Bug 1309520 - neutron-openvswitch-agent Will Not Start In VLAN Mode With IPv6 Tenant Network
Summary: neutron-openvswitch-agent Will Not Start In VLAN Mode With IPv6 Tenant Network
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 7.0 (Kilo)
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: async
: 7.0 (Kilo)
Assignee: Jiri Stransky
QA Contact: Ofer Blaut
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-18 02:15 UTC by Dan Sneddon
Modified: 2016-03-09 20:02 UTC (History)
11 users (show)

Fixed In Version: openstack-tripleo-heat-templates-0.8.6-123.el7ost
Doc Type: Bug Fix
Doc Text:
This update resolves an issue that prevented neutron-openvswitch-agent from starting correctly when the Tenant network was configured to be deployed to use IPv6.
Clone Of:
Environment:
Last Closed: 2016-03-09 20:02:03 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 279762 0 None None None 2016-02-18 17:49:36 UTC
Red Hat Product Errata RHBA-2016:0424 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OSP 7 director Bug Fix Advisory 2016-03-10 00:20:23 UTC

Description Dan Sneddon 2016-02-18 02:15:19 UTC 
Description of problem:
Deploying with IPv6 Network Isolation, with Neutron VLAN mode, but Tenant network is IPv6 and Neutron tunneling is not disabled. The Compute service does not run properly, because neutron-openvswitch-agent refuses to run.

Version-Release number of selected component (if applicable):
OSP-D 7.3 beta

How reproducible:
100%

Steps to Reproduce:
1. Deploy with IPv6 Network Isolation using a command similar to this:
openstack overcloud deploy --templates \
-e $THT/environments/network-isolation-v6.yaml \
-e $THT/environments/net-single-nic-with-vlans.yaml \
-e /home/stack/templates/network-environment.yaml \
--control-scale 3 \
--compute-scale 1 \
--neutron-network-type vlan \
--neutron-tunnel-types vlan


Actual results:
neutron-openvswitch-agent fails on the Compute nodes

Expected results:
neutron-openvswitch-agent should run

Additional info:
The real workaround is to either not have a Tenant VLAN or use IPv4 on the Tenant VLAN when deploying with IPv6. Also, using --neutron-disable-tunneling may work alone, but that is intended to be used when deploying without a Tenant VLAN.

Logs:
[root@overcloud-compute-0 neutron]# less openvswitch-agent.log
2016-02-18 00:46:01.660 15635 CRITICAL neutron [-] ConfigFileValueError: fd00:fd00:fd00:5000::10 is not an IPv4 address
2016-02-18 00:46:01.660 15635 TRACE neutron Traceback (most recent call last):
2016-02-18 00:46:01.660 15635 TRACE neutron   File "/usr/bin/neutron-openvswitch-agent", line 10, in <module>
2016-02-18 00:46:01.660 15635 TRACE neutron     sys.exit(main())
2016-02-18 00:46:01.660 15635 TRACE neutron   File "/usr/lib/python2.7/site-packages/neutron/cmd/eventlet/plugins/ovs_neutron_agent.py", line 20, in main
2016-02-18 00:46:01.660 15635 TRACE neutron     ovs_neutron_agent.main()
2016-02-18 00:46:01.660 15635 TRACE neutron   File "/usr/lib/python2.7/site-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1736, in main
2016-02-18 00:46:01.660 15635 TRACE neutron     q_utils.log_opt_values(LOG)
2016-02-18 00:46:01.660 15635 TRACE neutron   File "/usr/lib/python2.7/site-packages/neutron/common/utils.py", line 270, in log_opt_values
2016-02-18 00:46:01.660 15635 TRACE neutron     cfg.CONF.log_opt_values(log, std_logging.DEBUG)
2016-02-18 00:46:01.660 15635 TRACE neutron   File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2199, in log_opt_values
2016-02-18 00:46:01.660 15635 TRACE neutron     _sanitize(opt, getattr(group_attr, opt_name)))
2016-02-18 00:46:01.660 15635 TRACE neutron   File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2520, in __getattr__
2016-02-18 00:46:01.660 15635 TRACE neutron     return self._conf._get(name, self._group)
2016-02-18 00:46:01.660 15635 TRACE neutron   File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2242, in _get
2016-02-18 00:46:01.660 15635 TRACE neutron     value = self._do_get(name, group, namespace)
2016-02-18 00:46:01.660 15635 TRACE neutron   File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2283, in _do_get
2016-02-18 00:46:01.660 15635 TRACE neutron     raise ConfigFileValueError(str(ve))
2016-02-18 00:46:01.660 15635 TRACE neutron ConfigFileValueError: fd00:fd00:fd00:5000::10 is not an IPv4 address
Comment 4 Marios Andreou 2016-02-18 17:31:15 UTC 
To summarize here on request:

