Description of problem: Neutron plugin(neutron_350.py) try to set IP filtering for VXLAN tunneling packets for peer compute/controller nodes. This works when you install all nodes at once. However, in the following scenario, it doesn't work. 1) Install controller node and compute node #1, for example. 2) Add a new compute node #2 while adding the existing nodes to EXCLUDE_SERVERS. In this case, packstack doesn't touch the existing nodes (since they are in EXCLUDE_SERVERS) and it fails to collect IP addresses of the existing nodes. As a result, it fails to configure the IP filtering for the new node #2 with the following error. ERROR : "Couldn't detect ipaddress of interface eth1 on node 10.0.2.13" The same issue has been reported for RDO. https://bugzilla.redhat.com/show_bug.cgi?id=1254389 I confirmed it with RHEL-OSP7, too. Version-Release number of selected component (if applicable): # rpm -qa | grep packstack openstack-packstack-puppet-2015.1-0.11.dev1589.g1d6372f.el7ost.noarch openstack-packstack-2015.1-0.11.dev1589.g1d6372f.el7ost.noarch How reproducible: Steps to Reproduce: 1. Install controller node and compute node #1 using OVS VXLAN tunneling. Especially, specifying the option "CONFIG_NEUTRON_OVS_TUNNEL_IF=ethX" 2. Install new compute node #2 while adding the existing nodes to EXCLUDE_SERVERS Actual results: ERROR : "Couldn't detect ipaddress of interface eth1 on node 10.0.2.13" Expected results: This is a tricky problem. We expect that the IP filtering will be configured as: On node#2: tunneling packets from controller and compute node#1 are accepted. On node#1: tunneling packets from controller and compute node#2 are accepted. On Controller: tunneling packets from compute node#1 and compute node#2 are accepted. But this can never be achieved because packstack cannot modify the IP filtering of the existing nodes to accept packets from node#2 because they are in EXCLUDE_SERVERS. Additional info: To resolve this tricky issue, I'd like to propose a new option of packstack which allows to configure IP filtering with subnets instead of specific IP addresses. By using subnets for IP filtering, you don't need to re-modify IP filtering of the existing nodes. I submitted the patch to the upstream. Please take a look at and review it. https://review.openstack.org/#/c/257033/
This looks stale and either needs updating or closing.