[rhos-list] Nova-Network problem

Vogel Nicolas nicolas.vogel at heig-vd.ch
Tue Mar 26 09:23:04 UTC 2013 

Hello,

Sorry for this late answer.
I modified my configuration but I have some problems yet.

My goal is to have a configuration like this "10.3. Flat Network,  multiple interfaces, multiple servers" http://docs.openstack.org/trunk/openstack-compute/admin/content/libvirt-flat-networking.html

I have my first NIC (em1) configured on a 10.192.75.0/24 network for management.
The second network that is available for me is 10.192.72.0/23. This network as already a DHCP server with can give IPs from 72.106 to 72.169.
So I think I just have to work with FlatNetworking and not FlatDHCPNetworking because I already have a DHCP server is that correct?

I created the rules for the default group like described: http://docs.openstack.org/trunk/openstack-compute/admin/content/enabling-ping-and-ssh-on-vms.html
Because I'm in a test phase and totally disconnected from outside world, I set the system in Permissive Mode and disable IPtables for the moment.

So for Flat-networking, my em2+br100 interfaces don't need IP+subnet+gateway right?
Here my config files for em2:
DEVICE="em2"
#BOOTPROTO="none"
HWADDR="84:2B:2B:6C:FD:10"
BRIDGE=br100
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
UUID="014a008d-02cb-45c2-98b4-9973fb70420b"

And for br100:
DEVICE=br100
TYPE=Bridge
ONBOOT=yes
DELAY=0
BOOTPROTO=none

I also modified my nova.conf like this
[DEFAULT]
logdir = /var/log/nova
state_path = /var/lib/nova
lock_path = /var/lib/nova/tmp
volumes_dir = /etc/nova/volumes
#dhcpbridge = /usr/bin/nova-dhcpbridge
#dhcpbridge_flagfile = /etc/nova/nova.conf
force_dhcp_release = True
injected_network_template = /usr/share/nova/interfaces.template
libvirt_nonblocking = True
libvirt_inject_partition = -1
network_manager = nova.network.manager.FlatManager
iscsi_helper = tgtadm
sql_connection = mysql://nova:nova@10.192.75.190/nova
compute_driver = libvirt.LibvirtDriver
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
rpc_backend = nova.openstack.common.rpc.impl_qpid
rootwrap_config = /etc/nova/rootwrap.conf
auth_strategy = keystone
flat_interface = em2
public_interface = em2
volume_api_class = nova.volume.cinder.API
enabled_apis = ec2,osapi_compute,metadata
flat_network_bridge = br100		# I added this line manually
fixed_range = 10.192.72.128/32	# I added this line manually


[keystone_authtoken]
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
auth_host = 10.192.75.190
auth_port = 35357
auth_protocol = http
signing_dirname = /tmp/keystone-signing-nova

#VNC Proxy
novncproxy_host = 10.192.75.190
novncproxy_port = 6080
novncproxy_base_url = http://10.192.75.190:6080/vnc_auto.html
vnc_enabled = true
vncserver_listen = 10.192.75.190
vncserver_proxyclient_address = 10.192.75.190

I modified the loopback address with the right IP like you told me and added the two lines "flat_network_bridge" and "fixed_range" manually. Is that correct ?

Then I wan't to created a pool for my VMs, which must match a part of my DHCP range:
nova-manage network create private --multi_host=T --fixed_range_v4=10.192.72.128/27 --bridge=br100 --bridge_interface=em2 --network_size=32
But when I'm wan't to see the network with "nova network-list" command, I have following error :
ERROR: string indices must be integers, not str

I'm not connected to the outside world for the moment but I want to test the allocation of floating IP:
nova-manage floating create 100.100.100.100
nova floating-ip-create
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-53668eb6-92f6-47f5-98dc-3f6aa8ebf9e7)
Why did I have this Error? I have the same error when I'm creating more than one IP (100.100.100.100/29) and then try the floating-ip-create command.

And for me second node, I mean a compute/network node, which must be connected to the controller node and receive keystone and glance services from him. On my second Node, I configured for the moment juste Nova and Cinder. I don't know what to do else. Should I complete the Keystone endpoint-list on the controller with this new endpoints (on server 10.192.75.191) ?
How can I tell my second node to communicate with the controller?

Thanks a lot,
Cheers,

Nicolas Vogel.


-----Original Message-----
From: Brent Eagles [mailto:beagles at redhat.com] 
Sent: jeudi 21 mars 2013 16:51
To: Vogel Nicolas
Cc: 'rhos-list at redhat.com'
Subject: Re: [rhos-list] Nova-Network problem

On Thu, Mar 21, 2013 at 07:38:15AM +0000, Vogel Nicolas wrote:
> Hello,
> 
> I’ve installed Openstack Folsom with Keystone, Nova, Cinder and Glance 
> on a single node with CentOS 6.3. I’m using Nova-network and not 
> Quantum.  My server has 2 NICs, and I used one of them for management
> (em1: 10.192.75.190/24) and the second for my VM (em2 + br100:
> 10.192.73.193/26).  All the VM I start get a right IP address but I 
> can’t reach them.  Here is my config:

What do you mean by "can't reach them"? Do you mean SSH or ping? Did you define the security group rules (see http://docs.openstack.org/trunk/openstack-compute/admin/content/enabling-ping-and-ssh-on-vms.html
Without them, iptables is likely blocking access.

<snip>

> em2:
> DEVICE="em2"
> #BOOTPROTO="none"
> HWADDR="84:2B:2B:6C:FD:10"
> BRIDGE=br100
> NM_CONTROLLED="yes"
> ONBOOT="yes"
> TYPE="Ethernet"
> UUID="014a008d-02cb-45c2-98b4-xxxxxxxxxxxx"

Is this interface really configured with NetworkManager, or did you do this with a configuation file? If the latter, you might want to set NM_CONTROLLED=no. It may not make a difference, but...

> 
> br100:
> DEVICE=br100
> TYPE=Bridge
> ONBOOT=yes
> DELAY=0
> BOOTPROTO=static
> IPADDR=10.192.73.193
> NETMASK=255.255.255.192
> 
<snip>
 
> What did I make wrong in my config?

Might be best to verify the security group thing before looking at the rest.

> 
> If I want to assign my VM a floating IP (public IP), I have to create 
> a pool. But do I have to use a third NIC which is available on my 
> server and create a br101 interface for that?

No, you do not need another interface. What happens when you allocate and assign a floating IP is that Openstack adds rules to your iptables that perform source and destination address translation at appropriate points according to how you have things configured. For example, as a packet from a VM goes out your public interface, there is a SNAT to the assigned public IP address ensuring that return communications come back
a.) to the proper destination and b.) addressed to the proper assigned address. There is a companion rule that DNAT's it back to the private address for packets coming back in.

> I’m also trying to configure a second node. Is the network 
> configuration identical as for the controller (with a br100 = IP
> 10.192.73.194 in this case) ?

The question is a little ambiguous. Do you mean a second standalone compute node or a compute/network node? I would recommend giving the following a read if it is the latter:

http://docs.openstack.org/trunk/openstack-compute/admin/content/existing-ha-networking-options.html

Just a heads up when it comes to configuing your second node, be wary of instances in your configuration where "localhost" is used (e.g. the database access configuration). It can be a bit frustrating (debug=True/verbose=True is your friend!) when you miss them. You also need to make sure that the firewall rules aren't filtering out the required traffic. Another thing that tripped me up when I first started were the mysql accounts (if you are using mysql) as they can be restrictive with respect to the source host/ip for the connection. Try running mysql -e "select host, user from mysql.user" . If the host values are all "%" (percent signs) then I think you are golden.  If not, you might need to do some tweaking to get things to work.

Cheers,

Brent

More information about the rhos-list mailing list