<div dir="ltr"><div dir="auto">> No i haven't defined any security policy, explicitly. I'm using a network defined through horizon without any special option.<br><br></div><div>This is strange, as the basic flow should only connect the vnic to the ovs integration bridge.<br></div><div>Please give me some time to look at the code.<br><br><div dir="auto">> Where i find the xml file?<br></div><div>This is in the libvirt vm definition. It can be edited using the "virsh" tools: virsh edit <vm name><br></div><div><br>You could also attempt to check this by attaching some an interface (like a veth pair) directly to the ovs bridge and setting the ovs interfaceid parameter to mark is as osn port. Let me know if this is clear, if not I will try to decribe the procedure in more detail.<br></div><div><br><br><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 10, 2017 at 12:11 PM, Luca 'remix_tj' Lorenzetto <span dir="ltr"><<a href="mailto:lorenzetto.luca@gmail.com" target="_blank">lorenzetto.luca@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><span class=""><div><br><div class="gmail_extra"><br><div class="gmail_quote">Il 10 mar 2017 11:48 AM, "Marcin Mirecki" <<a href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>> ha scritto:<br type="attribution"><blockquote class="m_387394135999848778quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div>Hello Luca<br></div><div class="m_387394135999848778quoted-text"><div><br>>Name: openstack-networks<br>
>Type: OpenStack Networking<br>
>Description:<br>>Provider URL: <a href="http://openstack.example.com:9696" rel="noreferrer" target="_blank">http://openstack.example.com:9<wbr>696</a><br><br></div></div>I assume Networking Plugin: Open vSwitch<br></div></div></div></div></div></div></div></blockquote></div></div></div><div dir="auto"><br></div></span><div dir="auto">Yes, i confirm.</div><span class=""><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="m_387394135999848778quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><br>Do you have any security groups defined for the vnic profile on your external network?<br></div><div>Looking at the output you provided is seems you do.The qpb bridge and the qvb/qvo veth pair are created when the security groups are present.<br></div>Can you try without the security groups? This would connect your vm vnic right into the ovs integration bridge (br-int).<br></div></div></div></div></div></blockquote></div></div></div><div dir="auto"><br></div></span><div dir="auto">No i haven't defined any security policy, explicitly. I'm using a network defined through horizon without any special option.</div><span class=""><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="m_387394135999848778quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div></div><div class="m_387394135999848778quoted-text"><br>>This are the output of the commands you asked from a node where a vm<br>
>that is attached to a neutron network is running:<br></div></div><div>Yes, this is what I needed.<br></div><div class="m_387394135999848778quoted-text"><div><br>>[root@ovirt002 ~]# ovs-vsctl show<br>
>ovs-vsctl: unix:/var/run/openvswitch/db.s<wbr>ock: database connection<br>
>failed (No such file or directory)<br><br></div></div>This is quite worrying. Is ovs on the host working properly?<br></div>Can you please check: service openvswitch status<br></div>If not active: service openvswitch start<div class="m_387394135999848778quoted-text"></div></div></blockquote></div></div></div><div dir="auto"><br></div></span><div dir="auto">Who should enable it, a cluster confoguration or whatl else? I'm using ovirt-node-ng, i suppose that openvswitch is already installed (didn't check).</div><span class=""><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="m_387394135999848778quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="m_387394135999848778quoted-text"><br><br><span class="m_387394135999848778m_-4478997510656914065gmail-im">>> Have you tried connecting any nics manually and checking connectivity<br>
>> between them?<br></span><span class="m_387394135999848778m_-4478997510656914065gmail-im">
