Re: [Openstack] OVS-DPDK with NetVirt

[d.lake]

I'm really getting nowhere fast with this.

The latest in set of issues appears to be related to the "Permission denied" on 
the socket for qemu.

Just to reprise - this is OVS with DPDK, All-In-One with Intel NICs and ODL 
NetVirt.

Can ANYONE shed any light on this please - I can't believe that this isn't a 
very standard deployment and given that it works without DPDK on OVS I can't 
believe that it hasn't been seen hundreds of times beore.

Thanks

David

From: Lake D Mr (PG/R - Elec Electronic Eng)
Sent: 13 August 2018 16:35
To: 'Venkatrangan G - ERS, HCL Tech' ; 
dayavanti.gopal.kam...@ericsson.com; netvirt-...@lists.opendaylight.org
Subject: RE: OVS-DPDK with NetVirt

Hi

OK - I found some more guides which told me I needed to add:

[ovs]
datapath_type=netdev


to ML2_conf which I have done with an extra line in local.conf.

Now I am seeing the ports trying to be added as vhost-user ports.

BUT.  I am seeing this issue in the log:

qemu-kvm: -chardev socket,id=charnet0,path=/var/run/openvswitch/vhuab608c58-ae: 
Failed to connect socket /var/run/openvswitch/vhuab608c58-ae: Permission 
denied\n']#033[00m

Any ideas?   This is on an all-in-one system using CentOS 7.5

Thanks

David

From: Venkatrangan G - ERS, HCL Tech 
mailto:venkatrang...@hcl.com>>
Sent: 13 August 2018 10:36
To: Lake D Mr (PG/R - Elec Electronic Eng) 
mailto:d.l...@surrey.ac.uk>>; 
dayavanti.gopal.kam...@ericsson.com;
 netvirt-...@lists.opendaylight.org
Subject: RE: OVS-DPDK with NetVirt

Hi David,

I think you can run this ommand on your control node



 sudo neutron-odl-ovs-hostconfig --config-file=/etc/neutron/neutron.conf 
--debug --ovs_dpdk --bridge_mappings=physnet1:br-physnet1


(Not exactly sure of all the arguments, Please run this command in the control 
node with dpdk option, I think that should help)



Regards,
Venkat G
(When there is no windrow!!!)

From: 
netvirt-dev-boun...@lists.opendaylight.org
 
mailto:netvirt-dev-boun...@lists.opendaylight.org>>
 On Behalf Of d.l...@surrey.ac.uk
Sent: 13 August 2018 14:01
To: 
dayavanti.gopal.kam...@ericsson.com;
 netvirt-...@lists.opendaylight.org
Subject: Re: [netvirt-dev] OVS-DPDK with NetVirt

Good morning all

I wonder if someone could help with this please.

I don't know whether I need to add anything into ML2 to have the br-int 
installed in netdev mode or whether something else is wrong.

Thank you in advance

David

Sent from my iPhone

From: Lake D Mr (PG/R - Elec Electronic Eng)
Sent: Friday, August 10, 2018 10:57:02 PM
To: Dayavanti Gopal Kamath; 
netvirt-...@lists.opendaylight.org
Subject: RE: OVS-DPDK with NetVirt

Hi

The first link you sent doesn't work?

I've no idea what a pseudoagent binding driver is

All I've done is to follow the instructions for moving to DPDK on my existing 
ODL+OpenStack system which uses Devstack to install.

My understanding is that I needed to enable DPDK in OVS.  I do that with the 
following command:

ovs-vsctl --no-wait set Open_vSwitch . 
other_config:dpdk-init=true

I then unbound the DPDK NICs from the kernel mode driver and bound them to 
vfio-pci using "dpdk-devbind."

Once that is done, I created 4 bridges in OVS which all use the netdev datapath:

ovs-vsctl add-br br-dpdk1 -- set bridge br-dpdk1 
datapath_type=netdev
ovs-vsctl add-br br-dpdk2 -- set bridge br-dpdk2 datapath_type=netdev
ovs-vsctl add-br br-dpdk3 -- set bridge br-dpdk3 datapath_type=netdev
ovs-vsctl add-br br-dpdk4 -- set bridge br-dpdk4 datapath_type=netdev


Then I added the ports for the NICs to each bridge:

sudo ovs-vsctl add-port br-dpdk1 dpdk-p1 -- set Interface dpdk-p1 type=dpdk 
options:dpdk-devargs=:04:00.0
sudo ovs-vsctl add-port br-dpdk2 dpdk-p2 -- set Interface dpdk-p2 type=dpdk 
options:dpdk-devargs=:04:00.1
sudo ovs-vsctl add-port br-dpdk3 dpdk-p3 -- set Interface dpdk-p3 type=dpdk 
options:dpdk-devargs=:05:00.0
sudo ovs-vsctl add-port br-dpdk4 dpdk-p4 -- set Interface dpdk-p4 type=dpdk 
options:dpdk-devargs=:05:00.1

Having done that, I can verify that I can see traffic in the bridge using 
ovs-tcpdump so I know that the data is reaching OVS from the wire.

Then I run Devstack stack.sh and I get a working system with four physical 
networks.

However, this blog - 

Re: [openstack-dev] OVS-DPDK with NetVirt

[d.lake]

I'm really getting nowhere fast with this.

The latest in set of issues appears to be related to the "Permission denied" on 
the socket for qemu.

Just to reprise - this is OVS with DPDK, All-In-One with Intel NICs and ODL 
NetVirt.

