------=_Part_5696627_15734346.1482855035514 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit The following is a new meeting request: Subject: OVN Deep Dive for oVirt 4.1 Organizer: "Marcin Mirecki" <mmirecki@redhat.com> Time: Wednesday, January 11, 2017, 4:00:00 PM - 5:00:00 PM GMT +01:00 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna Invitees: users@ovirt.org *~*~*~*~*~*~*~*~*~* OVN (Open Virtual Networking) is a new network virtualization project that brings virtual networking to Open vSwitch. OVN is now availble to use as a tech preview in oVirt. It is made available using the oVirt external network providers API, which allows using external network management software inside environments managed by oVirt. The integration with OVN will allow users to take advantage of native OVS support for software defined networks. The advantages of using OVN: - ability to use large number of networks with no need for multiple host NICs or VLAN use - ability to set up new network without any changes to the physical infrastructure - easier to maintain due to centralized management - good traffic isolation due to Openflow rules - improved performance over neutron OVS plugin (https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutron-ml2ovs...) Session outline: - OVN overview - oVirt external network provider API overview - oVirt provider for OVN overview Session link: https://www.youtube.com/watch?v=vGeouWfKJwA Feature Page: https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... Blog Post: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ ------=_Part_5696627_15734346.1482855035514 Content-Type: text/calendar; charset=utf-8; method=REQUEST; name=meeting.ics Content-Transfer-Encoding: 7bit BEGIN:VCALENDAR PRODID:Zimbra-Calendar-Provider VERSION:2.0 METHOD:REQUEST BEGIN:VTIMEZONE TZID:Europe/Berlin BEGIN:STANDARD DTSTART:16010101T030000 TZOFFSETTO:+0100 TZOFFSETFROM:+0200 RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=10;BYDAY=-1SU TZNAME:CET END:STANDARD BEGIN:DAYLIGHT DTSTART:16010101T020000 TZOFFSETTO:+0200 TZOFFSETFROM:+0100 RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=3;BYDAY=-1SU TZNAME:CEST END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:c1705cfd-9bb1-4d7d-9648-7a8244d8b50b SUMMARY:OVN Deep Dive for oVirt 4.1 ATTENDEE;CN=Ovirt Users;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE :mailto:users@ovirt.org ORGANIZER;CN=Marcin Mirecki:mailto:mmirecki@redhat.com DTSTART;TZID="Europe/Berlin":20170111T160000 DTEND;TZID="Europe/Berlin":20170111T170000 STATUS:CONFIRMED CLASS:PUBLIC X-MICROSOFT-CDO-INTENDEDSTATUS:BUSY TRANSP:OPAQUE LAST-MODIFIED:20161227T161035Z DTSTAMP:20161227T161035Z SEQUENCE:1 DESCRIPTION:The following is a new meeting request:\n\nSubject: OVN Deep Div e for oVirt 4.1 \nOrganizer: "Marcin Mirecki" <mmirecki@redhat.com> \n\nTime : Wednesday\, January 11\, 2017\, 4:00:00 PM - 5:00:00 PM GMT +01:00 Amsterd am\, Berlin\, Bern\, Rome\, Stockholm\, Vienna\n \nInvitees: users@ovirt.org \n\n\n*~*~*~*~*~*~*~*~*~*\n\nOVN (Open Virtual Networking) is a new network virtualization project that\nbrings virtual networking to Open vSwitch.\nOV N is now availble to use as a tech preview in oVirt. It is made available\nu sing the oVirt external network providers API\, which allows using external\ nnetwork management software inside environments managed by oVirt.\nThe inte gration with OVN will allow users to take advantage of native OVS\nsupport f or software defined networks.\n\nThe advantages of using OVN:\n- ability to use large number of networks with no need for multiple host NICs\n or VLAN use\n- ability to set up new network without any changes to the physical inf rastructure\n- easier to maintain due to centralized management\n- good traf fic isolation due to Openflow rules\n- improved performance over neutron OVS plugin (https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutr on-ml2ovs-and-ovn-control-plane/)\n\n\nSession outline:\n- OVN overview\n- o Virt external network provider API overview\n- oVirt provider for OVN overvi ew\n\nSession link:\nhttps://www.youtube.com/watch?v=vGeouWfKJwA\n\nFeature Page:\nhttps://www.ovirt.org//develop/release-management/features/ovirt-ovn- provider/\nBlog Post:\nhttps://www.ovirt.org/blog/2016/11/ovirt-provider-ovn / BEGIN:VALARM ACTION:DISPLAY TRIGGER;RELATED=START:-PT5M DESCRIPTION:Reminder END:VALARM END:VEVENT END:VCALENDAR ------=_Part_5696627_15734346.1482855035514--
This is a multi-part message in MIME format. --------------CD94DAD1BC36735B61E3E1AD Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider. The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf. I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge. However, I can't start the VM as an exception is thrown in the log: 2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:] Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine. I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure. /Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
The following is a new meeting request:
Subject: OVN Deep Dive for oVirt 4.1 Organizer: "Marcin Mirecki" <mmirecki@redhat.com>
Time: Wednesday, January 11, 2017, 4:00:00 PM - 5:00:00 PM GMT +01:00 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
Invitees: users@ovirt.org
*~*~*~*~*~*~*~*~*~*
OVN (Open Virtual Networking) is a new network virtualization project that brings virtual networking to Open vSwitch. OVN is now availble to use as a tech preview in oVirt. It is made available using the oVirt external network providers API, which allows using external network management software inside environments managed by oVirt. The integration with OVN will allow users to take advantage of native OVS support for software defined networks.
The advantages of using OVN: - ability to use large number of networks with no need for multiple host NICs or VLAN use - ability to set up new network without any changes to the physical infrastructure - easier to maintain due to centralized management - good traffic isolation due to Openflow rules - improved performance over neutron OVS plugin (https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutron-ml2ovs...)
Session outline: - OVN overview - oVirt external network provider API overview - oVirt provider for OVN overview
Session link: https://www.youtube.com/watch?v=vGeouWfKJwA
Feature Page: https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... Blog Post: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------CD94DAD1BC36735B61E3E1AD Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>Hi<br> For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.</p> <p>The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.<br> </p> <p>I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.</p> <p>However, I can't start the VM as an exception is thrown in the log:</p> <p>2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException<br> at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:]<br> at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:]<br> at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:]<br> at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:]<br> at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:]<br> at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:]<br> at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:]<br> at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:]<br> at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:]<br> at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:]<br> at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:]<br> at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:]<br> at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:]<br> at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:]<br> </p> <p>Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.</p> <p>I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.</p> <p>/Sverker<br> </p> <div class="moz-cite-prefix">Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:<br> </div> <blockquote cite="mid:577578472.5696628.1482855035519.JavaMail.zimbra@redhat.com" type="cite"> <pre wrap="">The following is a new meeting request: Subject: OVN Deep Dive for oVirt 4.1 Organizer: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Time: Wednesday, January 11, 2017, 4:00:00 PM - 5:00:00 PM GMT +01:00 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna Invitees: <a class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a> *~*~*~*~*~*~*~*~*~* OVN (Open Virtual Networking) is a new network virtualization project that brings virtual networking to Open vSwitch. OVN is now availble to use as a tech preview in oVirt. It is made available using the oVirt external network providers API, which allows using external network management software inside environments managed by oVirt. The integration with OVN will allow users to take advantage of native OVS support for software defined networks. The advantages of using OVN: - ability to use large number of networks with no need for multiple host NICs or VLAN use - ability to set up new network without any changes to the physical infrastructure - easier to maintain due to centralized management - good traffic isolation due to Openflow rules - improved performance over neutron OVS plugin (<a class="moz-txt-link-freetext" href="https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutron-ml2ovs-and-ovn-control-plane/">https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutron-ml2ovs-and-ovn-control-plane/</a>) Session outline: - OVN overview - oVirt external network provider API overview - oVirt provider for OVN overview Session link: <a class="moz-txt-link-freetext" href="https://www.youtube.com/watch?v=vGeouWfKJwA">https://www.youtube.com/watch?v=vGeouWfKJwA</a> Feature Page: <a class="moz-txt-link-freetext" href="https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/">https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/</a> Blog Post: <a class="moz-txt-link-freetext" href="https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/">https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/</a> </pre> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> </body> </html> --------------CD94DAD1BC36735B61E3E1AD--
Did you install the host side VIF driver? Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109 Tel : +972 (9) 7692306 8272306 Email: ydary@redhat.com IRC : ydary On Wed, Dec 28, 2016 at 1:39 AM, Sverker Abrahamsson < sverker@abrahamsson.com> wrote:
Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.
The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.
I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.
However, I can't start the VM as an exception is thrown in the log:
2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits. NetworkPolicyUnit.validateRequiredNetworksAvaila ble(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits. NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager. runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager. runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager. canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator. canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRu nner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRu nner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRu nner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:]
Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.
I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.
/Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
The following is a new meeting request:
Subject: OVN Deep Dive for oVirt 4.1 Organizer: "Marcin Mirecki" <mmirecki@redhat.com> <mmirecki@redhat.com>
Time: Wednesday, January 11, 2017, 4:00:00 PM - 5:00:00 PM GMT +01:00 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
Invitees: users@ovirt.org
*~*~*~*~*~*~*~*~*~*
OVN (Open Virtual Networking) is a new network virtualization project that brings virtual networking to Open vSwitch. OVN is now availble to use as a tech preview in oVirt. It is made available using the oVirt external network providers API, which allows using external network management software inside environments managed by oVirt. The integration with OVN will allow users to take advantage of native OVS support for software defined networks.
The advantages of using OVN: - ability to use large number of networks with no need for multiple host NICs or VLAN use - ability to set up new network without any changes to the physical infrastructure - easier to maintain due to centralized management - good traffic isolation due to Openflow rules - improved performance over neutron OVS plugin (https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutron-ml2ovs...)
Session outline: - OVN overview - oVirt external network provider API overview - oVirt provider for OVN overview
Session link:https://www.youtube.com/watch?v=vGeouWfKJwA
Feature Page:https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... Blog Post:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/
_______________________________________________ Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------AA497A11D3475140C551FE6A Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi Yaniv I have installed ovirt-provider-ovn-1.0-1.fc24.noarch.rpm and ovirt-provider-ovn-driver-1.0-1.fc24.noarch.rpm /Sverker Den 2016-12-28 kl. 09:24, skrev Yaniv Dary:
Did you install the host side VIF driver?
Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109 Tel : +972 (9) 7692306 8272306 Email: ydary@redhat.com <mailto:ydary@redhat.com> IRC : ydary
On Wed, Dec 28, 2016 at 1:39 AM, Sverker Abrahamsson <sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> wrote:
Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.
The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.
I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.
However, I can't start the VM as an exception is thrown in the log:
2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:]
Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.
I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.
/Sverker
Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
The following is a new meeting request:
Subject: OVN Deep Dive for oVirt 4.1 Organizer: "Marcin Mirecki"<mmirecki@redhat.com> <mailto:mmirecki@redhat.com>
Time: Wednesday, January 11, 2017, 4:00:00 PM - 5:00:00 PM GMT +01:00 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
Invitees:users@ovirt.org <mailto:users@ovirt.org>
*~*~*~*~*~*~*~*~*~*
OVN (Open Virtual Networking) is a new network virtualization project that brings virtual networking to Open vSwitch. OVN is now availble to use as a tech preview in oVirt. It is made available using the oVirt external network providers API, which allows using external network management software inside environments managed by oVirt. The integration with OVN will allow users to take advantage of native OVS support for software defined networks.
The advantages of using OVN: - ability to use large number of networks with no need for multiple host NICs or VLAN use - ability to set up new network without any changes to the physical infrastructure - easier to maintain due to centralized management - good traffic isolation due to Openflow rules - improved performance over neutron OVS plugin (https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutron-ml2ovs... <https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutron-ml2ovs-and-ovn-control-plane/>)
Session outline: - OVN overview - oVirt external network provider API overview - oVirt provider for OVN overview
Session link: https://www.youtube.com/watch?v=vGeouWfKJwA <https://www.youtube.com/watch?v=vGeouWfKJwA>
Feature Page: https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... <https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/> Blog Post: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ <https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
--------------AA497A11D3475140C551FE6A Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>Hi Yaniv<br> I have installed ovirt-provider-ovn-1.0-1.fc24.noarch.rpm and ovirt-provider-ovn-driver-1.0-1.fc24.noarch.rpm<br> /Sverker<br> </p> <div class="moz-cite-prefix">Den 2016-12-28 kl. 09:24, skrev Yaniv Dary:<br> </div> <blockquote cite="mid:CACKMAy-qB05M-EiLLEADsrdV=h_w-0K979GT4F=cmui9MKOhsg@mail.gmail.com" type="cite"> <div dir="ltr">Did you install the host side VIF driver?</div> <div class="gmail_extra"><br clear="all"> <div> <div class="gmail_signature" data-smartmail="gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <pre cols="72"><span style="font-family:arial,helvetica,sans-serif">Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109 Tel : +972 (9) 7692306 8272306 Email: <a moz-do-not-send="true" href="mailto:ydary@redhat.com" target="_blank">ydary@redhat.com</a> IRC : ydary</span></pre> </div> </div> </div> </div> </div> <br> <div class="gmail_quote">On Wed, Dec 28, 2016 at 1:39 AM, Sverker Abrahamsson <span dir="ltr"><<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsson.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> <p>Hi<br> For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.</p> <p>The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.<br> </p> <p>I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.</p> <p>However, I can't start the VM as an exception is thrown in the log:</p> <p>2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.<wbr>RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException<br> at org.ovirt.engine.core.bll.<wbr>scheduling.policyunits.<wbr>NetworkPolicyUnit.<wbr>validateRequiredNetworksAvaila<wbr>ble(NetworkPolicyUnit.java:<wbr>140) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>scheduling.policyunits.<wbr>NetworkPolicyUnit.filter(<wbr>NetworkPolicyUnit.java:69) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>scheduling.SchedulingManager.<wbr>runInternalFilters(<wbr>SchedulingManager.java:597) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>scheduling.SchedulingManager.<wbr>runFilters(SchedulingManager.<wbr>java:564) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>scheduling.SchedulingManager.<wbr>canSchedule(SchedulingManager.<wbr>java:494) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>validator.RunVmValidator.<wbr>canRunVm(RunVmValidator.java:<wbr>133) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>RunVmCommand.validate(<wbr>RunVmCommand.java:940) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>CommandBase.internalValidate(<wbr>CommandBase.java:886) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>CommandBase.validateOnly(<wbr>CommandBase.java:366) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>PrevalidatingMultipleActionsRu<wbr>nner.canRunActions(<wbr>PrevalidatingMultipleActionsRu<wbr>nner.java:113) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>PrevalidatingMultipleActionsRu<wbr>nner.invokeCommands(<wbr>PrevalidatingMultipleActionsRu<wbr>nner.java:99) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>PrevalidatingMultipleActionsRu<wbr>nner.execute(<wbr>PrevalidatingMultipleActionsRu<wbr>nner.java:76) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>Backend.<wbr>runMultipleActionsImpl(<wbr>Backend.java:613) [bll.jar:]<br> at org.ovirt.engine.core.bll.<wbr>Backend.runMultipleActions(<wbr>Backend.java:583) [bll.jar:]<br> </p> <p>Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.</p> <p>I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.</p> <p>/Sverker<br> </p> <div class="m_5516615152786296900moz-cite-prefix">Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:<br> </div> <blockquote type="cite"> <pre>The following is a new meeting request: Subject: OVN Deep Dive for oVirt 4.1 Organizer: "Marcin Mirecki" <a moz-do-not-send="true" class="m_5516615152786296900moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com" target="_blank"><mmirecki@redhat.com></a> Time: Wednesday, January 11, 2017, 4:00:00 PM - 5:00:00 PM GMT +01:00 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna Invitees: <a moz-do-not-send="true" class="m_5516615152786296900moz-txt-link-abbreviated" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a> *~*~*~*~*~*~*~*~*~* OVN (Open Virtual Networking) is a new network virtualization project that brings virtual networking to Open vSwitch. OVN is now availble to use as a tech preview in oVirt. It is made available using the oVirt external network providers API, which allows using external network management software inside environments managed by oVirt. The integration with OVN will allow users to take advantage of native OVS support for software defined networks. The advantages of using OVN: - ability to use large number of networks with no need for multiple host NICs or VLAN use - ability to set up new network without any changes to the physical infrastructure - easier to maintain due to centralized management - good traffic isolation due to Openflow rules - improved performance over neutron OVS plugin (<a moz-do-not-send="true" class="m_5516615152786296900moz-txt-link-freetext" href="https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutron-ml2ovs..." target="_blank">https://blog.russellbryant.<wbr>net/2016/12/19/comparing-<wbr>openstack-neutron-ml2ovs-and-<wbr>ovn-control-plane/</a>) Session outline: - OVN overview - oVirt external network provider API overview - oVirt provider for OVN overview Session link: <a moz-do-not-send="true" class="m_5516615152786296900moz-txt-link-freetext" href="https://www.youtube.com/watch?v=vGeouWfKJwA" target="_blank">https://www.youtube.com/watch?<wbr>v=vGeouWfKJwA</a> Feature Page: <a moz-do-not-send="true" class="m_5516615152786296900moz-txt-link-freetext" href="https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide..." target="_blank">https://www.ovirt.org//<wbr>develop/release-management/<wbr>features/ovirt-ovn-provider/</a> Blog Post: <a moz-do-not-send="true" class="m_5516615152786296900moz-txt-link-freetext" href="https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/" target="_blank">https://www.ovirt.org/blog/<wbr>2016/11/ovirt-provider-ovn/</a> </pre> <fieldset class="m_5516615152786296900mimeAttachmentHeader"></fieldset> <pre>______________________________<wbr>_________________ Users mailing list <a moz-do-not-send="true" class="m_5516615152786296900moz-txt-link-abbreviated" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <a moz-do-not-send="true" class="m_5516615152786296900moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a> </pre> </blockquote> </div> ______________________________<wbr>_________________ Users mailing list <a moz-do-not-send="true" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a> </blockquote></div> </div> </blockquote> </body></html> --------------AA497A11D3475140C551FE6A--
Hi Sverker, The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB). Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network?
I then create a bridge for use with ovirt, with a private address. I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be.
Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network. Marcin ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: users@ovirt.org Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.
The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.
I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.
However, I can't start the VM as an exception is thrown in the log:
2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:]
Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.
I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.
/Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable. I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt. The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN. /Sverker Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki:
Hi Sverker,
The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB).
Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network?
I then create a bridge for use with ovirt, with a private address. I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be.
Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: users@ovirt.org Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.
The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.
I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.
However, I can't start the VM as an exception is thrown in the log:
2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:]
Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.
I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.
/Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible.
I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution. ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable.
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt.
The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN.
/Sverker
Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki:
Hi Sverker,
The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB).
Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network?
I then create a bridge for use with ovirt, with a private address. I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be.
Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: users@ovirt.org Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.
The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.
I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.
However, I can't start the VM as an exception is thrown in the log:
2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:]
Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.
I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.
/Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
I have tried various variants to create an interface with the dummy driver, currently I have an interface dummy0 which is assigned to a legacy bridge ovirtmgmt but ovirt-engine doesn't see those neither. /Sverker Den 2016-12-28 kl. 12:06, skrev Marcin Mirecki:
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable.
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt.
The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN.
/Sverker
Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki:
Hi Sverker,
The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB).
Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network?
I then create a bridge for use with ovirt, with a private address. I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be.
Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: users@ovirt.org Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.
The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.
I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.
However, I can't start the VM as an exception is thrown in the log:
2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:]
Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.
I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.
/Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
Sverker, Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup. Marcin ----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible.
I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable.
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt.
The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN.
/Sverker
Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki:
Hi Sverker,
The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB).
Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network?
I then create a bridge for use with ovirt, with a private address. I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be.
Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: users@ovirt.org Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.
The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.
I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.
However, I can't start the VM as an exception is thrown in the log:
2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:]
Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.
I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.
/Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot. Setting fake_nics = dummy0 would not work neither, but this works: fake_nics = dummy* The engine is now able to find the if and assign bridge ovirtmgmt to it. However, I then run into the next issue when starting a VM: 2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device. This VM has a nic on ovirtbridge, which comes from the OVN provider. /Sverker Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki:
Sverker,
Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable.
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt.
The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN.
/Sverker
Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki:
Hi Sverker,
The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB).
Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network?
I then create a bridge for use with ovirt, with a private address. I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be.
Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: users@ovirt.org Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.
The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.
I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.
However, I can't start the VM as an exception is thrown in the log:
2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:]
Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.
I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.
/Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
In addition I had to add an alias to modprobe: [root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson:
Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot.
Setting fake_nics = dummy0 would not work neither, but this works:
fake_nics = dummy*
The engine is now able to find the if and assign bridge ovirtmgmt to it.
However, I then run into the next issue when starting a VM:
2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device.
This VM has a nic on ovirtbridge, which comes from the OVN provider.
/Sverker
Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki:
Sverker,
Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable.
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt.
The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN.
/Sverker
Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki:
Hi Sverker,
The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB).
Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network?
I then create a bridge for use with ovirt, with a private address. I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be.
Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: users@ovirt.org Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.
The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.
I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.
However, I can't start the VM as an exception is thrown in the log:
2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140)
[bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69)
[bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597)
[bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564)
[bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494)
[bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133)
[bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940)
[bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886)
[bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366)
[bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113)
[bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99)
[bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583)
[bll.jar:]
Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.
I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.
/Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Googling on the message about br-int suggested adding that bridge to ovs: ovs-vsctl add-br br-int Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages: Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: [root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90" Searching through the code it appears that br-int comes from neutron-openvswitch plugin ?? [root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch /Sverker Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson:
In addition I had to add an alias to modprobe:
[root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy
Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson:
Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot.
Setting fake_nics = dummy0 would not work neither, but this works:
fake_nics = dummy*
The engine is now able to find the if and assign bridge ovirtmgmt to it.
However, I then run into the next issue when starting a VM:
2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device.
This VM has a nic on ovirtbridge, which comes from the OVN provider.
/Sverker
Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki:
Sverker,
Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable.
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt.
The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN.
/Sverker
Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki:
Hi Sverker,
The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB).
Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network?
> I then create a bridge for use with ovirt, with a private address. I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be.
Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network.
Marcin
----- Original Message ----- > From: "Sverker Abrahamsson" <sverker@abrahamsson.com> > To: users@ovirt.org > Sent: Wednesday, December 28, 2016 12:39:59 AM > Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > network > > > > Hi > For long time I've been looking for proper support in ovirt for > Open > vSwitch > so I'm happy that it is moving in the right direction. However, > there > seems > to still be a dependency on a ovirtmgmt bridge and I'm unable to > move > that > to the OVN provider. > > The hosting center where I rent hw instances has a bit special > network > setup, > so I have one physical network port with a /32 netmask and > point-to-point > config to router. The physical port I connect to a ovs bridge > which has > the > public ip. Since ovirt always messes up the network config when > I've > tried > to let it have access to the network config for the physical > port, I've > set > eht0 and ovsbridge0 as hidden in vdsm.conf. > > > I then create a bridge for use with ovirt, with a private > address. With > the > OVN provider I am now able to import these into the engine and > it looks > good. When creating a VM I can select that it will have a vNic > on my OVS > bridge. > > However, I can't start the VM as an exception is thrown in the log: > > 2016-12-28 00:13:33,350 ERROR > [org.ovirt.engine.core.bll.RunVmCommand] > (default task-5) [3c882d53] Error during ValidateFailure.: > java.lang.NullPointerException > at > org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) > > [bll.jar:] > at > org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) > > [bll.jar:] > at > org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) > > [bll.jar:] > at > org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) > > [bll.jar:] > at > org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) > > [bll.jar:] > at > org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) > > [bll.jar:] > at > org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) > > [bll.jar:] > at > org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) > > [bll.jar:] > at > org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) > > [bll.jar:] > at > org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) > > [bll.jar:] > at > org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) > > [bll.jar:] > at > org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) > > [bll.jar:] > at > org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) > > [bll.jar:] > at > org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) > > [bll.jar:] > > > Looking at that section of code where the exception is thrown, I > see > that > it > iterates over host networks to find required networks, which I > assume is > ovirtmgmt. In the host network setup dialog I don't see any > networks at > all > but it lists ovirtmgmt as required. It also list the OVN > networks but > these > can't be statically assigned as they are added dynamically when > needed, > which is fine. > > I believe that I either need to remove ovirtmgmt network or > configure > that > it > is provided by the OVN provider, but neither is possible. > Preferably it > shouldn't be hardcoded which network is management and mandatory > but be > possible to configure. > > /Sverker > Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: > >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int' Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
Googling on the message about br-int suggested adding that bridge to ovs:
ovs-vsctl add-br br-int
Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed:
[root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90"
Searching through the code it appears that br-int comes from neutron-openvswitch plugin ??
[root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch
/Sverker
Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson:
In addition I had to add an alias to modprobe:
[root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy
Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson:
Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot.
Setting fake_nics = dummy0 would not work neither, but this works:
fake_nics = dummy*
The engine is now able to find the if and assign bridge ovirtmgmt to it.
However, I then run into the next issue when starting a VM:
2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device.
This VM has a nic on ovirtbridge, which comes from the OVN provider.
/Sverker
Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki:
Sverker,
Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable.
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt.
The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN.
/Sverker
Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: > Hi Sverker, > > The management network is mandatory on each host. It's used by the > engine to communicate with the host. > Looking at your description and the exception it looks like it is > missing. > The error is caused by not having any network for the host > (network list retrieved in > InterfaceDaoImpl.getHostNetworksByCluster - > which > gets all the networks on nics for a host from vds_interface > table in the > DB). > > Could you maybe create a virtual nic connected to ovsbridge0 (as I > understand you > have no physical nic available) and use this for the management > network? > >> I then create a bridge for use with ovirt, with a private address. > I'm not quite sure I understand. Is this yet another bridge > connected to > ovsbridge0? > You could also attach the vnic for the management network here > if need > be. > > Please keep in mind that OVN has no use in setting up the > management > network. > The OVN provider can only handle external networks, which can > not be used > for a > management network. > > Marcin > > > ----- Original Message ----- >> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >> To: users@ovirt.org >> Sent: Wednesday, December 28, 2016 12:39:59 AM >> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >> network >> >> >> >> Hi >> For long time I've been looking for proper support in ovirt for >> Open >> vSwitch >> so I'm happy that it is moving in the right direction. However, >> there >> seems >> to still be a dependency on a ovirtmgmt bridge and I'm unable >> to move >> that >> to the OVN provider. >> >> The hosting center where I rent hw instances has a bit special >> network >> setup, >> so I have one physical network port with a /32 netmask and >> point-to-point >> config to router. The physical port I connect to a ovs bridge >> which has >> the >> public ip. Since ovirt always messes up the network config when >> I've >> tried >> to let it have access to the network config for the physical >> port, I've >> set >> eht0 and ovsbridge0 as hidden in vdsm.conf. >> >> >> I then create a bridge for use with ovirt, with a private >> address. With >> the >> OVN provider I am now able to import these into the engine and >> it looks >> good. When creating a VM I can select that it will have a vNic >> on my OVS >> bridge. >> >> However, I can't start the VM as an exception is thrown in the >> log: >> >> 2016-12-28 00:13:33,350 ERROR >> [org.ovirt.engine.core.bll.RunVmCommand] >> (default task-5) [3c882d53] Error during ValidateFailure.: >> java.lang.NullPointerException >> at >> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >> >> [bll.jar:] >> at >> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >> >> [bll.jar:] >> >> >> Looking at that section of code where the exception is thrown, >> I see >> that >> it >> iterates over host networks to find required networks, which I >> assume is >> ovirtmgmt. In the host network setup dialog I don't see any >> networks at >> all >> but it lists ovirtmgmt as required. It also list the OVN >> networks but >> these >> can't be statically assigned as they are added dynamically when >> needed, >> which is fine. >> >> I believe that I either need to remove ovirtmgmt network or >> configure >> that >> it >> is provided by the OVN provider, but neither is possible. >> Preferably it >> shouldn't be hardcoded which network is management and >> mandatory but be >> possible to configure. >> >> /Sverker >> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >> >>
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi All, I am also facing same issue (unable to change ovirtmgmt to OVS type). On git repository, I saw some commit in which added support to switch network type in host. but there is red cross across those changes. Would I get to know will this issue get solve in 4.1 release ? I tried modifying ifcfg-ovirtmgmt and ifcfg-eth0 file to support OVS and then rebooted m/c. When m/c got bootup I found that configuration made in ifcfg got overwritten by vdsm. Is their any workaround ? Thanks, ~Rohit On Thu, Dec 29, 2016 at 5:17 AM, Sverker Abrahamsson < sverker@abrahamsson.com> wrote:
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int'
Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
Googling on the message about br-int suggested adding that bridge to ovs:
ovs-vsctl add-br br-int
Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853 aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed:
[root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90"
Searching through the code it appears that br-int comes from neutron-openvswitch plugin ??
[root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt -host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch
/Sverker
Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson:
In addition I had to add an alias to modprobe:
[root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy
Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson:
Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot.
Setting fake_nics = dummy0 would not work neither, but this works:
fake_nics = dummy*
The engine is now able to find the if and assign bridge ovirtmgmt to it.
However, I then run into the next issue when starting a VM:
2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbb roker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device.
This VM has a nic on ovirtbridge, which comes from the OVN provider.
/Sverker
Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki:
Sverker,
Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I have an internal OVS bridge called ovirtbridge which has a port with > IP address, but in the host network settings that port is not > visible. > I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution.
