Bug 1130192
| Summary: | HA: After deploying HA and Neutron VXLAN both VXLAN and GRE tunnels are configured on the controller/networker nodes. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Leonid Natapov <lnatapov> | ||||
| Component: | rubygem-staypuft | Assignee: | Scott Seago <sseago> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Leonid Natapov <lnatapov> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 5.0 (RHEL 7) | CC: | aberezin, jguiditt, jtaleric, lnatapov, majopela, mburns, mlopes, morazi, rhos-maint, yeylon | ||||
| Target Milestone: | z1 | Keywords: | Triaged | ||||
| Target Release: | Installer | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ruby193-rubygem-staypuft-0.3.5-1.el6ost | Doc Type: | Bug Fix | ||||
| Doc Text: |
Previously, Red Hat Enterprise Linux OpenStack installer passed a setting into puppet that enabled both VXLAN and GRE tunneling.
As a result, both tunnel types were generated in a deployment.
With this update, only the selected tunnel type is passed on to Puppet, with the result being that only the selected type of tunnel is generated.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-10-01 13:26:31 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
So, looking at the yaml, I see several spots where both vlxan and gee are listed, these look to me to be the most relevant:
key: ovs_tunnel_types
role: HA Controller
puppetclass: quickstack::pacemaker::neutron
value: ! '["vxlan","gre"]'
and
key: ovs_tunnel_types
role: Compute (Neutron)
puppetclass: quickstack::neutron::compute
value: ! '["vxlan","gre"]'
I see the segmentation param is already set to 'vxlan', so I suspect staypuft just needs to update how they are populating the above two fields, moving there so they can loo at it.
(In reply to Jason Guiditta from comment #2) > So, looking at the yaml, I see several spots where both vlxan and gee are Darn autocorrect, s/gee/gre > listed, these look to me to be the most relevant: > > key: ovs_tunnel_types > role: HA Controller > puppetclass: quickstack::pacemaker::neutron > value: ! '["vxlan","gre"]' > > and > > key: ovs_tunnel_types > role: Compute (Neutron) > puppetclass: quickstack::neutron::compute > value: ! '["vxlan","gre"]' > > I see the segmentation param is already set to 'vxlan', so I suspect > staypuft just needs to update how they are populating the above two fields, > moving there so they can loo at it. neutron shall not create any tunnels unless there are VXLAN or GRE networks tenant networks. Leonid, did you create any tenant networks with gre? That's allowed with the current configuration (mixed GRE & VXLAN). But the tunnels should only come up in it's flavours if you create specific GRE or VXLAN segmentation networks for tenants. If that's not the case, One fix could be limiting to only "gre" or only "vxlan" on all the configuratioms when we chose one. Fresh install, no tenants created yet :
[root@mac00265535005c ~]# ovs-vsctl show
75bd1ef8-f100-48bd-bdf9-4605a8ba62fc
Bridge br-int
fail_mode: secure
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port br-int
Interface br-int
type: internal
Bridge br-tun
Port "vxlan-c0a8fe16"
Interface "vxlan-c0a8fe16"
type: vxlan
options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.22"}
Port "vxlan-c0a8fe15"
Interface "vxlan-c0a8fe15"
type: vxlan
options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.21"}
Port br-tun
Interface br-tun
type: internal
Port "vxlan-c0a8fe14"
Interface "vxlan-c0a8fe14"
type: vxlan
options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.20"}
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port "gre-c0a8fe15"
Interface "gre-c0a8fe15"
type: gre
options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.21"}
Port "gre-c0a8fe16"
Interface "gre-c0a8fe16"
type: gre
options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.22"}
Port "gre-c0a8fe14"
Interface "gre-c0a8fe14"
type: gre
options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.20"}
ovs_version: "2.1.3"
It was a fresh install. no tenants were created. Leonid, Do you happen to have any puppet logs from the node available? Is this still reproducible? Limiting ovs_tunnel_types to just the tenant network type chosen by the user may help this, but it may not be sufficient, depending on exactly why the extra tunnel is being created. PR is: https://github.com/theforeman/staypuft/pull/305 This limits ovs_tunnel_types to the selected tenant type. ruby193-rubygem-staypuft-0.3.5-1.el6ost.noarch
[root@macf04da2732fb1 ~]# ovs-vsctl show
c415c9b3-25bb-43a5-9b38-07d306033727
Bridge br-tun
Port "vxlan-0a23a0a9"
Interface "vxlan-0a23a0a9"
type: vxlan
options: {in_key=flow, local_ip="10.35.160.173", out_key=flow, remote_ip="10.35.160.169"}
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
Port "vxlan-0a23a0ab"
Interface "vxlan-0a23a0ab"
type: vxlan
options: {in_key=flow, local_ip="10.35.160.173", out_key=flow, remote_ip="10.35.160.171"}
Bridge br-int
fail_mode: secure
Port int-br-ex
Interface int-br-ex
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port br-int
Interface br-int
type: internal
Bridge br-ex
Port phy-br-ex
Interface phy-br-ex
Port br-ex
Interface br-ex
type: internal
Port "enp3s0f1"
Interface "enp3s0f1"
ovs_version: "2.1.3"
[root@macf04da2732fb1 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1350.html |
Created attachment 926816 [details] yaml file HA: After deploying HA and Neutron VXLAN both VXLAN and GRE tunnels are configured on the controller/networker nodes. I've deployed HA and Neutron VXLAN. After deploying it ovs-vsctl show command shows that for some reason both VXLAN and GRE tunnels were configured: Advanced configuration attached. ruby193-rubygem-foreman_openstack_simplify-0.0.6-8.el6ost.noarch rhel-osp-installer-0.1.9-1.el6ost.noarch openstack-puppet-modules-2014.1-19.9.el6ost.noarch openstack-foreman-installer-2.0.18-1.el6ost.noarch --------------------------------------------------------------------------- [root@mac848f69fbc643 ~]# ovs-vsctl show 15b50e38-79a9-45dc-9b69-88f45746df96 Bridge br-tun Port "vxlan-0a23a0af" Interface "vxlan-0a23a0af" type: vxlan options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.175"} Port "gre-0a23a0a7" Interface "gre-0a23a0a7" type: gre options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.167"} Port "gre-0a23a0ad" Interface "gre-0a23a0ad" type: gre options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.173"} Port "vxlan-0a23a0a7" Interface "vxlan-0a23a0a7" type: vxlan options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.167"} Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Port "gre-0a23a0af" Interface "gre-0a23a0af" type: gre options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.175"} Port "vxlan-0a23a0ad" Interface "vxlan-0a23a0ad" type: vxlan options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.173"} Bridge br-int Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port int-br-ex Interface int-br-ex Port "tap956e62a2-b1" tag: 1 Interface "tap956e62a2-b1" type: internal Port br-int Interface br-int type: internal Bridge br-ex Port br-ex Interface br-ex type: internal Port "enp3s0f1" Interface "enp3s0f1" Port phy-br-ex Interface phy-br-ex ovs_version: "2.0.0" --------------------------------------------------------------------