Rubygem-staypuft: Neutron deployment with vxlan doesn't configure br-ex on the neutron-networker, As results instances won't be able get outside the network. Environment: ------------- ruby193-rubygem-staypuft-0.1.18-1.el6ost.noarch puppet-3.6.2-1.1.el6.noarch puppet-server-3.6.2-1.1.el6.noarch openstack-puppet-modules-2014.1-19.1.el6ost.noarch foreman-1.6.0.21-1.el6sat.noarch ruby193-rubygem-foreman_discovery-1.3.0-0.1.rc2.el6sat.noarch Description: ------------- When attempting to deploy Non-HA-neutron with vxlan , staypuft doesn't configure br-ex on the neutron-networker. from looking at the neutron-networker YAML.file (view from the staypuft GUI ) it looks like there's --> external_network_bridge: br-ex . but the actual result when running 'ovs-vsctl show' on the neutron-networker it doesn't show that the br-ex exist. Neutron-Networker : -------------------- [root@a25400868094 ~]# ovs-vsctl show 56b27bcb-daf7-41bd-bb70-3cd29d4a78b2 Bridge br-tun Port br-tun Interface br-tun type: internal Port "vxlan-c0a80011" Interface "vxlan-c0a80011" type: vxlan options: {in_key=flow, local_ip="192.168.0.12", out_key=flow, remote_ip="192.168.0.17"} Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Bridge br-int Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port "tap5c134d3f-82" tag: 1 Interface "tap5c134d3f-82" type: internal Port "int-eth0" Interface "int-eth0" Bridge "eth0" Port "phy-eth0" Interface "phy-eth0" Port "eth0" Interface "eth0" type: internal ovs_version: "2.0.0" YAML-of the neutron-networker: ------------------------------- --- classes: quickstack::neutron::networker: amqp_host: 10.8.29.10 amqp_password: qum10net amqp_provider: rabbitmq amqp_username: openstack controller_priv_host: 10.8.29.10 enable_tunneling: 'true' external_network_bridge: br-ex fixed_network_range: ${$quickstack::params::fixed_network_range} mysql_ca: /etc/ipa/ca.crt mysql_host: 10.8.29.10 neutron_db_password: qum10net neutron_metadata_proxy_secret: 4dc107d7935c4ada79e7dc64c8fd7c7c neutron_user_password: qum10net nova_db_password: qum10net nova_user_password: qum10net ovs_bridge_mappings: [] ovs_bridge_uplinks: [] ovs_l2_population: 'True' ovs_tunnel_iface: eth0 ovs_tunnel_network: '' ovs_tunnel_types: - vxlan - gre ovs_vlan_ranges: - physnet-external ovs_vxlan_udp_port: '4789' ssl: 'false' tenant_network_type: vxlan tunnel_id_ranges: 1:1000 verbose: 'true' parameters: puppetmaster: staypuft.example.com domainname: Default domain used for provisioning hostgroup: base_RedHat_7/neutron-3-rabbit/Neutron Networker root_pw: $5$fm$EO4A.ybSB/ofUaZWkzNePd38XRpUQNXls8y1feWvIy3 puppet_ca: staypuft.example.com foreman_env: production owner_name: Admin User owner_email: root ui::cinder::driver_backend: nfs ui::cinder::nfs_uri: 192.168.0.1:/cinder ui::deployment::amqp_provider: rabbitmq ui::deployment::layout_name: Controller / Compute ui::deployment::networking: neutron ui::deployment::platform: rhel7 ui::glance::driver_backend: local ui::neutron::compute_tenant_interface: eth0 ui::neutron::networker_tenant_interface: eth0 ui::neutron::network_segmentation: vxlan ui::neutron::use_external_interface: 'false' ui::nova::network_manager: FlatDHCPManager ui::passwords::admin: d51aeaf530ef830112b16389171c83c0 ui::passwords::amqp: 2b99156cca9c927ffa89599544d303b4 ui::passwords::amqp_nssdb: 4402f39b57291ee14533ec18333b5db5 ui::passwords::ceilometer_metering_secret: 6ba18dc6e6e0850e98f9b0754e6c853c ui::passwords::ceilometer_user: 18e8cf2b6c4bb16665cfee933bbdab1a ui::passwords::cinder_db: a816c518a3b6238dc6c02697516e10a3 ui::passwords::cinder_user: 01736a27ea717cbb63034a6969acc94a ui::passwords::glance_db: 0913c52ab9a5b7b7025ba47e334c16de ui::passwords::glance_user: f358ee2f2e10dd624c5b9448851ec503 ui::passwords::heat_auth_encrypt_key: fa450a91dea6a0f0e1436ed1de199c0f