> HA Neutron router and tenant's subnet have been created.
> Then interface to tenant's network was activated as well as gateway to public.
> Security rules were implemented as usual.
> Cloud VM was launched, it obtained private IP and committed cloud-init OK.
> Then I assigned FIP from public to cloud VM , it should be ping able from from F23
Visualization
> Host
> 2. All traffic to/from external network flows through
br-int when provider external networks has been involved. No br-ex is needed.
> When in Javier does `ovs-vsctl add-port br-eth0 eth0` , eth0 (which is inside VM
,running Controller node)
> should be on 10.10.10.X/24. It doesn't happen when service network is active (and
NM disabled) .
> In this case eth0 doesn't have any kind of IP assigned to provide route to
Libvirt's subnet 10.10.10.X/24 ( pre created by myself)
That's OK that eth0 doesn't have any kind of IP assigned or routes. The
IP gets assigned to the Neutron router, and the routing table exists
only inside of the router namespace. Once you have created the router,
you will see a "qrouter-XXXX" entry for the router when you run the
command:
sudo ip netns list
Copy the name of the namespace that starts with "qrouter" (you might
have more than one if you have more than one Neutron router), then try
pinging the external network from inside the namespace:
sudo ip netns exec qrouter-c333bd80-ccc3-43ba-99e4-8df471ed8b9e ping
10.10.10.1
In meantime I am under impression that ovs bridge br-eth0 and OVS
port eth0
would work when IP is assigned to port eth0, not to bridge. OVS release =>2.3.1 seems
to allow that.
Tested here (VM's case ) :-
http://dbaxps.blogspot.com/2015/10/multiple-external-networks-with-single...
If neither one of br-eth0 and eth0 would have IP then packets won't be forwarded to
external net
For Provider networks, you shouldn't have to assign an IP address to
eth0 or to the bridge. The IP address lives on the router inside of the
router namespace.
--
Dan Sneddon | Principal OpenStack Engineer
dsneddon(a)redhat.com |
redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter
>> external network:
>
>> [If the external network is on VLAN 104]
>> neutron net-create ext-net --router:external \
>> --provider:physical_network datacentre \
>> --provider:network_type vlan \
>> --provider:segmentation_id 104
>
>> [If the external net is on the native VLAN (flat)]
>> neutron net-create ext-net --router:external \
>> --provider:physical_network datacentre \
>> --provider:network_type flat
>
>> Next, you must create a subnet for the network,
including the range of
>> floating IPs (allocation pool):
>
>> neutron subnet-create --name ext-subnet \
>> --enable_dhcp=False \
>> --allocation-pool start=10.10.10.50,end=10.10.10.100 \
>> --gateway 10.10.10.1 \
>> ext-net 10.10.10.0/24
>
>> Next, you have to create a router:
>
>> neutron router-create ext-router
>
>> You then add an interface to the router. Since Neutron
will assign the
>> first address in the subnet to the router by default (10.10.10.1), you
>> will want to first create a port with a specific IP, then assign that
>> port to the router.
>
>> neutron port-create ext-net --fixed-ip
ip_address=10.10.10.254
>
>> You will need to note the UUID of the newly created
port. You can also
>> see this with "neutron port-list". Now, create the router interface
>> with the port you just created:
>
>> neutron router-interface-add ext-router
port=<UUID
>
>>>> If you want to be able to ping 10.10.10.x from the host, then you
>>>> should put either a static IP or DHCP on the bridge, not on eth0. This
>>>> should work whether you are running NetworkManager or network.service.
>>
>>> "I do can ping
10.0.0.x from F23 KVM Server (running cluster's VMs as Controller's nodes),
>>> it's just usual non-default libvirt subnet,matching exactly
external network creating in Javier's "Howto".
>>> It was created via `virsh net-define openstackvms.xml`, but I cannot
ping FIPs belong to
>>> cloud VM on this subnet."
>
>> I think you will have better luck once you create the
external network
>> and router. You can then use namespaces to ping the network from the
>> router:
>
>> First, obtain the qrouter-<UUID> from the list
of namespaces:
>
>> sudo ip netns list
>
>> Then, find the qrouter-<UUID> and ping from
there:
>
>> ip netns exec qrouter-XXXX-XXXX-XXX-XXX ping
10.10.10.1
>
> One more quick thing to note:
> In order to use floating IPs, you will also have to attach
the external
> router to the tenant networks where floating IPs will be used.
> When you go through the steps to create a tenant network,
also attach
> it to the router:
> 1) Create the network:
> neutron net-create tenant-net-1
> 2) Create the subnet:
> neutron subnet-create --name tenant-subnet-1 tenant-net-1
172.21.0.0/22
> 3) Attach the external router to the network:
> neutron router-interface-add tenant-router-1
subnet=tenant-subnet-1
> (since no specific port was given in the
router-interface-add command,
> Neutron will automatically choose the first address in the given
> subnet, so 172.21.0.1 in this example)
> --
> Dan Sneddon | Principal OpenStack Engineer
> dsneddon(a)redhat.com |
redhat.com/openstack
> 650.254.4025 | dsneddon:irc @dxs:twitter