Added a few clarifications to improve the tutorial:
- VM needs to be at least 6 Gb on latest openstack (ouch!);
- VM must support nesting;
- local.conf may require HOST_IP depending on device name;
- Omit --project from network create to be consistent with OS_PROJECT_NAME;
- Use a temporary file to ensure datapath flow for recirc(0) is obtained;
- Reword what to expect when tracing packet before logical router creation;
- Fix minor mistake on the usage of netcat command;
- Use MAC of logical router's IPv4 interface to make ACL example more
realistic.
Signed-off-by: Flavio Fernandes
---
v1->v2: Fix [most] issues found by 0-day robot. Bleep bloop. :)
The one lingering issue I don't know how to fix, bc I rather not break
up url.
v2->v3: Fix backslash mistake introduced on v2.
Open issues that I will look into in parallel:
- With OVN moving to its own repo, this patch may need to move as well.
- I was not able to see NAT entries in a logical flow when following the
Gateway section.
---
Documentation/tutorials/ovn-openstack.rst | 64 +++
1 file changed, 53 insertions(+), 11 deletions(-)
diff --git a/Documentation/tutorials/ovn-openstack.rst
b/Documentation/tutorials/ovn-openstack.rst
index c6dff5e55..353ef209e 100644
--- a/Documentation/tutorials/ovn-openstack.rst
+++ b/Documentation/tutorials/ovn-openstack.rst
@@ -62,12 +62,16 @@ with the tutorial in full.
Unless you have a spare computer laying about, it's easiest to install
DevStacck in a virtual machine. This tutorial was built using a VM
implemented by KVM and managed by virt-manager. I recommend
-configuring the VM configured for the x86-64 architecture, 4 GB RAM, 2
+configuring the VM configured for the x86-64 architecture, 6 GB RAM, 2
VCPUs, and a 20 GB virtual disk.
.. note::
+ Since we will be creating VMs inside this VM, it is important to have
+ nesting configured properly. See
+
https://github.com/openstack/devstack/blob/master/doc/source/guides/devstack-with-nested-kvm.rst
+ for details on that.
- If you happen to run your Linux-based host with 32-bit userspace,
+ Also, if you happen to run your Linux-based host with 32-bit userspace,
then you will have some special issues, even if you use a 64-bit
kernel:
@@ -174,6 +178,12 @@ Here are step-by-step instructions to get started:
.. note::
+ Depending on the name of the network device used by the VM, devstack
+ may be unable to automatically obtain its IP address. If that happens,
+ edit ``local.conf`` and explicitly provide it (X marks the spot)::
+
+HOST_IP=X
+
If you installed a 32-bit i386 guest (against the advice above),
at this point edit ``local.conf`` to add the following line::
@@ -430,7 +440,7 @@ Creating network ``n1``
Let's start by creating the network::
- $ openstack network create --project admin --provider-network-type geneve n1
+ $ openstack network create --provider-network-type geneve n1
OpenStack needs to know the subnets that a network serves. We inform
it by creating subnet objects. To keep it simple, let's give our
@@ -997,6 +1007,22 @@ this::
recirc_id(0),in_port(3),eth(src=fa:16:3e:f5:2a:90),eth_type(0x0800),ipv4(src=10.1.1.5,frag=no),
packets:388, bytes:38024, used:0.977s, actions:ct(zone=8),recirc(0x18)
+.. note::
+
+ Flows in the datapath can expire quickly and the ``watch`` command
+ mentioned above may be too slow to catch it. If that is your
+ case, stop the ``ping 10.1.1.6`` session and re-start it a few
+ seconds after this command::
+
+$ sudo conntrack -F ; rm -f /tmp/flows.txt ; \
+ for _ in $(seq 100) ; do \
+ sudo ovs-dpctl dump-flows >> /tmp/flows.txt ; \
+ sleep 0.1 ; done
+
+ Then, look for ``recirc_id(0)`` in flows.txt after ping command was issued::
+
+$ sort --uniq /tmp/flows.txt | grep zone
+
We can hand the first part of this (everything up to the first space)
to ``ofproto/trace``, and it will tell us what happens::
@@ -1064,7 +1090,7 @@ tracing with ``recirc_id(0xc)``::
...
Datapath actions: 4
-It was took multiple hops, but we finally came to the end of the line
+It took multiple hops, but we finally came to the end of the line
where the packet was output to ``b`` after passing through both
firewalls. The port number here is a datapath port number, which is
usually different from an OpenFlow port number. To check that it is
@@ -1114,15 +1140,16 @@ works in OVN.
There's nothing really new for the network and the VM so let's just go
ahead and create them::
- $ openstack network create --project admin --provider-network-type geneve n2
+ $ openstack network create --provider-network-type geneve n2
$ openstack subnet create --subnet-range 10.1.2.0/24 --network n2 n2subnet
$ openstack server create --nic net-id=n2,v4-fixed-ip=10.1.2.7 --flavor
m1.nano --image $IMAGE_ID --key-name demo c
$ openstack port set --name cp $(openstack
