Re: [Openstack] How to make DevStack install OpenStack with Neutron?
Mark Kirkwood mark.kirkw...@catalyst.net.nz wrote on 10/07/2014 02:50:01 AM: On 07/10/14 19:44, Mike Spreitzer wrote: Mark Kirkwood mark.kirkw...@catalyst.net.nz wrote on 10/07/2014 02:23:36 AM: I think why this is not documented is the usual use-case for devstack is development setups where real external ips for the VMs is usually not a point of interest. For instance I never need this...I do sometimes want the VMs to be able to access the internet, and that is pretty easy: $ sudo sysctl -w net.ipv4.ip_forward=1 $ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE For access the other way, yes it's more complex. As others have posted, you need real ip ranges available in your external network and (probably) an additional nic in your test box that can be designated/mapped as br-ex so that the various routers/gateways in the neutron setup use it. Thanks, Mark. As I mentioned in my original post, I have a block of IP addresses that I can use as I see fit --- I have a subnet that I control. I do not see why an additional NIC on the host would be needed, it already has a NIC connected to a subnet that I control (I am trying to make it easy here). True, you can just assign another ip to your nic (in the appropriate subnet range) and use that as br-ex - yes, I'm being old fashioned and would prefer another nic to make it clear to me what was happening :-) So I tried using DevStack with FLOATING_RANGE and PUBLIC_NETWORK_GATEWAY matching the initial network config of my lab machine, and with Q_FLOATING_ALLOCATION_POOL set to keep Neutron from allocating IPs already in use on my subnet. I found that DevStack ruined my machine, by setting PUBLIC_NETWORK_GATEWAY as the address of br-ex. There is an existing bug for this: https://bugs.launchpad.net/devstack/+bug/1339982 . What mystifies me is that it is marked as affecting only three people. Are there really only three people who use DevStack on service machines (rather than personal ones) and try to get inside/outside communication working as Neutron intended it? Our CI checking uses DevStack on service machines, right? Perhaps there is no problem there because checking does not attempt inside-outside communication? Thanks, Mike ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] How to make DevStack install OpenStack with Neutron?
On 07/10/14 18:43, Mike Spreitzer wrote: Thanks, Mark. OK, maybe I should say that I am past my first attempt, and am on to something a little more ambitious. Following recipes like yours, and also ones from Sergey Kraynev, Salvatore Orlando, and Ian Choi, I am able to get DevStack to create an OpenStack installation with Neutron that works --- as long as I do not attempt any communication between the outside world and the VMs that I can create with that OpenStack. What I want is a local.conf or localrc that will cause DevStack to do a single-node install of OpenStack with Neutron (I am not picky about plugin or driver) on a host with one NIC, with the following property. When I use that OpenStack to create a VM, and assign a floating IP to that VM, IP communication between that VM and machines in the wider world is possible. By the wider world I mean the part of the internet with which the host can communicate, whatever that may be. For example, if the host is a machine on the public internet, the wider world would be everything reachable on the public internet. Another example was in my original question: the host is a lab machine on a 10... network (it has more than one subnet, connected by real layer 3 routers), and the wider world in that case is all the other machines in that lab. As best I can tell, this requires some correspondence between (a) the settings of FLOATING_RANGE and PUBLIC_NETWORK_GATEWAY that I put in localrc and (b) the pre-DevStack IP address, netmask, and gateway of the host. Perhaps I am confused about something critical here. I do not understand why nobody talks about this. Is it because everybody is using the same Vagrant/VBox script and that happens to correspond with the DevStack defaults? Sorry, yes makes sense. I think why this is not documented is the usual use-case for devstack is development setups where real external ips for the VMs is usually not a point of interest. For instance I never need this...I do sometimes want the VMs to be able to access the internet, and that is pretty easy: $ sudo sysctl -w net.ipv4.ip_forward=1 $ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE For access the other way, yes it's more complex. As others have posted, you need real ip ranges available in your external network and (probably) an additional nic in your test box that can be designated/mapped as br-ex so that the various routers/gateways in the neutron setup use it. Cheers Mark ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] How to make DevStack install OpenStack with Neutron?
On 07/10/14 19:44, Mike Spreitzer wrote: Mark Kirkwood mark.kirkw...@catalyst.net.nz wrote on 10/07/2014 02:23:36 AM: I think why this is not documented is the usual use-case for devstack is development setups where real external ips for the VMs is usually not a point of interest. For instance I never need this...I do sometimes want the VMs to be able to access the internet, and that is pretty easy: $ sudo sysctl -w net.ipv4.ip_forward=1 $ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE For access the other way, yes it's more complex. As others have posted, you need real ip ranges available in your external network and (probably) an additional nic in your test box that can be designated/mapped as br-ex so that the various routers/gateways in the neutron setup use it. Thanks, Mark. As I mentioned in my original post, I have a block of IP addresses that I can use as I see fit --- I have a subnet that I control. I do not see why an additional NIC on the host would be needed, it already has a NIC connected to a subnet that I control (I am trying to make it easy here). True, you can just assign another ip to your nic (in the appropriate subnet range) and use that as br-ex - yes, I'm being old fashioned and would prefer another nic to make it clear to me what was happening :-) ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] How to make DevStack install OpenStack with Neutron?
