James; Hey you know... I seem to remember zeroing out "eth0" IP 0.0.0.0 and setting the static IP on br-ex under Kilo and everything worked. That was using OVS. Perhaps I do the same, as you suggest, with LinuxBridge. Wow. Thanks. Will try. And if this doesn't work I'll respond with the diagnostic output you requested.
Thanks to all of you; -Chris - Christopher T. Hull I am presently seeking a new career opportunity Please see career page http://chrishull.com/career 333 Orchard Ave, Sunnyvale CA. 94085 (415) 385 4865 chrishul...@gmail.com http://chrishull.com On Wed, Mar 23, 2016 at 5:57 PM, James Denton <james.den...@rackspace.com> wrote: > Hi Christopher, > > Routers work under Liberty and LinuxBridge just fine, in my experience, so > don’t be too quick to give up on them. I promise you’ll have a tougher go > at it, at this point, using another virtual machine as a router. > > Some tips: > > > 1. Use the ‘ip’ command rather than ‘ifconfig’. Output of ‘ip addr’ > would be more helpful here. > 2. Use ‘brctl show’ to see the virtual bridges and their members. That > output would be helpful here as well. > > > You have an IP configured on interface enp3s0, and I can’t tell what you > have set as the physical interface mappings in the ML2/LinuxBridge agent > config. On older email I see this: > > >> physical_interface_mappings | public:enp3s0 > > If that’s still the case, you’re going to have a hard time. The > LinuxBridge agent expects to put the enp3s0 interface into the respective > brq-* bridge that corresponds to the public (flat) network. Once the > interface is in the bridge, you may lose connectivity to/from any address > on that interface. At that point, your host will be unable to communicate > with the router's gateway interface also in the bridge, and probably any > external host. In this configuration, you may consider moving the IP from > enp3s0 to the brq-* bridge temporarily. That should work. Give it a try and > let me know. > > James > > From: Christopher Hull <chrishul...@gmail.com> > Date: Wednesday, March 23, 2016 at 7:21 PM > To: Dan Sneddon <dsned...@redhat.com> > Cc: openstack-operators <openstack-operators@lists.openstack.org> > Subject: Re: [Openstack-operators] Manual router setup > > Conclusion. Neutron routers under Liberty (Linux Bridge) don't work. > Please prove me wrong..... Moving on to manual router creation. > 1: How can I assign a fixed IP to an instance? > 2: If I add routes will they get used? I probably have to create a Port > for every route (as Floating IPs do ). > > > ------ Session: Trying to create a working router for the 15th time. > :-) ---- > > > [root@maersk src]# ifconfig > enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255 > inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 > scopeid 0x0<global> > inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20<link> > ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet) > RX packets 238 bytes 16020 (15.6 KiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 60 bytes 6650 (6.4 KiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 > inet 127.0.0.1 netmask 255.0.0.0 > inet6 ::1 prefixlen 128 scopeid 0x10<host> > loop txqueuelen 0 (Local Loopback) > RX packets 4985 bytes 1060267 (1.0 MiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 4985 bytes 1060267 (1.0 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 > inet 192.168.122.1 netmask 255.255.255.0 broadcast > 192.168.122.255 > ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet) > RX packets 0 bytes 0 (0.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 0 bytes 0 (0.0 B) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > [root@maersk src]# source admin-openrc.sh > [root@maersk src]# clear > > [root@maersk src]# neutron net-create public --shared > --provider:physical_network public \ > > --provider:network_type flat > Created a new network: > +---------------------------+--------------------------------------+ > | Field | Value | > +---------------------------+--------------------------------------+ > | admin_state_up | True | > | id | 9ee73442-5a86-48c0-84da-8f650937fd08 | > | mtu | 0 | > | name | public | > | port_security_enabled | True | > | provider:network_type | flat | > | provider:physical_network | public | > | provider:segmentation_id | | > | router:external | False | > | shared | True | > | status | ACTIVE | > | subnets | | > | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 | > +---------------------------+--------------------------------------+ > [root@maersk src]# neutron subnet-create public 172.22.10.0/24 --name > public \ > > --allocation-pool start=172.22.10.10,end=172.22.10.90 \ > > --dns-nameserver 172.22.10.254 --gateway 172.22.10.254 --enable_dhcp > False > Created a new subnet: > +-------------------+--------------------------------------------------+ > | Field | Value | > +-------------------+--------------------------------------------------+ > | allocation_pools | {"start": "172.22.10.10", "end": "172.22.10.90"} | > | cidr | 172.22.10.0/24 | > | dns_nameservers | 172.22.10.254 | > | enable_dhcp | False | > | gateway_ip | 172.22.10.254 | > | host_routes | | > | id | 28683bfe-2410-4f9b-b805-ec3c7aee009a | > | ip_version | 4 | > | ipv6_address_mode | | > | ipv6_ra_mode | | > | name | public | > | network_id | 9ee73442-5a86-48c0-84da-8f650937fd08 | > | subnetpool_id | | > | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 | > +-------------------+--------------------------------------------------+ > [root@maersk src]# ifconfig > enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255 > inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 > scopeid 0x0<global> > inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20<link> > ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet) > RX packets 5032 bytes 373870 (365.1 KiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 2602 bytes 3154215 (3.0 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 > inet 127.0.0.1 netmask 255.0.0.0 > inet6 ::1 prefixlen 128 scopeid 0x10<host> > loop txqueuelen 0 (Local Loopback) > RX packets 46701 bytes 12008341 (11.4 MiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 46701 bytes 12008341 (11.4 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 > inet 192.168.122.1 netmask 255.255.255.0 broadcast > 192.168.122.255 > ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet) > RX packets 0 bytes 0 (0.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 0 bytes 0 (0.0 B) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > [root@maersk src]# neutron net-list > > +--------------------------------------+--------+-----------------------------------------------------+ > | id | name | > subnets | > > +--------------------------------------+--------+-----------------------------------------------------+ > | 9ee73442-5a86-48c0-84da-8f650937fd08 | public | > 28683bfe-2410-4f9b-b805-ec3c7aee009a 172.22.10.0/24 | > > +--------------------------------------+--------+-----------------------------------------------------+ > [root@maersk src]# source demo-openrc.sh > [root@maersk src]# neutron net-create private > Created a new network: > +-----------------------+--------------------------------------+ > | Field | Value | > +-----------------------+--------------------------------------+ > | admin_state_up | True | > | id | 573956a6-1378-4100-83c2-db5c3bf9a95c | > | mtu | 0 | > | name | private | > | port_security_enabled | True | > | router:external | False | > | shared | False | > | status | ACTIVE | > | subnets | | > | tenant_id | 7813be77b1de4196b1c6b77006afa21c | > +-----------------------+--------------------------------------+ > [root@maersk src]# neutron subnet-create private 192.168.10.0/24 \ > > --name private --dns-nameserver 172.22.10.254 --gateway 192.168.10.1 > Created a new subnet: > +-------------------+----------------------------------------------------+ > | Field | Value | > +-------------------+----------------------------------------------------+ > | allocation_pools | {"start": "192.168.10.2", "end": "192.168.10.254"} | > | cidr | 192.168.10.0/24 | > | dns_nameservers | 172.22.10.254 | > | enable_dhcp | True | > | gateway_ip | 192.168.10.1 | > | host_routes | | > | id | 83f4f5e5-13b6-41f2-af07-b96d86847e2b | > | ip_version | 4 | > | ipv6_address_mode | | > | ipv6_ra_mode | | > | name | private | > | network_id | 573956a6-1378-4100-83c2-db5c3bf9a95c | > | subnetpool_id | | > | tenant_id | 7813be77b1de4196b1c6b77006afa21c | > +-------------------+----------------------------------------------------+ > [root@maersk src]# ifconfig > brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > inet6 fe80::6469:36ff:fecc:a4d8 prefixlen 64 scopeid 0x20<link> > ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet) > RX packets 4 bytes 264 (264.