Can ANYONE shed any light on this please - I can't believe that this isn't a 
very standard deployment and given that it works without DPDK on OVS I can't 
believe that it hasn't been seen hundreds of times beore.

Thanks

David

From: Lake D Mr (PG/R - Elec Electronic Eng)
Sent: 13 August 2018 16:35
To: 'Venkatrangan G - ERS, HCL Tech' ; 
dayavanti.gopal.kam...@ericsson.com; netvirt-...@lists.opendaylight.org
Subject: RE: OVS-DPDK with NetVirt

Hi

OK - I found some more guides which told me I needed to add:

[ovs]
datapath_type=netdev


to ML2_conf which I have done with an extra line in local.conf.

Now I am seeing the ports trying to be added as vhost-user ports.

BUT.  I am seeing this issue in the log:

qemu-kvm: -chardev socket,id=charnet0,path=/var/run/openvswitch/vhuab608c58-ae: 
Failed to connect socket /var/run/openvswitch/vhuab608c58-ae: Permission 
denied\n']#033[00m

Any ideas?   This is on an all-in-one system using CentOS 7.5

Thanks

David

From: Venkatrangan G - ERS, HCL Tech 
mailto:venkatrang...@hcl.com>>
Sent: 13 August 2018 10:36
To: Lake D Mr (PG/R - Elec Electronic Eng) 
mailto:d.l...@surrey.ac.uk>>; 
dayavanti.gopal.kam...@ericsson.com;
 netvirt-...@lists.opendaylight.org
Subject: RE: OVS-DPDK with NetVirt

Hi David,

I think you can run this ommand on your control node



 sudo neutron-odl-ovs-hostconfig --config-file=/etc/neutron/neutron.conf 
--debug --ovs_dpdk --bridge_mappings=physnet1:br-physnet1


(Not exactly sure of all the arguments, Please run this command in the control 
node with dpdk option, I think that should help)



Regards,
Venkat G
(When there is no windrow!!!)

From: 
netvirt-dev-boun...@lists.opendaylight.org
 
mailto:netvirt-dev-boun...@lists.opendaylight.org>>
 On Behalf Of d.l...@surrey.ac.uk
Sent: 13 August 2018 14:01
To: 
dayavanti.gopal.kam...@ericsson.com;
 netvirt-...@lists.opendaylight.org
Subject: Re: [netvirt-dev] OVS-DPDK with NetVirt

Good morning all

I wonder if someone could help with this please.

I don't know whether I need to add anything into ML2 to have the br-int 
installed in netdev mode or whether something else is wrong.

Thank you in advance

David

Sent from my iPhone

From: Lake D Mr (PG/R - Elec Electronic Eng)
Sent: Friday, August 10, 2018 10:57:02 PM
To: Dayavanti Gopal Kamath; 
netvirt-...@lists.opendaylight.org
Subject: RE: OVS-DPDK with NetVirt

Hi

The first link you sent doesn't work?

I've no idea what a pseudoagent binding driver is

All I've done is to follow the instructions for moving to DPDK on my existing 
ODL+OpenStack system which uses Devstack to install.

My understanding is that I needed to enable DPDK in OVS.  I do that with the 
following command:

ovs-vsctl --no-wait set Open_vSwitch . 
other_config:dpdk-init=true

I then unbound the DPDK NICs from the kernel mode driver and bound them to 
vfio-pci using "dpdk-devbind."

Once that is done, I created 4 bridges in OVS which all use the netdev datapath:

ovs-vsctl add-br br-dpdk1 -- set bridge br-dpdk1 
datapath_type=netdev
ovs-vsctl add-br br-dpdk2 -- set bridge br-dpdk2 datapath_type=netdev
ovs-vsctl add-br br-dpdk3 -- set bridge br-dpdk3 datapath_type=netdev
ovs-vsctl add-br br-dpdk4 -- set bridge br-dpdk4 datapath_type=netdev


Then I added the ports for the NICs to each bridge:

sudo ovs-vsctl add-port br-dpdk1 dpdk-p1 -- set Interface dpdk-p1 type=dpdk 
options:dpdk-devargs=:04:00.0
sudo ovs-vsctl add-port br-dpdk2 dpdk-p2 -- set Interface dpdk-p2 type=dpdk 
options:dpdk-devargs=:04:00.1
sudo ovs-vsctl add-port br-dpdk3 dpdk-p3 -- set Interface dpdk-p3 type=dpdk 
options:dpdk-devargs=:05:00.0
sudo ovs-vsctl add-port br-dpdk4 dpdk-p4 -- set Interface dpdk-p4 type=dpdk 
options:dpdk-devargs=:05:00.1

Having done that, I can verify that I can see traffic in the bridge using 
ovs-tcpdump so I know that the data is reaching OVS from the wire.

Then I run Devstack stack.sh and I get a working system with four physical 
networks.

However, this blog - 

[Openstack] All-in-One, DPDK with multiple public interefaces

[d.lake]

Hello

I'm trying to build a simple all-in-one system using DevStack with OVS+DPDK 
with 4 public interfaces.

I'm using the local.conf here - 
https://github.com/openstack/networking-ovs-dpdk/blob/master/doc/source/_downloads/local.conf.single_node

I have four physical networks defined here:

"ML2_VLAN_RANGES=physnet1:1000:2999,physnet2:1000:2999,physnet3:1000:2999,physnet4:1000:2999"

I can see this line as well, but I have no idea how to configure it:

"OVS_BRIDGE_MAPPINGS="default:br-"

I have DPDK installed and the interfaces are bound to the igbuio driver so they 
do not have a physical kernel name.