Mark Kirkwood mark.kirkw...@catalyst.net.nz wrote on 10/07/2014 02:23:36 AM: I think why this is not documented is the usual use-case for devstack is development setups where real external ips for the VMs is usually not a point of interest. For instance I never need this...I do sometimes want the VMs to be able to access the internet, and that is pretty easy: $ sudo sysctl -w net.ipv4.ip_forward=1 $ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE For access the other way, yes it's more complex. As others have posted, you need real ip ranges available in your external network and (probably) an additional nic in your test box that can be designated/mapped as br-ex so that the various routers/gateways in the neutron setup use it. Thanks, Mark. As I mentioned in my original post, I have a block of IP addresses that I can use as I see fit --- I have a subnet that I control. I do not see why an additional NIC on the host would be needed, it already has a NIC connected to a subnet that I control (I am trying to make it easy here). Thanks, Mike ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] How to make DevStack install OpenStack with Neutron?
Is it possible to use DevStack to install OpenStack, including Neutron, so that OpenStack can make a VM that can communicate with the world beyond OpenStack? I am looking for a simple localrc or local.conf that will do this. Let us take a concrete example. Suppose I have a machine with one NIC, at 10.84.133.238/28. It has a simple routing table: one entry for the local subnet, one default route through a gateway at 10.84.133.225. I have nothing else on the 10.84.133.238/28 subnet, I can use the other addresses (aside from .224 and .239) for VMs. What do I put in my localrc? Do I have to fix up anything after stack.sh completes? Once I have a working OpenStack, the remaining questions are about how to use it to create a VM with the desired ability. That would be as the demo user, in the demo tenant, right? I would need a security group that allows the desired communication, of course. Create the VM on the private net, give it a floating IP on the public network. Any tricks missed here? Does it matter whether my machine at 10.84.133.238 is a bare metal machine or a VM in some undercloud? Does it matter whether my machine has multiple ethN interfaces that have been bonded to make the interface (named bond0) in use? Thanks, Mike___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] How to make DevStack install OpenStack with Neutron?
Some (hopefully) helpful answer inline. Salvatore On 6 October 2014 22:45, Mike Spreitzer mspre...@us.ibm.com wrote: Is it possible to use DevStack to install OpenStack, including Neutron, so that OpenStack can make a VM that can communicate with the world beyond OpenStack? I am looking for a simple localrc or local.conf that will do this. This is a localrc I have been using for ages for launching neutron (with a few changes over time, of course): http://paste.openstack.org/show/119143/ Let us take a concrete example. Suppose I have a machine with one NIC, at 10.84.133.238/28. It has a simple routing table: one entry for the local subnet, one default route through a gateway at 10.84.133.225. I have nothing else on the 10.84.133.238/28 subnet, I can use the other addresses (aside from .224 and .239) for VMs. What do I put in my localrc? Do I have to fix up anything after stack.sh completes? If that's your only interface, there is no need to specify anything in localrc. I rarely do that, but if you wish to use flat or vlan networking you'll probably need to specify the name of a bridge in localrc. Once I have a working OpenStack, the remaining questions are about how to use it to create a VM with the desired ability. That would be as the demo user, in the demo tenant, right? I would need a security group that allows the desired communication, of course. Create the VM on the private net, give it a floating IP on the public network. Any tricks missed here? Devstack will give you a private network connected to a router which is uplinked to the external network. So you're right - you just need to boot a vm and assign a floating ip to its port. Does it matter whether my machine at 10.84.133.238 is a bare metal machine or a VM in some undercloud? I don't think it matters, at least with the ML2 plugin and OVS/LB mech drivers - plus other plugins I know of. But restrictions might exist with other plugins of which I'm not aware. Does it matter whether my machine has multiple ethN interfaces that have been bonded to make the interface (named bond0) in use? I don't think it matters at all, especially if you have a single node setup. Thanks, Mike ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] How to make DevStack install OpenStack with Neutron?
