<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 05/13/2013 05:19 PM, Minton, Rich wrote:
<blockquote
cite="mid:BCD47F9ED3ABA442A8713ECE06CB94682198903D@HVXDSP43.us.lmco.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Courier New \;";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif][if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Gary,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Right
now, I have my VMs on a flat network (10.0.56.0/21). Our
external physical router acts as the gateway (10.0.56.1) for
VMs to get to the external network. If I create an L3 router
with the 10.0.56.1 IP as the gateway I get conflicts on my
physical router. Is using the L3 agent and an L3 router the
only way to access the metadata service on my external
network?</span></p>
</div>
</blockquote>
<br>
In RHOS 2.0 this is the only way. In RHOS 3.0 you will be able to do
this via the DHCP agent.<br>
<br>
<blockquote
cite="mid:BCD47F9ED3ABA442A8713ECE06CB94682198903D@HVXDSP43.us.lmco.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);"> Is
it possible to put a NAT on my physical router to accomplish
the same thing or is it absolutely necessary to route
through the L3 router?</span></p>
</div>
</blockquote>
<br>
Yes, that is certainly possible. I am actually happy that you
mentioned this as it is something that I would have done. I think
that you can do this pretty easily:<br>
1. If your router will be the default gateway for the VMs (this can
be ensured when you create your subnet)<br>
2. If you create a NAT rule on the router - all traffic that is
destined to the metadata service should be re routed to the the meta
data service<br>
<br>
My understanding is that some hardware vendors are implementing l3
functionality in their routers (well it is something that they have
had for decades and do it a lot better and more efficiently that the
l3 agent - with the added bonus of HA)<br>
<br>
The problem with the above is that it is something that is done
manually and is not automated via quantum at the moment.<br>
<br>
Thanks<br>
Gary<br>
<br>
<blockquote
cite="mid:BCD47F9ED3ABA442A8713ECE06CB94682198903D@HVXDSP43.us.lmco.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Rick<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
<a class="moz-txt-link-abbreviated" href="mailto:rhos-list-bounces@redhat.com">rhos-list-bounces@redhat.com</a>
[<a class="moz-txt-link-freetext" href="mailto:rhos-list-bounces@redhat.com">mailto:rhos-list-bounces@redhat.com</a>]
<b>On Behalf Of </b>Gary Kotton<br>
<b>Sent:</b> Friday, May 10, 2013 9:45 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:rhos-list@redhat.com">rhos-list@redhat.com</a><br>
<b>Subject:</b> EXTERNAL: Re: [rhos-list] Metadata with
Quantum.<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">On 05/10/2013 04:18 PM, Minton, Rich wrote:
<o:p></o:p></p>
<p class="MsoNormal">Guys and Gals,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I’m looking for some direction with regards
to implementing Metadata with Quantum.
<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I’m using Openstack Networking with a Flat
provider network, which is working great at the moment. I have
a Controller/compute node running the quantum server, a
Network node running openvswitch and dhcp agents, and three
compute nodes running the openvswitch agent. I was going to
install the L3 agent on the controller node since I read
somewhere that for this implementation the L3 agent should not
be run with the DHCP agent on the same host. From there I need
some help with the configuration.<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
Yes, this is correct. At the moment RHEL does not support
namespaces so in order to have network isolation is is
recommended that the l3 agent and the dhcp agent do not run
on the same host. If this is for a POC then you can
certainly do this as there is no risk of a security hole.<br>
<br>
Hopefully in the coming versions we will have a better
solution for this.<br>
<br>
Please note that in the RHOS 3 version will will be able to
invoke the metadata service form the DHCP agent if you
choose.