Do I need to create an OVS bridge for each external interface prior to 
stacking?  If so, what interface name do I use?

Thanks

David
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [netvirt-dev] VM as a router with ODL/OpenStack

[d.lake]

Hi Jaime

Thank you - I will try this and see how it works.

David

-Original Message-
From: Jaime Caamaño Ruiz [mailto:jcaam...@suse.de] 
Sent: 20 July 2018 14:23
To: Lake D Mr (PG/R - Elec Electronic Eng) ; 
netvirt-...@lists.opendaylight.org; openstack@lists.openstack.org
Cc: Ge C Dr (Elec Electronic Eng) 
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack

Hello David

On the router VM, you would probably dedicate a port for management with a 
floating ip assigned.

The you would have extra ports for as many nets the router is servicing, two in 
the case of trex simple setup. These ports would have port security disabled:

openstack port set  --no-security-group --disable-port-security

If running trex in the cloud vm, more less the same. Have one port for 
management. Then two other ports for trex traffic. On these ports, add allowed 
address pairs for 16.0.0.0/8 and 48.0.0.0/8 respectively

openstack port set  --allowed-address ip-address=16.0.0.0/8

If you have any routers in the middle, add static routes.

Not actually tried with ODL, but this works with neutron ovs driver.

BR
Jaime.
 
-Original Message-
From: d.l...@surrey.ac.uk
To: netvirt-...@lists.opendaylight.org, openstack@lists.openstack.org, 
jcaam...@suse.de
Cc: c...@surrey.ac.uk
Subject: [netvirt-dev] VM as a router with ODL/OpenStack
Date: Fri, 20 Jul 2018 07:32:49 +

Hello

I’m trying to use a VM as a router in an OpenStack + ODL installation.

I have the VM set up with two internal addresses - 10.10.5.21 and
10.10.6.21.   They are allocated floating public addresses of
10.201.81.21 and 10.201.82.21 respectively.

I am using a TREx load generator which sources from 16.0.0.0/8 and
sinks to 48.0.0.0/8.   

I have added routes both ways on the routers between the floating and private 
addresses.

I have read that I need to disable “port security” on the VM ports to allow IP 
spoofing - does this also include the router ports?

Also, when I start a test session generating traffic from 16.0.0.0 -> 48.0.0.0. 
I see a flow in OVS which matches but has an action of “drop.”

How do I overcome this?

Thanks in advance

David

Sent from my iPhone
___
netvirt-dev mailing list
netvirt-...@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/netvirt-dev
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [netvirt-dev] VM as a router with ODL/OpenStack

[d.lake]

With “ovs-ofctl -O OpenFlow13 dump-flows br-int”  I don’t see ANY entries for 
packets to 48.0.0.0/8 or 16.0.0.0/8

Only this one entry (which I think is a static route which I have in the router 
between the floating network and the private network).

David

From: Aswin Suryanarayanan [mailto:asury...@redhat.com]
Sent: 20 July 2018 12:28
To: Lake D Mr (PG/R - Elec Electronic Eng) 
Cc: odl netvirt dev ; 
openstack@lists.openstack.org; Ge C Dr (Elec Electronic Eng) 
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack



On Fri, Jul 20, 2018 at 4:32 PM, 
mailto:d.l...@surrey.ac.uk>> wrote:
Hi Aswin

I’ve just noticed that I don’t think the packet is ever actually making it 
through to OVS.

If I do a “ovs-dpctl dump-flows” then I see the immediate drop on ingress port 
5.

But if I extend that to “ovs-ofctl -O OpenFlow13 dump-flows br-int” the only 
entry I see is:

cookie=0x803, duration=3823.308s, table=21, n_packets=0, n_bytes=0, 
priority=18,ip,metadata=0x30d40/0xfe,nw_dst=48.0.0.0/8 actions=group:150007

Oh I think it is hard to understand  the reason from this flow. Were you able 
to identify where the packet is dropped from “ovs-ofctl -O OpenFlow13 
dump-flows br-int” ?

I’ve just checked the port names and “Port 5” is:

name: "br-prov2-patch"
ofport  : 5


David

From: Aswin Suryanarayanan 
[mailto:asury...@redhat.com]
Sent: 20 July 2018 10:45
To: Lake D Mr (PG/R - Elec Electronic Eng) 
mailto:d.l...@surrey.ac.uk>>
Cc: odl netvirt dev 
mailto:netvirt-...@lists.opendaylight.org>>;
 openstack@lists.openstack.org; Ge C Dr 
(Elec Electronic Eng) mailto:c...@surrey.ac.uk>>
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack



On Fri, Jul 20, 2018 at 1:02 PM, 
mailto:d.l...@surrey.ac.uk>> wrote:
Hello

I’m trying to use a VM as a router in an OpenStack + ODL installation.

I have the VM set up with two internal addresses - 10.10.5.21 and 10.10.6.21.   
They are allocated floating public addresses of 10.201.81.21 and 10.201.82.21 
respectively.

I am using a TREx load generator which sources from 
16.0.0.0/8 and sinks to 48.0.0.0/8.

I have added routes both ways on the routers between the floating and private 
addresses.

I have read that I need to disable “port security” on the VM ports to allow IP 
spoofing - does this also include the router ports?

Router ports have port security disabled by default , no need to do that 
explicitly.

Also, when I start a test session generating traffic from 16.0.0.0 -> 48.0.0.0. 
I see a flow in OVS which matches but has an action of “drop.”

Which table exactly is the packet dropped?

How do I overcome this?

