All,I truly feel that we should somehow improve the documentation to explain how to do this in detail(Vlans and external networks). I suspect that many people who want to tryout Tripleo/RDO Packstack are really struggling with the networking. I know for myself this alone is the main reason I have not deployed this into production because our external network is very complex and I need to be certain I can integrate this without serious pain. It would be great if users could easily change these settings on the fly because for most admins, networking is never static. Just my 2 cents.BrandonOn Tue, Oct 18, 2016 at 10:59 AM, Boris Derzhavets <bderzhavets@hotmail.com> wrote:______________________________> It would seem that all I need to do is create a vlan27 port as shown below. The below was generated by the heat OOO heat templates.
Doesn't it mean one of original templates ( which were invoked by `openstack overcloud deploy .... ` )
should be updated to create vlan27 as separate network or you have some other way to add vlan27 ?
From: John Marks <jdmarks75080@gmail.com>
Sent: Tuesday, October 18, 2016 5:21 PM
To: Boris Derzhavets; rdo-list@redhat.com
Subject: Re: [rdo-list] Adding a vlan to the external network in tripleoI looked over you scenario in your blog and it is close. I have a single external port that shares the native VLAN and VLAN27. In my case, I configrued the external bridge (br-ex) with the native vlan and am now faced with adding vlan27 to the bridge. RHOSP has a vlan scenario which I used in creating the bridge and vlans under it that carry the storage, etc. It would seem that all I need to do is create a vlan27 port as shown below. The below was generated by the heat OOO heat templates.
stack: ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWNlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 14:58:d0:4c:2e:98 brd ff:ff:ff:ff:ff:ffinet 192.0.2.17/24 brd 192.0.2.255 scope global eno1valid_lft forever preferred_lft foreverinet 192.0.2.15/32 brd 192.0.2.255 scope global eno1valid_lft forever preferred_lft foreverinet6 fe80::1658:d0ff:fe4c:2e98/64 scope linkvalid_lft forever preferred_lft forever3: ens1f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 8c:dc:d4:b1:8e:b8 brd ff:ff:ff:ff:ff:ff4: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP qlen 1000 link/ether 14:58:d0:4c:2e:9c brd ff:ff:ff:ff:ff:ffinet6 fe80::1658:d0ff:fe4c:2e9c/64 scope linkvalid_lft forever preferred_lft forever5: ens1f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 8c:dc:d4:b1:8e:b9 brd ff:ff:ff:ff:ff:ff6: eno3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP qlen 1000 link/ether 14:58:d0:4c:2e:99 brd ff:ff:ff:ff:ff:ffinet6 fe80::1658:d0ff:fe4c:2e99/64 scope linkvalid_lft forever preferred_lft forever7: eno4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 14:58:d0:4c:2e:9d brd ff:ff:ff:ff:ff:ff8: eno5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 14:58:d0:4c:2e:9a brd ff:ff:ff:ff:ff:ff9: eno6: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 14:58:d0:4c:2e:9e brd ff:ff:ff:ff:ff:ff10: eno7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master ovs-system state DOWN qlen 1000link/ether 14:58:d0:4c:2e:9b brd ff:ff:ff:ff:ff:ff11: eno8: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 14:58:d0:4c:2e:9f brd ff:ff:ff:ff:ff:ff12: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWNlink/ether da:f8:b1:fd:2e:74 brd ff:ff:ff:ff:ff:ff13: br-ex1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWNlink/ether 14:58:d0:4c:2e:9b brd ff:ff:ff:ff:ff:ff14: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWNlink/ether 2a:98:45:ed:fb:4b brd ff:ff:ff:ff:ff:ff15: vlan203: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 0a:5a:9c:28:45:f6 brd ff:ff:ff:ff:ff:ffinet 172.19.0.11/24 brd 172.19.0.255 scope global vlan203valid_lft forever preferred_lft foreverinet 172.19.0.10/32 brd 172.19.0.255 scope global vlan203valid_lft forever preferred_lft foreverinet6 fe80::85a:9cff:fe28:45f6/64 scope linkvalid_lft forever preferred_lft forever16: vlan202: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 6e:3f:59:63:41:89 brd ff:ff:ff:ff:ff:ffinet 172.18.0.12/24 brd 172.18.0.255 scope global vlan202valid_lft forever preferred_lft foreverinet 172.18.0.10/32 brd 172.18.0.255 scope global vlan202valid_lft forever preferred_lft foreverinet6 fe80::6c3f:59ff:fe63:4189/64 scope linkvalid_lft forever preferred_lft forever17: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 14:58:d0:4c:2e:9c brd ff:ff:ff:ff:ff:ffinet 10.1.62.169/24 brd 10.1.62.255 scope global br-exvalid_lft forever preferred_lft foreverinet 10.1.62.168/32 brd 10.1.62.255 scope global br-exvalid_lft forever preferred_lft foreverinet6 fcff:1:62:0:1658:d0ff:fe4c:2e9c/64 scope global mngtmpaddr dynamic valid_lft 2591980sec preferred_lft 604780secinet6 fe80::1658:d0ff:fe4c:2e9c/64 scope linkvalid_lft forever preferred_lft forever18: vlan204: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether ba:76:32:20:c8:1e brd ff:ff:ff:ff:ff:ffinet 172.17.0.11/24 brd 172.17.0.255 scope global vlan204valid_lft forever preferred_lft foreverinet6 fe80::b876:32ff:fe20:c81e/64 scope linkvalid_lft forever preferred_lft forever19: vlan201: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 96:0b:f7:a1:89:dc brd ff:ff:ff:ff:ff:ffinet 172.16.0.13/24 brd 172.16.0.255 scope global vlan201valid_lft forever preferred_lft foreverinet 172.16.0.10/32 brd 172.16.0.255 scope global vlan201valid_lft forever preferred_lft foreverinet 172.16.0.11/32 brd 172.16.0.255 scope global vlan201valid_lft forever preferred_lft foreverinet6 fe80::940b:f7ff:fea1:89dc/64 scope linkvalid_lft forever preferred_lft forever23: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWNlink/ether 12:ec:43:c0:1d:43 brd ff:ff:ff:ff:ff:ff
stack: ovs-ctl show75acb2b-1107-419f-9fed-1b80741aa78a Bridge br-exPort "vlan202"tag: 202Interface "vlan202"type: internalPort br-exInterface br-extype: internalPort "vlan201"tag: 201Interface "vlan201"type: internalPort "bond1"Interface "eno2"Interface "eno3"Port phy-br-exInterface phy-br-extype: patchoptions: {peer=int-br-ex}Port "vlan204"tag: 204Interface "vlan204"type: internalPort "vlan203"tag: 203Interface "vlan203"type: internalBridge br-intfail_mode: securePort "tap485f8aa8-86"tag: 2Interface "tap485f8aa8-86"type: internalPort patch-tunInterface patch-tuntype: patchoptions: {peer=patch-int}Port "tap62b75cc5-ef"tag: 3Interface "tap62b75cc5-ef"type: internalPort br-intInterface br-inttype: internalPort "tap123c52e6-5d"tag: 1Interface "tap123c52e6-5d"type: internalPort int-br-exInterface int-br-extype: patchoptions: {peer=phy-br-ex}Bridge br-tunfail_mode: securePort br-tunInterface br-tuntype: internalPort "vxlan-ac11000c"Interface "vxlan-ac11000c"type: vxlanoptions: {df_default="true", in_key=flow, local_ip="172.17.0.11", out_key=flow, remote_ip="172.17.0.12"}Port "vxlan-ac11000a"Interface "vxlan-ac11000a"type: vxlanoptions: {df_default="true", in_key=flow, local_ip="172.17.0.11", out_key=flow, remote_ip="172.17.0.10"}Port patch-intInterface patch-inttype: patchoptions: {peer=patch-tun}Port "vxlan-ac11000d"Interface "vxlan-ac11000d"type: vxlanoptions: {df_default="true", in_key=flow, local_ip="172.17.0.11", out_key=flow, remote_ip="172.17.0.13"}Port "vxlan-ac11000e"Interface "vxlan-ac11000e"type: vxlanoptions: {df_default="true", in_key=flow, local_ip="172.17.0.11", out_key=flow, remote_ip="172.17.0.14"}
On Tue, Oct 18, 2016 at 8:50 AM, John Marks <jdmarks75080@gmail.com> wrote:
Doesn't that make the stack very inflexible? And yes, we have faced this issue before and talked to RH about it and they said exactly the same thing. However, if I redeploy, I have found that modifying the network config does not take affect and I have to delete and redeploy the overcloud. That would really reak havoc if I had to do that in production.
Thanks for the reply.
On Tue, Oct 18, 2016 at 8:43 AM, Boris Derzhavets <bderzhavets@hotmail.com> wrote:
Sorry for typo
If I am not correct stating the above, RH's technical stuff will point to my mistake for sure
I skipped "if" on first place.
From: rdo-list-bounces@redhat.com <rdo-list-bounces@redhat.com> on behalf of Boris Derzhavets <bderzhavets@hotmail.com>
Sent: Tuesday, October 18, 2016 4:37 PM
To: John Marks; rdo-list@redhat.com
Subject: Re: [rdo-list] Adding a vlan to the external network in tripleoI have a lab situation where there are 2 networks. One is in one DMZ and the other is a lab isolated network. I need access to both via the external port. I believe what I need to do is add another port to the bridge on a vlan to the lab network. I created a new external network in Director and assigned the vlan to it. However, I am not sure that will add it to the existing bridge.
A bigger question around this is why does Openstack not support modifications after installation to the north/south network?
Openstack has no problem with adding one more external network (or even 2) of VLAN type .
See for instance https://www.linux.com/blog/rdo-mitaka-several-external-netwo rks-vlan-provider-setup
The problem here is the way which was used for deployment, it is TripleO.
To have the job done you need to update heat stack "overcloud" which had been built
on undercloud Node. So you should be able redeploy overcloud with specific tripleo-heat-template
addressing you needs. I would expect your br-ex bridges to have IPs on ctlplane obtained via DHCP.
Any manual intervention to overcloud is impossible. You have presumably only one
option , which is to ask vendor for support.
I am not correct stating the above, RH's technical stuff will point to my mistake for sure.
That is why I am so sorry about regression taken place in packstack functionality
Boris.
East/west is easy but North/South has to have a lot of modifications made to static files (it seems) like plugin.ini and openvswitch.ini.
From: rdo-list-bounces@redhat.com <rdo-list-bounces@redhat.com> on behalf of John Marks <jdmarks75080@gmail.com>
Sent: Tuesday, October 18, 2016 7:32:53 AM
To: rdo-list@redhat.com
Subject: [rdo-list] Adding a vlan to the external network in tripleoI have a lab situation where there are 2 networks. One is in one DMZ and the other is a lab isolated network. I need access to both via the external port. I believe what I need to do is add another port to the bridge on a vlan to the lab network. I created a new external network in Director and assigned the vlan to it. However, I am not sure that will add it to the existing bridge.
A bigger question around this is why does Openstack not support modifications after installation to the north/south network? East/west is easy but North/South has to have a lot of modifications made to static files (it seems) like plugin.ini and openvswitch.ini.
Any help would be appreciated.
_________________
rdo-list mailing list
rdo-list@redhat.com
https://www.redhat.com/mailman/listinfo/rdo-list
To unsubscribe: rdo-list-unsubscribe@redhat.com --