Bug 1122142

Summary: Rubygem-staypuft: Neutron deployment with vxlan doesn't configure br-ex on the neutron-networker, As results instances won't be able get outside the network.
Product: Red Hat OpenStack Reporter: Omri Hochman <ohochman>
Component: openstack-puppet-modulesAssignee: Martin Magr <mmagr>
Status: CLOSED ERRATA QA Contact: Alexander Chuzhoy <sasha>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 5.0 (RHEL 6)CC: acathrow, aortega, gdubreui, jguiditt, lhh, mburns, mmagr, morazi, nyechiel, racedoro, sasha, sclewis, yeylon
Target Milestone: rc   
Target Release: 5.0 (RHEL 6)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-puppet-modules-2014.1-19.4.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-02 18:11:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Omri Hochman 2014-07-22 15:53:55 UTC
Rubygem-staypuft: Neutron deployment with vxlan doesn't configure br-ex on the neutron-networker, As results instances won't be able get outside the network.

Environment:
-------------
ruby193-rubygem-staypuft-0.1.18-1.el6ost.noarch
puppet-3.6.2-1.1.el6.noarch
puppet-server-3.6.2-1.1.el6.noarch
openstack-puppet-modules-2014.1-19.1.el6ost.noarch
foreman-1.6.0.21-1.el6sat.noarch
ruby193-rubygem-foreman_discovery-1.3.0-0.1.rc2.el6sat.noarch



Description:
-------------
When attempting to deploy Non-HA-neutron with vxlan , staypuft doesn't configure br-ex on the neutron-networker. 
from looking at the neutron-networker YAML.file (view from the staypuft GUI ) it looks like there's -->  external_network_bridge: br-ex .
but the actual result when running 'ovs-vsctl show' on the neutron-networker it doesn't show that the br-ex exist.
  

Neutron-Networker :
--------------------
[root@a25400868094 ~]# ovs-vsctl show
56b27bcb-daf7-41bd-bb70-3cd29d4a78b2
    Bridge br-tun
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-c0a80011"
            Interface "vxlan-c0a80011"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.0.12", out_key=flow, remote_ip="192.168.0.17"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "tap5c134d3f-82"
            tag: 1
            Interface "tap5c134d3f-82"
                type: internal
        Port "int-eth0"
            Interface "int-eth0"
    Bridge "eth0"
        Port "phy-eth0"
            Interface "phy-eth0"
        Port "eth0"
            Interface "eth0"
                type: internal
    ovs_version: "2.0.0"


YAML-of the neutron-networker:
-------------------------------
---
classes:
  quickstack::neutron::networker:
    amqp_host: 10.8.29.10
    amqp_password: qum10net
    amqp_provider: rabbitmq
    amqp_username: openstack
    controller_priv_host: 10.8.29.10
    enable_tunneling: 'true'
    external_network_bridge: br-ex
    fixed_network_range: ${$quickstack::params::fixed_network_range}
    mysql_ca: /etc/ipa/ca.crt
    mysql_host: 10.8.29.10
    neutron_db_password: qum10net
    neutron_metadata_proxy_secret: 4dc107d7935c4ada79e7dc64c8fd7c7c
    neutron_user_password: qum10net
    nova_db_password: qum10net
    nova_user_password: qum10net
    ovs_bridge_mappings: []
    ovs_bridge_uplinks: []
    ovs_l2_population: 'True'
    ovs_tunnel_iface: eth0
    ovs_tunnel_network: ''
    ovs_tunnel_types:
    - vxlan
    - gre
    ovs_vlan_ranges:
    - physnet-external
    ovs_vxlan_udp_port: '4789'
    ssl: 'false'
    tenant_network_type: vxlan
    tunnel_id_ranges: 1:1000
    verbose: 'true'
parameters:
  puppetmaster: staypuft.example.com
  domainname: Default domain used for provisioning
  hostgroup: base_RedHat_7/neutron-3-rabbit/Neutron Networker
  root_pw: $5$fm$EO4A.ybSB/ofUaZWkzNePd38XRpUQNXls8y1feWvIy3
  puppet_ca: staypuft.example.com
  foreman_env: production
  owner_name: Admin User
  owner_email: root@example.com
  ui::cinder::driver_backend: nfs
  ui::cinder::nfs_uri: 192.168.0.1:/cinder
  ui::deployment::amqp_provider: rabbitmq
  ui::deployment::layout_name: Controller / Compute
  ui::deployment::networking: neutron
  ui::deployment::platform: rhel7
  ui::glance::driver_backend: local
  ui::neutron::compute_tenant_interface: eth0
  ui::neutron::networker_tenant_interface: eth0
  ui::neutron::network_segmentation: vxlan
  ui::neutron::use_external_interface: 'false'
  ui::nova::network_manager: FlatDHCPManager
  ui::passwords::admin: d51aeaf530ef830112b16389171c83c0
  ui::passwords::amqp: 2b99156cca9c927ffa89599544d303b4
  ui::passwords::amqp_nssdb: 4402f39b57291ee14533ec18333b5db5
  ui::passwords::ceilometer_metering_secret: 6ba18dc6e6e0850e98f9b0754e6c853c
  ui::passwords::ceilometer_user: 18e8cf2b6c4bb16665cfee933bbdab1a
  ui::passwords::cinder_db: a816c518a3b6238dc6c02697516e10a3
  ui::passwords::cinder_user: 01736a27ea717cbb63034a6969acc94a
  ui::passwords::glance_db: 0913c52ab9a5b7b7025ba47e334c16de
  ui::passwords::glance_user: f358ee2f2e10dd624c5b9448851ec503
  ui::passwords::heat_auth_encrypt_key: fa450a91dea6a0f0e1436ed1de199c0f
  ui::passwords::heat_cfn_user: 9dc6c24715177431767425afddd2ecd9
  ui::passwords::heat_db: 8c1a75288735fa29bd9d719eb686cdef
  ui::passwords::heat_user: 396aa118f110e9cdc9ad9a11f62bba36
  ui::passwords::horizon_secret_key: e44ca197bda0c34fba2159383d976430
  ui::passwords::keystone_admin_token: 3df32805bc7776a47eab33ebed8406da
  ui::passwords::keystone_db: 48ea3cca884e32f496886f1366626020
  ui::passwords::keystone_user: aeb9e691bd9294e863e7617ea7245120
  ui::passwords::mode: single
  ui::passwords::mysql_root: e6dfa73f6379c2270af5210a83dae0f5
  ui::passwords::neutron_db: 03630aa69b33f0a0df99be555b22c26b
  ui::passwords::neutron_metadata_proxy_secret: 4dc107d7935c4ada79e7dc64c8fd7c7c
  ui::passwords::neutron_user: 9f943f7cbf17532d97a03e3bc90f1722
  ui::passwords::nova_db: 1e83ea887c4418924836a6b61c5e92af
  ui::passwords::nova_user: 014fd91a64f0c59d85358e46f6239f71
  ui::passwords::single_password: qum10net
  ui::passwords::swift_admin: a53b12777ecef3111cbbf394c272c427
  ui::passwords::swift_shared_secret: 8a15d489d021903a1a2ef4cb9ace834b
  ui::passwords::swift_user: 45b7f2fc6d9c407877741be4c65a6d4d
environment: production

