6:15 p.m.
Hello,
I have an Openstack Queens environment that is composed by VMs inside oVirt.
Initially this oVirt environment was on 4.3 and on director I had to set
vdsm mac spoof to be able to give dhcp address to the overcloud nodes.
I tried something at that time with vnic profiles but I was not able to
have it work as expected, so I used the hook.
Now I have migrated this same environment to 4.4.2 and I see that vdsm mac
spoof is no more an option:
https://bugzilla.redhat.com/show_bug.cgi?id=1703840
I tried some combinations of vnic profiles on director vnic but it seems
not to work as a dhcpserver as before.
I see DHCPDISCOVER from overcloud node in director messages (while before I
saw DHCPREQUEST), I see the DHCPOFFER from director, but I don't see the
DHCPACK from the overcloud node...
On director I have the br-ctlplane vswitch using its interface eth1:
ovs-vsctl show
. . .
Bridge br-ctlplane
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port br-ctlplane
Interface br-ctlplane
type: internal
Port "eth1"
Interface "eth1"
Port phy-br-ctlplane
Interface phy-br-ctlplane
type: patch
options: {peer=int-br-ctlplane}
ovs_version: "2.11.0"
[root@director ~]# ovs-ofctl show br-ctlplane
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000566f3d480014
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src
mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(eth1): addr:56:6f:3d:48:00:13
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
2(phy-br-ctlplane): addr:76:76:8b:08:d4:2f
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
LOCAL(br-ctlplane): addr:56:6f:3d:48:00:14
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
[root@director ~]#
[root@director ~]# ip addr show dev br-ctlplane
6: br-ctlplane: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default qlen 1000
link/ether 56:6f:3d:48:00:14 brd ff:ff:ff:ff:ff:ff
inet 172.23.0.220/24 brd 172.23.0.255 scope global br-ctlplane
valid_lft forever preferred_lft forever
inet 172.23.0.222/32 scope global br-ctlplane
valid_lft forever preferred_lft forever
inet 172.23.0.221/32 scope global br-ctlplane
valid_lft forever preferred_lft forever
inet6 fe80::546f:3dff:fe48:14/64 scope link
valid_lft forever preferred_lft forever
[root@director ~]#
The eth1 interface is configured in oVirt on vlan23.
The overcloud nodes have one vnic on vlan 23.
I have two dnsmasq processes on director, for ironic and for overcloud
nodes:
nobody 1527 1 0 Nov14 ? 00:00:00 /sbin/dnsmasq
--conf-file=/etc/ironic-inspector/dnsmasq.conf
nobody 3288 1 0 Nov14 ? 00:00:00 dnsmasq --no-hosts
--no-resolv
--pid-file=/var/lib/neutron/dhcp/22a5739b-acb6-4400-8247-080a66895f1a/pid
--dhcp-hostsfile=/var/lib/neutron/dhcp/22a5739b-acb6-4400-8247-080a66895f1a/host
--addn-hosts=/var/lib/neutron/dhcp/22a5739b-acb6-4400-8247-080a66895f1a/addn_hosts
--dhcp-optsfile=/var/lib/neutron/dhcp/22a5739b-acb6-4400-8247-080a66895f1a/opts
--dhcp-leasefile=/var/lib/neutron/dhcp/22a5739b-acb6-4400-8247-080a66895f1a/leases
--dhcp-match=set:ipxe,175 --local-service --bind-dynamic
--dhcp-range=set:subnet-d48e002b-f269-4ed5-a96e-9aeba0b119b9,172.23.0.0,static,255.255.255.0,86400s
--dhcp-option-force=option:mtu,1500 --dhcp-lease-max=256
--conf-file=/etc/dnsmasq-ironic.conf --domain=localdomain
In messages of director when booting the overcloud node:
Nov 15 00:42:45 director dnsmasq-dhcp[3288]: DHCPDISCOVER(tap9fdd5920-62)
172.23.0.232 56:6f:3d:48:00:3c
Nov 15 00:42:45 director dnsmasq-dhcp[1527]: 3792136019
DHCPDISCOVER(br-ctlplane) 56:6f:3d:48:00:3c ignored
Nov 15 00:42:45 director dnsmasq-dhcp[3288]: DHCPOFFER(tap9fdd5920-62)
172.23.0.232 56:6f:3d:48:00:3c
Nov 15 00:42:45 director dnsmasq-dhcp[3288]: DHCPOFFER(tap9fdd5920-62)
172.23.0.232 56:6f:3d:48:00:3c
In oVirt 4.3 with the same setup and VDSM MAC spoof hook configured I saw
this inside messages of director when booting the overcloud nodes:
Oct 18 04:50:05 director dnsmasq-dhcp[3230]: DHCPREQUEST(tap9fdd5920-62)
172.23.0.232 56:6f:3d:48:00:3c
Oct 18 04:50:05 director dnsmasq-dhcp[3230]: DHCPACK(tap9fdd5920-62)
172.23.0.232 56:6f:3d:48:00:3c host-172-23-0-232
Questions:
what is the filter to give to have it work?