From: Salvatore Orlando sorla...@nicira.com To: Mike Spreitzer/Watson/IBM@IBMUS Cc: OpenStack openstack@lists.openstack.org Date: 10/06/2014 05:40 PM Subject: Re: [Openstack] How to make DevStack install OpenStack with Neutron? Some (hopefully) helpful answer inline. Salvatore On 6 October 2014 22:45, Mike Spreitzer mspre...@us.ibm.com wrote: Is it possible to use DevStack to install OpenStack, including Neutron, so that OpenStack can make a VM that can communicate with the world beyond OpenStack? I am looking for a simple localrc or local.conf that will do this. This is a localrc I have been using for ages for launching neutron (with a few changes over time, of course): http:// paste.openstack.org/show/119143/ When I open http://paste.openstack.org/show/119143/ in my browser, I see this: Internal Server Error The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application. Let us take a concrete example. Suppose I have a machine with one NIC, at 10.84.133.238/28. It has a simple routing table: one entry for the local subnet, one default route through a gateway at 10.84.133.225. I have nothing else on the 10.84.133.238/28 subnet, I can use the other addresses (aside from .224 and .239) for VMs. What do I put in my localrc? Do I have to fix up anything after stack.sh completes? If that's your only interface, there is no need to specify anything in localrc. You mean I do not have to set PUBLIC_NETWORK_GATEWAY=10.84.133.225 in my localrc? I guess I am still confused about a basic fact about PUBLIC_NETWORK_GATEWAY: is this the IP address of a pre-existing gateway between my host's subnet and the wider world, or is it the IP address that DevStack will assign to a gateway that DevStack creates between OpenStack's external and private networks? I rarely do that, but if you wish to use flat or vlan networking you'll probably need to specify the name of a bridge in localrc. To start with, I'll settle for anything that works. Once I have a working OpenStack, the remaining questions are about how to use it to create a VM with the desired ability. That would be as the demo user, in the demo tenant, right? I would need a security group that allows the desired communication, of course. Create the VM on the private net, give it a floating IP on the public network. Any tricks missed here? Devstack will give you a private network connected to a router which is uplinked to the external network. So you're right - you just need to boot a vm and assign a floating ip to its port. Does it matter whether my machine at 10.84.133.238 is a bare metal machine or a VM in some undercloud? I don't think it matters, at least with the ML2 plugin and OVS/LB mech drivers - plus other plugins I know of. But restrictions might exist with other plugins of which I'm not aware. Does it matter whether my machine has multiple ethN interfaces that have been bonded to make the interface (named bond0) in use? I don't think it matters at all, especially if you have a single node setup. Thanks, Mike___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] How to make DevStack install OpenStack with Neutron?
From: Salvatore Orlando sorla...@nicira.com To: Mike Spreitzer/Watson/IBM@IBMUS Cc: OpenStack openstack@lists.openstack.org Date: 10/06/2014 05:40 PM Subject: Re: [Openstack] How to make DevStack install OpenStack with Neutron? ... This is a localrc I have been using for ages for launching neutron (with a few changes over time, of course): http:// paste.openstack.org/show/119143/ Thank you. When I try exactly that URL, the server errors. But if I strip off the final slash, I see your paste. I see nothing in that paste about setting the FLOATING_RANGE nor PUBLIC_NETWORK_GATEWAY. These need to bear some relation to the host's subnet, right? Before you run DevStack, what is your host's IP address, netmask, and gateway? Does PUBLIC_NETWORK_GATEWAY describe a pre-existing gateway between the host's subnet and the wider world, or does it describe a gateway that DevStack creates between OpenStack's public and private networks? Sorry, I should have given more details up front. I am trying for my first successful install, so am not picky. I do not really care which plugin is used, nor which driver. A single-node install is fine. I have done most of my testing with a fully updated Ubuntu 14.04 host. I am trying to use DevStack to install the latest code. Thanks, Mike ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] How to make DevStack install OpenStack with Neutron?
On 07/10/14 09:45, Mike Spreitzer wrote: Is it possible to use DevStack to install OpenStack, including Neutron, so that OpenStack can make a VM that can communicate with the world beyond OpenStack? I am looking for a simple localrc or local.conf that will do this. Let us take a concrete example. Suppose I have a machine with one NIC, at 10.84.133.238/28. It has a simple routing table: one entry for the local subnet, one default route through a gateway at 10.84.133.225. I have nothing else on the 10.84.133.238/28 subnet, I can use the other addresses (aside from .224 and .239) for VMs. What do I put in my localrc? Do I have to fix up anything after stack.sh completes? Once I have a working OpenStack, the remaining questions are about how to use it to create a VM with the desired ability. That would be as the demo user, in the demo tenant, right? I would need a security group that allows the desired communication, of course. Create the VM on the private net, give it a floating IP on the public network. Any tricks missed here? Does it matter whether my machine at 10.84.133.238 is a bare metal machine or a VM in some undercloud? Does it matter whether my machine has multiple ethN interfaces that have been bonded to make the interface (named bond0) in use? For your first attempt you can probably make a simple set of changes to local.conf and just run the stack setup: $ cd devstack $ vi local.conf $ cat local.conf [[local|localrc]] ADMIN_PASSWORD=password MYSQL_PASSWORD=password RABBIT_PASSWORD=password SERVICE_PASSWORD=password SERVICE_TOKEN=tokentoken ENABLED_SERVICES+=,-n-net ENABLED_SERVICES+=,-n-obj ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta ENABLED_SERVICES+=,-n-novnc,-n-xvnc SWIFT_HASH=12go358snjw24501 LOGFILE=$DEST/logs/stack.sh.log VERBOSE=True SCREEN_LOGDIR=$DEST/logs/screen $ ./stack.sh It creates some demo networks for you and is pretty much good to go out the box. Regards Mark ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