----- Original Message -----
> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> > To: "Marcin Mirecki" <mmirecki@redhat.com> > Cc: "Ovirt Users" <users@ovirt.org> > Sent: Wednesday, December 28, 2016 11:48:24 AM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > network > > Hi Marcin > Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor > ovsbridge0 since as soon as it sees them it messes up the network > config > so that the host will be unreachable. > > I have an internal OVS bridge called ovirtbridge which has a port > with > IP address, but in the host network settings that port is not > visible. > It doesn't help to name it ovirtmgmt. > > The engine is able to communicate with the host on the ip it has been > given, it's just that it believes that it HAS to have a ovirtmgmt > network which can't be on OVN. > > /Sverker > > > Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: > >> Hi Sverker, >> >> The management network is mandatory on each host. It's used by the >> engine to communicate with the host. >> Looking at your description and the exception it looks like it is >> missing. >> The error is caused by not having any network for the host >> (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster >> - >> which >> gets all the networks on nics for a host from vds_interface table >> in the >> DB). >> >> Could you maybe create a virtual nic connected to ovsbridge0 (as I >> understand you >> have no physical nic available) and use this for the management >> network? >> >> I then create a bridge for use with ovirt, with a private address. >>> >> I'm not quite sure I understand. Is this yet another bridge >> connected to >> ovsbridge0? >> You could also attach the vnic for the management network here if >> need >> be. >> >> Please keep in mind that OVN has no use in setting up the management >> network. >> The OVN provider can only handle external networks, which can not >> be used >> for a >> management network. >> >> Marcin >> >> >> ----- Original Message ----- >> >>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>> To: users@ovirt.org >>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >>> network >>> >>> >>> >>> Hi >>> For long time I've been looking for proper support in ovirt for >>> Open >>> vSwitch >>> so I'm happy that it is moving in the right direction. However, >>> there >>> seems >>> to still be a dependency on a ovirtmgmt bridge and I'm unable to >>> move >>> that >>> to the OVN provider. >>> >>> The hosting center where I rent hw instances has a bit special >>> network >>> setup, >>> so I have one physical network port with a /32 netmask and >>> point-to-point >>> config to router. The physical port I connect to a ovs bridge >>> which has >>> the >>> public ip. Since ovirt always messes up the network config when >>> I've >>> tried >>> to let it have access to the network config for the physical port, >>> I've >>> set >>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>> >>> >>> I then create a bridge for use with ovirt, with a private address. >>> With >>> the >>> OVN provider I am now able to import these into the engine and it >>> looks >>> good. When creating a VM I can select that it will have a vNic on >>> my OVS >>> bridge. >>> >>> However, I can't start the VM as an exception is thrown in the log: >>> >>> 2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.Run >>> VmCommand] >>> (default task-5) [3c882d53] Error during ValidateFailure.: >>> java.lang.NullPointerException >>> at >>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPoli >>> cyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPoli >>> cyUnit.filter(NetworkPolicyUnit.java:69) >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runIn >>> ternalFilters(SchedulingManager.java:597) >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFi >>> lters(SchedulingManager.java:564) >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSc >>> hedule(SchedulingManager.java:494) >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner >>> .canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner >>> .invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner >>> .execute(PrevalidatingMultipleActionsRunner.java:76) >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>> >>> [bll.jar:] >>> >>> >>> Looking at that section of code where the exception is thrown, I >>> see >>> that >>> it >>> iterates over host networks to find required networks, which I >>> assume is >>> ovirtmgmt. In the host network setup dialog I don't see any >>> networks at >>> all >>> but it lists ovirtmgmt as required. It also list the OVN networks >>> but >>> these >>> can't be statically assigned as they are added dynamically when >>> needed, >>> which is fine. >>> >>> I believe that I either need to remove ovirtmgmt network or >>> configure >>> that >>> it >>> is provided by the OVN provider, but neither is possible. >>> Preferably it >>> shouldn't be hardcoded which network is management and mandatory >>> but be >>> possible to configure. >>> >>> /Sverker >>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>> >>> >>> > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Guys, In oVirt, when a host is added to the cluster it must have a NIC/Bond for management. Currently, it does not support anything else, unless one uses hooks to fake things (but I do not recommend it, it will just make things complex and may collide with other options). I am not sure if such a feature was already suggested, please check BZ and if there is no RFE for it, you are welcome to file one. The OVN part is not related to the management and NIC issue, it assumes the host is deployed as expected and that Engine can manage it. It is there to allow OVN to manage VM networks. Regarding the last message about OVS: Please note that OVN as an external provider uses OVS, but it is not related to the host networks migrating to OVS based (From the Linux bridge). oVirt networking distinguish between host networks and VM networks, the work on OVS for host networks has started on 4.0 and unfortunately is not yet finished. I suggest opening a separate thread about OVS for host networks if more information is needed (there are some existing threads about it). Thanks, Edy. On Thu, Dec 29, 2016 at 8:46 AM, TranceWorldLogic . < tranceworldlogic@gmail.com> wrote:
Hi All,
I am also facing same issue (unable to change ovirtmgmt to OVS type).
On git repository, I saw some commit in which added support to switch network type in host. but there is red cross across those changes. Would I get to know will this issue get solve in 4.1 release ?
I tried modifying ifcfg-ovirtmgmt and ifcfg-eth0 file to support OVS and then rebooted m/c. When m/c got bootup I found that configuration made in ifcfg got overwritten by vdsm. Is their any workaround ?
Thanks, ~Rohit
On Thu, Dec 29, 2016 at 5:17 AM, Sverker Abrahamsson < sverker@abrahamsson.com> wrote:
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int'
Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
Googling on the message about br-int suggested adding that bridge to ovs:
ovs-vsctl add-br br-int
Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853 aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed:
[root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90"
Searching through the code it appears that br-int comes from neutron-openvswitch plugin ??
[root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt -host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch
/Sverker
Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson:
In addition I had to add an alias to modprobe:
[root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy
Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson:
Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot.
Setting fake_nics = dummy0 would not work neither, but this works:
fake_nics = dummy*
The engine is now able to find the if and assign bridge ovirtmgmt to it.
However, I then run into the next issue when starting a VM:
2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbb roker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device.
This VM has a nic on ovirtbridge, which comes from the OVN provider.
/Sverker
Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki:
Sverker,
Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup.
Marcin
----- Original Message -----
> From: "Marcin Mirecki" <mmirecki@redhat.com> > To: "Sverker Abrahamsson" <sverker@abrahamsson.com> > Cc: "Ovirt Users" <users@ovirt.org> > Sent: Wednesday, December 28, 2016 12:06:26 PM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > ovirtmgmt network > > I have an internal OVS bridge called ovirtbridge which has a port >> with >> IP address, but in the host network settings that port is not >> visible. >> > I just verified and unfortunately the virtual ports are not visible > in engine > to assign a network to :( > I'm afraid that the engine is not ready for such a scenario (even if > it > works). > Please give me some time to look for a solution. > > ----- Original Message ----- > >> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >> To: "Marcin Mirecki" <mmirecki@redhat.com> >> Cc: "Ovirt Users" <users@ovirt.org> >> Sent: Wednesday, December 28, 2016 11:48:24 AM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >> ovirtmgmt >> network >> >> Hi Marcin >> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor >> ovsbridge0 since as soon as it sees them it messes up the network >> config >> so that the host will be unreachable. >> >> I have an internal OVS bridge called ovirtbridge which has a port >> with >> IP address, but in the host network settings that port is not >> visible. >> It doesn't help to name it ovirtmgmt. >> >> The engine is able to communicate with the host on the ip it has >> been >> given, it's just that it believes that it HAS to have a ovirtmgmt >> network which can't be on OVN. >> >> /Sverker >> >> >> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >> >>> Hi Sverker, >>> >>> The management network is mandatory on each host. It's used by the >>> engine to communicate with the host. >>> Looking at your description and the exception it looks like it is >>> missing. >>> The error is caused by not having any network for the host >>> (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster >>> - >>> which >>> gets all the networks on nics for a host from vds_interface table >>> in the >>> DB). >>> >>> Could you maybe create a virtual nic connected to ovsbridge0 (as I >>> understand you >>> have no physical nic available) and use this for the management >>> network? >>> >>> I then create a bridge for use with ovirt, with a private address. >>>> >>> I'm not quite sure I understand. Is this yet another bridge >>> connected to >>> ovsbridge0? >>> You could also attach the vnic for the management network here if >>> need >>> be. >>> >>> Please keep in mind that OVN has no use in setting up the >>> management >>> network. >>> The OVN provider can only handle external networks, which can not >>> be used >>> for a >>> management network. >>> >>> Marcin >>> >>> >>> ----- Original Message ----- >>> >>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>> To: users@ovirt.org >>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >>>> network >>>> >>>> >>>> >>>> Hi >>>> For long time I've been looking for proper support in ovirt for >>>> Open >>>> vSwitch >>>> so I'm happy that it is moving in the right direction. However, >>>> there >>>> seems >>>> to still be a dependency on a ovirtmgmt bridge and I'm unable to >>>> move >>>> that >>>> to the OVN provider. >>>> >>>> The hosting center where I rent hw instances has a bit special >>>> network >>>> setup, >>>> so I have one physical network port with a /32 netmask and >>>> point-to-point >>>> config to router. The physical port I connect to a ovs bridge >>>> which has >>>> the >>>> public ip. Since ovirt always messes up the network config when >>>> I've >>>> tried >>>> to let it have access to the network config for the physical >>>> port, I've >>>> set >>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>> >>>> >>>> I then create a bridge for use with ovirt, with a private >>>> address. With >>>> the >>>> OVN provider I am now able to import these into the engine and it >>>> looks >>>> good. When creating a VM I can select that it will have a vNic on >>>> my OVS >>>> bridge. >>>> >>>> However, I can't start the VM as an exception is thrown in the >>>> log: >>>> >>>> 2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.Run >>>> VmCommand] >>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>> java.lang.NullPointerException >>>> at >>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPoli >>>> cyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPoli >>>> cyUnit.filter(NetworkPolicyUnit.java:69) >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runIn >>>> ternalFilters(SchedulingManager.java:597) >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFi >>>> lters(SchedulingManager.java:564) >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSc >>>> hedule(SchedulingManager.java:494) >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner >>>> .canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner >>>> .invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner >>>> .execute(PrevalidatingMultipleActionsRunner.java:76) >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>> >>>> [bll.jar:] >>>> >>>> >>>> Looking at that section of code where the exception is thrown, I >>>> see >>>> that >>>> it >>>> iterates over host networks to find required networks, which I >>>> assume is >>>> ovirtmgmt. In the host network setup dialog I don't see any >>>> networks at >>>> all >>>> but it lists ovirtmgmt as required. It also list the OVN networks >>>> but >>>> these >>>> can't be statically assigned as they are added dynamically when >>>> needed, >>>> which is fine. >>>> >>>> I believe that I either need to remove ovirtmgmt network or >>>> configure >>>> that >>>> it >>>> is provided by the OVN provider, but neither is possible. >>>> Preferably it >>>> shouldn't be hardcoded which network is management and mandatory >>>> but be >>>> possible to configure. >>>> >>>> /Sverker >>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>> >>>> >>>> >> _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > >
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi, br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch Please give me some time to look at the connectivity problem. Marcin ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int'
Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
Googling on the message about br-int suggested adding that bridge to ovs:
ovs-vsctl add-br br-int
Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed:
[root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90"
Searching through the code it appears that br-int comes from neutron-openvswitch plugin ??
[root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch
/Sverker
Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson:
In addition I had to add an alias to modprobe:
[root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy
Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson:
Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot.
Setting fake_nics = dummy0 would not work neither, but this works:
fake_nics = dummy*
The engine is now able to find the if and assign bridge ovirtmgmt to it.
However, I then run into the next issue when starting a VM:
2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device.
This VM has a nic on ovirtbridge, which comes from the OVN provider.
/Sverker
Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki:
Sverker,
Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
> I have an internal OVS bridge called ovirtbridge which has a port > with > IP address, but in the host network settings that port is not > visible. I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution.
----- Original Message ----- > From: "Sverker Abrahamsson" <sverker@abrahamsson.com> > To: "Marcin Mirecki" <mmirecki@redhat.com> > Cc: "Ovirt Users" <users@ovirt.org> > Sent: Wednesday, December 28, 2016 11:48:24 AM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > ovirtmgmt > network > > Hi Marcin > Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor > ovsbridge0 since as soon as it sees them it messes up the network > config > so that the host will be unreachable. > > I have an internal OVS bridge called ovirtbridge which has a port > with > IP address, but in the host network settings that port is not > visible. > It doesn't help to name it ovirtmgmt. > > The engine is able to communicate with the host on the ip it has > been > given, it's just that it believes that it HAS to have a ovirtmgmt > network which can't be on OVN. > > /Sverker > > > Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >> Hi Sverker, >> >> The management network is mandatory on each host. It's used by the >> engine to communicate with the host. >> Looking at your description and the exception it looks like it is >> missing. >> The error is caused by not having any network for the host >> (network list retrieved in >> InterfaceDaoImpl.getHostNetworksByCluster - >> which >> gets all the networks on nics for a host from vds_interface >> table in the >> DB). >> >> Could you maybe create a virtual nic connected to ovsbridge0 (as I >> understand you >> have no physical nic available) and use this for the management >> network? >> >>> I then create a bridge for use with ovirt, with a private address. >> I'm not quite sure I understand. Is this yet another bridge >> connected to >> ovsbridge0? >> You could also attach the vnic for the management network here >> if need >> be. >> >> Please keep in mind that OVN has no use in setting up the >> management >> network. >> The OVN provider can only handle external networks, which can >> not be used >> for a >> management network. >> >> Marcin >> >> >> ----- Original Message ----- >>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>> To: users@ovirt.org >>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >>> network >>> >>> >>> >>> Hi >>> For long time I've been looking for proper support in ovirt for >>> Open >>> vSwitch >>> so I'm happy that it is moving in the right direction. However, >>> there >>> seems >>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>> to move >>> that >>> to the OVN provider. >>> >>> The hosting center where I rent hw instances has a bit special >>> network >>> setup, >>> so I have one physical network port with a /32 netmask and >>> point-to-point >>> config to router. The physical port I connect to a ovs bridge >>> which has >>> the >>> public ip. Since ovirt always messes up the network config when >>> I've >>> tried >>> to let it have access to the network config for the physical >>> port, I've >>> set >>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>> >>> >>> I then create a bridge for use with ovirt, with a private >>> address. With >>> the >>> OVN provider I am now able to import these into the engine and >>> it looks >>> good. When creating a VM I can select that it will have a vNic >>> on my OVS >>> bridge. >>> >>> However, I can't start the VM as an exception is thrown in the >>> log: >>> >>> 2016-12-28 00:13:33,350 ERROR >>> [org.ovirt.engine.core.bll.RunVmCommand] >>> (default task-5) [3c882d53] Error during ValidateFailure.: >>> java.lang.NullPointerException >>> at >>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>> >>> [bll.jar:] >>> at >>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>> >>> [bll.jar:] >>> >>> >>> Looking at that section of code where the exception is thrown, >>> I see >>> that >>> it >>> iterates over host networks to find required networks, which I >>> assume is >>> ovirtmgmt. In the host network setup dialog I don't see any >>> networks at >>> all >>> but it lists ovirtmgmt as required. It also list the OVN >>> networks but >>> these >>> can't be statically assigned as they are added dynamically when >>> needed, >>> which is fine. >>> >>> I believe that I either need to remove ovirtmgmt network or >>> configure >>> that >>> it >>> is provided by the OVN provider, but neither is possible. >>> Preferably it >>> shouldn't be hardcoded which network is management and >>> mandatory but be >>> possible to configure. >>> >>> /Sverker >>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>> >>> > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi, Can you please do: "sudo ovsdb-client dump" on the host and send me the output? Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ for details. Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two. Marcin ----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi,
br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch
Please give me some time to look at the connectivity problem.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int'
Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
Googling on the message about br-int suggested adding that bridge to ovs:
ovs-vsctl add-br br-int
Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed:
[root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90"
Searching through the code it appears that br-int comes from neutron-openvswitch plugin ??