--> openvswitch doesn't do IPv6 tunneling (reference would be nice to add here, at this point I just have this BZ - is there an existing upstream bug/request for this). Because of this the tenant network, onto which the nova instances will be connected via ovs gre/vxlan tunnels must be IPv4 always, even when we deploy with v6.

--> the original reproducer above omits the '--neutron-disable-tunneling' as is pointed out. If it were included the error would not have occurred. However the more general point remains that the deploy default is vxlan tunneling enabled so if v6 is in play for that tenant network, there will be explosions on the compute node as per the description. 

--> The review at https://code.engineering.redhat.com/gerrit/#/c/67919/ sets the tenant network to the 'normal' v4 template in the network-isolation-v6.yaml environment file (which is used for a v6 deploy)
Comment 7 Marius Cornea 2016-02-22 13:16:22 UTC 
/usr/share/openstack-tripleo-heat-templates/environments/external-loadbalancer-vip-v6.yaml still contains references to ipv6 tenant networks:

grep tenant /usr/share/openstack-tripleo-heat-templates/environments/external-loadbalancer-vip-v6.yaml
  OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool_v6.yaml

I believe we should change this to reflect the tenat on ipv4 change:

  OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml
    tenant:
Comment 8 Ofer Blaut 2016-02-23 05:55:41 UTC 
Hi

Why don't we just make sure tunnelling is disabled for ipv6 ? when installing ipv6 setup the default will be vlan (maybe add new flag to cli )
Comment 9 Dan Sneddon 2016-02-23 10:16:57 UTC 
(In reply to Ofer Blaut from comment #8)
> Hi
> 
> Why don't we just make sure tunnelling is disabled for ipv6 ? when
> installing ipv6 setup the default will be vlan (maybe add new flag to cli )

Because there may be valid use cases for an IPv6-based cloud with an IPv4 tunneling network. The TripleO Heat Template fix allows for this to work.
Comment 10 Ofer Blaut 2016-03-09 09:01:47 UTC 
was test by leonid , external LB setup

openstack overcloud deploy --templates -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation-v6.yaml -e /home/stack/network-environment-v6.yaml --control-scale 3 --compute-scale 1 --neutron-network-type vlan --neutron-tunnel-types vlan --neutron-network-vlan-ranges datacentre:204:215 --neutron-disable-tunneling --timeout 180 --ntp-server clock.redhat.com -e /usr/share/openstack-tripleo-heat-templates/environments/external-loadbalancer-vip-v6.yaml -e external_lb-v6.yaml
Comment 11 Ofer Blaut 2016-03-09 12:22:38 UTC 
also checked when /usr/share/openstack-tripleo-heat-templates/environments/network-isolation-v6.yaml point to   OS::TripleO::Network::Tenant: ../network/tenant_v6.yaml


openstack-tripleo-heat-templates-0.8.6-123.el7ost.noarch
Comment 13 errata-xmlrpc 2016-03-09 20:02:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0424.html
Note You need to log in before you can comment on or make changes to this bug.