[rhos-list] EXTERNAL: Re: Metadata with Quantum.

Gary Kotton gkotton at redhat.com
Tue May 14 07:20:21 UTC 2013 

Hi,
Thanks for the inputs, please see below.
I think that we are in two different time zones (we also have a holiday 
here this afternoon and tomorrow).
Thanks
Gary

On 05/13/2013 11:08 PM, Minton, Rich wrote:
>
> Ok, success.
>

Cool

> I was able to get the metadata service up and running.  I'm using a 
> Flat network, no GRE tunnels or VLANs, except for my host external 
> interfaces.
>
> 1.Installed L3-agent on my controller/compute node
>
> 2.Nova-api is running on controller/compute node
>
> 3."quantum router-create router1"
>
> 4."quantum router-interface-add router1 <subnet-id>"
>
> 5.Ensure port eth1 is attached to br-eth1 using "ovs-vsctl add-port 
> br-eth1 eth1" (only if eth1 is your VM NIC).  I loose eth1 off of 
> br-eth1 after a service network restart or a host reboot. *Any ideas 
> on this one?*
>

I have a number of questions and comments regarding this one.
i. If you have an interface /etc/sysconfig/network-scripts/ifcfg-br-int 
configured then each time that you run the network restart then the ovs 
bridges will be purged of all of their tap devices.
ii. When the quantum agent restarts the interface is added to the 
bridge. It is not really clear why this is happening at reboot. I'll try 
and reproduce on my side.

> 6.We also ran "ip addr add 169.254.169.254/32 dev eth0.500" to make 
> route all requests to 169... to my external interface. I think this 
> was the ticket for us.
>
> Hope this helps somebody.
>