Thanks in advance

David

Sent from my iPhone

___
netvirt-dev mailing list
netvirt-...@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/netvirt-dev


___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [netvirt-dev] VM as a router with ODL/OpenStack

[d.lake]

Hi Aswin

I’ve just noticed that I don’t think the packet is ever actually making it 
through to OVS.

If I do a “ovs-dpctl dump-flows” then I see the immediate drop on ingress port 
5.

But if I extend that to “ovs-ofctl -O OpenFlow13 dump-flows br-int” the only 
entry I see is:

cookie=0x803, duration=3823.308s, table=21, n_packets=0, n_bytes=0, 
priority=18,ip,metadata=0x30d40/0xfe,nw_dst=48.0.0.0/8 actions=group:150007

I’ve just checked the port names and “Port 5” is:

name: "br-prov2-patch"
ofport  : 5


David

From: Aswin Suryanarayanan [mailto:asury...@redhat.com]
Sent: 20 July 2018 10:45
To: Lake D Mr (PG/R - Elec Electronic Eng) 
Cc: odl netvirt dev ; 
openstack@lists.openstack.org; Ge C Dr (Elec Electronic Eng) 
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack



On Fri, Jul 20, 2018 at 1:02 PM, 
mailto:d.l...@surrey.ac.uk>> wrote:
Hello

I’m trying to use a VM as a router in an OpenStack + ODL installation.

I have the VM set up with two internal addresses - 10.10.5.21 and 10.10.6.21.   
They are allocated floating public addresses of 10.201.81.21 and 10.201.82.21 
respectively.

I am using a TREx load generator which sources from 
16.0.0.0/8 and sinks to 48.0.0.0/8.

I have added routes both ways on the routers between the floating and private 
addresses.

I have read that I need to disable “port security” on the VM ports to allow IP 
spoofing - does this also include the router ports?

Router ports have port security disabled by default , no need to do that 
explicitly.

Also, when I start a test session generating traffic from 16.0.0.0 -> 48.0.0.0. 
I see a flow in OVS which matches but has an action of “drop.”

Which table exactly is the packet dropped?

How do I overcome this?

Thanks in advance

David

Sent from my iPhone

___
netvirt-dev mailing list
netvirt-...@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/netvirt-dev

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [netvirt-dev] VM as a router with ODL/OpenStack

[d.lake]

Hi Aswin

From a “ovs-dpctl dump-flows” I see this:

recirc_id(0),in_port(5),eth(src=a0:36:9f:f6:f9:98,dst=fa:16:3e:f1:8e:3d),eth_type(0x0800),ipv4(src=16.0.0.0/240.0.0.0,dst=48.0.0.0/255.0.0.0,frag=no),
 packets:1438, bytes:105356, used:0.005s, flags:S, actions:drop


The src MAC address is the traffic generator.   The dst is the MAC address of 
the floating IP.

David

From: Aswin Suryanarayanan [mailto:asury...@redhat.com]
Sent: 20 July 2018 10:45
To: Lake D Mr (PG/R - Elec Electronic Eng) 
Cc: odl netvirt dev ; 
openstack@lists.openstack.org; Ge C Dr (Elec Electronic Eng) 
Subject: Re: [netvirt-dev] VM as a router with ODL/OpenStack



On Fri, Jul 20, 2018 at 1:02 PM, 
mailto:d.l...@surrey.ac.uk>> wrote:
Hello

I’m trying to use a VM as a router in an OpenStack + ODL installation.

I have the VM set up with two internal addresses - 10.10.5.21 and 10.10.6.21.   
They are allocated floating public addresses of 10.201.81.21 and 10.201.82.21 
respectively.

I am using a TREx load generator which sources from 
16.0.0.0/8 and sinks to 48.0.0.0/8.

I have added routes both ways on the routers between the floating and private 
addresses.

I have read that I need to disable “port security” on the VM ports to allow IP 
spoofing - does this also include the router ports?

Router ports have port security disabled by default , no need to do that 
explicitly.

Also, when I start a test session generating traffic from 16.0.0.0 -> 48.0.0.0. 
I see a flow in OVS which matches but has an action of “drop.”

Which table exactly is the packet dropped?

How do I overcome this?

Thanks in advance

David

Sent from my iPhone

___
netvirt-dev mailing list
netvirt-...@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/netvirt-dev

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] VM as a router with ODL/OpenStack

[d.lake]

Hello

I’m trying to use a VM as a router in an OpenStack + ODL installation.

I have the VM set up with two internal addresses - 10.10.5.21 and 10.10.6.21.   
They are allocated floating public addresses of 10.201.81.21 and 10.201.82.21 
respectively.

I am using a TREx load generator which sources from 16.0.0.0/8 and sinks to 
48.0.0.0/8.

I have added routes both ways on the routers between the floating and private 
addresses.

I have read that I need to disable “port security” on the VM ports to allow IP 
spoofing - does this also include the router ports?

Also, when I start a test session generating traffic from 16.0.0.0 -> 48.0.0.0. 
I see a flow in OVS which matches but has an action of “drop.”

How do I overcome this?

Thanks in advance

David

Sent from my iPhone
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Issues with Hypervisor after Devstack

[d.lake]

Hello

I’m reinstalling a single-node devstack system and everything looks OK except 
the compute node never appears in he list of Hypervisors.

I do a “discover-hosts” and nothing is found.

Note - this is a reinstall form an unchanged local.conf - in other words, it 
has worked before.

I am suspecting that this is something to do with name resolution but I have no 
idea what.