[root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch
/Sverker
Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson:
In addition I had to add an alias to modprobe:
[root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy
Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson:
Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot.
Setting fake_nics = dummy0 would not work neither, but this works:
fake_nics = dummy*
The engine is now able to find the if and assign bridge ovirtmgmt to it.
However, I then run into the next issue when starting a VM:
2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device.
This VM has a nic on ovirtbridge, which comes from the OVN provider.
/Sverker
Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki:
Sverker,
Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup.
Marcin
----- Original Message ----- > From: "Marcin Mirecki" <mmirecki@redhat.com> > To: "Sverker Abrahamsson" <sverker@abrahamsson.com> > Cc: "Ovirt Users" <users@ovirt.org> > Sent: Wednesday, December 28, 2016 12:06:26 PM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > ovirtmgmt network > >> I have an internal OVS bridge called ovirtbridge which has a port >> with >> IP address, but in the host network settings that port is not >> visible. > I just verified and unfortunately the virtual ports are not > visible in engine > to assign a network to :( > I'm afraid that the engine is not ready for such a scenario (even > if it > works). > Please give me some time to look for a solution. > > ----- Original Message ----- >> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >> To: "Marcin Mirecki" <mmirecki@redhat.com> >> Cc: "Ovirt Users" <users@ovirt.org> >> Sent: Wednesday, December 28, 2016 11:48:24 AM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >> ovirtmgmt >> network >> >> Hi Marcin >> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor >> ovsbridge0 since as soon as it sees them it messes up the network >> config >> so that the host will be unreachable. >> >> I have an internal OVS bridge called ovirtbridge which has a port >> with >> IP address, but in the host network settings that port is not >> visible. >> It doesn't help to name it ovirtmgmt. >> >> The engine is able to communicate with the host on the ip it has >> been >> given, it's just that it believes that it HAS to have a ovirtmgmt >> network which can't be on OVN. >> >> /Sverker >> >> >> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>> Hi Sverker, >>> >>> The management network is mandatory on each host. It's used by the >>> engine to communicate with the host. >>> Looking at your description and the exception it looks like it is >>> missing. >>> The error is caused by not having any network for the host >>> (network list retrieved in >>> InterfaceDaoImpl.getHostNetworksByCluster - >>> which >>> gets all the networks on nics for a host from vds_interface >>> table in the >>> DB). >>> >>> Could you maybe create a virtual nic connected to ovsbridge0 (as I >>> understand you >>> have no physical nic available) and use this for the management >>> network? >>> >>>> I then create a bridge for use with ovirt, with a private address. >>> I'm not quite sure I understand. Is this yet another bridge >>> connected to >>> ovsbridge0? >>> You could also attach the vnic for the management network here >>> if need >>> be. >>> >>> Please keep in mind that OVN has no use in setting up the >>> management >>> network. >>> The OVN provider can only handle external networks, which can >>> not be used >>> for a >>> management network. >>> >>> Marcin >>> >>> >>> ----- Original Message ----- >>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>> To: users@ovirt.org >>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >>>> network >>>> >>>> >>>> >>>> Hi >>>> For long time I've been looking for proper support in ovirt for >>>> Open >>>> vSwitch >>>> so I'm happy that it is moving in the right direction. However, >>>> there >>>> seems >>>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>>> to move >>>> that >>>> to the OVN provider. >>>> >>>> The hosting center where I rent hw instances has a bit special >>>> network >>>> setup, >>>> so I have one physical network port with a /32 netmask and >>>> point-to-point >>>> config to router. The physical port I connect to a ovs bridge >>>> which has >>>> the >>>> public ip. Since ovirt always messes up the network config when >>>> I've >>>> tried >>>> to let it have access to the network config for the physical >>>> port, I've >>>> set >>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>> >>>> >>>> I then create a bridge for use with ovirt, with a private >>>> address. With >>>> the >>>> OVN provider I am now able to import these into the engine and >>>> it looks >>>> good. When creating a VM I can select that it will have a vNic >>>> on my OVS >>>> bridge. >>>> >>>> However, I can't start the VM as an exception is thrown in the >>>> log: >>>> >>>> 2016-12-28 00:13:33,350 ERROR >>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>> java.lang.NullPointerException >>>> at >>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>> >>>> [bll.jar:] >>>> at >>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>> >>>> [bll.jar:] >>>> >>>> >>>> Looking at that section of code where the exception is thrown, >>>> I see >>>> that >>>> it >>>> iterates over host networks to find required networks, which I >>>> assume is >>>> ovirtmgmt. In the host network setup dialog I don't see any >>>> networks at >>>> all >>>> but it lists ovirtmgmt as required. It also list the OVN >>>> networks but >>>> these >>>> can't be statically assigned as they are added dynamically when >>>> needed, >>>> which is fine. >>>> >>>> I believe that I either need to remove ovirtmgmt network or >>>> configure >>>> that >>>> it >>>> is provided by the OVN provider, but neither is possible. >>>> Preferably it >>>> shouldn't be hardcoded which network is management and >>>> mandatory but be >>>> possible to configure. >>>> >>>> /Sverker >>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>> >>>> >> > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host. [root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch After removing my manually created br-int and run vdsm-tool ovn-config 127.0.0.1 172.27.1.1 then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel? [root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90" [root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki:
Hi,
Can you please do: "sudo ovsdb-client dump" on the host and send me the output?
Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ for details.
Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi,
br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch
Please give me some time to look at the connectivity problem.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int'
Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
Googling on the message about br-int suggested adding that bridge to ovs:
ovs-vsctl add-br br-int
Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed:
[root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90"
Searching through the code it appears that br-int comes from neutron-openvswitch plugin ??
[root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch
/Sverker
Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson:
In addition I had to add an alias to modprobe:
[root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy
Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson:
Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot.
Setting fake_nics = dummy0 would not work neither, but this works:
fake_nics = dummy*
The engine is now able to find the if and assign bridge ovirtmgmt to it.
However, I then run into the next issue when starting a VM:
2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device.
This VM has a nic on ovirtbridge, which comes from the OVN provider.
/Sverker
Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: > Sverker, > > Can you try adding a vnic named veth_* or dummy_*, > (or alternatively add the name of the vnic to > vdsm.config fake_nics), and setup the management > network using this vnic? > I suppose adding the vnic you use for connecting > to the engine to fake_nics should make it visible > to the engine, and you should be able to use it for > the setup. > > Marcin > > > > ----- Original Message ----- >> From: "Marcin Mirecki" <mmirecki@redhat.com> >> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> >> Cc: "Ovirt Users" <users@ovirt.org> >> Sent: Wednesday, December 28, 2016 12:06:26 PM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >> ovirtmgmt network >> >>> I have an internal OVS bridge called ovirtbridge which has a port >>> with >>> IP address, but in the host network settings that port is not >>> visible. >> I just verified and unfortunately the virtual ports are not >> visible in engine >> to assign a network to :( >> I'm afraid that the engine is not ready for such a scenario (even >> if it >> works). >> Please give me some time to look for a solution. >> >> ----- Original Message ----- >>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>> To: "Marcin Mirecki" <mmirecki@redhat.com> >>> Cc: "Ovirt Users" <users@ovirt.org> >>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>> ovirtmgmt >>> network >>> >>> Hi Marcin >>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor >>> ovsbridge0 since as soon as it sees them it messes up the network >>> config >>> so that the host will be unreachable. >>> >>> I have an internal OVS bridge called ovirtbridge which has a port >>> with >>> IP address, but in the host network settings that port is not >>> visible. >>> It doesn't help to name it ovirtmgmt. >>> >>> The engine is able to communicate with the host on the ip it has >>> been >>> given, it's just that it believes that it HAS to have a ovirtmgmt >>> network which can't be on OVN. >>> >>> /Sverker >>> >>> >>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>> Hi Sverker, >>>> >>>> The management network is mandatory on each host. It's used by the >>>> engine to communicate with the host. >>>> Looking at your description and the exception it looks like it is >>>> missing. >>>> The error is caused by not having any network for the host >>>> (network list retrieved in >>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>> which >>>> gets all the networks on nics for a host from vds_interface >>>> table in the >>>> DB). >>>> >>>> Could you maybe create a virtual nic connected to ovsbridge0 (as I >>>> understand you >>>> have no physical nic available) and use this for the management >>>> network? >>>> >>>>> I then create a bridge for use with ovirt, with a private address. >>>> I'm not quite sure I understand. Is this yet another bridge >>>> connected to >>>> ovsbridge0? >>>> You could also attach the vnic for the management network here >>>> if need >>>> be. >>>> >>>> Please keep in mind that OVN has no use in setting up the >>>> management >>>> network. >>>> The OVN provider can only handle external networks, which can >>>> not be used >>>> for a >>>> management network. >>>> >>>> Marcin >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>>> To: users@ovirt.org >>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >>>>> network >>>>> >>>>> >>>>> >>>>> Hi >>>>> For long time I've been looking for proper support in ovirt for >>>>> Open >>>>> vSwitch >>>>> so I'm happy that it is moving in the right direction. However, >>>>> there >>>>> seems >>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>>>> to move >>>>> that >>>>> to the OVN provider. >>>>> >>>>> The hosting center where I rent hw instances has a bit special >>>>> network >>>>> setup, >>>>> so I have one physical network port with a /32 netmask and >>>>> point-to-point >>>>> config to router. The physical port I connect to a ovs bridge >>>>> which has >>>>> the >>>>> public ip. Since ovirt always messes up the network config when >>>>> I've >>>>> tried >>>>> to let it have access to the network config for the physical >>>>> port, I've >>>>> set >>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>> >>>>> >>>>> I then create a bridge for use with ovirt, with a private >>>>> address. With >>>>> the >>>>> OVN provider I am now able to import these into the engine and >>>>> it looks >>>>> good. When creating a VM I can select that it will have a vNic >>>>> on my OVS >>>>> bridge. >>>>> >>>>> However, I can't start the VM as an exception is thrown in the >>>>> log: >>>>> >>>>> 2016-12-28 00:13:33,350 ERROR >>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>>> java.lang.NullPointerException >>>>> at >>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>> >>>>> [bll.jar:] >>>>> at >>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>> >>>>> [bll.jar:] >>>>> >>>>> >>>>> Looking at that section of code where the exception is thrown, >>>>> I see >>>>> that >>>>> it >>>>> iterates over host networks to find required networks, which I >>>>> assume is >>>>> ovirtmgmt. In the host network setup dialog I don't see any >>>>> networks at >>>>> all >>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>> networks but >>>>> these >>>>> can't be statically assigned as they are added dynamically when >>>>> needed, >>>>> which is fine. >>>>> >>>>> I believe that I either need to remove ovirtmgmt network or >>>>> configure >>>>> that >>>>> it >>>>> is provided by the OVN provider, but neither is possible. >>>>> Preferably it >>>>> shouldn't be hardcoded which network is management and >>>>> mandatory but be >>>>> possible to configure. >>>>> >>>>> /Sverker >>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>> >>>>> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
------=_Part_5778955_901085841.1483014842363 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hi, The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior. Does the problem still occur after setting configuring the OVN-controller? Marcin ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host.
[root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch
After removing my manually created br-int and run
vdsm-tool ovn-config 127.0.0.1 172.27.1.1
then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel?
[root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90"
[root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:
trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept
The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki:
Hi,
Can you please do: "sudo ovsdb-client dump" on the host and send me the output?
Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ for details.
Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi,
br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch
Please give me some time to look at the connectivity problem.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int'
Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
Googling on the message about br-int suggested adding that bridge to ovs:
ovs-vsctl add-br br-int
Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed:
[root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90"
Searching through the code it appears that br-int comes from neutron-openvswitch plugin ??