</span>>What do you mean?</div><div><div><br></div><div>Add 2 ports in openstack directly<br></div><div>Add 2 nics on vm's, specifying the libvirt xml for the interfaces:<br><br></div><div><div><interface type="bridge"><br> <model type="virtio"/><br> <source bridge="br-int"/><br> <virtualport type="openvswitch"><br> <parameters interfaceid="<neturon port id>"/><br> </virtualport><br></interface><br></div></div></div></div></blockquote></div></div></div><div dir="auto"><br></div><div dir="auto"><br></div></span><div dir="auto">Where i find the xml file?</div><div><div class="h5"><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="m_387394135999848778quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><br></div><div>If the openstack neutron plugin works correctly, the ports should be connected to the osn network.<br></div></div></div></div></blockquote></div></div></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="m_387394135999848778quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div></div><div><br></div></div></div></div><div class="m_387394135999848778elided-text"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 9, 2017 at 4:26 PM, Luca 'remix_tj' Lorenzetto <span dir="ltr"><<a href="mailto:lorenzetto.luca@gmail.com" target="_blank">lorenzetto.luca@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Thu, Mar 9, 2017 at 2:24 PM, Marcin Mirecki <<a href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>> wrote:<br>
> Hello Luca,<br>
<br>
Hello Marcin,<br>
<span><br>
> The osn provider basically only connects the vnics to the osn networks,<br>
> items like dhcp must be handled on the osn networks itself.<br>
<br>
</span>Yes, i know. The network is defined by neutron, which has it's own dhcp server.<br>
<span><br>
> Have you tried connecting any nics manually and checking connectivity<br>
> between them?<br>
<br>
</span>What do you mean?<br>
<span><br>
> No connectivity with static IP's could hint at some configuration problems.<br>
> Are osn/ovs set up correctly? Firewall blocking traffic?<br>
<br>
</span>there is no firewall between openstack controllers and ovirt<br>
engine/hosts. My doubt is about configuration, i've configured in this<br>
way:<br>
<br>
Name: openstack-networks<br>
Type: OpenStack Networking<br>
Description:<br>
Provider URL: <a href="http://openstack.example.com:9696" rel="noreferrer" target="_blank">http://openstack.example.com:9<wbr>696</a><br>
<br>
Flagged read-only and requires authentication<br>
<br>
Set the authentication and tested, reports everything ok.<br>
<br>
Nothing else has been configured. I didn't found any documentation<br>
that clarified if is enough.<br>
<br>
After powering on i see on openstack this:<br>
<br>
[stack@opstrio1101 ~]$ openstack port list | grep 00:1a:4a:16:01:51<br>
<-- this is mac address of oVirt VM<br>
| 86c46fed-dddf-4776-a765-27d4e5<wbr>2e861c | nic1<br>
| 00:1a:4a:16:01:51 | ip_address='172.25.7.4',<br>
subnet_id='280a98ad-0fd5-4961-<wbr>a307-d1bfea8355cd' |<br>
<span><br>
<br>
<br>
> Can you please send us a more detailed descirption of your env (ip addr,<br>
> brctl show, ovs-vsctl show)?<br>
<br>
</span>This are the output of the commands you asked from a node where a vm<br>
that is attached to a neutron network is running:<br>
<br>
[root@ovirt002 ~]# ip addr<br>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1<br>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br>
inet <a href="http://127.0.0.1/8" rel="noreferrer" target="_blank">127.0.0.1/8</a> scope host lo<br>
valid_lft forever preferred_lft forever<br>
inet6 ::1/128 scope host<br>
valid_lft forever preferred_lft forever<br>
2: enp2s0f0: <BROADCAST,MULTICAST,SLAVE,UP,<wbr>LOWER_UP> mtu 1500 qdisc mq<br>
master bond0 state UP qlen 1000<br>
link/ether 00:21:5a:9b:b7:93 brd ff:ff:ff:ff:ff:ff<br>
3: enp2s0f1: <BROADCAST,MULTICAST,SLAVE,UP,<wbr>LOWER_UP> mtu 1500 qdisc mq<br>
master bond0 state UP qlen 1000<br>
link/ether 00:21:5a:9b:b7:93 brd ff:ff:ff:ff:ff:ff<br>
4: enp2s0f2: <BROADCAST,MULTICAST,SLAVE,UP,<wbr>LOWER_UP> mtu 1500 qdisc mq<br>
master bond1 state UP qlen 1000<br>
link/ether 00:21:5a:9b:b7:97 brd ff:ff:ff:ff:ff:ff<br>
5: enp2s0f3: <BROADCAST,MULTICAST,SLAVE,UP,<wbr>LOWER_UP> mtu 1500 qdisc mq<br>
master bond1 state UP qlen 1000<br>
link/ether 00:21:5a:9b:b7:97 brd ff:ff:ff:ff:ff:ff<br>
6: enp2s0f4: <NO-CARRIER,BROADCAST,MULTICAS<wbr>T,UP> mtu 1500 qdisc mq<br>
