I tinkered with the Nova create call and things are (sort of) working)…
I changed the plugging to do this:
port_id = port['port']['id']
instance = {'uuid': vm_uuid}
network = {'bridge': 'br-int'}
class VeryDangerousHack(network_model.VIF):
def __init__(self, port_id, mac_addr, network):
super(VeryDangerousHack, self).__init__(
id=port_id, address=mac_addr, network=network,
type=network_model.VIF_TYPE_OVS,
details={'ovs_hybrid_plug': False, 'port_filter': False},
active=True)
vif = VeryDangerousHack(port_id, mac_addr, network)
# For ML2 plugin
driver = vif_driver.LibvirtGenericVIFDriver({})
driver.plug(instance, vif)
It completed without errors, the interface is up, and I can ping over it.
(Yay!) However, it still seems to show the hybrid plug and port filtering:
openstack@devstack-32:~/devstack$ neutron port-show private_p
+-----------------------+---------------------------------------------------------------------------------+
| Field | Value
|
+-----------------------+---------------------------------------------------------------------------------+
| admin_state_up | True
|
| allowed_address_pairs |
|
| binding:host_id | devstack-32
|
| binding:profile | {}
|
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true}
|
| binding:vif_type | ovs
|
| binding:vnic_type | normal
|
| device_id | 999a76ef-1111-2689-1234-b12a3c4d2a00
|
| device_owner | compute:None
|
| extra_dhcp_opts |
|
| fixed_ips | {"subnet_id": "5255dd92-ebd6-43ea-aff8-46f97349eb99",
"ip_address": "10.1.0.6"} |
| id | 267a9936-4bc2-4838-9c06-22d84309596f
|
| mac_address | 42:0c:c9:cb:4e:9f
|
| name | private_p
|
| network_id | df8305f2-9797-41ed-bd76-6f083575e0f7
|
| security_groups | 365a63ea-149c-4ff9-9aa2-8bcfe9dfb7e3
|
| status | ACTIVE
|
| tenant_id | 78fe6c3b72a64595aa7d3c6c25d58c51
|
+-----------------------+————————————————————————————————————————+
Can anyone enlightened me on what these settings imply?
>From the review Irena mentioned:
"Neutron can include 'ovs_hybrid_plug' and 'port_filter' boolean keys in
the binding:vif_details port attribute. 'port_filter' indicates whether
or not neutron is handling port filtering for nova to determine if it needs
to filter for that port. 'ovs_hybrid_plug' can be set to True to indicate
that the neutron plugin still requires the bridge plugging strategy to attach
firewall rules.”
I have security groups disabled for Neutron and am using Nova (with ICMP and
SSH allowed). Does that mean the port_filter is ignored?
Is the same true for the ovs_hybrid_plug, for the same reason?
Any idea why my settings for details are being ignored in the call?
I still have more checking, as the public_ip, although I can ping the local and
remote Neutron routers (172.24.4.11 and 172.24.4.21), I cannot ping the far end
VM that is running the same setup (outside of Nova, hooked into Neutron -
though using the older versions and original scripts). May just be a setup
issue.
Looking better though!
PCM (Paul Michali)
MAIL …..…. [email protected]<mailto:[email protected]>
IRC ……..… pcm_ (irc.freenode.com<http://irc.freenode.com>)
TW ………... @pmichali
GPG Key … 4525ECC253E31A83
Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
On Mar 31, 2014, at 9:56 AM, Paul Michali (pcm)
<[email protected]<mailto:[email protected]>> wrote:
Hi Darragh,
Yes (I should included more background), I have a VM started in KVM, and it has
I/Fs associated with scripts for I/F up and down:
IFNAME_ETH0=$NAME"__mgmt"
IFNAME_ETH1=$NAME"__public"
IFNAME_ETH2=$NAME"__private"
kvm -m 8192 -name $NAME \
-smp 4 \
-serial telnet:$TELNET_ACCESS,server,nowait \
-net nic,macaddr=$MACADDR_ETH0,model=e1000,vlan=0 \
-net
tap,ifname=$IFNAME_ETH0,vlan=0,script=osn-ifup-mgmt,downscript=osn-ifdown-mgmt \
-net nic,macaddr=$MACADDR_ETH1,model=e1000,vlan=1 \
-net
tap,ifname=$IFNAME_ETH1,vlan=1,script=osn-ifup-br-ex,downscript=osn-ifdown-br-ex
\
-net nic,macaddr=$MACADDR_ETH2,model=e1000,vlan=2 \
-net
tap,ifname=$IFNAME_ETH2,vlan=2,script=osn-ifup-br-int,downscript=osn-ifdown-br-int
\
-drive file=$IMAGE \
-boot c \
-vga cirrus \
-vnc $VNC_ACCESS
ETH2, using osn-ifup-br-int, does this:
#!/bin/bash
source config.ini
/sbin/ifconfig $1 0.0.0.0 up
if_mac=`ifconfig $1 | awk '{ if ($4 == "HWaddr") print $5 }'`
info_str=`./plug_vif.py ${HOST} ${USER} ${PASSWORD} ${TENANT} ${UUID} ${if_mac}
${HOSTNAME} $1`
if [ "$info_str" == "" ]; then
echo "VIF plugging failed ($1)! Exiting ..." >&2
exit 1
fi
# Write for file for later clean-up by osn-ifdown
echo "$1 ${if_mac} ${UUID} $info_str" >> .instance_info
IFS=' ' read -a info <<< "$info_str"
switch=${info[0]}
echo "Plugging interface: $1 into switch: ${switch}"
ovs-vsctl add-port ${switch} $1
Note: T original that used Nova for the plugging of VIF used this for the last
line, instead of ovs-vsctl:
brctl addif ${switch} $1
Regards,
PCM (Paul Michali)
MAIL …..…. [email protected]<mailto:[email protected]>
IRC ……..… pcm_ (irc.freenode.com<http://irc.freenode.com/>)
TW ………... @pmichali
GPG Key … 4525ECC253E31A83
Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
On Mar 31, 2014, at 9:26 AM, Darragh O'Reilly
<[email protected]<mailto:[email protected]>> wrote:
Hi Paul,
tbh I'm not exactly sure what you are trying to do overall. But from your
script it seems to me that you are trying to create an OVS port so a libvirt
instance outside of Nova control can use it. And you don't need the linux
bridge for security group iptables.
AFAIK the tap must be created first using the ip command. Then when 'ovs-vsctl
add-port' is called with the same name as the tap device for the port name, the
tap device will be enslaved properly in the OVS bridge.
https://github.com/openstack/nova/blob/304df046eaaad6d64ee16898b1eaa76918e98878/nova/virt/libvirt/vif.py#L420-L423
Regards, Darragh.
On Monday, 31 March 2014, 12:36, Paul Michali (pcm)
<[email protected]<mailto:[email protected]>> wrote:
Hi Darragh,
Can you elaborate on what the “set interface” arguments do in OVS? Just trying
to understand why it is not desired, when plugging into this interface (note I
have a management interface on the br-int and it works fine…this one, which is
also on br-int, but needs to tie to the existing “private” network that
devstack sets up, does not work.
Regards,
PCM (Paul Michali)
MAIL …..…. [email protected]<mailto:[email protected]>
IRC ……..… pcm_ (irc.freenode.com<http://irc.freenode.com/>)
TW ………... @pmichali
GPG Key … 4525ECC253E31A83
Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
On Mar 31, 2014, at 4:20 AM, Darragh O'Reilly
<[email protected]<mailto:[email protected]>> wrote:
Hi Paul,
the OVSInterfaceDriver creates interfaces with type internal so agents like
DHCP/L3 etc can put IP addresses on them. But I don't think type internal will
work for instances. You could try subclassing and overriding so it does not do
this:
https://github.com/openstack/neutron/blob/2541ff7cad19941b62dace7e9951a56a16e53f3e/neutron/agent/linux/interface.py#L150
Regards,
Darragh.
_______________________________________________
OpenStack-dev mailing list
[email protected]<mailto:[email protected]>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
[email protected]<mailto:[email protected]>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
