| Moha_ | I also like to contribute in translating the UI. Same issue in getting log in! | 06:16 |
|---|---|---|
| Moha_ | I can't go further than this page: https://translate.openstack.org/account/inactive | 06:17 |
| Moha_ | Actually I don't get the activation link | 06:17 |
| lsudre_ | Hi, I successfully completed an installation of OpenStack Ansible with the ML2/OVN plugin. Now, I've tried to create an external network without success. When I attempt to attach an instance to it, I encounter an error: Failed to bind port xxx on host for vnic_type normal using_segments [{'id': '63a22790-45e6-4f6b-a024-c9cb1449fa77', 'network_type': 'flat', 'physical_network': 'br-publicnet', 'segmentation_id': None, 'net | 08:51 |
| jrosser | lsudre_: is that external network present on all your compute nodes? | 09:20 |
| noonedeadpunk | Moha_ I just wrote to l18n mailing list to ask who is responsible of activations and what's the process basically | 09:27 |
| noonedeadpunk | lsudre_: also - does ovn gateway exists on compute nodes? | 09:27 |
| lsudre_ | this command answer your question? https://paste.openstack.org/show/b8wr4SkicrblQIcp4kgS/ | 09:30 |
| jrosser | lsudre_: it might help if you were able to describe how you expect this to work | 09:41 |
| jrosser | becasue my understanding is that if you connect your external network only to the infra/gateway node, then you are not able to directly connect an instance to it. | 09:42 |
| lsudre_ | I created this external network on the webapp, | 09:43 |
| jrosser | yes, so that is putting information into neutron, a logical description in the database of your external network | 09:43 |
| jrosser | but if that is not matching actually what you have physically, like network ports and switch config, it will not work | 09:44 |
| lsudre_ | this is the netplan on all machines https://paste.openstack.org/show/b3dB6LndDadZj4Z0svYk/ I try to create an external network attached to ovn bridge with br-vxlan as port | 09:47 |
| jrosser | hmm | 09:49 |
| jrosser | normally the external network would be it's own interface | 09:50 |
| lsudre_ | je n'ai jamais vraiment bien compris pourquoi ces bridges étaient recommandés dans la documentation osa, mgmt et storage ok, mais vxlan et vlan pas vraiment, ce que je sais, c'est que j'ai fait comme sur la docummentation en ne specifiant pas d'ip fixe pour le br-vlan. | 09:54 |
| lsudre_ | sorry | 09:54 |
| lsudre_ | I forgot to translate: I've never really understood why these bridges were recommended in the OSA documentation. I get why for management and storage, but not really for VXLAN and VLAN. What I do know is that I followed the documentation by not specifying a fixed IP for the br-vlan. | 09:54 |
| noonedeadpunk | lsudre_: I'm not 100% sure, but I _think_ that to have external network directly on VMs you need to have OVN Controller Gateway agent on compute nodes | 09:55 |
| jrosser | lsudre_: but you have network type `flat` ? | 09:56 |
| noonedeadpunk | lsudre_: yeah, bridges not needed for vxlan and vlan indeed. it was a way to somehow describe net structure sustainably with keeping same names that would be same for everyone and when we reffer to it | 09:56 |
| jrosser | lsudre_: becasue in your error message you have `flat` type, i have then assumed that is what you want, and you therefore must have your external network on a dedicated interface | 09:58 |
| lsudre_ | jrosser: ok so, I should modify my ml2plugin conf file? | 09:59 |
| jrosser | the trouble is that neutron gives you many many options and thats why i keep asking what it is that you want to achieve | 09:59 |
| lsudre_ | I want external network for my instances because they need internet access, and geneve internal networks for theses intances (the internal networks looks ok, i can ping everybody in this network) | 10:00 |
| jrosser | ok, so what is the physical implementation of your external network? | 10:00 |
| jrosser | this could be "it is vlan tag X on bond1 on all my nodes" | 10:00 |
| jrosser | or "untagged traffic on eth2" | 10:01 |
| lsudre_ | as you can see on my netplan the bridge br-vlan is the default route for internet access | 10:01 |
| lsudre_ | https://paste.openstack.org/show/bI4W6GS4MDLY03FjZO7b/ | 10:02 |
| lsudre_ | br-mgmt, br-vxlan, br-storage ar vlans with id 100, 101, 102 | 10:03 |
| lsudre_ | *are | 10:03 |
| jrosser | when you say your instances need internet access, you mean they are things like web servers and need to handle incoming traffic | 10:04 |
| jrosser | or you mean they need to be able to do things as clients, like install packages etc | 10:05 |
| lsudre_ | like install packages, and browse on internet if we wish to | 10:06 |
| jrosser | the normal way to give your geneve internal networks access to the internet would be to use a neutron router between the geneve network and the external network | 10:06 |