I have a DNS server in /etc/resolv.conf to get the source code.   But the name 
of my system “Openstack” does not appear in the DNS.

I have declared the IP address in local.conf as 127.0.0.1 and the host name as 
OpenStack.  I have entries in /etc/host for both OpenStack to my IP address and 
to 127.0.0.1

I have no idea how to go around debugging this !

As far as I can see, nslookup gives me no response on the DNS as expected.

I know devstack may not be the best way to do this but it has worked in the 
past and I have no idea why it now fails.   I just need to restore service for 
now.

Thanks

David

Sent from my iPhone
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Devstack installation with multiple public networks and ODL

[d.lake]

Hello

I have built the following:


  *   CONTROL server.  Single GigE interface, compute services disabled.
  *   COMPUTE server.   -
 *   GigE on same network as CONTROL server
 *   4 x 10GE interfaces configured identically:
*   OVSBridge ports (named br-physnet1 to br-physnet4)
*   Physical interfaces em1 to em4 connected to above bridges.
*   OVS sees these bridge ports
*   In local.conf on the compute server I have the following:
Q_ML2_PLUGIN_MECHANISM_DRIVERS=opendaylight,logger
Q_L3_ENABLED=True
PUBLIC_BRIDGE=br-physnet1
PUBLIC_PHYSICAL_NETWORK=physnet1,physnet2,physnet3,physnet4
#PUBLIC_PHYSICAL_NETWORK=physnet1
#ODL_PROVIDER_MAPPINGS=${PUBLIC_PHYSICAL_NETWORK}:br-physnet1
ODL_PROVIDER_MAPPINGS=physnet1:br-physnet1,physnet2:br-physnet2,physnet3:br-physnet3,physnet4:br-physnet4
#ODL_PROVIDER_MAPPINGS=physnet1:br-physnet1
ODL_L3=True


"Stack" works fine, but I have two issues:



  1.  I seem to need to include multiple external-facing Ethernet ports in the 
local.conf on the CONTROL server even though the CONTROL server requires no 
external network access.


  1.  When I try to add Neutron networks to match the external physnet1 to 
physnet4 definitions, I can add a network for physnet1 but physnet2, physnet3 
and physnet4 give this error:


Invalid input for operation: physical_network 'physnet2' unknown for flat 
provider network.



With the physnet1 network, everything works as expected.

Can someone help me determine what the CORRECT local.conf should be in order to 
build the architecture I need to create please?

Thank you

David Lake
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Issues Understanding Neutron Networking Layout

[d.lake]

Hi Dean

I guessed this was the answer but I was afraid to admit it :-)

Can you point me to any documentation  to allow me to build to this kind of 
layout?

I’ve struggled to find anything with blue-print/step-by-step installation which 
is why i fell back to DevStack...

David

Sent from my iPhone

From: Dean Troyer 
Sent: Thursday, December 21, 2017 4:42:40 PM
To: Lake D Mr (PG/R - Elec Electronic Eng)
Cc: trinath.soman...@nxp.com; openstack@lists.openstack.org; 
netvirt-...@lists.opendaylight.org
Subject: Re: [Openstack] Issues Understanding Neutron Networking Layout

On Thu, Dec 21, 2017 at 4:23 AM,   wrote:
> Controller in one location with a single IP connection (1 GE)
> Compute node in a remote location with 4 10GE connections for public
> networking and 1GE IP connection to the Controller
>
> The VMs on the Compute node will each have 2 10GE connections as they will
> be forwarding data.
>
> I have successfully deployed a Pike system with ODL with the previously
> attached local.conf.

I'll be blunt here, DevStack is absolutely the wrong tool for this
job.  The fact that you got this far with it is admirable but it was
never intended to support that sort of a custom installation, hence
the difficulties you are experiencing.  There are a number of
assumption in DevStack that are contrary to your setup, including
around the network configuration and how multi-node DevStack is built.

Unless you really need the services built from source you will have a
much better time down the road installing from packages of one form or
another, if not just using something like Packstack.  Sorting out the
network configuration should be easier as you will not need to
translate between DevStack's variables and the documented Neutron
configs.

dt

--
Dean Troyer
dtro...@gmail.com
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Issues Understanding Neutron Networking Layout

[d.lake]

Hello OpenStack and NetVirt

I'd really appreciate some guidance here because I am a confused as to how I 
should be building this.

To explain what I want to do:


  *   Controller in one location with a single IP connection (1 GE)
  *   Compute node in a remote location with 4 10GE connections for public 
networking and 1GE IP connection to the Controller

The VMs on the Compute node will each have 2 10GE connections as they will be 
forwarding data.


I have successfully deployed a Pike system with ODL with the previously 
attached local.conf.

However, there seem to be a number of areas of confusion for me:


  *   In the local.conf for the Control node, why do I need to declare 
ODL_PROVIDER_MAPPINGS ?   There will be no connection to data-forwarding 
networks at the Controller location.  However, if I leave these out (I declare 
physnet1-physnet4 and bridge them to disconnected ports on the Control node 
em1-em4) when I try to build the VXLAN network with Neutron, I get a failure in 
that the Provider Network does not exist.
  *   If I declare the physnet1-physnet4 on the Compute node, whilst this 
works, when I try to add the local networks using Neutron, it appears to be 
using information relevant to the Control node, not the Compute node.
  *   The only way that I have found I can make any of this work is to 
essentially build a Layer 2 network layout on the Control node which matches 
that of the Compute node and is connected to it.  This is problematic in my 
layout because I don't have layer 2 connectivity between the locations with the 
Control and the Compute nodes.
  *   Even when that happens, the DHCP server appears to be on the Control 
node, not the Compute node.  That should be fine if the VXLAN tunnel is up, but 
I've found that the VXLAN flow is only built on the physical layer 2 link 
between the systems and I don't have any layer 2 links on the Control node.