Comment 3 Jason Guiditta 2014-07-22 21:24:14 UTC
*** Bug 1120428 has been marked as a duplicate of this bug. ***

Comment 4 Jason Guiditta 2014-07-22 21:34:48 UTC
This appears to be similar but not exactly the same as:
https://bugzilla.redhat.com/show_bug.cgi?id=1095279

Both related to how puppet-neutron and puppet-vswitch work together to create the bridge.  Previously, vswitch code was not correctly moving the IP, and now it appears to not be creating the bridge at all. I believe packstack does not run into either issue because they explicitly create the bridge file.  However, the 2 puppet modules purport to do so, and we have changed nothing in quickstack, so adding a fix there is not the appropriate response, in my opinion.  neutron or vswitch should create these files if they do not exist, otherwise, any project using those modules will need to recreate the file manually, which is sub-optimal at best.

I discussed this with Mike, and feel that the fix should be in openstack-puppet-modules, if someone disagrees, we can discuss.

Comment 8 Alexander Chuzhoy 2014-08-18 19:27:28 UTC
Verified: rhel-osp-installer-0.1.10-2.el6ost.noarch

openstack-foreman-installer-2.0.21-1.el6ost.noarch
ruby193-rubygem-foreman_openstack_simplify-0.0.6-8.el6ost.noarch
openstack-puppet-modules-2014.1-20.2.el6ost.noarch


[root@maca25400654fdd ~]# ovs-vsctl list-ifaces br-ex
ens8
phy-br-ex


[root@maca25400654fdd ~]# ovs-vsctl show
2c46d102-4edb-422a-96ca-89ba27e538f7    
    Bridge br-int                       
        fail_mode: secure               
        Port br-int
            Interface br-int
                type: internal
        Port int-br-ex
            Interface int-br-ex
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "ens8"
            Interface "ens8"
        Port phy-br-ex
            Interface phy-br-ex
    ovs_version: "2.1.3"

Comment 9 Ramon Acedo 2014-08-24 13:04:55 UTC
I confirm this still happens in the GA announced on 22 Aug (rhel-osp-installer-0.1.10-2.el6ost.noarch).

The workaround is to edit the Neutron Networker host and in Parameters override "external_network_bridge" and set it to "br-ex".

That way the L3 agent will add the qg-xxx interface from the router to br-ex as expected.

I think this value should be set by Staypuft when in the OpenStack Installer Setup Wizard "Configure external interface on network node" is checked.

Comment 10 Gilles Dubreuil 2014-08-26 06:45:47 UTC
Puppet-vswitch doesn't behave properly on RHEL6 because of Ruby version match method (REGEX) doesn't support use of a block.

This has been addressed upstream with patch 18

Comment 11 Gilles Dubreuil 2014-08-26 07:48:01 UTC
Validated integration test using patch 18 which behaves as intended.

Although I had to restart network service by hand, seems like the ifdown/ifup sequence didn't catch br-ex.

Comment 12 Gilles Dubreuil 2014-08-28 01:51:16 UTC
Patch 19 changes the ifdown/ifup order so br-ex (default) comes up on rhel6

Comment 13 Gilles Dubreuil 2014-09-01 05:54:45 UTC
Patch 20 works around dynamic interface detection on rhel6

Please, see BZ#1133446 for more details

Comment 15 errata-xmlrpc 2014-09-02 18:11:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1124.html