| lsudre_ | do you have any tutorial/documentation to know how to do it? | 10:07 |
| lsudre_ | When I try to attach router I have an error | 10:09 |
| jrosser | i can google for things like https://docs.hpc.cam.ac.uk/cloud/userguide/02-neutron.html | 10:13 |
| jrosser | but this is user documentation/tutorial, not about how to setup the deployment to do that | 10:15 |
| jrosser | there is some information here about how to configure openstack-ansible with OVN https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-ovn.html | 10:16 |
| lsudre_ | I plug the router between my ext and my int network, and my instances on the internal network cant ping 8.8.8.8 | 10:17 |
| lsudre_ | for this https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-ovn.html I follow everything on this webpage I follow the first example: # When configuring Neutron to support geneve tenant networks and # vlan provider networks the configuration may resemble the following: | 10:18 |
| lsudre_ | One thing I haven't in my openstack_user_config is : network-gateway_hosts: *compute_hosts, This is mandatory? | 10:20 |
| noonedeadpunk | So network-gateway_hosts should be defined | 10:22 |
| noonedeadpunk | it can be either compute_hosts or should be network nodes | 10:22 |
| lsudre_ | With the documentation I do this on my user_variables.yml https://paste.openstack.org/show/bL5KBwPjDHt1tZGdd9IR/ | 10:22 |
| lsudre_ | noonedeadpunk: network-gateway_hosts is defined for *infrastructure_hosts | 10:23 |
| noonedeadpunk | ok, yeah | 10:23 |
| lsudre_ | like that https://paste.openstack.org/show/b4ocrUz4dopCFkc3IzBQ/ | 10:23 |
| noonedeadpunk | Also, do you have `network-northd_hosts` and `network-infra_hosts`? | 10:23 |
| noonedeadpunk | ok, gotcha | 10:24 |
| lsudre_ | my link answer your question | 10:24 |
| noonedeadpunk | looking at neutron_provider_networks I'm not actually sure if they're right to be frank | 10:27 |
| lsudre_ | in the doc? | 10:27 |
| noonedeadpunk | especially `network_interface_mappings: "br-publicnet:br-vxlan"` | 10:27 |
| lsudre_ | or in my config file? | 10:28 |
| noonedeadpunk | no, in your paste | 10:28 |
| jrosser | what is br-publicnet? | 10:28 |
| noonedeadpunk | as that mapping should be to the physical interface with the public network IIRC | 10:28 |
| jrosser | and i believe you have said the public network is untagged traffic on br-vlan? | 10:28 |
| lsudre_ | dont know about br-publicnet this is the documentation example | 10:28 |
| lsudre_ | I try to find explainations about theses keys I found nothing | 10:29 |
| lsudre_ | What I supposed to do, how to replace with my values | 10:29 |
| noonedeadpunk | well, that's the public bridge that will be created in ovs | 10:29 |
| noonedeadpunk | and second value, is the interface that will be added to that bridge | 10:29 |
| noonedeadpunk | and that supposed to be the one with actual public network IIRC | 10:30 |
| lsudre_ | Ok If I modify it, and run os-neutron playbook this will edit the ovn bridges? | 10:30 |
| jrosser | i also think that there is a confusion between flat and vlan types here | 10:30 |
| noonedeadpunk | and then public is smth that should be added as a flat network I guess... | 10:31 |
| noonedeadpunk | yeah, flat vs vlan is another thing actually | 10:31 |
| lsudre_ | I dont know if you understand well, what is my goal. I need encapsulated network for my instances, and an external network (with internet access) and a router between them to provide internet to my instances | 10:32 |
| noonedeadpunk | Yeah, ok, then I think you're on the right way at least - as having ovn gateway on infra is exactly what you need | 10:33 |
| lsudre_ | The key is this ml2 conf? | 10:33 |
| noonedeadpunk | but then defining mappings is another part of the puzzle - if you want that external network to be just a flat one or as vlan in neutron | 10:33 |
| lsudre_ | flat one I think | 10:34 |
| noonedeadpunk | well, basically getting valid ml2.conf is indeed the key there | 10:35 |
| noonedeadpunk | But there're some actions, like creating actual ovs bridges is another thing what role does | 10:35 |
| lsudre_ | this things create the ovs bridge | 10:36 |
| noonedeadpunk | specifically that: https://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/tasks/providers/setup_ovs_ovn.yml#L64-L93 | 10:36 |
| lsudre_ | https://paste.openstack.org/show/bHerVWqjrbTvHJP92Viu/ | 10:36 |
| noonedeadpunk | and what ports are in br-publicnet? | 10:37 |
| lsudre_ | like you can read it on my user_variable network_interface_mappings: "br-publicnet:br-vxlan" | 10:37 |
| noonedeadpunk | and in neutron as "external" network you have created "flat" type with [hysname "public"? | 10:37 |
| noonedeadpunk | yeah, so I'm not sure what br-vxlan represents in your env, but that looks slightly weird to me | 10:38 |
| lsudre_ | network Type flat with physical network br-publicnet | 10:38 |
