Bug 1130192

Summary: HA: After deploying HA and Neutron VXLAN both VXLAN and GRE tunnels are configured on the controller/networker nodes.
Product: Red Hat OpenStack Reporter: Leonid Natapov <lnatapov>
Component: rubygem-staypuftAssignee: Scott Seago <sseago>
Status: CLOSED ERRATA QA Contact: Leonid Natapov <lnatapov>
Severity: high Docs Contact:
Priority: high    
Version: 5.0 (RHEL 7)CC: aberezin, jguiditt, jtaleric, lnatapov, majopela, mburns, mlopes, morazi, rhos-maint, yeylon
Target Milestone: z1Keywords: Triaged
Target Release: Installer   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ruby193-rubygem-staypuft-0.3.5-1.el6ost Doc Type: Bug Fix
Doc Text:
Previously, Red Hat Enterprise Linux OpenStack installer passed a setting into puppet that enabled both VXLAN and GRE tunneling. As a result, both tunnel types were generated in a deployment. With this update, only the selected tunnel type is passed on to Puppet, with the result being that only the selected type of tunnel is generated.
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-01 13:26:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
yaml file none

Description Leonid Natapov 2014-08-14 14:03:22 UTC
Created attachment 926816 [details]
yaml file

HA: After deploying HA and Neutron VXLAN both VXLAN and GRE tunnels are configured on the controller/networker nodes.

I've deployed HA and Neutron VXLAN. After deploying it ovs-vsctl show command shows that for some reason both VXLAN and GRE tunnels were configured:
Advanced configuration attached.

ruby193-rubygem-foreman_openstack_simplify-0.0.6-8.el6ost.noarch
rhel-osp-installer-0.1.9-1.el6ost.noarch
openstack-puppet-modules-2014.1-19.9.el6ost.noarch
openstack-foreman-installer-2.0.18-1.el6ost.noarch


---------------------------------------------------------------------------
[root@mac848f69fbc643 ~]# ovs-vsctl show
15b50e38-79a9-45dc-9b69-88f45746df96
    Bridge br-tun
        Port "vxlan-0a23a0af"
            Interface "vxlan-0a23a0af"
                type: vxlan
                options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.175"}
        Port "gre-0a23a0a7"
            Interface "gre-0a23a0a7"
                type: gre
                options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.167"}
        Port "gre-0a23a0ad"
            Interface "gre-0a23a0ad"
                type: gre
                options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.173"}
        Port "vxlan-0a23a0a7"
            Interface "vxlan-0a23a0a7"
                type: vxlan
                options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.167"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-0a23a0af"
            Interface "gre-0a23a0af"
                type: gre
                options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.175"}
        Port "vxlan-0a23a0ad"
            Interface "vxlan-0a23a0ad"
                type: vxlan
                options: {in_key=flow, local_ip="10.35.160.171", out_key=flow, remote_ip="10.35.160.173"}
    Bridge br-int
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
        Port "tap956e62a2-b1"
            tag: 1
            Interface "tap956e62a2-b1"
                type: internal
        Port br-int
            Interface br-int
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "enp3s0f1"
            Interface "enp3s0f1"
        Port phy-br-ex
            Interface phy-br-ex
    ovs_version: "2.0.0"
--------------------------------------------------------------------

Comment 2 Jason Guiditta 2014-08-15 13:37:24 UTC
So, looking at the yaml, I see several spots where both vlxan and gee are listed, these look to me to be the most relevant:

key: ovs_tunnel_types
        role: HA Controller
        puppetclass: quickstack::pacemaker::neutron
        value: ! '["vxlan","gre"]'

and

key: ovs_tunnel_types
        role: Compute (Neutron)
        puppetclass: quickstack::neutron::compute
        value: ! '["vxlan","gre"]'

I see the segmentation param is already set to 'vxlan', so I suspect staypuft just needs to update how they are populating the above two fields, moving there so they can loo at it.