<br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I have these entries in my nova.conf file
on the Controller host (L3 agent host)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Courier New"">enabled_apis=ec2,osapi_compute,metadata</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Courier New"">metadata_host=172.17.0.68
# This is the external IP of my Controller host</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Courier New"">metadata_port=8775</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Courier New"">metadata_listen=172.17.0.68</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-family:"Courier New"">service_quantum_metadata_proxy
= true</span><o:p></o:p></p>
<p class="MsoNormal">Is this all I need in nova?<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
I think so.<br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Do I need a port on br-ex that routes to my
external network?<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
You only need the br-ex on the host that is running the
l3-agent. <br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal">Do I need to create a router in quantum?<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
Yes, you need to do this and you need to assign the router
to the subnet with the private ip. This will ensure that the
traffic is sent to the l3 -agent which in turn will redirect
it to the metadata service.<br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal">My External network is 172.17.0.0/24<o:p></o:p></p>
<p class="MsoNormal">My management network is 10.255.254.0/24
(this is used for the hosts to talk to each other, i.e., qpid
and mysql)<o:p></o:p></p>
<p class="MsoNormal">My guest network is 10.0.56.0/21<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">My l3-agent.conf file:<o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">[DEFAULT]</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">#sql_connection = <a moz-do-not-send="true"
href="mailto:mysql://quantum:XXXXXXXX@10.255.254.38/ovs_quantum">
mysql://quantum:XXXXXXXX@10.255.254.38/ovs_quantum</a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Show more verbose log output (sets INFO log
level output).</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">verbose = True</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Show debugging output in log (sets DEBUG log
level output).</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">debug = True</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># L3 agent requires that an interface driver be
set. Choose the one</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># that best matches your plugin. There is no
default.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># interface_driver =</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">#</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># OVS</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">interface_driver =
quantum.agent.linux.interface.OVSInterfaceDriver</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># LinuxBridge</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># interface_driver =
quantum.agent.linux.interface.BridgeInterfaceDriver</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># The Quantum user information for accessing the
Quantum API.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">auth_strategy = keystone</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">auth_url = <a moz-do-not-send="true"
href="http://10.255.254.38:35357/v2.0/">
http://10.255.254.38:35357/v2.0/</a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">auth_region = lmicc</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">admin_tenant_name = services</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">admin_user = quantum</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">admin_password = XXXXXXXXXX</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Use "sudo quantum-rootwrap
/etc/quantum/rootwrap.conf" to use the real</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># root filter facility.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Change to "sudo" to skip the filtering and just
run the comand directly</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># root_helper = sudo quantum-rootwrap
/etc/quantum/rootwrap.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Without network namespaces, each L3 agent can
only configure one</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># router. This is done by setting the specific
router_id.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New
;","serif""># router_id =
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
Due to the fact that namespaces is not supported you need to
create a router and then update this with the router id and
restart the service (sorry it is a real pain). Hopefully in
the near future we will have packstack support for Quantum
that will do all of the above automatically.<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Each L3 agent can be associated with at most
one external network. This</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># value should be set to the UUID of that
external network. If empty,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># the agent will enforce that only a single
external networks exists and</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># use that external network id.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># gateway_external_network_id =</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Indicates that this L3 agent should also handle
routers that do not have</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># an external network gateway configured. This
option should be True only</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># for a single agent in a Quantum deployment, and
may be False for all agents</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># if all routers must have an external network
gateway.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># handle_internal_only_routers = True</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># Name of bridge used for external network
traffic. This should be set to</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># empty value for the linuxbridge plugin.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># external_network_bridge = br-ex</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># IP address used by Nova metadata server.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">metadata_ip = 172.17.0.68</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># TCP Port used by Nova metadata server.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">metadata_port = 8775</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">use_namespaces = False</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># The time in seconds between state poll
requests.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""># polling_interval = 3</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Thank you for your help and patience.<o:p></o:p></p>
<p class="MsoNormal">Rick<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><u><span
style="font-size:14.0pt;color:#990000">Richard Minton</span></u><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">LMICC
Systems Administrator</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">4000 Geerdes
Blvd, 13D31</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">King of
Prussia, PA 19406</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Phone:
610-354-5482</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>rhos-list mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:rhos-list@redhat.com">rhos-list@redhat.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/rhos-list">https://www.redhat.com/mailman/listinfo/rhos-list</a><o:p></o:p></pre>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><o:p> </o:p></span></p>
</div>
</blockquote>
<br>
</body>
</html>