[root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch
/Sverker
Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson:
In addition I had to add an alias to modprobe:
[root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy
Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: > Hi > I first tried to set device name to dummy_0, but then ifup did not > succeed in creating the device unless I first did 'ip link add > dummy_0 type dummy' but then it would not suceed to establish the if > on reboot. > > Setting fake_nics = dummy0 would not work neither, but this works: > > fake_nics = dummy* > > The engine is now able to find the if and assign bridge ovirtmgmt to > it. > > However, I then run into the next issue when starting a VM: > > 2016-12-28 22:28:23,897 ERROR > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, > Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit > message: Cannot get interface MTU on 'br-int': No such device. > > This VM has a nic on ovirtbridge, which comes from the OVN provider. > > /Sverker > > Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >> Sverker, >> >> Can you try adding a vnic named veth_* or dummy_*, >> (or alternatively add the name of the vnic to >> vdsm.config fake_nics), and setup the management >> network using this vnic? >> I suppose adding the vnic you use for connecting >> to the engine to fake_nics should make it visible >> to the engine, and you should be able to use it for >> the setup. >> >> Marcin >> >> >> >> ----- Original Message ----- >>> From: "Marcin Mirecki" <mmirecki@redhat.com> >>> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>> Cc: "Ovirt Users" <users@ovirt.org> >>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>> ovirtmgmt network >>> >>>> I have an internal OVS bridge called ovirtbridge which has a port >>>> with >>>> IP address, but in the host network settings that port is not >>>> visible. >>> I just verified and unfortunately the virtual ports are not >>> visible in engine >>> to assign a network to :( >>> I'm afraid that the engine is not ready for such a scenario (even >>> if it >>> works). >>> Please give me some time to look for a solution. >>> >>> ----- Original Message ----- >>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>> To: "Marcin Mirecki" <mmirecki@redhat.com> >>>> Cc: "Ovirt Users" <users@ovirt.org> >>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt >>>> network >>>> >>>> Hi Marcin >>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor >>>> ovsbridge0 since as soon as it sees them it messes up the network >>>> config >>>> so that the host will be unreachable. >>>> >>>> I have an internal OVS bridge called ovirtbridge which has a port >>>> with >>>> IP address, but in the host network settings that port is not >>>> visible. >>>> It doesn't help to name it ovirtmgmt. >>>> >>>> The engine is able to communicate with the host on the ip it has >>>> been >>>> given, it's just that it believes that it HAS to have a ovirtmgmt >>>> network which can't be on OVN. >>>> >>>> /Sverker >>>> >>>> >>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>> Hi Sverker, >>>>> >>>>> The management network is mandatory on each host. It's used by the >>>>> engine to communicate with the host. >>>>> Looking at your description and the exception it looks like it is >>>>> missing. >>>>> The error is caused by not having any network for the host >>>>> (network list retrieved in >>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>> which >>>>> gets all the networks on nics for a host from vds_interface >>>>> table in the >>>>> DB). >>>>> >>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as I >>>>> understand you >>>>> have no physical nic available) and use this for the management >>>>> network? >>>>> >>>>>> I then create a bridge for use with ovirt, with a private >>>>>> address. >>>>> I'm not quite sure I understand. Is this yet another bridge >>>>> connected to >>>>> ovsbridge0? >>>>> You could also attach the vnic for the management network here >>>>> if need >>>>> be. >>>>> >>>>> Please keep in mind that OVN has no use in setting up the >>>>> management >>>>> network. >>>>> The OVN provider can only handle external networks, which can >>>>> not be used >>>>> for a >>>>> management network. >>>>> >>>>> Marcin >>>>> >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>>>> To: users@ovirt.org >>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >>>>>> network >>>>>> >>>>>> >>>>>> >>>>>> Hi >>>>>> For long time I've been looking for proper support in ovirt for >>>>>> Open >>>>>> vSwitch >>>>>> so I'm happy that it is moving in the right direction. However, >>>>>> there >>>>>> seems >>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>>>>> to move >>>>>> that >>>>>> to the OVN provider. >>>>>> >>>>>> The hosting center where I rent hw instances has a bit special >>>>>> network >>>>>> setup, >>>>>> so I have one physical network port with a /32 netmask and >>>>>> point-to-point >>>>>> config to router. The physical port I connect to a ovs bridge >>>>>> which has >>>>>> the >>>>>> public ip. Since ovirt always messes up the network config when >>>>>> I've >>>>>> tried >>>>>> to let it have access to the network config for the physical >>>>>> port, I've >>>>>> set >>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>> >>>>>> >>>>>> I then create a bridge for use with ovirt, with a private >>>>>> address. With >>>>>> the >>>>>> OVN provider I am now able to import these into the engine and >>>>>> it looks >>>>>> good. When creating a VM I can select that it will have a vNic >>>>>> on my OVS >>>>>> bridge. >>>>>> >>>>>> However, I can't start the VM as an exception is thrown in the >>>>>> log: >>>>>> >>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>>>> java.lang.NullPointerException >>>>>> at >>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>> >>>>>> [bll.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>> >>>>>> [bll.jar:] >>>>>> >>>>>> >>>>>> Looking at that section of code where the exception is thrown, >>>>>> I see >>>>>> that >>>>>> it >>>>>> iterates over host networks to find required networks, which I >>>>>> assume is >>>>>> ovirtmgmt. In the host network setup dialog I don't see any >>>>>> networks at >>>>>> all >>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>> networks but >>>>>> these >>>>>> can't be statically assigned as they are added dynamically when >>>>>> needed, >>>>>> which is fine. >>>>>> >>>>>> I believe that I either need to remove ovirtmgmt network or >>>>>> configure >>>>>> that >>>>>> it >>>>>> is provided by the OVN provider, but neither is possible. >>>>>> Preferably it >>>>>> shouldn't be hardcoded which network is management and >>>>>> mandatory but be >>>>>> possible to configure. >>>>>> >>>>>> /Sverker >>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>> >>>>>> >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >>> > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
------=_Part_5778955_901085841.1483014842363 Content-Type: text/plain; charset=UTF-8; name=ovsdbdump Content-Disposition: attachment; filename=ovsdbdump Content-Transfer-Encoding: base64 QXV0b0F0dGFjaCB0YWJsZQpfdXVpZCBtYXBwaW5ncyBzeXN0ZW1fZGVzY3JpcHRpb24gc3lzdGVt X25hbWUKLS0tLS0gLS0tLS0tLS0gLS0tLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tCgpCcmlk Z2UgdGFibGUKX3V1aWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF1dG9fYXR0YWNo IGNvbnRyb2xsZXIgZGF0YXBhdGhfaWQgICAgICAgIGRhdGFwYXRoX3R5cGUgZGF0YXBhdGhfdmVy c2lvbiBleHRlcm5hbF9pZHMgZmFpbF9tb2RlIGZsb29kX3ZsYW5zIGZsb3dfdGFibGVzIGlwZml4 IG1jYXN0X3Nub29waW5nX2VuYWJsZSBtaXJyb3JzIG5hbWUgICAgICAgICBuZXRmbG93IG90aGVy X2NvbmZpZyAgICAgICAgICAgICBwb3J0cyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHByb3RvY29scyByc3RwX2Vu YWJsZSByc3RwX3N0YXR1cyBzZmxvdyBzdGF0dXMgc3RwX2VuYWJsZQotLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0gLS0tLS0tLS0tLS0gLS0tLS0tLS0tLSAtLS0tLS0tLS0tLS0t LS0tLS0gLS0tLS0tLS0tLS0tLSAtLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tLSAtLS0tLS0t LS0gLS0tLS0tLS0tLS0gLS0tLS0tLS0tLS0gLS0tLS0gLS0tLS0tLS0tLS0tLS0tLS0tLS0tIC0t LS0tLS0gLS0tLS0tLS0tLS0tIC0tLS0tLS0gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tIC0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0gLS0tLS0tLS0tIC0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tIC0tLS0tIC0t LS0tLSAtLS0tLS0tLS0tCmQ0YWY1YmJiLWRmMTQtNGZmYy1hYWU5LWI2NTY2YTVmZmQ4NyBbXSAg ICAgICAgICBbXSAgICAgICAgICIwMDAwNDQ4YTViODQ3ZGIzIiAiIiAgICAgICAgICAgICI8dW5r bm93bj4iICAgICAge30gICAgICAgICAgIFtdICAgICAgICBbXSAgICAgICAgICB7fSAgICAgICAg ICBbXSAgICBmYWxzZSAgICAgICAgICAgICAgICAgW10gICAgICAib3ZzYnJpZGdlMCIgW10gICAg ICB7fSAgICAgICAgICAgICAgICAgICAgICAgW2E3Y2NhOGY1LTM0MzctNDNkYy04MzEwLTE5NTQ1 NGZiNzc3MSwgYjczNjFjNTctNDFhYS00YThmLWI2ZmUtNjdlNjQzMTI5YWNhXSBbXSAgICAgICAg ZmFsc2UgICAgICAge30gICAgICAgICAgW10gICAge30gICAgIGZhbHNlICAgICAKOWQzYWIwOWUt YTE0Ni00YmYyLWE1YmItYmE5OTQ4YzRmMmRkIFtdICAgICAgICAgIFtdICAgICAgICAgIjAwMDA5 ZWIwM2E5ZGYyNGIiICIiICAgICAgICAgICAgIjx1bmtub3duPiIgICAgICB7fSAgICAgICAgICAg c2VjdXJlICAgIFtdICAgICAgICAgIHt9ICAgICAgICAgIFtdICAgIGZhbHNlICAgICAgICAgICAg ICAgICBbXSAgICAgIGJyLWludCAgICAgICBbXSAgICAgIHtkaXNhYmxlLWluLWJhbmQ9InRydWUi fSBbNDA2Y2FmNzItYTZmOS00ZmQ4LTgzZGMtMmJjNGZiMjE5NDRjXSAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIFtdICAgICAgICBmYWxzZSAgICAgICB7fSAgICAgICAgICBb XSAgICB7fSAgICAgZmFsc2UgICAgIAphNGU1ZjZhNS00ZWMxLTQ1NWItOThlOS04YjVlNmE4YjRj YzQgW10gICAgICAgICAgW10gICAgICAgICAiMDAwMGE2ZjZlNWE0NWI0NSIgIiIgICAgICAgICAg ICAiPHVua25vd24+IiAgICAgIHt9ICAgICAgICAgICBbXSAgICAgICAgW10gICAgICAgICAge30g ICAgICAgICAgW10gICAgZmFsc2UgICAgICAgICAgICAgICAgIFtdICAgICAgb3ZpcnRicmlkZ2Ug IFtdICAgICAge30gICAgICAgICAgICAgICAgICAgICAgIFs3YjQ1OTE3Yi1hYmFmLTRlYmQtYjUw MS1jZTc2ZjA3ZmU2NWVdICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgW10g ICAgICAgIGZhbHNlICAgICAgIHt9ICAgICAgICAgIFtdICAgIHt9ICAgICBmYWxzZSAgICAgCgpD b250cm9sbGVyIHRhYmxlCl91dWlkIGNvbm5lY3Rpb25fbW9kZSBjb250cm9sbGVyX2J1cnN0X2xp bWl0IGNvbnRyb2xsZXJfcmF0ZV9saW1pdCBlbmFibGVfYXN5bmNfbWVzc2FnZXMgZXh0ZXJuYWxf aWRzIGluYWN0aXZpdHlfcHJvYmUgaXNfY29ubmVjdGVkIGxvY2FsX2dhdGV3YXkgbG9jYWxfaXAg bG9jYWxfbmV0bWFzayBtYXhfYmFja29mZiBvdGhlcl9jb25maWcgcm9sZSBzdGF0dXMgdGFyZ2V0 Ci0tLS0tIC0tLS0tLS0tLS0tLS0tLSAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0t LS0tLS0tLS0tLSAtLS0tLS0tLS0tLS0tLS0tLS0tLS0gLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0t LS0tLS0gLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tLS0gLS0tLS0tLS0gLS0tLS0tLS0tLS0tLSAt LS0tLS0tLS0tLSAtLS0tLS0tLS0tLS0gLS0tLSAtLS0tLS0gLS0tLS0tCgpGbG93X1NhbXBsZV9D b2xsZWN0b3JfU2V0IHRhYmxlCl91dWlkIGJyaWRnZSBleHRlcm5hbF9pZHMgaWQgaXBmaXgKLS0t LS0gLS0tLS0tIC0tLS0tLS0tLS0tLSAtLSAtLS0tLQoKRmxvd19UYWJsZSB0YWJsZQpfdXVpZCBl eHRlcm5hbF9pZHMgZmxvd19saW1pdCBncm91cHMgbmFtZSBvdmVyZmxvd19wb2xpY3kgcHJlZml4 ZXMKLS0tLS0gLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0gLS0tLS0tIC0tLS0gLS0tLS0tLS0tLS0t