Also, in local.conf, I seem to have to declare PUBLIC_BRIDGE.   I have no idea 
what this does or how the system would react to having four PUBLIC_BRIDGE 
entries:

PUBLIC_BRIDGE=br-physnet1
#PUBLIC_PHYSICAL_NETWORK=physnet1,physnet2,physnet3,physnet4
PUBLIC_PHYSICAL_NETWORK=physnet1
#ML2_VLAN_RANGES=physnet1,physnet2,physnet3,physnet4
ML2_VLAN_RANGES=physnet1
#ODL_PROVIDER_MAPPINGS=physnet1:br-physnet1,physnet2:br-physnet2,physnet3:br-physnet3,physnet4:br-physnet4
ODL_PROVIDER_MAPPINGS=physnet1:br-physnet1

The commented out lines are what I eventually want but only on the Compute 
node.  br-physnetx bridges to physical interface emx respectively.  The Control 
node really needs no VM side networking at all.

I'm probably getting very confused here - what I want is the ability at the 
remote location to have four 10GE connections to a local Layer2 network and 
simply have 2 of those appear on a Virtual Machine instantiated at that remove 
location.   The physical network ports should be directly bridged to the VM.

I then want the third network to boot-up as normal from OpenStack and obtain an 
internal IP address so that I can ssh to the machine.

I'd really appreciate some assistance because I am at the point of not 
understanding the options here or how to configure them into the DevStack 
builder.

Thanks

David

From: Lake D Mr (PG/R - Elec Electronic Eng)
Sent: 19 December 2017 22:27
To: 'Trinath Somanchi' ; 
'openstack@lists.openstack.org' 
Subject: RE: Issues Understanding Neutron Networking Layout

I tried sending the log file to the list but it was rejected as too large.

So I've zipped the log file.

David

From: Lake D Mr (PG/R - Elec Electronic Eng)
Sent: 19 December 2017 16:02
To: 'Trinath Somanchi' 
>; 
openstack@lists.openstack.org
Subject: RE: Issues Understanding Neutron Networking Layout

OK - the log file from trying to start a new instance on the Compute server 
(intel-test2) is attached.   Control server is called "23-210"

Line 2017 doesn't look right to me:

Dec 19 15:26:36 23-210 neutron-server[169175]: DEBUG 
neutron.plugins.ml2.managers [req-e60dabcc-4c78-4ad2-8eed-11c70e5433dc 
req-ca0a8968-16cf-4548-9654-a248a28268ca service neutron] Attempting to bind 
port f1702fcc-49e0-4b98-8304-860ee2c436aa on host intel-test2 at level 0 using 
segments [{'network_id': '3862495f-43d2-4dbc-a67b-ade91d97e141', 
'segmentation_id': 1500, 'physical_network': None, 'id': 
'4d45af9a-72ee-4fef-9042-a5e7debff29b', 'network_type': u'vxlan'}] 
{{(pid=169276) _bind_port_level 
/opt/stack/neutron/neutron/plugins/ml2/managers.py:765}}

Segmentation ID 1500 is the VXLAN I want to use but it says "Physical 
Network:None"

Is this correct?

David

From: Trinath Somanchi [mailto:trinath.soman...@nxp.com]
Sent: 19 December 2017 10:30
To: Lake D Mr (PG/R - Elec Electronic Eng) 
>; 

Re: [Openstack] Issues Understanding Neutron Networking Layout

[d.lake]

Can you tell me where to look?   None of the usual "screen" logs are there with 
the latest DevStack and the system doesn't seem to be populating any of the 
/var/log locations etiher.

David

From: Trinath Somanchi [mailto:trinath.soman...@nxp.com]
Sent: 19 December 2017 08:51
To: Lake D Mr (PG/R - Elec Electronic Eng) ; 
openstack@lists.openstack.org
Subject: RE: Issues Understanding Neutron Networking Layout

Can you check neutron server/agent logs for exact error to debug ?

/
   Trinath Somanchi | HSDC | NXP INDIA

From: d.l...@surrey.ac.uk 
[mailto:d.l...@surrey.ac.uk]
Sent: Tuesday, December 19, 2017 2:02 PM
To: openstack@lists.openstack.org
Subject: [Openstack] Issues Understanding Neutron Networking Layout

Hello

I'm trying to create a Pike system with Carbon ODL integration using a single 
Controller node and a single Compute node.

The Controller Node has a single 1GE NIC to the management network.  It will 
not run any compute or network services.

The Compute Node has a single 1GE NIC to the management network and 4 x 10GE 
NICS for public network access.  I will be creating 4 VXNets, 4 routers, 4 
pools of public floating IP addresses.

I have built the machines using DevStack (configs attached).

It seems that even though the Controller node will have no network/compute 
functions, I still need to declare the ODL and networking parts in the 
local.conf on the controller.   But this implies that the Controller also has 
to have access to the 10GE network which I don't want or need.

I have created 4 OVS bridges on both the Controller and the Compute nodes but 
the corresponding NICs on the Controller are not connected anywhere.  The 
bridges are br-physnet1 to br-physnet4 and these link to em1 to em4 
respectively.  Only the em1 - em4 on the Compute node are actually active.

I then create the VXLAN, router and DHCP agent.

However, when I try to start an instance on the Compute node post DevStack 
installation, I hit an issue where the GUI tells me it has been "unable to 
allocate network."