ui::passwords::heat_cfn_user: 9dc6c24715177431767425afddd2ecd9 ui::passwords::heat_db: 8c1a75288735fa29bd9d719eb686cdef ui::passwords::heat_user: 396aa118f110e9cdc9ad9a11f62bba36 ui::passwords::horizon_secret_key: e44ca197bda0c34fba2159383d976430 ui::passwords::keystone_admin_token: 3df32805bc7776a47eab33ebed8406da ui::passwords::keystone_db: 48ea3cca884e32f496886f1366626020 ui::passwords::keystone_user: aeb9e691bd9294e863e7617ea7245120 ui::passwords::mode: single ui::passwords::mysql_root: e6dfa73f6379c2270af5210a83dae0f5 ui::passwords::neutron_db: 03630aa69b33f0a0df99be555b22c26b ui::passwords::neutron_metadata_proxy_secret: 4dc107d7935c4ada79e7dc64c8fd7c7c ui::passwords::neutron_user: 9f943f7cbf17532d97a03e3bc90f1722 ui::passwords::nova_db: 1e83ea887c4418924836a6b61c5e92af ui::passwords::nova_user: 014fd91a64f0c59d85358e46f6239f71 ui::passwords::single_password: qum10net ui::passwords::swift_admin: a53b12777ecef3111cbbf394c272c427 ui::passwords::swift_shared_secret: 8a15d489d021903a1a2ef4cb9ace834b ui::passwords::swift_user: 45b7f2fc6d9c407877741be4c65a6d4d environment: production
*** Bug 1120428 has been marked as a duplicate of this bug. ***
This appears to be similar but not exactly the same as: https://bugzilla.redhat.com/show_bug.cgi?id=1095279 Both related to how puppet-neutron and puppet-vswitch work together to create the bridge. Previously, vswitch code was not correctly moving the IP, and now it appears to not be creating the bridge at all. I believe packstack does not run into either issue because they explicitly create the bridge file. However, the 2 puppet modules purport to do so, and we have changed nothing in quickstack, so adding a fix there is not the appropriate response, in my opinion. neutron or vswitch should create these files if they do not exist, otherwise, any project using those modules will need to recreate the file manually, which is sub-optimal at best. I discussed this with Mike, and feel that the fix should be in openstack-puppet-modules, if someone disagrees, we can discuss.
Verified: rhel-osp-installer-0.1.10-2.el6ost.noarch openstack-foreman-installer-2.0.21-1.el6ost.noarch ruby193-rubygem-foreman_openstack_simplify-0.0.6-8.el6ost.noarch openstack-puppet-modules-2014.1-20.2.el6ost.noarch [root@maca25400654fdd ~]# ovs-vsctl list-ifaces br-ex ens8 phy-br-ex [root@maca25400654fdd ~]# ovs-vsctl show 2c46d102-4edb-422a-96ca-89ba27e538f7 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Port int-br-ex Interface int-br-ex Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Bridge br-tun Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Bridge br-ex Port br-ex Interface br-ex type: internal Port "ens8" Interface "ens8" Port phy-br-ex Interface phy-br-ex ovs_version: "2.1.3"
I confirm this still happens in the GA announced on 22 Aug (rhel-osp-installer-0.1.10-2.el6ost.noarch). The workaround is to edit the Neutron Networker host and in Parameters override "external_network_bridge" and set it to "br-ex". That way the L3 agent will add the qg-xxx interface from the router to br-ex as expected. I think this value should be set by Staypuft when in the OpenStack Installer Setup Wizard "Configure external interface on network node" is checked.
Puppet-vswitch doesn't behave properly on RHEL6 because of Ruby version match method (REGEX) doesn't support use of a block. This has been addressed upstream with patch 18
Validated integration test using patch 18 which behaves as intended. Although I had to restart network service by hand, seems like the ifdown/ifup sequence didn't catch br-ex.
Patch 19 changes the ifdown/ifup order so br-ex (default) comes up on rhel6
Patch 20 works around dynamic interface detection on rhel6 Please, see BZ#1133446 for more details
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1124.html