LS0tIC0tLS0tLS0tCgpJUEZJWCB0YWJsZQpfdXVpZCBjYWNoZV9hY3RpdmVfdGltZW91dCBjYWNo ZV9tYXhfZmxvd3MgZXh0ZXJuYWxfaWRzIG9ic19kb21haW5faWQgb2JzX3BvaW50X2lkIG90aGVy X2NvbmZpZyBzYW1wbGluZyB0YXJnZXRzCi0tLS0tIC0tLS0tLS0tLS0tLS0tLS0tLS0tIC0tLS0t LS0tLS0tLS0tLSAtLS0tLS0tLS0tLS0gLS0tLS0tLS0tLS0tLSAtLS0tLS0tLS0tLS0gLS0tLS0t LS0tLS0tIC0tLS0tLS0tIC0tLS0tLS0KCkludGVyZmFjZSB0YWJsZQpfdXVpZCAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgYWRtaW5fc3RhdGUgYmZkIGJmZF9zdGF0dXMgY2ZtX2ZhdWx0 IGNmbV9mYXVsdF9zdGF0dXMgY2ZtX2ZsYXBfY291bnQgY2ZtX2hlYWx0aCBjZm1fbXBpZCBjZm1f cmVtb3RlX21waWRzIGNmbV9yZW1vdGVfb3BzdGF0ZSBkdXBsZXggZXJyb3IgZXh0ZXJuYWxfaWRz IGlmaW5kZXggaW5ncmVzc19wb2xpY2luZ19idXJzdCBpbmdyZXNzX3BvbGljaW5nX3JhdGUgbGFj cF9jdXJyZW50IGxpbmtfcmVzZXRzIGxpbmtfc3BlZWQgbGlua19zdGF0ZSBsbGRwIG1hYyBtYWNf aW5fdXNlICAgICAgICAgIG10dSAgbXR1X3JlcXVlc3QgbmFtZSAgICAgICAgIG9mcG9ydCBvZnBv cnRfcmVxdWVzdCBvcHRpb25zIG90aGVyX2NvbmZpZyBzdGF0aXN0aWNzICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3RhdHVzICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg dHlwZSAgICAKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0t IC0tLSAtLS0tLS0tLS0tIC0tLS0tLS0tLSAtLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tLS0t IC0tLS0tLS0tLS0gLS0tLS0tLS0gLS0tLS0tLS0tLS0tLS0tLSAtLS0tLS0tLS0tLS0tLS0tLS0g LS0tLS0tIC0tLS0tIC0tLS0tLS0tLS0tLSAtLS0tLS0tIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0g LS0tLS0tLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tLSAtLS0tLS0tLS0tLSAtLS0tLS0tLS0t IC0tLS0tLS0tLS0gLS0tLSAtLS0gLS0tLS0tLS0tLS0tLS0tLS0tLSAtLS0tIC0tLS0tLS0tLS0t IC0tLS0tLS0tLS0tLSAtLS0tLS0gLS0tLS0tLS0tLS0tLS0gLS0tLS0tLSAtLS0tLS0tLS0tLS0g LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tCmRiNGZmYWMwLWZkOTgtNDE0My05MWMw LTNjYTQ3NjdlYmM1MiBkb3duICAgICAgICB7fSAge30gICAgICAgICBbXSAgICAgICAgW10gICAg ICAgICAgICAgICBbXSAgICAgICAgICAgICBbXSAgICAgICAgIFtdICAgICAgIFtdICAgICAgICAg ICAgICAgW10gICAgICAgICAgICAgICAgIFtdICAgICBbXSAgICB7fSAgICAgICAgICAgNSAgICAg ICAwICAgICAgICAgICAgICAgICAgICAgIDAgICAgICAgICAgICAgICAgICAgICBbXSAgICAgICAg ICAgMCAgICAgICAgICAgW10gICAgICAgICBkb3duICAgICAgIHt9ICAgW10gICI5ZTpiMDozYTo5 ZDpmMjo0YiIgMTUwMCBbXSAgICAgICAgICBici1pbnQgICAgICAgNjU1MzQgIFtdICAgICAgICAg ICAgIHt9ICAgICAge30gICAgICAgICAgIHtjb2xsaXNpb25zPTAsIHJ4X2J5dGVzPTAsIHJ4X2Ny Y19lcnI9MCwgcnhfZHJvcHBlZD0wLCByeF9lcnJvcnM9MCwgcnhfZnJhbWVfZXJyPTAsIHJ4X292 ZXJfZXJyPTAsIHJ4X3BhY2tldHM9MCwgdHhfYnl0ZXM9MCwgdHhfZHJvcHBlZD0wLCB0eF9lcnJv cnM9MCwgdHhfcGFja2V0cz0wfSAgICAgICAgICAgICAgICB7ZHJpdmVyX25hbWU9b3BlbnZzd2l0 Y2h9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbnRlcm5h bAoyMWRmN2E1OC1lNTcyLTQwNDItOGI2NC02MzcwZDhlNThmOTIgdXAgICAgICAgICAge30gIHt9 ICAgICAgICAgW10gICAgICAgIFtdICAgICAgICAgICAgICAgW10gICAgICAgICAgICAgW10gICAg ICAgICBbXSAgICAgICBbXSAgICAgICAgICAgICAgIFtdICAgICAgICAgICAgICAgICBbXSAgICAg W10gICAge30gICAgICAgICAgIDQgICAgICAgMCAgICAgICAgICAgICAgICAgICAgICAwICAgICAg ICAgICAgICAgICAgICAgW10gICAgICAgICAgIDEgICAgICAgICAgIFtdICAgICAgICAgdXAgICAg ICAgICB7fSAgIFtdICAiNDQ6OGE6NWI6ODQ6N2Q6YjMiIDE1MDAgW10gICAgICAgICAgIm92c2Jy aWRnZTAiIDY1NTM0ICBbXSAgICAgICAgICAgICB7fSAgICAgIHt9ICAgICAgICAgICB7Y29sbGlz aW9ucz0wLCByeF9ieXRlcz0xOTM3MTgsIHJ4X2NyY19lcnI9MCwgcnhfZHJvcHBlZD0zOSwgcnhf ZXJyb3JzPTAsIHJ4X2ZyYW1lX2Vycj0wLCByeF9vdmVyX2Vycj0wLCByeF9wYWNrZXRzPTI2NzIs IHR4X2J5dGVzPTMyNzE5LCB0eF9kcm9wcGVkPTAsIHR4X2Vycm9ycz0wLCB0eF9wYWNrZXRzPTI0 OH0ge2RyaXZlcl9uYW1lPW9wZW52c3dpdGNofSAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgaW50ZXJuYWwKZDhjNTc4MGQtYjliYi00NzdhLTg3MzItYjI5YzI4 MDIwODMxIHVwICAgICAgICAgIHt9ICB7fSAgICAgICAgIFtdICAgICAgICBbXSAgICAgICAgICAg ICAgIFtdICAgICAgICAgICAgIFtdICAgICAgICAgW10gICAgICAgW10gICAgICAgICAgICAgICBb XSAgICAgICAgICAgICAgICAgW10gICAgIFtdICAgIHt9ICAgICAgICAgICA2ICAgICAgIDAgICAg ICAgICAgICAgICAgICAgICAgMCAgICAgICAgICAgICAgICAgICAgIFtdICAgICAgICAgICAxICAg ICAgICAgICBbXSAgICAgICAgIHVwICAgICAgICAge30gICBbXSAgImE2OmY2OmU1OmE0OjViOjQ1 IiAxNTAwIFtdICAgICAgICAgIG92aXJ0YnJpZGdlICA2NTUzNCAgW10gICAgICAgICAgICAge30g ICAgICB7fSAgICAgICAgICAge2NvbGxpc2lvbnM9MCwgcnhfYnl0ZXM9MCwgcnhfY3JjX2Vycj0w LCByeF9kcm9wcGVkPTAsIHJ4X2Vycm9ycz0wLCByeF9mcmFtZV9lcnI9MCwgcnhfb3Zlcl9lcnI9 MCwgcnhfcGFja2V0cz0wLCB0eF9ieXRlcz04MjIsIHR4X2Ryb3BwZWQ9MCwgdHhfZXJyb3JzPTAs IHR4X3BhY2tldHM9MTN9ICAgICAgICAgICAgIHtkcml2ZXJfbmFtZT1vcGVudnN3aXRjaH0gICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGludGVybmFsCjBhYzRh MWE0LTFmMDYtNGJhNi1iMDEzLWM0ZmI0NTRmMzE1YyB1cCAgICAgICAgICB7fSAge30gICAgICAg ICBbXSAgICAgICAgW10gICAgICAgICAgICAgICBbXSAgICAgICAgICAgICBbXSAgICAgICAgIFtd ICAgICAgIFtdICAgICAgICAgICAgICAgW10gICAgICAgICAgICAgICAgIGZ1bGwgICBbXSAgICB7 fSAgICAgICAgICAgMiAgICAgICAwICAgICAgICAgICAgICAgICAgICAgIDAgICAgICAgICAgICAg ICAgICAgICBbXSAgICAgICAgICAgMSAgICAgICAgICAgMTAwMDAwMDAwMCB1cCAgICAgICAgIHt9 ICAgW10gICI0NDo4YTo1Yjo4NDo3ZDpiMyIgMTUwMCBbXSAgICAgICAgICAiZXRoMCIgICAgICAg MSAgICAgIFtdICAgICAgICAgICAgIHt9ICAgICAge30gICAgICAgICAgIHtjb2xsaXNpb25zPTAs IHJ4X2J5dGVzPTIzNDM5NCwgcnhfY3JjX2Vycj0wLCByeF9kcm9wcGVkPTAsIHJ4X2Vycm9ycz0w LCByeF9mcmFtZV9lcnI9MCwgcnhfb3Zlcl9lcnI9MCwgcnhfcGFja2V0cz0yNzExLCB0eF9ieXRl cz0zMzYwMywgdHhfZHJvcHBlZD0wLCB0eF9lcnJvcnM9MCwgdHhfcGFja2V0cz0yNTd9ICB7ZHJp dmVyX25hbWU9InI4MTY5IiwgZHJpdmVyX3ZlcnNpb249IjIuM0xLLU5BUEkiLCBmaXJtd2FyZV92 ZXJzaW9uPSIifSAiIiAgICAgIAoKTWFuYWdlciB0YWJsZQpfdXVpZCBjb25uZWN0aW9uX21vZGUg ZXh0ZXJuYWxfaWRzIGluYWN0aXZpdHlfcHJvYmUgaXNfY29ubmVjdGVkIG1heF9iYWNrb2ZmIG90 aGVyX2NvbmZpZyBzdGF0dXMgdGFyZ2V0Ci0tLS0tIC0tLS0tLS0tLS0tLS0tLSAtLS0tLS0tLS0t LS0gLS0tLS0tLS0tLS0tLS0tLSAtLS0tLS0tLS0tLS0gLS0tLS0tLS0tLS0gLS0tLS0tLS0tLS0t IC0tLS0tLSAtLS0tLS0KCk1pcnJvciB0YWJsZQpfdXVpZCBleHRlcm5hbF9pZHMgbmFtZSBvdXRw dXRfcG9ydCBvdXRwdXRfdmxhbiBzZWxlY3RfYWxsIHNlbGVjdF9kc3RfcG9ydCBzZWxlY3Rfc3Jj X3BvcnQgc2VsZWN0X3ZsYW4gc25hcGxlbiBzdGF0aXN0aWNzCi0tLS0tIC0tLS0tLS0tLS0tLSAt LS0tIC0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tIC0tLS0tLS0tLS0gLS0tLS0tLS0tLS0tLS0tIC0t LS0tLS0tLS0tLS0tLSAtLS0tLS0tLS0tLSAtLS0tLS0tIC0tLS0tLS0tLS0KCk5ldEZsb3cgdGFi bGUKX3V1aWQgYWN0aXZlX3RpbWVvdXQgYWRkX2lkX3RvX2ludGVyZmFjZSBlbmdpbmVfaWQgZW5n aW5lX3R5cGUgZXh0ZXJuYWxfaWRzIHRhcmdldHMKLS0tLS0gLS0tLS0tLS0tLS0tLS0gLS0tLS0t LS0tLS0tLS0tLS0tLSAtLS0tLS0tLS0gLS0tLS0tLS0tLS0gLS0tLS0tLS0tLS0tIC0tLS0tLS0K Ck9wZW5fdlN3aXRjaCB0YWJsZQpfdXVpZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg YnJpZGdlcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGN1cl9jZmcgZGF0YXBhdGhfdHlwZXMgICBkYl92ZXJzaW9uIGV4dGVybmFsX2lkcyAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmYWNlX3R5cGVzICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbWFuYWdlcl9vcHRpb25zIG5leHRf Y2ZnIG90aGVyX2NvbmZpZyBvdnNfdmVyc2lvbiBzc2wgc3RhdGlzdGljcyBzeXN0ZW1fdHlwZSBz eXN0ZW1fdmVyc2lvbgotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tIC0tLS0t LS0gLS0tLS0tLS0tLS0tLS0tLSAtLS0tLS0tLS0tIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tIC0t LS0tLS0tLS0tLSAtLS0tLS0tLS0tLSAtLS0gLS0tLS0tLS0tLSAtLS0tLS0tLS0tLSAtLS0tLS0t LS0tLS0tLQplYmI2YWVkZS1jYmJjLTRmNGYtYTg4YS1hOWNkNzJiMmJkMjMgWzlkM2FiMDllLWEx NDYtNGJmMi1hNWJiLWJhOTk0OGM0ZjJkZCwgYTRlNWY2YTUtNGVjMS00NTViLTk4ZTktOGI1ZTZh OGI0Y2M0LCBkNGFmNWJiYi1kZjE0LTRmZmMtYWFlOS1iNjU2NmE1ZmZkODddIDY4ICAgICAgW25l dGRldiwgc3lzdGVtXSAiNy4xNC4wIiAgIHtob3N0bmFtZT0iaDIubGltZXRyYW5zaXQuY29tIiwg b3ZuLWVuY2FwLWlwPSIxNzIuMjcuMS4xIiwgb3ZuLWVuY2FwLXR5cGU9Z2VuZXZlLCBvdm4tcmVt b3RlPSJ0Y3A6MTI3LjAuMC4xOjY2NDIiLCBzeXN0ZW0taWQ9IjZlNGRkMjlmLTc2MDctNDhkNy04 ZTVhLWVlZjRjNmFlZWZiNSJ9IFtnZW5ldmUsIGdyZSwgaW50ZXJuYWwsIGxpc3AsIHBhdGNoLCBz dHQsIHN5c3RlbSwgdGFwLCB2eGxhbl0gW10gICAgICAgICAgICAgIDY4ICAgICAgIHt9ICAgICAg ICAgICAiMi42LjkwIiAgICBbXSAge30gICAgICAgICBjZW50b3MgICAgICAiNyIgICAgICAgICAg IAoKUG9ydCB0YWJsZQpfdXVpZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm9uZF9h Y3RpdmVfc2xhdmUgYm9uZF9kb3duZGVsYXkgYm9uZF9mYWtlX2lmYWNlIGJvbmRfbW9kZSBib25k X3VwZGVsYXkgZXh0ZXJuYWxfaWRzIGZha2VfYnJpZGdlIGludGVyZmFjZXMgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGxhY3AgbWFjIG5hbWUgICAgICAgICBvdGhlcl9jb25maWcgcHJvdGVj dGVkIHFvcyByc3RwX3N0YXRpc3RpY3MgcnN0cF9zdGF0dXMgc3RhdGlzdGljcyBzdGF0dXMgdGFn IHRydW5rcyB2bGFuX21vZGUKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tIC0t LS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tLS0tLSAtLS0tLS0tLS0g LS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tLSAtLS0tLS0tLS0tLSAtLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLSAtLS0tIC0tLSAtLS0tLS0tLS0tLS0gLS0tLS0tLS0tLS0tIC0t LS0tLS0tLSAtLS0gLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tIC0tLS0tLS0tLS0gLS0tLS0t IC0tLSAtLS0tLS0gLS0tLS0tLS0tCjQwNmNhZjcyLWE2ZjktNGZkOC04M2RjLTJiYzRmYjIxOTQ0 YyBbXSAgICAgICAgICAgICAgICAwICAgICAgICAgICAgICBmYWxzZSAgICAgICAgICAgW10gICAg ICAgIDAgICAgICAgICAgICB7fSAgICAgICAgICAgZmFsc2UgICAgICAgW2RiNGZmYWMwLWZkOTgt NDE0My05MWMwLTNjYTQ3NjdlYmM1Ml0gW10gICBbXSAgYnItaW50ICAgICAgIHt9ICAgICAgICAg ICBmYWxzZSAgICAgW10gIHt9ICAgICAgICAgICAgICB7fSAgICAgICAgICB7fSAgICAgICAgIHt9 ICAgICBbXSAgW10gICAgIFtdICAgICAgIApiNzM2MWM1Ny00MWFhLTRhOGYtYjZmZS02N2U2NDMx MjlhY2EgW10gICAgICAgICAgICAgICAgMCAgICAgICAgICAgICAgZmFsc2UgICAgICAgICAgIFtd ICAgICAgICAwICAgICAgICAgICAge30gICAgICAgICAgIGZhbHNlICAgICAgIFswYWM0YTFhNC0x ZjA2LTRiYTYtYjAxMy1jNGZiNDU0ZjMxNWNdIFtdICAgW10gICJldGgwIiAgICAgICB7fSAgICAg ICAgICAgZmFsc2UgICAgIFtdICB7fSAgICAgICAgICAgICAge30gICAgICAgICAge30gICAgICAg ICB7fSAgICAgW10gIFtdICAgICBbXSAgICAgICAKN2I0NTkxN2ItYWJhZi00ZWJkLWI1MDEtY2U3 NmYwN2ZlNjVlIFtdICAgICAgICAgICAgICAgIDAgICAgICAgICAgICAgIGZhbHNlICAgICAgICAg ICBbXSAgICAgICAgMCAgICAgICAgICAgIHt9ICAgICAgICAgICBmYWxzZSAgICAgICBbZDhjNTc4 MGQtYjliYi00NzdhLTg3MzItYjI5YzI4MDIwODMxXSBbXSAgIFtdICBvdmlydGJyaWRnZSAge30g ICAgICAgICAgIGZhbHNlICAgICBbXSAge30gICAgICAgICAgICAgIHt9ICAgICAgICAgIHt9ICAg ICAgICAge30gICAgIFtdICBbXSAgICAgW10gICAgICAgCmE3Y2NhOGY1LTM0MzctNDNkYy04MzEw LTE5NTQ1NGZiNzc3MSBbXSAgICAgICAgICAgICAgICAwICAgICAgICAgICAgICBmYWxzZSAgICAg ICAgICAgW10gICAgICAgIDAgICAgICAgICAgICB7fSAgICAgICAgICAgZmFsc2UgICAgICAgWzIx ZGY3YTU4LWU1NzItNDA0Mi04YjY0LTYzNzBkOGU1OGY5Ml0gW10gICBbXSAgIm92c2JyaWRnZTAi IHt9ICAgICAgICAgICBmYWxzZSAgICAgW10gIHt9ICAgICAgICAgICAgICB7fSAgICAgICAgICB7 fSAgICAgICAgIHt9ICAgICBbXSAgW10gICAgIFtdICAgICAgIAoKUW9TIHRhYmxlCl91dWlkIGV4 dGVybmFsX2lkcyBvdGhlcl9jb25maWcgcXVldWVzIHR5cGUKLS0tLS0gLS0tLS0tLS0tLS0tIC0t LS0tLS0tLS0tLSAtLS0tLS0gLS0tLQoKUXVldWUgdGFibGUKX3V1aWQgZHNjcCBleHRlcm5hbF9p ZHMgb3RoZXJfY29uZmlnCi0tLS0tIC0tLS0gLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tLQoKU1NM IHRhYmxlCl91dWlkIGJvb3RzdHJhcF9jYV9jZXJ0IGNhX2NlcnQgY2VydGlmaWNhdGUgZXh0ZXJu YWxfaWRzIHByaXZhdGVfa2V5Ci0tLS0tIC0tLS0tLS0tLS0tLS0tLS0tIC0tLS0tLS0gLS0tLS0t LS0tLS0gLS0tLS0tLS0tLS0tIC0tLS0tLS0tLS0tCgpzRmxvdyB0YWJsZQpfdXVpZCBhZ2VudCBl eHRlcm5hbF9pZHMgaGVhZGVyIHBvbGxpbmcgc2FtcGxpbmcgdGFyZ2V0cwotLS0tLSAtLS0tLSAt LS0tLS0tLS0tLS0gLS0tLS0tIC0tLS0tLS0gLS0tLS0tLS0gLS0tLS0tLQo= ------=_Part_5778955_901085841.1483014842363--
Hi Same problem still.. /Sverker Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
Hi,
The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior.