I see no attempt to create a VXLAN between the Controller and the Compute node. 
  IPTables is open and a sniff on port 4789 reveals no traffic back and forth 
(on either side).

Does the Controller need to be physically connected to the same public facing 
networks as the Compute node?

Alternatively, how can I get all the Networking functions to run in the Compute 
node so that the Controller is just a controller?

Thanks

David
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Issues Understanding Neutron Networking Layout

[d.lake]

Hello

I'm trying to create a Pike system with Carbon ODL integration using a single 
Controller node and a single Compute node.

The Controller Node has a single 1GE NIC to the management network.  It will 
not run any compute or network services.

The Compute Node has a single 1GE NIC to the management network and 4 x 10GE 
NICS for public network access.  I will be creating 4 VXNets, 4 routers, 4 
pools of public floating IP addresses.

I have built the machines using DevStack (configs attached).

It seems that even though the Controller node will have no network/compute 
functions, I still need to declare the ODL and networking parts in the 
local.conf on the controller.   But this implies that the Controller also has 
to have access to the 10GE network which I don't want or need.

I have created 4 OVS bridges on both the Controller and the Compute nodes but 
the corresponding NICs on the Controller are not connected anywhere.  The 
bridges are br-physnet1 to br-physnet4 and these link to em1 to em4 
respectively.  Only the em1 - em4 on the Compute node are actually active.

I then create the VXLAN, router and DHCP agent.

However, when I try to start an instance on the Compute node post DevStack 
installation, I hit an issue where the GUI tells me it has been "unable to 
allocate network."

I see no attempt to create a VXLAN between the Controller and the Compute node. 
  IPTables is open and a sniff on port 4789 reveals no traffic back and forth 
(on either side).

Does the Controller need to be physically connected to the same public facing 
networks as the Compute node?

Alternatively, how can I get all the Networking functions to run in the Compute 
node so that the Controller is just a controller?

Thanks

David


local.conf.COMPUTE
Description: local.conf.COMPUTE


local.conf.CONTROL
Description: local.conf.CONTROL
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Issue installing OpenStack Pike with Devstack

[d.lake]

Hi Bernd

Thanks - I’ll start looking around at glance and Apache.   I’ve told Devstack 
not to load the sample images and it is now failing further along with a 500 
Error so it is certainly something around HTTP.

This is SO annoying because all I am trying to do is to take a working system 
and clone it into identical hardware.   I’m not changing any versions or even 
any of the layout.

Even if I clone the /opt/stack/Devstack directory, the first thing that stack 
seems to do is connect out and pull down not the versions of underlying code 
which worked before but the latest.   Even the “upper-requirements” file is 
pulled down so I can’t nail that down to what I know works.

I’m going to clean everything out on the new system and just run the most 
simple Devstack to see if that works.

David

Sent from my iPhone

From: Bernd Bausch 
Sent: Thursday, December 7, 2017 7:01:33 AM
To: Lake D Mr (PG/R - Elec Electronic Eng); Openstack@lists.openstack.org
Subject: RE: [Openstack] Issue installing OpenStack Pike with Devstack

> The proxy server received an invalid: response from an upstream server.
(HTTP 502)

Apache is the proxy server for Glance in this case. The message says that
Apache doesn't get the expected response from Glance, which could mean that
Glance is not running at all. Check for other errors further up in the log.

An earlier local.conf not working anymore on a newer DevStack version has
hit me as well at times. You may have to carefully evaluate what you need in
your cloud and throw out everything else. You might also have version
mismatches - remember that enable_plugin has an optional version parameter.

Bernd Bausch


From: d.l...@surrey.ac.uk [mailto:d.l...@surrey.ac.uk]
Sent: Thursday, December 7, 2017 8:45 AM
To: Openstack@lists.openstack.org
Subject: Re: [Openstack] Issue installing OpenStack Pike with Devstack

Following from my earlier email, I’ve traced the problem to a mis-match of
arguments between /opt/stack/nova/nova/db/sqlalchemy/api.py and nova-manage.

If I change api.py to exclude the retry_on_request from the list of
arguments, nova-manage works.

This is obviously the wrong thing to do but at least it gets things
underway.

At least, I get further through the installation.

I am now seeing another error further down the installation:

2017-12-06 23:36:40.076 | + functions:upload_image:380   :
openstack --os-cloud=devstack-admin --os-region-name=RegionOne image create
cirros-0.3.5-x86_64-disk --public --container-format=bare --disk-format
qcow2
2017-12-06 23:36:42.338 | 502 Bad Gateway: Bad Gateway: The proxy server
received an invalid: response from an upstream server. (HTTP 502)

I’m not using a proxy server so I have no idea where THIS one is coming
from.  If I run the command manually, it works.

David

From: Lake D Mr (PG/R - Elec Electronic Eng)
Sent: 06 December 2017 21:49
To: 'Openstack@lists.openstack.org' 
Subject: Issue installing OpenStack Pike with Devstack

Hello

I’m trying to install a new OpenStack Pike environment using Devstack.  The
local.conf is identical to a system built in early October (same base OS –
CentOS7, same interfaces, different IP addresses, but that is all).

The system in October installed perfectly.