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 7 bytes 578 (578.0 B) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255 > inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 > scopeid 0x0<global> > inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20<link> > ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet) > RX packets 5310 bytes 393373 (384.1 KiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 2661 bytes 3165497 (3.0 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 > inet 127.0.0.1 netmask 255.0.0.0 > inet6 ::1 prefixlen 128 scopeid 0x10<host> > loop txqueuelen 0 (Local Loopback) > RX packets 50779 bytes 13259383 (12.6 MiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 50779 bytes 13259383 (12.6 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > inet6 fe80::e816:29ff:fec8:9925 prefixlen 64 scopeid 0x20<link> > ether ea:16:29:c8:99:25 txqueuelen 1000 (Ethernet) > RX packets 7 bytes 578 (578.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 13 bytes 1066 (1.0 KiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 > inet 192.168.122.1 netmask 255.255.255.0 broadcast > 192.168.122.255 > ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet) > RX packets 0 bytes 0 (0.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 0 bytes 0 (0.0 B) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > inet6 fe80::d888:38ff:fe4a:6e1 prefixlen 64 scopeid 0x20<link> > ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet) > RX packets 0 bytes 0 (0.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 0 bytes 0 (0.0 B) > TX errors 0 dropped 16 overruns 0 carrier 0 collisions 0 > > [root@maersk src]# source admin-openrc.sh > [root@maersk src]# neutron net-update public --router:external > Updated network: public > [root@maersk src]# source demo-openrc.sh > [root@maersk src]# neutron router-create router > Created a new router: > +-----------------------+--------------------------------------+ > | Field | Value | > +-----------------------+--------------------------------------+ > | admin_state_up | True | > | external_gateway_info | | > | id | ff6a61f5-f497-43a1-b245-64ec8e87b488 | > | name | router | > | routes | | > | status | ACTIVE | > | tenant_id | 7813be77b1de4196b1c6b77006afa21c | > +-----------------------+--------------------------------------+ > [root@maersk src]# neutron router-interface-add router private > Multiple router matches found for name 'router', use an ID to be more > specific. > [root@maersk src]# neutron router-list > +--------------------------------------+--------+-----------------------+ > | id | name | external_gateway_info | > +--------------------------------------+--------+-----------------------+ > | 5939b796-cae6-4d72-8d34-66e20afb95aa | router | null | > | ff6a61f5-f497-43a1-b245-64ec8e87b488 | router | null | > +--------------------------------------+--------+-----------------------+ > [root@maersk src]# neutron router-delete > 5939b796-cae6-4d72-8d34-66e20afb95aa > Deleted router: 5939b796-cae6-4d72-8d34-66e20afb95aa > [root@maersk src]# neutron router-delete > ff6a61f5-f497-43a1-b245-64ec8e87b488 > Deleted router: ff6a61f5-f497-43a1-b245-64ec8e87b488 > [root@maersk src]# neutron router-create router > Created a new router: > +-----------------------+--------------------------------------+ > | Field | Value | > +-----------------------+--------------------------------------+ > | admin_state_up | True | > | external_gateway_info | | > | id | a1be1dbd-1a94-4a8c-8093-45a7af89140c | > | name | router | > | routes | | > | status | ACTIVE | > | tenant_id | 7813be77b1de4196b1c6b77006afa21c | > +-----------------------+--------------------------------------+ > [root@maersk src]# neutron router-interface-add router private > Added interface 74c0d2df-3944-43d7-8be9-2ef0d9242edc to router router. > [root@maersk src]# neutron router-gateway-set router public > Set gateway for router router > [root@maersk src]# source admin-openrc.sh > [root@maersk src]# ip netns > qrouter-a1be1dbd-1a94-4a8c-8093-45a7af89140c (id: 1) > qdhcp-573956a6-1378-4100-83c2-db5c3bf9a95c (id: 0) > [root@maersk src]# neutron router-port-list router > > +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+ > | id | name | mac_address | > fixed_ips > | > > +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+ > | 21c8decf-e4c8-4467-9266-ca5cfb9c7c20 | | fa:16:3e:d6:29:b4 | > {"subnet_id": "28683bfe-2410-4f9b-b805-ec3c7aee009a", "ip_address": > "172.22.10.10"} | > | 74c0d2df-3944-43d7-8be9-2ef0d9242edc | | fa:16:3e:7b:d6:0f | > {"subnet_id": "83f4f5e5-13b6-41f2-af07-b96d86847e2b", "ip_address": > "192.168.10.1"} | > > +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+ > [root@maersk src]# ping 172.22.10.10 > PING 172.22.10.10 (172.22.10.10) 56(84) bytes of data. > From 172.22.10.99 icmp_seq=1 Destination Host Unreachable > From 172.22.10.99 icmp_seq=2 Destination Host Unreachable > From 172.22.10.99 icmp_seq=3 Destination Host Unreachable > From 172.22.10.99 icmp_seq=4 Destination Host Unreachable > From 172.22.10.99 icmp_seq=5 Destination Host Unreachable > From 172.22.10.99 icmp_seq=6 Destination Host Unreachable > From 172.22.10.99 icmp_seq=7 Destination Host Unreachable > From 172.22.10.99 icmp_seq=8 Destination Host Unreachable > ^C > --- 172.22.10.10 ping statistics --- > 8 packets transmitted, 0 received, +8 errors, 100% packet loss, time 7000ms > pipe 4 > [root@maersk src]# ifconfig > brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > inet6 fe80::6469:36ff:fecc:a4d8 prefixlen 64 scopeid 0x20<link> > ether 72:65:0b:f7:66:9c txqueuelen 0 (Ethernet) > RX packets 6 bytes 348 (348.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 8 bytes 648 (648.0 B) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255 > inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 > scopeid 0x0<global> > inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20<link> > ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet) > RX packets 6360 bytes 464736 (453.8 KiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 2867 bytes 3196849 (3.0 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 > inet 127.0.0.1 netmask 255.0.0.0 > inet6 ::1 prefixlen 128 scopeid 0x10<host> > loop txqueuelen 0 (Local Loopback) > RX packets 65582 bytes 17827940 (17.0 MiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 65582 bytes 17827940 (17.0 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > tap74c0d2df-39: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > inet6 fe80::7065:bff:fef7:669c prefixlen 64 scopeid 0x20<link> > ether 72:65:0b:f7:66:9c txqueuelen 1000 (Ethernet) > RX packets 10 bytes 864 (864.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 8 bytes 648 (648.0 B) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > inet6 fe80::e816:29ff:fec8:9925 prefixlen 64 scopeid 0x20<link> > ether ea:16:29:c8:99:25 txqueuelen 1000 (Ethernet) > RX packets 8 bytes 648 (648.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 16 bytes 1248 (1.2 KiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 > inet 192.168.122.1 netmask 255.255.255.0 broadcast > 192.168.122.255 > ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet) > RX packets 0 bytes 0 (0.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 0 bytes 0 (0.0 B) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > inet6 fe80::d888:38ff:fe4a:6e1 prefixlen 64 scopeid 0x20<link> > ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet) > RX packets 0 bytes 0 (0.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 0 bytes 0 (0.0 B) > TX errors 0 dropped 19 overruns 0 carrier 0 collisions 0 > > > > > - Christopher T. Hull > I am presently seeking a new career opportunity Please see career page > http://chrishull.com/career > 333 Orchard Ave, Sunnyvale CA. 94085 > (415) 385 4865 > chrishul...@gmail.com > http://chrishull.com > > > > On Wed, Mar 23, 2016 at 4:34 PM, Dan Sneddon <dsned...