Does the problem still occur after setting configuring the OVN-controller?
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host.
[root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch
After removing my manually created br-int and run
vdsm-tool ovn-config 127.0.0.1 172.27.1.1
then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel?
[root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90"
[root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:
trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept
The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki:
Hi,
Can you please do: "sudo ovsdb-client dump" on the host and send me the output?
Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ for details.
Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi,
br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch
Please give me some time to look at the connectivity problem.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int'
Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
Googling on the message about br-int suggested adding that bridge to ovs:
ovs-vsctl add-br br-int
Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed:
[root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90"
Searching through the code it appears that br-int comes from neutron-openvswitch plugin ??
[root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch
/Sverker
Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: > In addition I had to add an alias to modprobe: > > [root@h2 modprobe.d]# cat dummy.conf > alias dummy0 dummy > > > Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >> Hi >> I first tried to set device name to dummy_0, but then ifup did not >> succeed in creating the device unless I first did 'ip link add >> dummy_0 type dummy' but then it would not suceed to establish the if >> on reboot. >> >> Setting fake_nics = dummy0 would not work neither, but this works: >> >> fake_nics = dummy* >> >> The engine is now able to find the if and assign bridge ovirtmgmt to >> it. >> >> However, I then run into the next issue when starting a VM: >> >> 2016-12-28 22:28:23,897 ERROR >> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, >> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit >> message: Cannot get interface MTU on 'br-int': No such device. >> >> This VM has a nic on ovirtbridge, which comes from the OVN provider. >> >> /Sverker >> >> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>> Sverker, >>> >>> Can you try adding a vnic named veth_* or dummy_*, >>> (or alternatively add the name of the vnic to >>> vdsm.config fake_nics), and setup the management >>> network using this vnic? >>> I suppose adding the vnic you use for connecting >>> to the engine to fake_nics should make it visible >>> to the engine, and you should be able to use it for >>> the setup. >>> >>> Marcin >>> >>> >>> >>> ----- Original Message ----- >>>> From: "Marcin Mirecki" <mmirecki@redhat.com> >>>> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>> Cc: "Ovirt Users" <users@ovirt.org> >>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt network >>>> >>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>> with >>>>> IP address, but in the host network settings that port is not >>>>> visible. >>>> I just verified and unfortunately the virtual ports are not >>>> visible in engine >>>> to assign a network to :( >>>> I'm afraid that the engine is not ready for such a scenario (even >>>> if it >>>> works). >>>> Please give me some time to look for a solution. >>>> >>>> ----- Original Message ----- >>>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>>> To: "Marcin Mirecki" <mmirecki@redhat.com> >>>>> Cc: "Ovirt Users" <users@ovirt.org> >>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt >>>>> network >>>>> >>>>> Hi Marcin >>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor >>>>> ovsbridge0 since as soon as it sees them it messes up the network >>>>> config >>>>> so that the host will be unreachable. >>>>> >>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>> with >>>>> IP address, but in the host network settings that port is not >>>>> visible. >>>>> It doesn't help to name it ovirtmgmt. >>>>> >>>>> The engine is able to communicate with the host on the ip it has >>>>> been >>>>> given, it's just that it believes that it HAS to have a ovirtmgmt >>>>> network which can't be on OVN. >>>>> >>>>> /Sverker >>>>> >>>>> >>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>> Hi Sverker, >>>>>> >>>>>> The management network is mandatory on each host. It's used by the >>>>>> engine to communicate with the host. >>>>>> Looking at your description and the exception it looks like it is >>>>>> missing. >>>>>> The error is caused by not having any network for the host >>>>>> (network list retrieved in >>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>> which >>>>>> gets all the networks on nics for a host from vds_interface >>>>>> table in the >>>>>> DB). >>>>>> >>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as I >>>>>> understand you >>>>>> have no physical nic available) and use this for the management >>>>>> network? >>>>>> >>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>> address. >>>>>> I'm not quite sure I understand. Is this yet another bridge >>>>>> connected to >>>>>> ovsbridge0? >>>>>> You could also attach the vnic for the management network here >>>>>> if need >>>>>> be. >>>>>> >>>>>> Please keep in mind that OVN has no use in setting up the >>>>>> management >>>>>> network. >>>>>> The OVN provider can only handle external networks, which can >>>>>> not be used >>>>>> for a >>>>>> management network. >>>>>> >>>>>> Marcin >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>>>>> To: users@ovirt.org >>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >>>>>>> network >>>>>>> >>>>>>> >>>>>>> >>>>>>> Hi >>>>>>> For long time I've been looking for proper support in ovirt for >>>>>>> Open >>>>>>> vSwitch >>>>>>> so I'm happy that it is moving in the right direction. However, >>>>>>> there >>>>>>> seems >>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>>>>>> to move >>>>>>> that >>>>>>> to the OVN provider. >>>>>>> >>>>>>> The hosting center where I rent hw instances has a bit special >>>>>>> network >>>>>>> setup, >>>>>>> so I have one physical network port with a /32 netmask and >>>>>>> point-to-point >>>>>>> config to router. The physical port I connect to a ovs bridge >>>>>>> which has >>>>>>> the >>>>>>> public ip. Since ovirt always messes up the network config when >>>>>>> I've >>>>>>> tried >>>>>>> to let it have access to the network config for the physical >>>>>>> port, I've >>>>>>> set >>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>> >>>>>>> >>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>> address. With >>>>>>> the >>>>>>> OVN provider I am now able to import these into the engine and >>>>>>> it looks >>>>>>> good. When creating a VM I can select that it will have a vNic >>>>>>> on my OVS >>>>>>> bridge. >>>>>>> >>>>>>> However, I can't start the VM as an exception is thrown in the >>>>>>> log: >>>>>>> >>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>>>>> java.lang.NullPointerException >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>> >>>>>>> [bll.jar:] >>>>>>> >>>>>>> >>>>>>> Looking at that section of code where the exception is thrown, >>>>>>> I see >>>>>>> that >>>>>>> it >>>>>>> iterates over host networks to find required networks, which I >>>>>>> assume is >>>>>>> ovirtmgmt. In the host network setup dialog I don't see any >>>>>>> networks at >>>>>>> all >>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>> networks but >>>>>>> these >>>>>>> can't be statically assigned as they are added dynamically when >>>>>>> needed, >>>>>>> which is fine. >>>>>>> >>>>>>> I believe that I either need to remove ovirtmgmt network or >>>>>>> configure >>>>>>> that >>>>>>> it >>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>> Preferably it >>>>>>> shouldn't be hardcoded which network is management and >>>>>>> mandatory but be >>>>>>> possible to configure. >>>>>>> >>>>>>> /Sverker >>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>> >>>>>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users@ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>>> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Let me add the OVN team. Lance, Numan, Can you please look at this? Trying to plug a vNIC results in:
> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > -- set Interface vnet0 > "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > set Interface vnet0 > "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > Interface vnet0 external-ids:iface-status=active > Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > libvirt-J-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
More details below ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Same problem still.. /Sverker
Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
Hi,
The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior.
Does the problem still occur after setting configuring the OVN-controller?
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host.
[root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch
After removing my manually created br-int and run
vdsm-tool ovn-config 127.0.0.1 172.27.1.1
then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel?
[root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90"
[root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:
trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept
The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki:
Hi,
Can you please do: "sudo ovsdb-client dump" on the host and send me the output?
Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ for details.
Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi,
br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch
Please give me some time to look at the connectivity problem.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int'
Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: > Googling on the message about br-int suggested adding that bridge to > ovs: > > ovs-vsctl add-br br-int > > Then the VM is able to boot, but it fails to get network connectivity. > Output in /var/log/messages: > > Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > -- set Interface vnet0 > "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > set Interface vnet0 > "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > Interface vnet0 external-ids:iface-status=active > Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > libvirt-J-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > libvirt-P-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev > --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out > vnet0 -g FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 > -g FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in > vnet0 -g HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev > --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out > vnet0 -g FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in > vnet0 -g FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in > vnet0 -g HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > libvirt-I-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > libvirt-O-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 > libvirt-O-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: > > > [root@h2 etc]# ovs-vsctl show > ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > Bridge ovirtbridge > Port "ovirtport0" > Interface "ovirtport0" > type: internal > Port ovirtbridge > Interface ovirtbridge > type: internal > Bridge "ovsbridge0" > Port "ovsbridge0" > Interface "ovsbridge0" > type: internal > Port "eth0" > Interface "eth0" > Bridge br-int > Port br-int > Interface br-int > type: internal > Port "vnet0" > Interface "vnet0" > ovs_version: "2.6.90" > > Searching through the code it appears that br-int comes from > neutron-openvswitch plugin ?? > > [root@h2 share]# rpm -qf > /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py > ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch > > > /Sverker > > Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >> In addition I had to add an alias to modprobe: >> >> [root@h2 modprobe.d]# cat dummy.conf >> alias dummy0 dummy >> >> >> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>> Hi >>> I first tried to set device name to dummy_0, but then ifup did not >>> succeed in creating the device unless I first did 'ip link add >>> dummy_0 type dummy' but then it would not suceed to establish the if >>> on reboot. >>> >>> Setting fake_nics = dummy0 would not work neither, but this works: >>> >>> fake_nics = dummy* >>> >>> The engine is now able to find the if and assign bridge ovirtmgmt to >>> it. >>> >>> However, I then run into the next issue when starting a VM: >>> >>> 2016-12-28 22:28:23,897 ERROR >>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, >>> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit >>> message: Cannot get interface MTU on 'br-int': No such device. >>> >>> This VM has a nic on ovirtbridge, which comes from the OVN provider. >>> >>> /Sverker >>> >>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>> Sverker, >>>> >>>> Can you try adding a vnic named veth_* or dummy_*, >>>> (or alternatively add the name of the vnic to >>>> vdsm.config fake_nics), and setup the management >>>> network using this vnic? >>>> I suppose adding the vnic you use for connecting >>>> to the engine to fake_nics should make it visible >>>> to the engine, and you should be able to use it for >>>> the setup. >>>> >>>> Marcin >>>> >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Marcin Mirecki" <mmirecki@redhat.com> >>>>> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>>> Cc: "Ovirt Users" <users@ovirt.org> >>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt network >>>>> >>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>> with >>>>>> IP address, but in the host network settings that port is not >>>>>> visible. >>>>> I just verified and unfortunately the virtual ports are not >>>>> visible in engine >>>>> to assign a network to :( >>>>> I'm afraid that the engine is not ready for such a scenario (even >>>>> if it >>>>> works). >>>>> Please give me some time to look for a solution. >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>>>> To: "Marcin Mirecki" <mmirecki@redhat.com> >>>>>> Cc: "Ovirt Users" <users@ovirt.org> >>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt >>>>>> network >>>>>> >>>>>> Hi Marcin >>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 >>>>>> nor >>>>>> ovsbridge0 since as soon as it sees them it messes up the network >>>>>> config >>>>>> so that the host will be unreachable. >>>>>> >>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>> with >>>>>> IP address, but in the host network settings that port is not >>>>>> visible. >>>>>> It doesn't help to name it ovirtmgmt. >>>>>> >>>>>> The engine is able to communicate with the host on the ip it has >>>>>> been >>>>>> given, it's just that it believes that it HAS to have a ovirtmgmt >>>>>> network which can't be on OVN. >>>>>> >>>>>> /Sverker >>>>>> >>>>>> >>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>> Hi Sverker, >>>>>>> >>>>>>> The management network is mandatory on each host. It's used by >>>>>>> the >>>>>>> engine to communicate with the host. >>>>>>> Looking at your description and the exception it looks like it >>>>>>> is >>>>>>> missing. >>>>>>> The error is caused by not having any network for the host >>>>>>> (network list retrieved in >>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>> which >>>>>>> gets all the networks on nics for a host from vds_interface >>>>>>> table in the >>>>>>> DB). >>>>>>> >>>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as >>>>>>> I >>>>>>> understand you >>>>>>> have no physical nic available) and use this for the management >>>>>>> network? >>>>>>> >>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>> address. >>>>>>> I'm not quite sure I understand. Is this yet another bridge >>>>>>> connected to >>>>>>> ovsbridge0? >>>>>>> You could also attach the vnic for the management network here >>>>>>> if need >>>>>>> be. >>>>>>> >>>>>>> Please keep in mind that OVN has no use in setting up the >>>>>>> management >>>>>>> network. >>>>>>> The OVN provider can only handle external networks, which can >>>>>>> not be used >>>>>>> for a >>>>>>> management network. >>>>>>> >>>>>>> Marcin >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>>>>>> To: users@ovirt.org >>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt >>>>>>>> network >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Hi >>>>>>>> For long time I've been looking for proper support in ovirt for >>>>>>>> Open >>>>>>>> vSwitch >>>>>>>> so I'm happy that it is moving in the right direction. However, >>>>>>>> there >>>>>>>> seems >>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>>>>>>> to move >>>>>>>> that >>>>>>>> to the OVN provider. >>>>>>>> >>>>>>>> The hosting center where I rent hw instances has a bit special >>>>>>>> network >>>>>>>> setup, >>>>>>>> so I have one physical network port with a /32 netmask and >>>>>>>> point-to-point >>>>>>>> config to router. The physical port I connect to a ovs bridge >>>>>>>> which has >>>>>>>> the >>>>>>>> public ip. Since ovirt always messes up the network config when >>>>>>>> I've >>>>>>>> tried >>>>>>>> to let it have access to the network config for the physical >>>>>>>> port, I've >>>>>>>> set >>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>> >>>>>>>> >>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>> address. With >>>>>>>> the >>>>>>>> OVN provider I am now able to import these into the engine and >>>>>>>> it looks >>>>>>>> good. When creating a VM I can select that it will have a vNic >>>>>>>> on my OVS >>>>>>>> bridge. >>>>>>>> >>>>>>>> However, I can't start the VM as an exception is thrown in the >>>>>>>> log: >>>>>>>> >>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>>>>>> java.lang.NullPointerException >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> >>>>>>>> >>>>>>>> Looking at that section of code where the exception is thrown, >>>>>>>> I see >>>>>>>> that >>>>>>>> it >>>>>>>> iterates over host networks to find required networks, which I >>>>>>>> assume is >>>>>>>> ovirtmgmt. In the host network setup dialog I don't see any >>>>>>>> networks at >>>>>>>> all >>>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>>> networks but >>>>>>>> these >>>>>>>> can't be statically assigned as they are added dynamically when >>>>>>>> needed, >>>>>>>> which is fine. >>>>>>>> >>>>>>>> I believe that I either need to remove ovirtmgmt network or >>>>>>>> configure >>>>>>>> that >>>>>>>> it >>>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>>> Preferably it >>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>> mandatory but be >>>>>>>> possible to configure. >>>>>>>> >>>>>>>> /Sverker >>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>> >>>>>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@ovirt.org >>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------3A8685D2E91226043764F247 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker -------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <mmirecki@redhat.com> Till: Sverker Abrahamsson <sverker@abrahamsson.com> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com> Let me add the OVN team. Lance, Numan, Can you please look at this? Trying to plug a vNIC results in:
> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > -- set Interface vnet0 > "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > set Interface vnet0 > "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > Interface vnet0 external-ids:iface-status=active > Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > libvirt-J-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
More details below ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Same problem still.. /Sverker
Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
Hi,
The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior.
