<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 05/10/2013 04:18 PM, Minton, Rich wrote:
<blockquote
cite="mid:BCD47F9ED3ABA442A8713ECE06CB946821986D37@HVXDSP43.us.lmco.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif][if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Guys and Gals,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m looking for some direction with regards
to implementing Metadata with Quantum.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m using Openstack Networking with a Flat
provider network, which is working great at the moment. I have
a Controller/compute node running the quantum server, a
Network node running openvswitch and dhcp agents, and three
compute nodes running the openvswitch agent. I was going to
install the L3 agent on the controller node since I read
somewhere that for this implementation the L3 agent should not
be run with the DHCP agent on the same host. From there I need
some help with the configuration.<o:p></o:p></p>
</div>
</blockquote>
<br>
Yes, this is correct. At the moment RHEL does not support namespaces
so in order to have network isolation is is recommended that the l3
agent and the dhcp agent do not run on the same host. If this is for
a POC then you can certainly do this as there is no risk of a
security hole.<br>
<br>
Hopefully in the coming versions we will have a better solution for
this.<br>
<br>
Please note that in the RHOS 3 version will will be able to invoke
the metadata service form the DHCP agent if you choose. <br>
<br>
<blockquote
cite="mid:BCD47F9ED3ABA442A8713ECE06CB946821986D37@HVXDSP43.us.lmco.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I have these entries in my nova.conf file
on the Controller host (L3 agent host)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Courier New"">enabled_apis=ec2,osapi_compute,metadata<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Courier New"">metadata_host=172.17.0.68
# This is the external IP of my Controller host<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Courier New"">metadata_port=8775<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Courier New"">metadata_listen=172.17.0.68<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Courier New"">service_quantum_metadata_proxy
= true<o:p></o:p></span></p>
<p class="MsoNormal">Is this all I need in nova?<o:p></o:p></p>
</div>
</blockquote>
<br>
I think so.<br>
<br>
<blockquote
cite="mid:BCD47F9ED3ABA442A8713ECE06CB946821986D37@HVXDSP43.us.lmco.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Do I need a port on br-ex that routes to my
external network?<o:p></o:p></p>
</div>
</blockquote>
<br>
You only need the br-ex on the host that is running the l3-agent. <br>
<br>
<blockquote
cite="mid:BCD47F9ED3ABA442A8713ECE06CB946821986D37@HVXDSP43.us.lmco.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal">Do I need to create a router in quantum?<o:p></o:p></p>
</div>
</blockquote>
<br>
Yes, you need to do this and you need to assign the router to the
subnet with the private ip. This will ensure that the traffic is
sent to the l3 -agent which in turn will redirect it to the metadata
service.<br>
<br>
<blockquote
cite="mid:BCD47F9ED3ABA442A8713ECE06CB946821986D37@HVXDSP43.us.lmco.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal">My External network is 172.17.0.0/24<o:p></o:p></p>
<p class="MsoNormal">My management network is 10.255.254.0/24
(this is used for the hosts to talk to each other, i.e., qpid
and mysql)<o:p></o:p></p>
<p class="MsoNormal">My guest network is 10.0.56.0/21<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My l3-agent.conf file:<o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">[DEFAULT]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">#sql_connection =
<a class="moz-txt-link-abbreviated" href="mailto:mysql://quantum:XXXXXXXX@10.255.254.38/ovs_quantum">mysql://quantum:XXXXXXXX@10.255.254.38/ovs_quantum</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Show more verbose log output (sets INFO log
level output).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">verbose = True<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Show debugging output in log (sets DEBUG log
level output).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">debug = True<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># L3 agent requires that an interface driver be
set. Choose the one<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># that best matches your plugin. There is no
default.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># interface_driver =<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># OVS<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">interface_driver =
quantum.agent.linux.interface.OVSInterfaceDriver<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># LinuxBridge<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># interface_driver =
quantum.agent.linux.interface.BridgeInterfaceDriver<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># The Quantum user information for accessing the
Quantum API.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">auth_strategy = keystone<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">auth_url = <a class="moz-txt-link-freetext" href="http://10.255.254.38:35357/v2.0/">http://10.255.254.38:35357/v2.0/</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">auth_region = lmicc<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">admin_tenant_name = services<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">admin_user = quantum<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">admin_password = XXXXXXXXXX<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Use "sudo quantum-rootwrap
/etc/quantum/rootwrap.conf" to use the real<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># root filter facility.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Change to "sudo" to skip the filtering and just
run the comand directly<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># root_helper = sudo quantum-rootwrap
/etc/quantum/rootwrap.conf<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Without network namespaces, each L3 agent can
only configure one<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># router. This is done by setting the specific
router_id.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family: "Courier
New";"># router_id = </span></p>
</div>
</blockquote>
<br>
Due to the fact that namespaces is not supported you need to create
a router and then update this with the router id and restart the
service (sorry it is a real pain). Hopefully in the near future we
will have packstack support for Quantum that will do all of the
above automatically.<br>
<blockquote
cite="mid:BCD47F9ED3ABA442A8713ECE06CB946821986D37@HVXDSP43.us.lmco.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Each L3 agent can be associated with at most
one external network. This<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># value should be set to the UUID of that
external network. If empty,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># the agent will enforce that only a single
external networks exists and<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># use that external network id.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># gateway_external_network_id =<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Indicates that this L3 agent should also handle
routers that do not have<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># an external network gateway configured. This
option should be True only<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># for a single agent in a Quantum deployment, and
may be False for all agents<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># if all routers must have an external network
gateway.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># handle_internal_only_routers = True<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Name of bridge used for external network
traffic. This should be set to<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># empty value for the linuxbridge plugin.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># external_network_bridge = br-ex<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># IP address used by Nova metadata server.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">metadata_ip = 172.17.0.68<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># TCP Port used by Nova metadata server.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">metadata_port = 8775<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">use_namespaces = False<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># The time in seconds between state poll
requests.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># polling_interval = 3<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you for your help and patience.<o:p></o:p></p>
<p class="MsoNormal">Rick<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><u><span
style="font-size:14.0pt;color:#990000">Richard Minton<o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt">LMICC
Systems Administrator<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">4000 Geerdes
Blvd, 13D31<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">King of
Prussia, PA 19406<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Phone:
610-354-5482<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
rhos-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:rhos-list@redhat.com">rhos-list@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/rhos-list">https://www.redhat.com/mailman/listinfo/rhos-list</a></pre>
</blockquote>
<br>
</body>
</html>