oVirt 4.4 vnic profile to substitute vdsm mac spoof hook
Hello, I have an Openstack Queens environment that is composed by VMs inside oVirt. Initially this oVirt environment was on 4.3 and on director I had to set vdsm mac spoof to be able to give dhcp address to the overcloud nodes. I tried something at that time with vnic profiles but I was not able to have it work as expected, so I used the hook. Now I have migrated this same environment to 4.4.2 and I see that vdsm mac spoof is no more an option: https://bugzilla.redhat.com/show_bug.cgi?id=1703840 I tried some combinations of vnic profiles on director vnic but it seems not to work as a dhcpserver as before. I see DHCPDISCOVER from overcloud node in director messages (while before I saw DHCPREQUEST), I see the DHCPOFFER from director, but I don't see the DHCPACK from the overcloud node... On director I have the br-ctlplane vswitch using its interface eth1: ovs-vsctl show . . . Bridge br-ctlplane Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port br-ctlplane Interface br-ctlplane type: internal Port "eth1" Interface "eth1" Port phy-br-ctlplane Interface phy-br-ctlplane type: patch options: {peer=int-br-ctlplane} ovs_version: "2.11.0" [root@director ~]# ovs-ofctl show br-ctlplane OFPT_FEATURES_REPLY (xid=0x2): dpid:0000566f3d480014 n_tables:254, n_buffers:0 capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst 1(eth1): addr:56:6f:3d:48:00:13 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max 2(phy-br-ctlplane): addr:76:76:8b:08:d4:2f config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max LOCAL(br-ctlplane): addr:56:6f:3d:48:00:14 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0 [root@director ~]# [root@director ~]# ip addr show dev br-ctlplane 6: br-ctlplane: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether 56:6f:3d:48:00:14 brd ff:ff:ff:ff:ff:ff inet 172.23.0.220/24 brd 172.23.0.255 scope global br-ctlplane valid_lft forever preferred_lft forever inet 172.23.0.222/32 scope global br-ctlplane valid_lft forever preferred_lft forever inet 172.23.0.221/32 scope global br-ctlplane valid_lft forever preferred_lft forever inet6 fe80::546f:3dff:fe48:14/64 scope link valid_lft forever preferred_lft forever [root@director ~]# The eth1 interface is configured in oVirt on vlan23. The overcloud nodes have one vnic on vlan 23. I have two dnsmasq processes on director, for ironic and for overcloud nodes: nobody 1527 1 0 Nov14 ? 00:00:00 /sbin/dnsmasq --conf-file=/etc/ironic-inspector/dnsmasq.conf nobody 3288 1 0 Nov14 ? 00:00:00 dnsmasq --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/22a5739b-acb6-4400-8247-080a66895f1a/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/22a5739b-acb6-4400-8247-080a66895f1a/host --addn-hosts=/var/lib/neutron/dhcp/22a5739b-acb6-4400-8247-080a66895f1a/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/22a5739b-acb6-4400-8247-080a66895f1a/opts --dhcp-leasefile=/var/lib/neutron/dhcp/22a5739b-acb6-4400-8247-080a66895f1a/leases --dhcp-match=set:ipxe,175 --local-service --bind-dynamic --dhcp-range=set:subnet-d48e002b-f269-4ed5-a96e-9aeba0b119b9,172.23.0.0,static,255.255.255.0,86400s --dhcp-option-force=option:mtu,1500 --dhcp-lease-max=256 --conf-file=/etc/dnsmasq-ironic.conf --domain=localdomain In messages of director when booting the overcloud node: Nov 15 00:42:45 director dnsmasq-dhcp[3288]: DHCPDISCOVER(tap9fdd5920-62) 172.23.0.232 56:6f:3d:48:00:3c Nov 15 00:42:45 director dnsmasq-dhcp[1527]: 3792136019 DHCPDISCOVER(br-ctlplane) 56:6f:3d:48:00:3c ignored Nov 15 00:42:45 director dnsmasq-dhcp[3288]: DHCPOFFER(tap9fdd5920-62) 172.23.0.232 56:6f:3d:48:00:3c Nov 15 00:42:45 director dnsmasq-dhcp[3288]: DHCPOFFER(tap9fdd5920-62) 172.23.0.232 56:6f:3d:48:00:3c In oVirt 4.3 with the same setup and VDSM MAC spoof hook configured I saw this inside messages of director when booting the overcloud nodes: Oct 18 04:50:05 director dnsmasq-dhcp[3230]: DHCPREQUEST(tap9fdd5920-62) 172.23.0.232 56:6f:3d:48:00:3c Oct 18 04:50:05 director dnsmasq-dhcp[3230]: DHCPACK(tap9fdd5920-62) 172.23.0.232 56:6f:3d:48:00:3c host-172-23-0-232 Questions: what is the filter to give to have it work? is it dynamic the effect at runtime for a running VM to edit its vnic and change its profile? is it dynamic for running VMs that for a vNIC with a certain profile if I go in Networks --> vNIC Profiles --> Edit vNIC Profile and change its network filter value? Thanks for any insight. Gianluca
On Sun, Nov 15, 2020 at 1:15 AM Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:
Hello, I have an Openstack Queens environment that is composed by VMs inside oVirt. Initially this oVirt environment was on 4.3 and on director I had to set vdsm mac spoof to be able to give dhcp address to the overcloud nodes. I tried something at that time with vnic profiles but I was not able to have it work as expected, so I used the hook. Now I have migrated this same environment to 4.4.2 and I see that vdsm mac spoof is no more an option: https://bugzilla.redhat.com/show_bug.cgi?id=1703840
I tried some combinations of vnic profiles on director vnic but it seems not to work as a dhcpserver as before. I see DHCPDISCOVER from overcloud node in director messages (while before I saw DHCPREQUEST), I see the DHCPOFFER from director, but I don't see the DHCPACK from the overcloud node...