state DOWN qlen 1000<br>
link/ether 00:21:5a:9b:b7:9b brd ff:ff:ff:ff:ff:ff<br>
7: enp2s0f5: <NO-CARRIER,BROADCAST,MULTICAS<wbr>T,UP> mtu 1500 qdisc mq<br>
state DOWN qlen 1000<br>
link/ether 00:21:5a:9b:b7:9d brd ff:ff:ff:ff:ff:ff<br>
8: enp2s0f6: <NO-CARRIER,BROADCAST,MULTICAS<wbr>T,UP> mtu 1500 qdisc mq<br>
state DOWN qlen 1000<br>
link/ether b4:b5:2f:55:bc:eb brd ff:ff:ff:ff:ff:ff<br>
9: enp2s0f7: <NO-CARRIER,BROADCAST,MULTICAS<wbr>T,UP> mtu 1500 qdisc mq<br>
state DOWN qlen 1000<br>
link/ether b4:b5:2f:55:bc:ef brd ff:ff:ff:ff:ff:ff<br>
10: bond0: <BROADCAST,MULTICAST,MASTER,UP<wbr>,LOWER_UP> mtu 1500 qdisc<br>
noqueue master ovirtmgmt state UP qlen 1000<br>
link/ether 00:21:5a:9b:b7:93 brd ff:ff:ff:ff:ff:ff<br>
11: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc<br>
noqueue state UP qlen 1000<br>
link/ether 00:21:5a:9b:b7:93 brd ff:ff:ff:ff:ff:ff<br>
inet <a href="http://10.5.40.192/22" rel="noreferrer" target="_blank">10.5.40.192/22</a> brd 10.5.43.255 scope global ovirtmgmt<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::221:5aff:fe9b:b793/64 scope link<br>
valid_lft forever preferred_lft forever<br>
12: bond1: <BROADCAST,MULTICAST,MASTER,UP<wbr>,LOWER_UP> mtu 1500 qdisc<br>
noqueue master NFS state UP qlen 1000<br>
link/ether 00:21:5a:9b:b7:97 brd ff:ff:ff:ff:ff:ff<br>
13: NFS: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc noqueue<br>
state UP qlen 1000<br>
link/ether 00:21:5a:9b:b7:97 brd ff:ff:ff:ff:ff:ff<br>
inet <a href="http://10.5.160.46/22" rel="noreferrer" target="_blank">10.5.160.46/22</a> brd 10.5.163.255 scope global NFS<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::221:5aff:fe9b:b797/64 scope link<br>
valid_lft forever preferred_lft forever<br>
14: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000<br>
link/ether be:ae:6d:b7:0f:f5 brd ff:ff:ff:ff:ff:ff<br>
16: qvo86c46fed-dd@qvb86c46fed-dd:<br>
<BROADCAST,MULTICAST,PROMISC,U<wbr>P,LOWER_UP> mtu 1500 qdisc noqueue state<br>
UP qlen 1000<br>
link/ether 5e:d1:06:97:f0:19 brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::5cd1:6ff:fe97:f019/64 scope link<br>
valid_lft forever preferred_lft forever<br>
17: qvb86c46fed-dd@qvo86c46fed-dd:<br>
<BROADCAST,MULTICAST,PROMISC,U<wbr>P,LOWER_UP> mtu 1500 qdisc noqueue state<br>
UP qlen 1000<br>
link/ether e6:73:ee:8e:03:09 brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::e473:eeff:fe8e:309/64 scope link<br>
valid_lft forever preferred_lft forever<br>
18: qbr86c46fed-dd: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state<br>
DOWN qlen 1000<br>
link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff<br>
21: tap86c46fed-dd: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500 qdisc<br>
pfifo_fast master qbr86c46fed-dd state UNKNOWN qlen 1000<br>
link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff<br>
<br>
<br>
[root@ovirt002 ~]# brctl show<br>
bridge name bridge id STP enabled interfaces<br>
;vdsmdummy; 8000.000000000000 no<br>
NFS 8000.00215a9bb797 no bond1<br>
ovirtmgmt 8000.00215a9bb793 no bond0<br>
qbr86c46fed-dd 8000.fe1a4a160151 no tap86c46fed-dd<br>
<br>
<br>
[root@ovirt002 ~]# ovs-vsctl show<br>
ovs-vsctl: unix:/var/run/openvswitch/db.s<wbr>ock: database connection<br>
failed (No such file or directory)<br>
<br>
<br>
If you need other clarifications i'll dig without problem in this env.<br>
<div class="m_387394135999848778m_-4478997510656914065HOEnZb"><div class="m_387394135999848778m_-4478997510656914065h5"><br>
Luca<br>
<br>
<br>
<br>
<br>
--<br>
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare<br>
calcoli che potrebbero essere affidati a chiunque se si usassero delle<br>
macchine"<br>
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)<br>
<br>
"Internet è la più grande biblioteca del mondo.<br>
Ma il problema è che i libri sono tutti sparsi sul pavimento"<br>
John Allen Paulos, Matematico (1945-vivente)<br>
<br>
Luca 'remix_tj' Lorenzetto, <a href="http://www.remixtj.net" rel="noreferrer" target="_blank">http://www.remixtj.net</a> , <<a href="mailto:lorenzetto.luca@gmail.com" target="_blank">lorenzetto.luca@gmail.com</a>><br>
</div></div></blockquote></div><br></div>
</div></blockquote></div><br></div></div></div></div></div>
</blockquote></div><br></div>