Yes, it sure does.
Thank you
Gary

> Rick
>
> *From:*Gary Kotton [mailto:gkotton at redhat.com]
> *Sent:* Monday, May 13, 2013 10:26 AM
> *To:* Minton, Rich
> *Cc:* rhos-list at redhat.com
> *Subject:* Re: EXTERNAL: Re: [rhos-list] Metadata with Quantum.
>
> On 05/13/2013 05:19 PM, Minton, Rich wrote:
>
> Gary,
>
> Right now, I have my VMs on a flat network (10.0.56.0/21). Our 
> external physical router acts as the gateway (10.0.56.1) for VMs to 
> get to the external network. If I create an L3 router with the 
> 10.0.56.1 IP as the gateway I get conflicts on my physical router. Is 
> using the L3 agent and an L3 router the only way to access the 
> metadata service on my external network?
>
>
> In RHOS 2.0 this is the only way. In RHOS 3.0 you will be able to do 
> this via the DHCP agent.
>
>
> Is it possible to put a NAT on my physical router to accomplish the 
> same thing or is it absolutely necessary to route through the L3 router?
>
>
> Yes, that is certainly possible. I am actually happy that you 
> mentioned this as it is something that I would have done. I think that 
> you can do this pretty easily:
> 1. If your router will be the default gateway for the VMs (this can be 
> ensured when you create your subnet)
> 2. If you create a NAT rule on the router - all traffic that is 
> destined to the metadata service should be re routed to the the meta 
> data service
>
> My understanding is that some hardware vendors are implementing l3 
> functionality in their routers (well it is something that they have 
> had for decades and do it a lot better and more efficiently that the 
> l3 agent - with the added bonus of HA)
>
> The problem with the above is that it is something that is done 
> manually and is not automated via quantum at the moment.
>
> Thanks
> Gary
>
>
> Thanks,
>
> Rick
>
> *From:*rhos-list-bounces at redhat.com 
> <mailto:rhos-list-bounces at redhat.com> 
> [mailto:rhos-list-bounces at redhat.com] *On Behalf Of *Gary Kotton
> *Sent:* Friday, May 10, 2013 9:45 AM
> *To:* rhos-list at redhat.com <mailto:rhos-list at redhat.com>
> *Subject:* EXTERNAL: Re: [rhos-list] Metadata with Quantum.
>
> On 05/10/2013 04:18 PM, Minton, Rich wrote:
>
> Guys and Gals,
>
> I'm looking for some direction with regards to implementing Metadata 
> with Quantum.
>
> I'm using Openstack Networking with a Flat provider network, which is 
> working great at the moment. I have a Controller/compute node running 
> the quantum server, a Network node running openvswitch and dhcp 
> agents, and three compute nodes running the openvswitch agent. I was 
> going to install the L3 agent on the controller node since I read 
> somewhere that for this implementation the L3 agent should not be run 
> with the DHCP agent on the same host. From there I need some help with 
> the configuration.
>
>
> Yes, this is correct. At the moment RHEL does not support namespaces 
> so in order to have network isolation is is recommended that the l3 
> agent and the dhcp agent do not run on the same host. If this is for a 
> POC then you can certainly do this as there is no risk of a security hole.
>
> Hopefully in the coming versions we will have a better solution for this.
>
> Please note that in the RHOS 3 version will will be able to invoke the 
> metadata service form the DHCP agent if you choose.
>
>
>
> I have these entries in my nova.conf file on the Controller host (L3 
> agent host)
>
> enabled_apis=ec2,osapi_compute,metadata
>
> metadata_host=172.17.0.68  # This is the external IP of my Controller host
>
> metadata_port=8775
>
> metadata_listen=172.17.0.68
>
> service_quantum_metadata_proxy = true
>
> Is this all I need in nova?
>
>
> I think so.
>
>
>
> Do I need a port on br-ex that routes to my external network?
>
>
> You only need the br-ex on the host that is running the l3-agent.
>
>
>
> Do I need to create a router in quantum?
>
>
> Yes, you need to do this and you need to assign the router to the 
> subnet with the private ip. This will ensure that the traffic is sent 
> to the l3 -agent which in turn will redirect it to the metadata service.
>
>
>
> My External network is 172.17.0.0/24
>
> My management network is 10.255.254.0/24   (this is used for the hosts 
> to talk to each other, i.e., qpid and mysql)
>
> My guest network is 10.0.56.0/21
>
> My l3-agent.conf file:
>
> [DEFAULT]
>
> #sql_connection = mysql://quantum:XXXXXXXX@10.255.254.38/ovs_quantum 
> <mailto:mysql://quantum:XXXXXXXX@10.255.254.38/ovs_quantum>
>
> # Show more verbose log output (sets INFO log level output).
>
> verbose = True
>
> # Show debugging output in log (sets DEBUG log level output).
>
> debug = True
>
> # L3 agent requires that an interface driver be set.  Choose the one
>
> # that best matches your plugin. There is no default.
>
> # interface_driver =
>
> #
>
> # OVS
>
> interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
>
> # LinuxBridge
>
> # interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
>
> # The Quantum user information for accessing the Quantum API.
>
> auth_strategy = keystone
>
> auth_url = http://10.255.254.38:35357/v2.0/
>
> auth_region = lmicc
>
> admin_tenant_name = services
>
> admin_user = quantum
>
> admin_password = XXXXXXXXXX
>
> # Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
>
> # root filter facility.
>
> # Change to "sudo" to skip the filtering and just run the comand directly
>
> # root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
>
> # Without network namespaces, each L3 agent can only configure one
>
> # router.  This is done by setting the specific router_id.
>
> # router_id =
>
>
> Due to the fact that namespaces is not supported you need to create a 
> router and then update this with the router id and restart the service 
> (sorry it is a real pain). Hopefully in the near future we will have 
> packstack support for Quantum that will do all of the above automatically.
>
>
> # Each L3 agent can be associated with at most one external network.  This
>
> # value should be set to the UUID of that external network.  If empty,
>
> # the agent will enforce that only a single external networks exists and
>
> # use that external network id.
>
> # gateway_external_network_id =
>
> # Indicates that this L3 agent should also handle routers that do not have
>
> # an external network gateway configured.  This option should be True only
>
> # for a single agent in a Quantum deployment, and may be False for all 
> agents
>
> # if all routers must have an external network gateway.
>
> # handle_internal_only_routers = True
>
> # Name of bridge used for external network traffic. This should be set to
>
> # empty value for the linuxbridge plugin.
>
> # external_network_bridge = br-ex
>
> # IP address used by Nova metadata server.
>
> metadata_ip = 172.17.0.68
>
> # TCP Port used by Nova metadata server.
>
> metadata_port = 8775
>
> use_namespaces = False
>
> # The time in seconds between state poll requests.
>
> # polling_interval = 3
>
> Thank you for your help and patience.
>
> Rick
>
> _Richard Minton_
>
> LMICC Systems Administrator
>
> 4000 Geerdes Blvd, 13D31
>
> King of Prussia, PA 19406
>
> Phone: 610-354-5482
>
>
>
>
>
> _______________________________________________
> rhos-list mailing list
> rhos-list at redhat.com  <mailto:rhos-list at redhat.com>
> https://www.redhat.com/mailman/listinfo/rhos-list
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhos-list/attachments/20130514/1675d594/attachment.htm>

More information about the rhos-list mailing list