is it dynamic the effect at runtime for a running VM to edit its vnic and
change its profile?
is it dynamic for running VMs that for a vNIC with a certain profile if I
go in Networks --> vNIC Profiles --> Edit vNIC Profile and change its
network filter value?
Thanks for any insight.
Gianluca
3:36 a.m.
On Sun, Nov 15, 2020 at 1:15 AM Gianluca Cecchi <gianluca.cecchi(a)gmail.com>
wrote:
Hello,
I have an Openstack Queens environment that is composed by VMs inside
oVirt.
Initially this oVirt environment was on 4.3 and on director I had to set
vdsm mac spoof to be able to give dhcp address to the overcloud nodes.
I tried something at that time with vnic profiles but I was not able to
have it work as expected, so I used the hook.
Now I have migrated this same environment to 4.4.2 and I see that vdsm mac
spoof is no more an option:
https://bugzilla.redhat.com/show_bug.cgi?id=1703840
I tried some combinations of vnic profiles on director vnic but it seems
not to work as a dhcpserver as before.
I see DHCPDISCOVER from overcloud node in director messages (while before
I saw DHCPREQUEST), I see the DHCPOFFER from director, but I don't see the
DHCPACK from the overcloud node...
The vnic that should give dhcp address is vlan23
If I shutdown all VMs and set vnic profile with Network Filter
"clean-traffic" and run the VM, the xml of the director VM is of this type:
. . .
<ovirt-vm:device mac_address="56:6f:3d:48:00:14">
<ovirt-vm:network>vlan19</ovirt-vm:network>
<ovirt-vm:custom>
<ovirt-vm:queues>4</ovirt-vm:queues>
</ovirt-vm:custom>
</ovirt-vm:device>
<ovirt-vm:device mac_address="56:6f:3d:48:00:13">
<ovirt-vm:network>vlan23</ovirt-vm:network>
<ovirt-vm:custom>
<ovirt-vm:queues>4</ovirt-vm:queues>
</ovirt-vm:custom>
</ovirt-vm:device>
. . .
<interface type='bridge'>
<mac address='56:6f:3d:48:00:13'/>
<source bridge='vlan23'/>
<target dev='vnet18'/>
<model type='virtio'/>
<driver name='vhost' queues='4'/>
<filterref filter='clean-traffic'/>
<link state='up'/>
<mtu size='1500'/>
<alias name='ua-efd7297e-5fe3-47bb-b945-9e14dc68be10'/>
<address type='pci' domain='0x0000' bus='0x02'
slot='0x00'
function='0x0'/>
</interface>
<interface type='bridge'>
<mac address='56:6f:3d:48:00:14'/>
<source bridge='vlan19'/>
<target dev='vnet19'/>
<model type='virtio'/>
<driver name='vhost' queues='4'/>
<filterref filter='vdsm-no-mac-spoofing'/>
<link state='up'/>
<mtu size='1500'/>
<alias name='ua-36de0aa2-7902-4e71-9a24-a379f6af7539'/>
<address type='pci' domain='0x0000' bus='0x01'
slot='0x00'
function='0x0'/>
</interface>
. . .
