[rhos-list] EXTERNAL: Re: Metadata with Quantum.

Gary Kotton gkotton at redhat.com
Mon May 13 14:26:22 UTC 2013 

On 05/13/2013 05:19 PM, Minton, Rich wrote:
>
> Gary,
>
> Right now, I have my VMs on a flat network (10.0.56.0/21). Our 
> external physical router acts as the gateway (10.0.56.1) for VMs to 
> get to the external network. If I create an L3 router with the 
> 10.0.56.1 IP as the gateway I get conflicts on my physical router. Is 
> using the L3 agent and an L3 router the only way to access the 
> metadata service on my external network?
>

In RHOS 2.0 this is the only way. In RHOS 3.0 you will be able to do 
this via the DHCP agent.

> Is it possible to put a NAT on my physical router to accomplish the 
> same thing or is it absolutely necessary to route through the L3 router?
>

Yes, that is certainly possible. I am actually happy that you mentioned 
this as it is something that I would have done. I think that you can do 
this pretty easily:
1. If your router will be the default gateway for the VMs (this can be 
ensured when you create your subnet)
2. If you create a NAT rule on the router - all traffic that is destined 
to the metadata service should be re routed to the the meta data service

My understanding is that some hardware vendors are implementing l3 
functionality in their routers (well it is something that they have had 
for decades and do it a lot better and more efficiently that the l3 
agent - with the added bonus of HA)

The problem with the above is that it is something that is done manually 
and is not automated via quantum at the moment.

Thanks
Gary

> Thanks,
>
> Rick
>
> *From:*rhos-list-bounces at redhat.com 
> [mailto:rhos-list-bounces at redhat.com] *On Behalf Of *Gary Kotton
> *Sent:* Friday, May 10, 2013 9:45 AM
> *To:* rhos-list at redhat.com
> *Subject:* EXTERNAL: Re: [rhos-list] Metadata with Quantum.
>
> On 05/10/2013 04:18 PM, Minton, Rich wrote:
>
> Guys and Gals,
>
> I'm looking for some direction with regards to implementing Metadata 
> with Quantum.
>
> I'm using Openstack Networking with a Flat provider network, which is 
> working great at the moment. I have a Controller/compute node running 
> the quantum server, a Network node running openvswitch and dhcp 
> agents, and three compute nodes running the openvswitch agent. I was 
> going to install the L3 agent on the controller node since I read 
> somewhere that for this implementation the L3 agent should not be run 
> with the DHCP agent on the same host. From there I need some help with 
> the configuration.
>
>
> Yes, this is correct. At the moment RHEL does not support namespaces 
> so in order to have network isolation is is recommended that the l3 
> agent and the dhcp agent do not run on the same host. If this is for a 
> POC then you can certainly do this as there is no risk of a security hole.
>
> Hopefully in the coming versions we will have a better solution for this.
>
> Please note that in the RHOS 3 version will will be able to invoke the 
> metadata service form the DHCP agent if you choose.
>
>
> I have these entries in my nova.conf file on the Controller host (L3 
> agent host)
>
> enabled_apis=ec2,osapi_compute,metadata
>
> metadata_host=172.17.0.68  # This is the external IP of my Controller host
>
> metadata_port=8775
>
> metadata_listen=172.17.0.68
>
> service_quantum_metadata_proxy = true
>
> Is this all I need in nova?
>
>
> I think so.
>
>
> Do I need a port on br-ex that routes to my external network?
>
>
> You only need the br-ex on the host that is running the l3-agent.
>
>
> Do I need to create a router in quantum?
>
>
> Yes, you need to do this and you need to assign the router to the 
> subnet with the private ip. This will ensure that the traffic is sent 
> to the l3 -agent which in turn will redirect it to the metadata service.
>
>
> My External network is 172.17.0.0/24
>
> My management network is 10.255.254.0/24   (this is used for the hosts 
> to talk to each other, i.e., qpid and mysql)
>
> My guest network is 10.0.56.0/21
>
> My l3-agent.conf file:
>
> [DEFAULT]
>
> #sql_connection = mysql://quantum:XXXXXXXX@10.255.254.38/ovs_quantum 
> <mailto:mysql://quantum:XXXXXXXX@10.255.254.38/ovs_quantum>
>
> # Show more verbose log output (sets INFO log level output).
>
> verbose = True
>
> # Show debugging output in log (sets DEBUG log level output).
>
> debug = True
>
> # L3 agent requires that an interface driver be set.  Choose the one
>
> # that best matches your plugin. There is no default.
>
> # interface_driver =
>
> #
>
> # OVS
>
> interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
>
> # LinuxBridge
>
> # interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
>
> # The Quantum user information for accessing the Quantum API.
>
> auth_strategy = keystone
>
> auth_url = http://10.255.254.38:35357/v2.0/
>
> auth_region = lmicc
>
> admin_tenant_name = services
>
> admin_user = quantum
>
> admin_password = XXXXXXXXXX
>
> # Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
>
> # root filter facility.
>
> # Change to "sudo" to skip the filtering and just run the comand directly
>
> # root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
>
> # Without network namespaces, each L3 agent can only configure one
>
> # router.  This is done by setting the specific router_id.
>
> # router_id =
>
>
> Due to the fact that namespaces is not supported you need to create a 
> router and then update this with the router id and restart the service 
> (sorry it is a real pain). Hopefully in the near future we will have 
> packstack support for Quantum that will do all of the above automatically.
>
> # Each L3 agent can be associated with at most one external network.  This
>
> # value should be set to the UUID of that external network.  If empty,
>
> # the agent will enforce that only a single external networks exists and
>
> # use that external network id.
>
> # gateway_external_network_id =
>
> # Indicates that this L3 agent should also handle routers that do not have
>
> # an external network gateway configured.  This option should be True only
>
> # for a single agent in a Quantum deployment, and may be False for all 
> agents
>
> # if all routers must have an external network gateway.
>
> # handle_internal_only_routers = True
>
> # Name of bridge used for external network traffic. This should be set to
>
> # empty value for the linuxbridge plugin.
>
> # external_network_bridge = br-ex
>
> # IP address used by Nova metadata server.
>
> metadata_ip = 172.17.0.68
>
> # TCP Port used by Nova metadata server.
>
> metadata_port = 8775
>
> use_namespaces = False
>
> # The time in seconds between state poll requests.
>
> # polling_interval = 3
>
> Thank you for your help and patience.
>
> Rick
>
> _Richard Minton_
>
> LMICC Systems Administrator
>
> 4000 Geerdes Blvd, 13D31
>
> King of Prussia, PA 19406
>
> Phone: 610-354-5482
>
>
>
>
> _______________________________________________
> rhos-list mailing list
> rhos-list at redhat.com  <mailto:rhos-list at redhat.com>
> https://www.redhat.com/mailman/listinfo/rhos-list
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhos-list/attachments/20130513/7c117d65/attachment.htm>

More information about the rhos-list mailing list