Comment 3 Jason Guiditta 2014-08-15 13:38:00 UTC
(In reply to Jason Guiditta from comment #2)
> So, looking at the yaml, I see several spots where both vlxan and gee are
Darn autocorrect, s/gee/gre
> listed, these look to me to be the most relevant:
> 
> key: ovs_tunnel_types
>         role: HA Controller
>         puppetclass: quickstack::pacemaker::neutron
>         value: ! '["vxlan","gre"]'
> 
> and
> 
> key: ovs_tunnel_types
>         role: Compute (Neutron)
>         puppetclass: quickstack::neutron::compute
>         value: ! '["vxlan","gre"]'
> 
> I see the segmentation param is already set to 'vxlan', so I suspect
> staypuft just needs to update how they are populating the above two fields,
> moving there so they can loo at it.

Comment 4 Miguel Angel Ajo 2014-08-20 14:40:51 UTC
neutron shall not create any tunnels unless there are VXLAN or GRE networks tenant networks.


Leonid, did you create any tenant networks with gre?

That's allowed with the current configuration (mixed GRE & VXLAN). But the tunnels should only come up in it's flavours if you create specific GRE or VXLAN segmentation networks for tenants.

If that's not the case,

One fix could be limiting to only "gre" or only "vxlan" on all the configuratioms when we chose one.

Comment 5 Joe Talerico 2014-08-22 15:28:44 UTC
Fresh install, no tenants created yet : 

[root@mac00265535005c ~]# ovs-vsctl show
75bd1ef8-f100-48bd-bdf9-4605a8ba62fc
    Bridge br-int
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
    Bridge br-tun
        Port "vxlan-c0a8fe16"
            Interface "vxlan-c0a8fe16"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.22"}
        Port "vxlan-c0a8fe15"
            Interface "vxlan-c0a8fe15"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.21"}
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-c0a8fe14"
            Interface "vxlan-c0a8fe14"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.20"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "gre-c0a8fe15"
            Interface "gre-c0a8fe15"
                type: gre
                options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.21"}
        Port "gre-c0a8fe16"
            Interface "gre-c0a8fe16"
                type: gre
                options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.22"}
        Port "gre-c0a8fe14"
            Interface "gre-c0a8fe14"
                type: gre
                options: {in_key=flow, local_ip="192.168.254.19", out_key=flow, remote_ip="192.168.254.20"}
    ovs_version: "2.1.3"

Comment 6 Leonid Natapov 2014-09-01 12:13:20 UTC
It was a fresh install. no tenants were created.

Comment 7 Scott Seago 2014-09-12 16:25:31 UTC
Leonid,

Do you happen to have any puppet logs from the node available? Is this still reproducible? Limiting ovs_tunnel_types to just the tenant network type chosen by the user may help this, but it may not be sufficient, depending on exactly why the extra tunnel is being created.

Comment 8 Scott Seago 2014-09-16 14:52:02 UTC
PR is: https://github.com/theforeman/staypuft/pull/305

This limits ovs_tunnel_types to the selected tenant type.

Comment 11 Leonid Natapov 2014-09-21 10:26:09 UTC
ruby193-rubygem-staypuft-0.3.5-1.el6ost.noarch

[root@macf04da2732fb1 ~]# ovs-vsctl show
c415c9b3-25bb-43a5-9b38-07d306033727
    Bridge br-tun
        Port "vxlan-0a23a0a9"
            Interface "vxlan-0a23a0a9"
                type: vxlan
                options: {in_key=flow, local_ip="10.35.160.173", out_key=flow, remote_ip="10.35.160.169"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-0a23a0ab"
            Interface "vxlan-0a23a0ab"
                type: vxlan
                options: {in_key=flow, local_ip="10.35.160.173", out_key=flow, remote_ip="10.35.160.171"}
    Bridge br-int
        fail_mode: secure
        Port int-br-ex
            Interface int-br-ex
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "enp3s0f1"
            Interface "enp3s0f1"
    ovs_version: "2.1.3"
[root@macf04da2732fb1 ~]#

Comment 13 errata-xmlrpc 2014-10-01 13:26:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1350.html