11:35 a.m.
It seems that the "No Network Filter" filter makes it and now my overcloud
node correctly gets the ip
Nov 15 18:25:15 director dnsmasq-dhcp[3453]: DHCPDISCOVER(tap9fdd5920-62)
172.23.0.232 56:6f:3d:48:00:3c
Nov 15 18:25:15 director dnsmasq-dhcp[1517]: 3907474188 available DHCP
range: 172.23.0.241 -- 172.23.0.251
Nov 15 18:25:15 director dnsmasq-dhcp[3453]: DHCPOFFER(tap9fdd5920-62)
172.23.0.232 56:6f:3d:48:00:3c
Nov 15 18:25:15 director dnsmasq-dhcp[1517]: 3907474188 client provides
name: ostack-ceph0
Nov 15 18:25:15 director dnsmasq-dhcp[1517]: 3907474188
DHCPDISCOVER(br-ctlplane) 56:6f:3d:48:00:3c ignored
Nov 15 18:25:15 director dnsmasq-dhcp[1517]: 3907474188 available DHCP
range: 172.23.0.241 -- 172.23.0.251
Nov 15 18:25:15 director dnsmasq-dhcp[1517]: 3907474188 client provides
name: ostack-ceph0
Nov 15 18:25:15 director dnsmasq-dhcp[3453]: DHCPREQUEST(tap9fdd5920-62)
172.23.0.232 56:6f:3d:48:00:3c
Nov 15 18:25:15 director dnsmasq-dhcp[3453]: DHCPACK(tap9fdd5920-62)
172.23.0.232 56:6f:3d:48:00:3c host-172-23-0-232
For clarity it is also to be said that after the upgrade of oVirt and the
import of the storage domain where the VM lived before, the network
interfaces resulted swapped.
So at begin I exchanged vlan assignment for the vnics to have correct
behaviour / binding of names.
Only thing I also missed is that the definition of ifcg-br-ctlplane was
[root@director ~]# cat /etc/sysconfig/network-scripts/ifcfg-br-ctlplane
# This file is autogenerated by os-net-config
DEVICE=br-ctlplane
ONBOOT=yes
HOTPLUG=no
NM_CONTROLLED=no
PEERDNS=no
DEVICETYPE=ovs
TYPE=OVSBridge
MTU=1500
BOOTPROTO=static
IPADDR=172.23.0.220
NETMASK=255.255.255.0
OVS_EXTRA="set bridge br-ctlplane other-config:hwaddr=56:6f:3d:48:00:14 --
br-set-external-id br-ctlplane bridge-id br-ctlplane -- set bridge
br-ctlplane fail_mode=standalone -- del-controller br-ctlplane -- set
bridge br-ctlplane fail_mode=standalone -- del-controller br-ctlplane"
[root@director ~]#
And so I had also to change other-config:hwaddr=56:6f:3d:48:00:14 in
other-config:hwaddr=56:6f:3d:48:00:13 due to the new mac of the eth1
interface being 56:6f:3d:48:00:13
In fact in my first post you can see the macs not matching....
[root@director ~]# ovs-ofctl show br-ctlplane
. . .
1(eth1): addr:56:6f:3d:48:00:13
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
. . .
LOCAL(br-ctlplane): addr:56:6f:3d:48:00:14
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
[root@director ~]#
So after having the correct mac and using "No Network Filter" filter, all
seems as before with VDSM MAC Spoof hook.
I'm not sure if there is a less open filter accomplishing my needs...
Gianluca
1470
days inactive
1470
days old
2 comments
1 participants
participants (1)
-
Gianluca Cecchi