The vnic that should give dhcp address is vlan23 If I shutdown all VMs and set vnic profile with Network Filter "clean-traffic" and run the VM, the xml of the director VM is of this type: . . . <ovirt-vm:device mac_address="56:6f:3d:48:00:14"> <ovirt-vm:network>vlan19</ovirt-vm:network> <ovirt-vm:custom> <ovirt-vm:queues>4</ovirt-vm:queues> </ovirt-vm:custom> </ovirt-vm:device> <ovirt-vm:device mac_address="56:6f:3d:48:00:13"> <ovirt-vm:network>vlan23</ovirt-vm:network> <ovirt-vm:custom> <ovirt-vm:queues>4</ovirt-vm:queues> </ovirt-vm:custom> </ovirt-vm:device> . . . <interface type='bridge'> <mac address='56:6f:3d:48:00:13'/> <source bridge='vlan23'/> <target dev='vnet18'/> <model type='virtio'/> <driver name='vhost' queues='4'/> <filterref filter='clean-traffic'/> <link state='up'/> <mtu size='1500'/> <alias name='ua-efd7297e-5fe3-47bb-b945-9e14dc68be10'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </interface> <interface type='bridge'> <mac address='56:6f:3d:48:00:14'/> <source bridge='vlan19'/> <target dev='vnet19'/> <model type='virtio'/> <driver name='vhost' queues='4'/> <filterref filter='vdsm-no-mac-spoofing'/> <link state='up'/> <mtu size='1500'/> <alias name='ua-36de0aa2-7902-4e71-9a24-a379f6af7539'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </interface> . . .
It seems that the "No Network Filter" filter makes it and now my overcloud node correctly gets the ip Nov 15 18:25:15 director dnsmasq-dhcp[3453]: DHCPDISCOVER(tap9fdd5920-62) 172.23.0.232 56:6f:3d:48:00:3c Nov 15 18:25:15 director dnsmasq-dhcp[1517]: 3907474188 available DHCP range: 172.23.0.241 -- 172.23.0.251 Nov 15 18:25:15 director dnsmasq-dhcp[3453]: DHCPOFFER(tap9fdd5920-62) 172.23.0.232 56:6f:3d:48:00:3c Nov 15 18:25:15 director dnsmasq-dhcp[1517]: 3907474188 client provides name: ostack-ceph0 Nov 15 18:25:15 director dnsmasq-dhcp[1517]: 3907474188 DHCPDISCOVER(br-ctlplane) 56:6f:3d:48:00:3c ignored Nov 15 18:25:15 director dnsmasq-dhcp[1517]: 3907474188 available DHCP range: 172.23.0.241 -- 172.23.0.251 Nov 15 18:25:15 director dnsmasq-dhcp[1517]: 3907474188 client provides name: ostack-ceph0 Nov 15 18:25:15 director dnsmasq-dhcp[3453]: DHCPREQUEST(tap9fdd5920-62) 172.23.0.232 56:6f:3d:48:00:3c Nov 15 18:25:15 director dnsmasq-dhcp[3453]: DHCPACK(tap9fdd5920-62) 172.23.0.232 56:6f:3d:48:00:3c host-172-23-0-232 For clarity it is also to be said that after the upgrade of oVirt and the import of the storage domain where the VM lived before, the network interfaces resulted swapped. So at begin I exchanged vlan assignment for the vnics to have correct behaviour / binding of names. Only thing I also missed is that the definition of ifcg-br-ctlplane was [root@director ~]# cat /etc/sysconfig/network-scripts/ifcfg-br-ctlplane # This file is autogenerated by os-net-config DEVICE=br-ctlplane ONBOOT=yes HOTPLUG=no NM_CONTROLLED=no PEERDNS=no DEVICETYPE=ovs TYPE=OVSBridge MTU=1500 BOOTPROTO=static IPADDR=172.23.0.220 NETMASK=255.255.255.0 OVS_EXTRA="set bridge br-ctlplane other-config:hwaddr=56:6f:3d:48:00:14 -- br-set-external-id br-ctlplane bridge-id br-ctlplane -- set bridge br-ctlplane fail_mode=standalone -- del-controller br-ctlplane -- set bridge br-ctlplane fail_mode=standalone -- del-controller br-ctlplane" [root@director ~]# And so I had also to change other-config:hwaddr=56:6f:3d:48:00:14 in other-config:hwaddr=56:6f:3d:48:00:13 due to the new mac of the eth1 interface being 56:6f:3d:48:00:13 In fact in my first post you can see the macs not matching.... [root@director ~]# ovs-ofctl show br-ctlplane . . . 1(eth1): addr:56:6f:3d:48:00:13 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max . . . LOCAL(br-ctlplane): addr:56:6f:3d:48:00:14 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0 [root@director ~]# So after having the correct mac and using "No Network Filter" filter, all seems as before with VDSM MAC Spoof hook. I'm not sure if there is a less open filter accomplishing my needs... Gianluca
participants (1)
-
Gianluca Cecchi