@redhat.com> wrote: > >> On 03/23/2016 04:06 PM, Christopher Hull wrote: >> > Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My CentOS >> > 7 install sees emp3s0 where eth0 would usually appear. But this may >> > need to be changed to br-ex? The IP address no longer apperas at >> > enp3s0, so perhaps that's the issue. >> > >> > When I make changes, I tear down all the networks and rebuild them >> > according to instructions. I do this after restarting the machine. I >> > wonder if the database needs to be updated as well. >> > >> > su -s /bin/sh -c "neutron-db-manage --config-file >> > /etc/neutron/neutron.conf \ >> > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" >> neutron >> > systemctl stop neutron-server.service \ >> > neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ >> > neutron-metadata-agent.service >> > systemctl stop neutron-l3-agent.service >> > and restart. >> > >> > Thanks for the help. Yes. It's a bit confusing. Why are router and >> > instance ports different? It is for this reason that I figured I could >> > just create my own instance/router. But why should I have to? Do >> > routers not work unless you use OpenVSwitch? The Liberty install >> > instructions (unlike Kilo) don't seem to require installing OpenVSwitch. >> > >> > linux_bridge_agent.ini >> > inux_bridge | physical_interface_mappings | public:enp3s0 >> > >> > Perhaps br-ex? Or whereever I see my static IP when doing an >> > ifconfig :-) Was enp3s0 when CentOS was first installed, but I think >> > thats changed somehow. >> > >> > >> +----------------------------+-----------------------------+--------------------------------------------------------------+ >> > | linuxbridge_agent: Section | Key | >> > Value | >> > >> +----------------------------+-----------------------------+--------------------------------------------------------------+ >> > | linux_bridge | physical_interface_mappings | >> > public:enp3s0 | >> > | vxlan | l2_population | >> > True | >> > | vxlan | local_ip | >> > 172.22.10.99 | >> > | vxlan | enable_vxlan | >> > True | >> > | agent | prevent_arp_spoofing | >> > True | >> > | securitygroup | firewall_driver | >> > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver | >> > | securitygroup | enable_security_group | >> > True | >> > >> +----------------------------+-----------------------------+--------------------------------------------------------------+ >> > >> > >> > >> > - Christopher T. Hull >> > I am presently seeking a new career opportunity Please see career page >> > http://chrishull.com/career >> > 333 Orchard Ave, Sunnyvale CA. 94085 >> > (415) 385 4865 <tel:%28415%29%20385%204865> >> > chrishul...@gmail.com <mailto:chrishul...@gmail.com> >> > http://chrishull.com >> > >> > >> > >> > On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <dsned...@redhat.com >> > <mailto:dsned...@redhat.com>> wrote: >> > >> > On 03/23/2016 03:05 PM, Christopher Hull wrote: >> > > Hi Keven / all; >> > > >> > > Re: Getting a Neutron Router to work. (set >> external_network_bridge = >> > > blank). Apologies if this got sent twice. >> > > >> > > Nope, not quite there yet re getting the damn router to work >> > (week 3 on >> > > this issue). >> > > >> > > The Liberty install instructions indeed say to set... >> > > external_network_bridge = >> > > >> > > I'm so desperate that I thought the blank space after the = might >> be >> > > the issue. No. Then I noticed these instructions in >> > l3_agent.ini itself. >> > > ----- >> > > # When external_network_bridge is set, each L3 agent can be >> > associated >> > > # with no more than one external network. This value should be >> set to >> > > the UUID >> > > # of that external network. To allow L3 agent support multiple >> > external >> > > # networks, both the external_network_bridge and >> > > gateway_external_network_id >> > > # must be left empty. >> > > # gateway_external_network_id = >> > > ---- >> > > >> > > 1: Should gateway_external_network_id = be unoommented? >> > > 2: Should I reupdate the database after these changes? >> > > su -s /bin/sh -c "neutron-db-manage --config-file >> > > /etc/neutron/neutron.conf \ >> > > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade >> > head" neutron >> > > >> > > 3: Should external_network_bridge in fact be set to the UUID of >> the >> > > public network? >> > > >> > > 4. All instances Ports work just fine on public and private >> network. >> > > WHAT is the difference between a Neutron router northbound port >> > and an >> > > instance port on the public net. >> > > >> > > Services restarted after config change (just removed space after = >> > > actually just in case sloppy Python coding was involved here). In >> > > fact, I rebooted the box just to be sure. >> > > >> > > Making my own instance based router is looking better and better >> all >> > > the time. If Neutron Routers really work, maybe UFO's exist too. >> > > :-) j/k >> > > >> > > >> > > Seriously. Thank you for your help. Hope to help the >> community >> > > soon too myself. Trying to get my Gerrit account up and running >> but >> > > the OpenStack.org site won't allow me to sign the Contrib >> agreement >> > > with out getting a server error. >> > > >> > > >> > > ==== Config Details ====== >> > > Issue Neutron Router Northbound Port won't Ping, is Down >> > > >> > > [root@maersk src]# ./pluto.py show -p /etc neutron >> rootwrap.conf >> > > ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini >> > > >> > >> >> +-----------------------+------------------------------------+-------------------------------------------------+ >> > > | neutron: Section | Key | >> > > Value | >> > > >> > >> >> +-----------------------+------------------------------------+-------------------------------------------------+ >> > > | DEFAULT | verbose | >> > > True | >> > > | DEFAULT | nova_url | >> > > http://controller:8774/v2 | >> > > | DEFAULT | notify_nova_on_port_data_changes | >> > > True | >> > > | DEFAULT | notify_nova_on_port_status_changes | >> > > True | >> > > | DEFAULT | auth_strategy | >> > > keystone | >> > > | DEFAULT | rpc_backend | >> > > rabbit | >> > > | DEFAULT | allow_overlapping_ips | >> > > True | >> > > | DEFAULT | service_plugins | >> > > router | >> > > | DEFAULT | core_plugin | >> > > ml2 | >> > > | keystone_authtoken | password | >> > > mk4968small23buggidntpass | >> > > | keystone_authtoken | username | >> > > neutron | >> > > | keystone_authtoken | project_name | >> > > service | >> > > | keystone_authtoken | user_domain_id | >> > > default | >> > > | keystone_authtoken | project_domain_id | >> > > default | >> > > | keystone_authtoken | auth_plugin | >> > > password | >> > > | keystone_authtoken | auth_url | >> > > http://controller:35357 | >> > > | keystone_authtoken | auth_uri | >> > > http://controller:5000 | >> > > | database | connection | >> > > mysql://neutron:sleestack191@controller/neutron | >> > > | nova | password | >> > > mk4968small23buggidntpass | >> > > | nova | username | >> > > nova | >> > > | nova | project_name | >> > > service | >> > > | nova | region_name | >> > > RegionOne | >> > > | nova | user_domain_id | >> > > default | >> > > | nova | project_domain_id | >> > > default | >> > > | nova | auth_plugin | >> > > password | >> > > | nova | auth_url | >> > > http://controller:35357 | >> > > | oslo_concurrency | lock_path | >> > > /var/lib/neutron/tmp | >> > > | oslo_messaging_rabbit | rabbit_password | >> > > open.g00dke232 | >> > > | oslo_messaging_rabbit | rabbit_userid | >> > > openstack | >> > > | oslo_messaging_rabbit | rabbit_host | >> > > controller | >> > > >> > >> >> +-----------------------+------------------------------------+-------------------------------------------------+ >> > > >> > >> >> +-------------------+---------------------+--------------------------------------------------------------+ >> > > | rootwrap: Section | Key | >> > > Value | >> > > >> > >> >> +-------------------+---------------------+--------------------------------------------------------------+ >> > > | DEFAULT | filters_path | >> > > /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap | >> > > | DEFAULT | exec_dirs | >> > > /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin | >> > > | DEFAULT | use_syslog | >> > > False | >> > > | DEFAULT | syslog_log_facility | >> > > syslog | >> > > | DEFAULT | syslog_log_level | >> > > ERROR | >> > > >> > >> >> +-------------------+---------------------+--------------------------------------------------------------+ >> > > >> > >> +-------------------+----------------------+--------------------------+ >> > > | ml2_conf: Section | Key | Value >> > | >> > > >> > >> +-------------------+----------------------+--------------------------+ >> > > | ml2 | extension_drivers | port_security >> > | >> > > | ml2 | mechanism_drivers | >> > linuxbridge,l2population | >> > > | ml2 | tenant_network_types | vxlan >> > | >> > > | ml2 | type_drivers | flat,vlan,vxlan >> > | >> > > | ml2_type_flat | flat_networks | public >> > | >> > > | ml2_type_vxlan | vni_ranges | 1:1000 >> > | >> > > | securitygroup | enable_ipset | True >> > | >> > > >> > >> +-------------------+----------------------+--------------------------+ >> > > >> > >> >> +-------------------+--------------------------+-----------------------------------------------------+ >> > > | l3_agent: Section | Key | >> > > Value | >> > > >> > >> >> +-------------------+--------------------------+-----------------------------------------------------+ >> > > | DEFAULT | external_network_bridge >> > > | | >> > > | DEFAULT | verbose | >> > > True | >> > > | DEFAULT | interface_driver | >> > > neutron.agent.linux.interface.BridgeInterfaceDriver | >> > > >> > >> >> +-------------------+--------------------------+-----------------------------------------------------+ >> > > >> > >> >> +----------------------------+-----------------------------+--------------------------------------------------------------+ >> > > | linuxbridge_agent: Section | Key | >> > > Value | >> > > >> > >> >> +----------------------------+-----------------------------+--------------------------------------------------------------+ >> > > | linux_bridge | physical_interface_mappings | >> > > public:enp3s0 | >> > > | vxlan | l2_population | >> > > True | >> > > | vxlan | local_ip | >> > > 172.22.10.99 | >> > > | vxlan | enable_vxlan | >> > > True | >> > > | agent | prevent_arp_spoofing | >> > > True | >> > > | securitygroup | firewall_driver | >> > > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver | >> > > | securitygroup | enable_security_group | >> > > True | >> > > >> > >> >> +----------------------------+-----------------------------+--------------------------------------------------------------+ >> > > >> > >> >> +---------------------+--------------------------+-----------------------------------------------------+ >> > > | dhcp_agent: Section | Key | >> > > Value | >> > > >> > >> >> +---------------------+--------------------------+-----------------------------------------------------+ >> > > | DEFAULT | dnsmasq_config_file | >> > > /etc/neutron/dnsmasq-neutron.conf | >> > > | DEFAULT | verbose | >> > > True | >> > > | DEFAULT | enable_isolated_metadata | >> > > True | >> > > | DEFAULT | dhcp_driver | >> > > neutron.agent.linux.dhcp.Dnsmasq | >> > > | DEFAULT | interface_driver | >> > > neutron.agent.linux.interface.BridgeInterfaceDriver | >> > > >> > >> >> +---------------------+--------------------------+-----------------------------------------------------+ >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > - Christopher T. Hull >> > > I am presently seeking a new career opportunity Please see >> > career page >> > > http://chrishull.com/career >> > > 333 Orchard Ave, Sunnyvale CA. 94085 >> > > (415) 385 4865 <tel:%28415%29%20385%204865> >> > > chrishul...@gmail.com <mailto:chrishul...@gmail.com> >> > <mailto:chrishul...@gmail.com <mailto:chrishul...@gmail.com>> >> > > http://chrishull.com >> > > >> > > >> > > >> > > On Wed, Mar 23, 2016 at 8:50 AM, <chrishul...@gmail.com <mailto: >> chrishul...@gmail.com> >> > > <mailto:chrishul...@gmail.com <mailto:chrishul...@gmail.com>>> >> wrote: >> > > >> > > Thanks. Will check that. >> > > When I create an instance in the public or private nets they >> ping. >> > > Why do router ports behave differently than instance ports? >> Only >> > > the Northbound router port is down and won't ping. Will >> check >> > > settings ASAP thanks >> > > >> > > Chris. >> > > >> > > Sent from my iPhone >> > > >> > > On Mar 23, 2016, at 7:52 AM, Kevin Benton <ke...@benton.pub >> > > <mailto:ke...@benton.pub <mailto:ke...@benton.pub>>> wrote: >> > > >> > >> Ok. The same settings should apply to Linux bridge. >> > >> >> > >> Make sure you have external_network_bridge defined in your L3 >> > >> agent as an empty value. >> > >> >> > >> Then your external network should be created with the >> provider >> > >> type of 'flat' and the physical network corresponding to the >> one >> > >> you have defined in your bridge mappings in the L2 agent >> that >> > >> attaches to the bridge going to your external physical >> network. >> > >> >> > >> On Mar 23, 2016 7:25 AM, <chrishul...@gmail.com <mailto: >> chrishul...@gmail.com> >> > >> <mailto:chrishul...@gmail.com <mailto:chrishul...@gmail.com>>> >> wrote: >> > >> >> > >> Kevin; >> > >> Thank you Very much. I'll check. I did a manual >> Liberty >> > >> install so I may have done something wrong. I am using >> > >> LinuxBridge (not OpenVSwitch) if that helps. Will post >> > >> results to list soon. Would like to be able to use >> floating >> > >> IPs, a more convenient form of ipTables basically. >> > >> >> > >> Chris. >> > >> >> > >> Sent from my iPhone >> > >> >> > >> On Mar 23, 2016, at 7:16 AM, Kevin Benton < >> ke...@benton.pub >> > >> <mailto:ke...@benton.pub <mailto:ke...@benton.pub>>> >> wrote: >> > >> >> > >>> Do you have external_network_bridge set to an empty >> value in >> > >>> the l3 agent config? If not, the l3 agent will use a >> legacy >> > >>> mode of wiring up the port and it's status field may >> not be >> > >>> ACTIVE. >> > >>> >> > >>> The routers are tested thousands of times in the gate >> every >> > >>> day, so they work. It's just a matter of getting your >> > >>> configuration correct. >> > >>> >> > >>> Yes, you can use a VM to route as well. >> > >>> >> > >>> On Mar 23, 2016 7:06 AM, <chrishul...@gmail.com >> <mailto:chrishul...@gmail.com> >> > >>> <mailto:chrishul...@gmail.com <mailto: >> chrishul...@gmail.com>>> wrote: >> > >>> >> > >>> Hi all; >> > >>> It appears that Liberty Neutron routers do not work. >> > >>> The Northbound port is always Down. >> > >>> >> > >>> What I'd like to do is dedicate an instance >> (CentOS) to >> > >>> routing between the Public net and other nets. Has >> > >>> anyone done this. Setting up the router is trivial. >> > >>> But I'm a little worried about interaction with >> Neutron >> > >>> Ports. I need to assign fixed IPs so I can route >> from >> > >>> the Internet to a server instance. >> > >>> >> > >>> Ideas? >> > >>> >> > >>> Thanks >> > >>> - Chris. >> > >>> >> > >>> Sent from my iPhone >> > >>> _______________________________________________ >> > >>> OpenStack-operators mailing list >> > >>> OpenStack-operators@lists.openstack.org >> > <mailto:OpenStack-operators@lists.openstack.org> >> > >>> <mailto:OpenStack-operators@lists.openstack.org >> > <mailto:OpenStack-operators@lists.openstack.org>> >> > >>> >> > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > >>> >> > > >> > > >> > > >> > > _______________________________________________ >> > > OpenStack-operators mailing list >> > > OpenStack-operators@lists.openstack.org >> > <mailto:OpenStack-operators@lists.openstack.org> >> > > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > >> > >> > Definitely the external_network_bridge needs to be explicitly set to >> > nothing. That's not the default. I've never had to change the >> default >> > gateway_external_network_id when I set external_network_bridge to a >> > blank value. >> > >> > Note that after making changes to external_network_bridge, I've >> have to >> > delete and recreate the router/port/network that was created before >> > that change. >> > >> > I assume that your bridge mappings are correct in >> > /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini: >> > >> > bridge_mappings =datacentre:br-ex # or whatever you have locally >> > >> > And that the physical_network of the external network matches the >> > network name in the bridge_mappings that corresponds to the bridge >> > containing the physical interface? Probably your instance ports >> > wouldn't work if those things weren't correct, but those are also >> areas >> > where I see failures similar to this. >> > >> > -- >> > Dan Sneddon | Principal OpenStack Engineer >> > dsned...@redhat.com <mailto:dsned...@redhat.com> | >> > redhat.com/openstack <http://redhat.com/openstack> >> > 650.254.4025 <tel:650.254.4025> | dsneddon:irc >> @dxs:twitter >> > >> > >> > >> > >> > _______________________________________________ >> > OpenStack-operators mailing list >> > OpenStack-operators@lists.openstack.org >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > >> >> I didn't mean to confuse you by assuming that you were running Open >> vSwitch. You don't have to run Open vSwitch, and some things do work >> differently when using Linux bridge. >> >> If your IP address is no longer on enp3s0, then that might be an >> indicator that you have a bridge subsuming enp3s0. In that case, I'm >> pretty sure that the physical_interface_mapping should be >> public:<bridge>. I spend a lot more time with OVS deployments, though. >> >> -- >> Dan Sneddon | Principal OpenStack Engineer >> dsned...@redhat.com | redhat.com/openstack >> 650.254.4025 | dsneddon:irc @dxs:twitter >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > >
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