| lsudre_ | this should be the interface with internet access? | 10:39 |
| noonedeadpunk | and in ml2.conf you have `flat_networks = br-publicnet`? | 10:39 |
| lsudre_ | https://paste.openstack.org/show/b7p3QqACzpTxW7yfgMb5/ | 10:40 |
| noonedeadpunk | Ok, that looks off | 10:41 |
| noonedeadpunk | I would do smth like that I guess: https://paste.openstack.org/show/bkUTJVY54zUnktBMP40R/ | 10:42 |
| noonedeadpunk | And then in neutron create flat network with physical network "public" | 10:43 |
| lsudre_ | ok | 10:43 |
| lsudre_ | I can run setup-infra playbook, this will modify things? | 10:44 |
| noonedeadpunk | you need to run only os-neutron-install to change things | 10:44 |
| lsudre_ | limit with infra and computes ? | 10:45 |
| noonedeadpunk | meh, I think without limits | 10:45 |
| lsudre_ | Ok script is running | 10:46 |
| lsudre_ | I think I should remove the bridges on ovs | 10:48 |
| lsudre_ | ovs-vsctl: cannot create a port named br-vlan because a bridge named br-vlan already exists | 10:48 |
| opendevreview | Merged openstack/ansible-role-python_venv_build stable/2023.1: Use distribution_major_version for all distros except Ubuntu https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/901572 | 10:48 |
| opendevreview | Merged openstack/openstack-ansible-os_glance stable/zed: Add glance_bin to rootwrap defenition https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/901563 | 11:05 |
| opendevreview | Merged openstack/openstack-ansible-os_glance stable/yoga: Add glance_bin to rootwrap defenition https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/901564 | 11:05 |
| lsudre_ | noonedeadpunk: The script run with no errors, now i have a br-publicnet with br-vlan port on ovs, I created an external network flat with physical network "public" add a router between my two networks, attach interface external to an instance, edit the route to add default on this interface, and I can't ping 8.8.8.8 | 11:14 |
| noonedeadpunk | lsudre_: and br-vlan is... a physical interface with the public network you want to use? | 11:17 |
| lsudre_ | a bridge mapped on physical interface who has internet access | 11:17 |
| lsudre_ | hum I found something wrong on my infra | 11:18 |
| noonedeadpunk | wait... "attach interface external to an instance" is quite different scheme then you wrote before -> "an external network (with internet access) and a router between them to provide internet to my instances" | 11:18 |
| noonedeadpunk | So with that scheme you need to attach to instance internal network | 11:18 |
| lsudre_ | ok, I try this after just using the router | 11:18 |
| noonedeadpunk | then assign a floating ip to the port | 11:19 |
| noonedeadpunk | or well, floating ip is not obligatory to access the internet from instance | 11:19 |
| lsudre_ | I have no default route on my infra1 and no internet access anymore | 11:23 |
| lsudre_ | the script can destroy my network infra config? | 11:25 |
| noonedeadpunk | Um, I don't think it should, unless you relied on the interface that was addded to OVS bridge | 11:31 |
| lsudre_ | my route was like that on infra1 and compute https://paste.openstack.org/show/bxxmjeNascVWN1OrA0Gs/ now I haven't br-vlan anymore https://paste.openstack.org/show/bXlJq5ltbLJwA7RHhAob/ | 11:34 |
| noonedeadpunk | yeah, because br-vlan is part of the OVS bridge now? | 11:34 |
| lsudre_ | yes | 11:35 |
| lsudre_ | Should I have two interfaces with internet access on infra, one dedicated for the ovs bridge and one for infra? | 11:39 |
| noonedeadpunk | Well, yes, usually these are 2 different things - network for public access to APIs and tenant networks | 11:44 |
| noonedeadpunk | Though, I think there should be a way on how to go with only single interface | 11:45 |
| noonedeadpunk | Eventually.... I think if you create a virtual interface, add it to br-vlan, and then define it to be added to br-publicnet in OVS - that should work | 11:46 |
| noonedeadpunk | Other way around might be to configure public network directly on OVS bridge | 11:46 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Add no_log to setup_roles inlcude https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/901755 | 11:53 |
| jrosser | eventually the default gateway for your hosts and gateways for the provider networks are two different concepts | 12:11 |
| jrosser | as you can have many provider / external networks, and they don't need to interact with the normal host networking | 12:12 |
| lsudre_ | noonedeadpunk: The things you explained are too difficult for my level. There is any tutorials to understand how and why I should that? | 12:26 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Bump SHAs for 2023.1 https://review.opendev.org/c/openstack/openstack-ansible/+/901234 | 15:16 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!