This system refuses to install falling over at the very first “nova-manage”

2017-12-06 21:36:36.337 | + lib/nova:init_nova:694   :
/usr/bin/nova-manage --config-file /etc/nova/nova.conf api_db sync
2017-12-06 21:36:38.426 | Traceback (most recent call last):
2017-12-06 21:36:38.426 |   File "/usr/bin/nova-manage", line 6, in 
2017-12-06 21:36:38.427 | from nova.cmd.manage import main
2017-12-06 21:36:38.427 |   File "/opt/stack/nova/nova/cmd/manage.py", line
82, in 
2017-12-06 21:36:38.427 | from nova import config
2017-12-06 21:36:38.427 |   File "/opt/stack/nova/nova/config.py", line 23,
in 
2017-12-06 21:36:38.427 | from nova.db.sqlalchemy import api as
sqlalchemy_api
2017-12-06 21:36:38.427 |   File
"/opt/stack/nova/nova/db/sqlalchemy/api.py", line 925, in 
2017-12-06 21:36:38.427 | retry_on_request=True)
2017-12-06 21:36:38.427 | TypeError: __init__() got an unexpected keyword
argument 'retry_on_request'

The only difference I can see between the two systems is that the Python
libraries are different versions (oslo.db is 4.25.0 on the old system,
4.31.0 on the new one).

I have no idea where to start looking.

Thanks

David



___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Issue installing OpenStack Pike with Devstack

[d.lake]

Following from my earlier email, I've traced the problem to a mis-match of 
arguments between /opt/stack/nova/nova/db/sqlalchemy/api.py and nova-manage.

If I change api.py to exclude the retry_on_request from the list of arguments, 
nova-manage works.

This is obviously the wrong thing to do but at least it gets things underway.

At least, I get further through the installation.

I am now seeing another error further down the installation:

2017-12-06 23:36:40.076 | + functions:upload_image:380   :   
openstack --os-cloud=devstack-admin --os-region-name=RegionOne image create 
cirros-0.3.5-x86_64-disk --public --container-format=bare --disk-format qcow2
2017-12-06 23:36:42.338 | 502 Bad Gateway: Bad Gateway: The proxy server 
received an invalid: response from an upstream server. (HTTP 502)

I'm not using a proxy server so I have no idea where THIS one is coming from.  
If I run the command manually, it works.

David

From: Lake D Mr (PG/R - Elec Electronic Eng)
Sent: 06 December 2017 21:49
To: 'Openstack@lists.openstack.org' 
Subject: Issue installing OpenStack Pike with Devstack

Hello

I'm trying to install a new OpenStack Pike environment using Devstack.  The 
local.conf is identical to a system built in early October (same base OS - 
CentOS7, same interfaces, different IP addresses, but that is all).

The system in October installed perfectly.

This system refuses to install falling over at the very first "nova-manage"

2017-12-06 21:36:36.337 | + lib/nova:init_nova:694   :   
/usr/bin/nova-manage --config-file /etc/nova/nova.conf api_db sync
2017-12-06 21:36:38.426 | Traceback (most recent call last):
2017-12-06 21:36:38.426 |   File "/usr/bin/nova-manage", line 6, in 
2017-12-06 21:36:38.427 | from nova.cmd.manage import main
2017-12-06 21:36:38.427 |   File "/opt/stack/nova/nova/cmd/manage.py", line 82, 
in 
2017-12-06 21:36:38.427 | from nova import config
2017-12-06 21:36:38.427 |   File "/opt/stack/nova/nova/config.py", line 23, in 

2017-12-06 21:36:38.427 | from nova.db.sqlalchemy import api as 
sqlalchemy_api
2017-12-06 21:36:38.427 |   File "/opt/stack/nova/nova/db/sqlalchemy/api.py", 
line 925, in 
2017-12-06 21:36:38.427 | retry_on_request=True)
2017-12-06 21:36:38.427 | TypeError: __init__() got an unexpected keyword 
argument 'retry_on_request'

The only difference I can see between the two systems is that the Python 
libraries are different versions (oslo.db is 4.25.0 on the old system, 4.31.0 
on the new one).

I have no idea where to start looking.

Thanks

David


___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Issue installing OpenStack Pike with Devstack

[d.lake]

Hello

I'm trying to install a new OpenStack Pike environment using Devstack.  The 
local.conf is identical to a system built in early October (same base OS - 
CentOS7, same interfaces, different IP addresses, but that is all).

The system in October installed perfectly.

This system refuses to install falling over at the very first "nova-manage"

2017-12-06 21:36:36.337 | + lib/nova:init_nova:694   :   
/usr/bin/nova-manage --config-file /etc/nova/nova.conf api_db sync
2017-12-06 21:36:38.426 | Traceback (most recent call last):
2017-12-06 21:36:38.426 |   File "/usr/bin/nova-manage", line 6, in 
2017-12-06 21:36:38.427 | from nova.cmd.manage import main
2017-12-06 21:36:38.427 |   File "/opt/stack/nova/nova/cmd/manage.py", line 82, 
in 
2017-12-06 21:36:38.427 | from nova import config
2017-12-06 21:36:38.427 |   File "/opt/stack/nova/nova/config.py", line 23, in 

2017-12-06 21:36:38.427 | from nova.db.sqlalchemy import api as 
sqlalchemy_api
2017-12-06 21:36:38.427 |   File "/opt/stack/nova/nova/db/sqlalchemy/api.py", 
line 925, in 
2017-12-06 21:36:38.427 | retry_on_request=True)
2017-12-06 21:36:38.427 | TypeError: __init__() got an unexpected keyword 
argument 'retry_on_request'

The only difference I can see between the two systems is that the Python 
libraries are different versions (oslo.db is 4.25.0 on the old system, 4.31.0 
on the new one).

I have no idea where to start looking.

Thanks

David




local.conf
Description: local.conf
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack