Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My CentOS 7 install sees emp3s0 where eth0 would usually appear. But this may need to be changed to br-ex? The IP address no longer apperas at enp3s0, so perhaps that's the issue.
When I make changes, I tear down all the networks and rebuild them according to instructions. I do this after restarting the machine. I wonder if the database needs to be updated as well. su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron systemctl stop neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl stop neutron-l3-agent.service and restart. Thanks for the help. Yes. It's a bit confusing. Why are router and instance ports different? It is for this reason that I figured I could just create my own instance/router. But why should I have to? Do routers not work unless you use OpenVSwitch? The Liberty install instructions (unlike Kilo) don't seem to require installing OpenVSwitch. linux_bridge_agent.ini inux_bridge | physical_interface_mappings | public:enp3s0 Perhaps br-ex? Or whereever I see my static IP when doing an ifconfig :-) Was enp3s0 when CentOS was first installed, but I think thats changed somehow. +----------------------------+-----------------------------+--------------------------------------------------------------+ | linuxbridge_agent: Section | Key | Value | +----------------------------+-----------------------------+--------------------------------------------------------------+ | linux_bridge | physical_interface_mappings | public:enp3s0 | | vxlan | l2_population | True | | vxlan | local_ip | 172.22.10.99 | | vxlan | enable_vxlan | True | | agent | prevent_arp_spoofing | True | | securitygroup | firewall_driver | neutron.agent.linux.iptables_firewall.IptablesFirewallDriver | | securitygroup | enable_security_group | True | +----------------------------+-----------------------------+--------------------------------------------------------------+ - Christopher T. Hull I am presently seeking a new career opportunity Please see career page http://chrishull.com/career 333 Orchard Ave, Sunnyvale CA. 94085 (415) 385 4865 chrishul...@gmail.com http://chrishull.com On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <dsned...@redhat.com> wrote: > On 03/23/2016 03:05 PM, Christopher Hull wrote: > > Hi Keven / all; > > > > Re: Getting a Neutron Router to work. (set external_network_bridge = > > blank). Apologies if this got sent twice. > > > > Nope, not quite there yet re getting the damn router to work (week 3 on > > this issue). > > > > The Liberty install instructions indeed say to set... > > external_network_bridge = > > > > I'm so desperate that I thought the blank space after the = might be > > the issue. No. Then I noticed these instructions in l3_agent.ini > itself. > > ----- > > # When external_network_bridge is set, each L3 agent can be associated > > # with no more than one external network. This value should be set to > > the UUID > > # of that external network. To allow L3 agent support multiple external > > # networks, both the external_network_bridge and > > gateway_external_network_id > > # must be left empty. > > # gateway_external_network_id = > > ---- > > > > 1: Should gateway_external_network_id = be unoommented? > > 2: Should I reupdate the database after these changes? > > su -s /bin/sh -c "neutron-db-manage --config-file > > /etc/neutron/neutron.conf \ > > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" > neutron > > > > 3: Should external_network_bridge in fact be set to the UUID of the > > public network? > > > > 4. All instances Ports work just fine on public and private network. > > WHAT is the difference between a Neutron router northbound port and an > > instance port on the public net. > > > > Services restarted after config change (just removed space after = > > actually just in case sloppy Python coding was involved here). In > > fact, I rebooted the box just to be sure. > > > > Making my own instance based router is looking better and better all > > the time. If Neutron Routers really work, maybe UFO's exist too. > > :-) j/k > > > > > > Seriously. Thank you for your help. Hope to help the community > > soon too myself. Trying to get my Gerrit account up and running but > > the OpenStack.org site won't allow me to sign the Contrib agreement > > with out getting a server error. > > > > > > ==== Config Details ====== > > Issue Neutron Router Northbound Port won't Ping, is Down > > > > [root@maersk src]# ./pluto.py show -p /etc neutron rootwrap.conf > > ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini > > > +-----------------------+------------------------------------+-------------------------------------------------+ > > | neutron: Section | Key | > > Value | > > > +-----------------------+------------------------------------+-------------------------------------------------+ > > | DEFAULT | verbose | > > True | > > | DEFAULT | nova_url | > > http://controller:8774/v2 | > > | DEFAULT | notify_nova_on_port_data_changes | > > True | > > | DEFAULT | notify_nova_on_port_status_changes | > > True | > > | DEFAULT | auth_strategy | > > keystone | > > | DEFAULT | rpc_backend | > > rabbit | > > | DEFAULT | allow_overlapping_ips | > > True | > > | DEFAULT | service_plugins | > > router | > > | DEFAULT | core_plugin | > > ml2 | > > | keystone_authtoken | password | > > mk4968small23buggidntpass | > > | keystone_authtoken | username | > > neutron | > > | keystone_authtoken | project_name | > > service | > > | keystone_authtoken | user_domain_id | > > default | > > | keystone_authtoken | project_domain_id | > > default | > > | keystone_authtoken | auth_plugin | > > password | > > | keystone_authtoken | auth_url | > > http://controller:35357 | > > | keystone_authtoken | auth_uri | > > http://controller:5000 | > > | database | connection | > > mysql://neutron:sleestack191@controller/neutron | > > | nova | password | > > mk4968small23buggidntpass | > > | nova | username | > > nova | > > | nova | project_name | > > service | > > | nova | region_name | > > RegionOne | > > | nova | user_domain_id | > > default | > > | nova | project_domain_id | > > default | > > | nova | auth_plugin | > > password | > > | nova | auth_url | > > http://controller:35357 | > > | oslo_concurrency | lock_path | > > /var/lib/neutron/tmp | > > | oslo_messaging_rabbit | rabbit_password | > > open.g00dke232 | > > | oslo_messaging_rabbit | rabbit_userid | > > openstack | > > | oslo_messaging_rabbit | rabbit_host | > > controller | > > > +-----------------------+------------------------------------+-------------------------------------------------+ > > > +-------------------+---------------------+--------------------------------------------------------------+ > > | rootwrap: Section | Key | > > Value | > > > +-------------------+---------------------+--------------------------------------------------------------+ > > | DEFAULT | filters_path | > > /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap | > > | DEFAULT | exec_dirs | > > /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin | > > | DEFAULT | use_syslog | > > False | > > | DEFAULT | syslog_log_facility | > > syslog | > > | DEFAULT | syslog_log_level | > > ERROR | > > > +-------------------+---------------------+--------------------------------------------------------------+ > > +-------------------+----------------------+--------------------------+ > > | ml2_conf: Section | Key | Value | > > +-------------------+----------------------+--------------------------+ > > | ml2 | extension_drivers | port_security | > > | ml2 | mechanism_drivers | linuxbridge,l2population | > > | ml2 | tenant_network_types | vxlan | > > | ml2 | type_drivers | flat,vlan,vxlan | > > | ml2_type_flat | flat_networks | public | > > | ml2_type_vxlan | vni_ranges | 1:1000 | > > | securitygroup | enable_ipset | True | > > +-------------------+----------------------+--------------------------+ > > > +-------------------+--------------------------+-----------------------------------------------------+ > > | l3_agent: Section | Key | > > Value | > > > +-------------------+--------------------------+-----------------------------------------------------+ > > | DEFAULT | external_network_bridge > > | | > > | DEFAULT | verbose | > > True | > > | DEFAULT | interface_driver | > > neutron.agent.linux.interface.BridgeInterfaceDriver | > > > +-------------------+--------------------------+-----------------------------------------------------+ > > > +----------------------------+-----------------------------+--------------------------------------------------------------+ > > | linuxbridge_agent: Section | Key | > > Value | > > > +----------------------------+-----------------------------+--------------------------------------------------------------+ > > | linux_bridge | physical_interface_mappings | > > public:enp3s0 | > > | vxlan | l2_population | > > True | > > | vxlan | local_ip | > > 172.22.10.99 | > > | vxlan | enable_vxlan | > > True | > > | agent | prevent_arp_spoofing | > > True | > > | securitygroup | firewall_driver | > > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver | > > | securitygroup | enable_security_group | > > True | > > > +----------------------------+-----------------------------+--------------------------------------------------------------+ > > > +---------------------+--------------------------+-----------------------------------------------------+ > > | dhcp_agent: Section | Key | > > Value | > > > +---------------------+--------------------------+-----------------------------------------------------+ > > | DEFAULT | dnsmasq_config_file | > > /etc/neutron/dnsmasq-neutron.conf | > > | DEFAULT | verbose | > > True | > > | DEFAULT | enable_isolated_metadata | > > True | > > | DEFAULT | dhcp_driver | > > neutron.agent.linux.dhcp.Dnsmasq | > > | DEFAULT | interface_driver | > > neutron.agent.linux.interface.BridgeInterfaceDriver | > > > +---------------------+--------------------------+-----------------------------------------------------+ > > > > > > > > > > > > > > > > > > > > > > - Christopher T. Hull > > I am presently seeking a new career opportunity Please see career page > > http://chrishull.com/career > > 333 Orchard Ave, Sunnyvale CA. 94085 > > (415) 385 4865 > > chrishul...@gmail.com <mailto:chrishul...@gmail.com> > > http://chrishull.com > > > > > > > > On Wed, Mar 23, 2016 at 8:50 AM, <chrishul...@gmail.com > > <mailto:chrishul...@gmail.com>> wrote: > > > > Thanks. Will check that. > > When I create an instance in the public or private nets they ping. > > Why do router ports behave differently than instance ports? Only > > the Northbound router port is down and won't ping. Will check > > settings ASAP thanks > > > > Chris. > > > > Sent from my iPhone > > > > On Mar 23, 2016, at 7:52 AM, Kevin Benton <ke...@benton.pub > > <mailto:ke...@benton.pub>> wrote: > > > >> Ok. The same settings should apply to Linux bridge. > >> > >> Make sure you have external_network_bridge defined in your L3 > >> agent as an empty value. > >> > >> Then your external network should be created with the provider > >> type of 'flat' and the physical network corresponding to the one > >> you have defined in your bridge mappings in the L2 agent that > >> attaches to the bridge going to your external physical network. > >> > >> On Mar 23, 2016 7:25 AM, <chrishul...@gmail.com > >> <mailto:chrishul...@gmail.com>> wrote: > >> > >> Kevin; > >> Thank you Very much. I'll check. I did a manual Liberty > >> install so I may have done something wrong. I am using > >> LinuxBridge (not OpenVSwitch) if that helps. Will post > >> results to list soon. Would like to be able to use floating > >> IPs, a more convenient form of ipTables basically. > >> > >> Chris. > >> > >> Sent from my iPhone > >> > >> On Mar 23, 2016, at 7:16 AM, Kevin Benton <ke...@benton.pub > >> <mailto:ke...@benton.pub>> wrote: > >> > >>> Do you have external_network_bridge set to an empty value in > >>> the l3 agent config? If not, the l3 agent will use a legacy > >>> mode of wiring up the port and it's status field may not be > >>> ACTIVE. > >>> > >>> The routers are tested thousands of times in the gate every > >>> day, so they work. It's just a matter of getting your > >>> configuration correct. > >>> > >>> Yes, you can use a VM to route as well. > >>> > >>> On Mar 23, 2016 7:06 AM, <chrishul...@gmail.com > >>> <mailto:chrishul...@gmail.com>> wrote: > >>> > >>> Hi all; > >>> It appears that Liberty Neutron routers do not work. > >>> The Northbound port is always Down. > >>> > >>> What I'd like to do is dedicate an instance (CentOS) to > >>> routing between the Public net and other nets. Has > >>> anyone done this. Setting up the router is trivial. > >>> But I'm a little worried about interaction with Neutron > >>> Ports. I need to assign fixed IPs so I can route from > >>> the Internet to a server instance. > >>> > >>> Ideas? > >>> > >>> Thanks > >>> - Chris. > >>> > >>> Sent from my iPhone > >>> _______________________________________________ > >>> OpenStack-operators mailing list > >>> OpenStack-operators@lists.openstack.org > >>> <mailto:OpenStack-operators@lists.openstack.org> > >>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > >>> > > > > > > > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > Definitely the external_network_bridge needs to be explicitly set to > nothing. That's not the default. I've never had to change the default > gateway_external_network_id when I set external_network_bridge to a > blank value. > > Note that after making changes to external_network_bridge, I've have to > delete and recreate the router/port/network that was created before > that change. > > I assume that your bridge mappings are correct in > /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini: > > bridge_mappings =datacentre:br-ex # or whatever you have locally > > And that the physical_network of the external network matches the > network name in the bridge_mappings that corresponds to the bridge > containing the physical interface? Probably your instance ports > wouldn't work if those things weren't correct, but those are also areas > where I see failures similar to this. > > -- > Dan Sneddon | Principal OpenStack Engineer > dsned...@redhat.com | redhat.com/openstack > 650.254.4025 | dsneddon:irc @dxs:twitter >
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators