Guys, I did a few changes on my environment (OpenStack IceHouse on IPv6), everything seems to be working smoothly now...
Just deployed Heat on IPv6 too... I didn't tested Ceilomenter and "Cinder Volume" (iSCSI traffic) with IPv6 yet... I'm writing a new "Multinode Quick Guide" to deploy OpenStack IceHouse on an (almost) IPv6-Only environment. Nevertheless, OpenStack still depends on an IPv4-Only networks for Metadata, for "GRE / VXLAN" tunnels and for "Project Subnets" (no Neutron IPv6 yet), everything else (Management, APIs and Endpoints) seems to be working with IPv6 (including RabbitMQ, MySQL, Keystone, Nova, Glance, Neutron (API/Endpoint), Horizon, SPICE Consoles, Heat, Cinder (APIs / Management (iSCSI not tests with IPv6 yet))... Soon as I finish the new guide, I'll post it here... BTW, because of Glance can't use Proxy to download Images, I configured a NAT64/DNS64 here, so, it can reach the old Internet infrastructure normally... Best! Thiago On 13 May 2014 03:17, Martinx - ジェームズ <[email protected]> wrote: > Guys, > > I'm running OpenStack IceHouse configured with IPv6 in almost every part > of it, I can say that both `Management Network` and `API Endpoints` works > with IPv6, but, there are still only three places that I am unable to use > it with IPv6, which is: > > > 1- Metadata (no IPv6 here, the equivalent of 169.254.0.0/16 for IPv6 is > the subnet fe80::/64, am I right?); > > 2- VXLAN / GRE tunnels, precisely at `local_ip` in ml2_conf.ini (it > doesn't work when with IPv6); > > 3- Tenant subnet (IPv6 works with Flat Networks and statically/manually > configured, no SLAAC and no Neutron L3 with IPv6 yet). > > > NOTE: I still did not tested Heat, Cinder or Swift. > > > Everything else is working with IPv6! > > Here is a few more details about my environment: > > Controller's /etc/network/interface file: > > --- > # This file describes the network interfaces available on your system > # and how to activate them. For more information, see interfaces(5). > > # The loopback network interface > auto lo > iface lo inet loopback > > # The primary network interface > # > # OpenStack API Endpoints > auto eth0 > iface eth0 inet6 static > address 2804:29X:Y:dead::10 > netmask 64 > gateway 2804:29X:Y:dead::1 > dns-domain tcmc.com.br > dns-search tcmc.com.br > dns-nameservers 2804:29X:4::1 2001:129X:2bX::1 > > # OpenStack - Management > auto eth1 > iface eth1 inet6 static > address fddc:3c8c:6e8c:b129::10 > netmask 64 > > # Legacy - Only required because of Metadata, it doesn't have an IPv6 > # equivalent service for subnet IPv4 = 169.254.0.0/16 (IPv6 = fc80::/64) > iface eth1 inet static > address 192.168.5.10 > netmask 24 > --- > > Network Node /etc/network/interfaces file: > > --- > # This file describes the network interfaces available on your system > # and how to activate them. For more information, see interfaces(5). > > # The loopback network interface. > auto lo > iface lo inet loopback > > # > # Reachable from the Internet. > # > > # The primary network interface. Node Internet access. > auto eth0 > iface eth0 inet6 static > address 2804:29X:Y:dead::20 > netmask 64 > gateway 2804:29X:Y:dead::1 > dns-domain tcmc.com.br > dns-search tcmc.com.br > dns-nameservers 2804:290:4::1 2001:1291:2bf::1 > > # > # Unreachable from the Internet. > # > > # OpenStack - Management > auto eth1 > iface eth1 inet6 static > address fddc:3c8c:6e8c:b129::20 > netmask 64 > > # Legacy - Only required because of Metadata, it doesn't have an IPv6 > # equivalent service for subnet IPv4 = 169.254.0.0/16 (IPv6 = fc80::/64). > iface eth1 inet static > address 192.168.5.20 > netmask 24 > > # VXLAN Traffic - Not working right now with IPv6. > auto eth2 > iface eth2 inet6 static > address fda2:c917:cd2e:0552::20 > netmask 64 > > # Legacy - Only required because Neutron doesn't support VXLAN tunnels on > top > # of a IPv6 network. > iface eth2 inet static > address 192.168.6.20 > netmask 24 > > # > # Reachable from the Internet only from within each Namespace router. > # > > # Bridge br-ex attached here, this is the "WAN Port" of tenant's routers. > auto eth3 > iface eth3 inet manual > up ip addr add 0/0 dev eth3 > up ip link set dev $IFACE up > up ip link set $IFACE promisc on > up ethtool --offload $IFACE gro off > down ip link set $IFACE promisc off > down ip link set $IFACE down > --- > > > Common /etc/hosts file across the Cloud: > > --- > 127.0.0.1 localhost.localdomain localhost > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > # OpenStack APIs Endpoints > 2804:29X:Y:dead::10 psuaa-1.tcmc.com.br psuaa-1 > 2804:29X:Y:dead::20 psuab-1.tcmc.com.br psuab-1 > 2804:29X:Y:dead::30 psuac-1.tcmc.com.br psuac-1 > 2804:29X:Y:dead::1000 psuah-1.tcmc.com.br psuah-1 > > # OpenStack Management - MySQL, RabbitMQ, SPICE, Glance... > fddc:3c8c:6e8c:b129::10 psuaa-1.mng.tcmc.com.br > psuaa-1.mng > fddc:3c8c:6e8c:b129::20 psuab-1.mng.tcmc.com.br > psuab-1.mng > fddc:3c8c:6e8c:b129::1000 psuah-1.mng.tcmc.com.br > psuah-1.mng > > # VXLAN Network - Project's subnet - DOESN'T WORK WITH IPv6 > fda2:c917:cd2e:0552::20 psuab-1.vxlan.tcmc.com.br > psuab-1.vxlan > fda2:c917:cd2e:0552::1000 psuah-1.vxlan.tcmc.com.br > psuah-1.vxlan > > # Cinder Network - iSCSI Traffic > fd72:3148:4c74:2f60::30 psuac-1.blk.tcmc.com.br > psuac-1.blk > fd72:3148:4c74:2f60::1000 psuah-1.blk.tcmc.com.br > psuah-1.blk > --- > > NOTE: Those private IPv6 subnets was generated here: > http://www.simpledns.com/private-ipv6.aspx > > Then, for example, I configured `auth_host` under `[keystone_authtoken]` > poiting to `psuaa-1.mng.tcmc.com.br` and `auth_uri` poiting to > `http://psuaa-1.tcmc.com.br:5000`. > > But, as I figured out, Metadata doesn't work with IPv6, which means that > `metadata_host / metadata_listen` is configured to `192.168.5.10` at > Controller's nova.conf (it doesn't work when I tried it with ` > fddc:3c8c:6e8c:b129::10`) and, at my Network Node, the `local_ip` at > `ml2_conf.ini` points to `192.168.6.20` (I would like to use at local_ip, > the address `fda2:c917:cd2e:0552::20`). > > Plus, here is my IPv6 API Endpoints (resolved via /etc/hosts or AAAA DNS > Records): > > --- > root@controller-1:~# keystone endpoint-list > WARNING: Bypassing authentication using a token & endpoint (authentication > credentials are being ignored). > > +----------------------------------+-----------+-------------------------------------------------------+-----------------------------------------------------------+------------------------------------------------------+----------------------------------+ > | id | region | > publicurl | internalurl > | adminurl | > service_id | > > +----------------------------------+-----------+-------------------------------------------------------+-----------------------------------------------------------+------------------------------------------------------+----------------------------------+ > | 0a7314067f144f94ad907e4023add10a | sp-east-1 | > http://psuaa-1.tcmc.com.br:8777 | > http://psuaa-1.mng.tcmc.com.br:8777 | > http://psuaa-1.mng.tcmc.com.br:8777 | > ef3f7861e7534049a171547bac6189d8 | > | 10ed8edcbecd4feebfccfaae8b9d6ba6 | sp-east-1 | > http://psuaa-1.tcmc.com.br:5000/v2.0 | > http://psuaa-1.mng.tcmc.com.br:5000/v2.0 | > http://psuaa-1.mng.tcmc.com.br:35357/v2.0 | > fe7c9413a430421d9b4c2d3760d468fc | > | 18fb5ccf76c2426ca88ec130461e4f26 | sp-east-1 | > http://psuaa-1.tcmc.com.br:8004/v1/$(tenant_id)s | > http://psuaa-1.mng.tcmc.com.br:8004/v1/$(tenant_id)s | > http://psuaa-1.mng.tcmc.com.br:8004/v1/$(tenant_id)s | > 1e101eaa6eb64b6ea046e1ac345e83dc | > | 29a2b2e132cc46648ba82b6cafdfeb8d | sp-east-1 | > http://psuaa-1.tcmc.com.br:8776/v1/$(tenant_id)s | > http://psuaa-1.mng.tcmc.com.br:8776/v1/$(tenant_id)s | > http://psuaa-1.mng.tcmc.com.br:8776/v1/$(tenant_id)s | > 6aa0854705c1468584b118a8d102cd80 | > | 2f6e5497cafc478cbe3e54d077a05c15 | sp-east-1 | > http://psuaa-1.tcmc.com.br:9696 | > http://psuaa-1.mng.tcmc.com.br:9696 | > http://psuaa-1.mng.tcmc.com.br:9696 | > 4da8894722404eac8cae5c74a9667eeb | > | 41740afdb160499b9d24231bd4aec736 | sp-east-1 | > http://psuaa-1.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s | > http://psuaa-1.mng.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s | > http://psuaa-1.mng.tcmc.com.br:8080/v1 | > 2d91b7a432f146b0a20636ab036d4e72 | > | 75e6fec21dc04277a2950f3fb82cd649 | sp-east-1 | > http://psuaa-1.tcmc.com.br:9292 | > http://psuaa-1.mng.tcmc.com.br:9292 | > http://psuaa-1.mng.tcmc.com.br:9292 | > 347a19c4a5fd45809350f298bd3bca6d | > | a35bbcf38abe4d598913800a4dfd2437 | sp-east-1 | > http://psuaa-1.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s | > http://psuaa-1.mng.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s | > http://psuaa-1.mng.tcmc.com.br:8080/v1 | > 2d91b7a432f146b0a20636ab036d4e72 | > | f311681da2d14c41acc086cd3d47b93f | sp-east-1 | > http://psuaa-1.tcmc.com.br:8774/v2/$(tenant_id)s | > http://psuaa-1.mng.tcmc.com.br:8774/v2/$(tenant_id)s | > http://psuaa-1.mng.tcmc.com.br:8774/v2/$(tenant_id)s | > cdd4cb09d53a44f78e2d33042dbfbf79 | > | fab3ab9df735451bac4932a4797e4f1e | sp-east-1 | > http://psuaa-1.tcmc.com.br:8000/v1 | > http://psuaa-1.mng.tcmc.com.br:8000/v1 | > http://psuaa-1.mng.tcmc.com.br:8000/v1 | > edee5082a58e435ba5d05b3d4c6ea9f4 | > | fe19983cbc034bdaa1e7b6909e3e6c5e | sp-east-1 | > http://psuaa-1.tcmc.com.br:8773/services/Cloud | > http://psuaa-1.mng.tcmc.com.br:8773/services/Cloud | > http://psuaa-1.mng.tcmc.com.br:8773/services/Admin | > 9f9b7f9a466d443893457b582435c786 | > > +----------------------------------+-----------+-------------------------------------------------------+-----------------------------------------------------------+------------------------------------------------------+----------------------------------+ > --- > > BTW, rabbitmq-server fails to install/start on a IPv6-Only environment, > vide BUG: > https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/1312507 > > Just for the record, I'm documenting the procedure to guide me, on this > gist: https://gist.github.com/tmartinx/9177697 > > I wish the best for you guys at next OpenStack summit! I would love to > join it but, unfortunately, I can't... > > Sorry about the huge e-mail... I did it this way, instead of using > pastebin services, mostly to let it here for posterity in one place... :-P > > Best Regards! > Thiago Martins >
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