Does the problem still occur after setting configuring the OVN-controller?
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host.
[root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch
After removing my manually created br-int and run
vdsm-tool ovn-config 127.0.0.1 172.27.1.1
then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel?
[root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90"
[root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:
trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept
The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki:
Hi,
Can you please do: "sudo ovsdb-client dump" on the host and send me the output?
Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out: https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ for details.
Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two.
Marcin
----- Original Message -----
From: "Marcin Mirecki" <mmirecki@redhat.com> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi,
br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch
Please give me some time to look at the connectivity problem.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int'
Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: > Googling on the message about br-int suggested adding that bridge to > ovs: > > ovs-vsctl add-br br-int > > Then the VM is able to boot, but it fails to get network connectivity. > Output in /var/log/messages: > > Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > -- set Interface vnet0 > "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > set Interface vnet0 > "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > Interface vnet0 external-ids:iface-status=active > Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > libvirt-J-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > libvirt-P-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev > --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out > vnet0 -g FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 > -g FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in > vnet0 -g HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev > --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out > vnet0 -g FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in > vnet0 -g FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in > vnet0 -g HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > libvirt-I-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > libvirt-O-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 > libvirt-O-vnet0' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: > Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: > > > [root@h2 etc]# ovs-vsctl show > ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > Bridge ovirtbridge > Port "ovirtport0" > Interface "ovirtport0" > type: internal > Port ovirtbridge > Interface ovirtbridge > type: internal > Bridge "ovsbridge0" > Port "ovsbridge0" > Interface "ovsbridge0" > type: internal > Port "eth0" > Interface "eth0" > Bridge br-int > Port br-int > Interface br-int > type: internal > Port "vnet0" > Interface "vnet0" > ovs_version: "2.6.90" > > Searching through the code it appears that br-int comes from > neutron-openvswitch plugin ?? > > [root@h2 share]# rpm -qf > /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py > ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch > > > /Sverker > > Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >> In addition I had to add an alias to modprobe: >> >> [root@h2 modprobe.d]# cat dummy.conf >> alias dummy0 dummy >> >> >> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>> Hi >>> I first tried to set device name to dummy_0, but then ifup did not >>> succeed in creating the device unless I first did 'ip link add >>> dummy_0 type dummy' but then it would not suceed to establish the if >>> on reboot. >>> >>> Setting fake_nics = dummy0 would not work neither, but this works: >>> >>> fake_nics = dummy* >>> >>> The engine is now able to find the if and assign bridge ovirtmgmt to >>> it. >>> >>> However, I then run into the next issue when starting a VM: >>> >>> 2016-12-28 22:28:23,897 ERROR >>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, >>> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit >>> message: Cannot get interface MTU on 'br-int': No such device. >>> >>> This VM has a nic on ovirtbridge, which comes from the OVN provider. >>> >>> /Sverker >>> >>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>> Sverker, >>>> >>>> Can you try adding a vnic named veth_* or dummy_*, >>>> (or alternatively add the name of the vnic to >>>> vdsm.config fake_nics), and setup the management >>>> network using this vnic? >>>> I suppose adding the vnic you use for connecting >>>> to the engine to fake_nics should make it visible >>>> to the engine, and you should be able to use it for >>>> the setup. >>>> >>>> Marcin >>>> >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Marcin Mirecki" <mmirecki@redhat.com> >>>>> To: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>>> Cc: "Ovirt Users" <users@ovirt.org> >>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt network >>>>> >>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>> with >>>>>> IP address, but in the host network settings that port is not >>>>>> visible. >>>>> I just verified and unfortunately the virtual ports are not >>>>> visible in engine >>>>> to assign a network to :( >>>>> I'm afraid that the engine is not ready for such a scenario (even >>>>> if it >>>>> works). >>>>> Please give me some time to look for a solution. >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>>>> To: "Marcin Mirecki" <mmirecki@redhat.com> >>>>>> Cc: "Ovirt Users" <users@ovirt.org> >>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt >>>>>> network >>>>>> >>>>>> Hi Marcin >>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 >>>>>> nor >>>>>> ovsbridge0 since as soon as it sees them it messes up the network >>>>>> config >>>>>> so that the host will be unreachable. >>>>>> >>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>> with >>>>>> IP address, but in the host network settings that port is not >>>>>> visible. >>>>>> It doesn't help to name it ovirtmgmt. >>>>>> >>>>>> The engine is able to communicate with the host on the ip it has >>>>>> been >>>>>> given, it's just that it believes that it HAS to have a ovirtmgmt >>>>>> network which can't be on OVN. >>>>>> >>>>>> /Sverker >>>>>> >>>>>> >>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>> Hi Sverker, >>>>>>> >>>>>>> The management network is mandatory on each host. It's used by >>>>>>> the >>>>>>> engine to communicate with the host. >>>>>>> Looking at your description and the exception it looks like it >>>>>>> is >>>>>>> missing. >>>>>>> The error is caused by not having any network for the host >>>>>>> (network list retrieved in >>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>> which >>>>>>> gets all the networks on nics for a host from vds_interface >>>>>>> table in the >>>>>>> DB). >>>>>>> >>>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as >>>>>>> I >>>>>>> understand you >>>>>>> have no physical nic available) and use this for the management >>>>>>> network? >>>>>>> >>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>> address. >>>>>>> I'm not quite sure I understand. Is this yet another bridge >>>>>>> connected to >>>>>>> ovsbridge0? >>>>>>> You could also attach the vnic for the management network here >>>>>>> if need >>>>>>> be. >>>>>>> >>>>>>> Please keep in mind that OVN has no use in setting up the >>>>>>> management >>>>>>> network. >>>>>>> The OVN provider can only handle external networks, which can >>>>>>> not be used >>>>>>> for a >>>>>>> management network. >>>>>>> >>>>>>> Marcin >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>>>>>>> To: users@ovirt.org >>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt >>>>>>>> network >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Hi >>>>>>>> For long time I've been looking for proper support in ovirt for >>>>>>>> Open >>>>>>>> vSwitch >>>>>>>> so I'm happy that it is moving in the right direction. However, >>>>>>>> there >>>>>>>> seems >>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>>>>>>> to move >>>>>>>> that >>>>>>>> to the OVN provider. >>>>>>>> >>>>>>>> The hosting center where I rent hw instances has a bit special >>>>>>>> network >>>>>>>> setup, >>>>>>>> so I have one physical network port with a /32 netmask and >>>>>>>> point-to-point >>>>>>>> config to router. The physical port I connect to a ovs bridge >>>>>>>> which has >>>>>>>> the >>>>>>>> public ip. Since ovirt always messes up the network config when >>>>>>>> I've >>>>>>>> tried >>>>>>>> to let it have access to the network config for the physical >>>>>>>> port, I've >>>>>>>> set >>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>> >>>>>>>> >>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>> address. With >>>>>>>> the >>>>>>>> OVN provider I am now able to import these into the engine and >>>>>>>> it looks >>>>>>>> good. When creating a VM I can select that it will have a vNic >>>>>>>> on my OVS >>>>>>>> bridge. >>>>>>>> >>>>>>>> However, I can't start the VM as an exception is thrown in the >>>>>>>> log: >>>>>>>> >>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>>>>>> java.lang.NullPointerException >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> at >>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>> >>>>>>>> [bll.jar:] >>>>>>>> >>>>>>>> >>>>>>>> Looking at that section of code where the exception is thrown, >>>>>>>> I see >>>>>>>> that >>>>>>>> it >>>>>>>> iterates over host networks to find required networks, which I >>>>>>>> assume is >>>>>>>> ovirtmgmt. In the host network setup dialog I don't see any >>>>>>>> networks at >>>>>>>> all >>>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>>> networks but >>>>>>>> these >>>>>>>> can't be statically assigned as they are added dynamically when >>>>>>>> needed, >>>>>>>> which is fine. >>>>>>>> >>>>>>>> I believe that I either need to remove ovirtmgmt network or >>>>>>>> configure >>>>>>>> that >>>>>>>> it >>>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>>> Preferably it >>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>> mandatory but be >>>>>>>> possible to configure. >>>>>>>> >>>>>>>> /Sverker >>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>> >>>>>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@ovirt.org >>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------3A8685D2E91226043764F247 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created?<br> /Sverker<br> </p> <div class="moz-forward-container">-------- Vidarebefordrat meddelande -------- <table class="moz-email-headers-table" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Ämne: </th> <td>Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network</td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Datum: </th> <td>Thu, 29 Dec 2016 08:06:29 -0500 (EST)</td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Från: </th> <td>Marcin Mirecki <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a></td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Till: </th> <td>Sverker Abrahamsson <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a></td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Kopia: </th> <td>Ovirt Users <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a>, Lance Richardson <a class="moz-txt-link-rfc2396E" href="mailto:lrichard@redhat.com"><lrichard@redhat.com></a>, Numan Siddique <a class="moz-txt-link-rfc2396E" href="mailto:nusiddiq@redhat.com"><nusiddiq@redhat.com></a></td> </tr> </tbody> </table> <br> <br> <pre>Let me add the OVN team. Lance, Numan, Can you please look at this? Trying to plug a vNIC results in: > >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > >>>>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > >>>>>> -- set Interface vnet0 > >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > >>>>>> set Interface vnet0 > >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > >>>>>> Interface vnet0 external-ids:iface-status=active > >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: More details below ----- Original Message ----- > From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > To: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > Sent: Thursday, December 29, 2016 1:42:11 PM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network > > Hi > Same problem still.. > /Sverker > > Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: > > Hi, > > > > The tunnels are created to connect multiple OVN controllers. > > If there is only one, there is no need for the tunnels, so none > > will be created, this is the correct behavior. > > > > Does the problem still occur after setting configuring the OVN-controller? > > > > Marcin > > > > ----- Original Message ----- > >> From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >> To: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >> Sent: Thursday, December 29, 2016 11:44:32 AM > >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >> network > >> > >> Hi > >> The rpm packages you listed in the other mail are installed but I had > >> not run vdsm-tool ovn-config to create tunnel as the OVN controller is > >> on the same host. > >> > >> [root@h2 ~]# rpm -q openvswitch-ovn-common > >> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 > >> [root@h2 ~]# rpm -q openvswitch-ovn-host > >> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 > >> [root@h2 ~]# rpm -q python-openvswitch > >> python-openvswitch-2.6.90-1.el7.centos.noarch > >> > >> After removing my manually created br-int and run > >> > >> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 > >> > >> then I have the br-int but 'ip link show' does not show any link > >> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these > >> are when there is an actual tunnel? > >> > >> [root@h2 ~]# ovs-vsctl show > >> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > >> Bridge br-int > >> fail_mode: secure > >> Port br-int > >> Interface br-int > >> type: internal > >> Bridge ovirtbridge > >> Port ovirtbridge > >> Interface ovirtbridge > >> type: internal > >> Bridge "ovsbridge0" > >> Port "ovsbridge0" > >> Interface "ovsbridge0" > >> type: internal > >> Port "eth0" > >> Interface "eth0" > >> ovs_version: "2.6.90" > >> > >> [root@h2 ~]# ip link show > >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode > >> DEFAULT qlen 1 > >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > >> master ovs-system state UP mode DEFAULT qlen 1000 > >> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff > >> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode > >> DEFAULT qlen 1000 > >> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff > >> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff > >> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode > >> DEFAULT qlen 1000 > >> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff > >> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff > >> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master > >> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff > >> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UP mode DEFAULT qlen 1000 > >> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff > >> > >> Firewall settings: > >> [root@h2 ~]# firewall-cmd --list-all-zones > >> work > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> drop > >> target: DROP > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> internal > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client mdns samba-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> external > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: ssh > >> ports: > >> protocols: > >> masquerade: yes > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> trusted > >> target: ACCEPT > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> home > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client mdns samba-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> dmz > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> public (active) > >> target: default > >> icmp-block-inversion: no > >> interfaces: eth0 ovsbridge0 > >> sources: > >> services: dhcpv6-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> block > >> target: %%REJECT%% > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> ovirt (active) > >> target: default > >> icmp-block-inversion: no > >> interfaces: ovirtbridge ovirtmgmt > >> sources: > >> services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https > >> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn > >> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm > >> ports: > >> protocols: > >> masquerade: yes > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> rule family="ipv4" port port="6641" protocol="tcp" accept > >> rule family="ipv4" port port="6642" protocol="tcp" accept > >> > >> The db dump is attached > >> /Sverker > >> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: > >>> Hi, > >>> > >>> Can you please do: "sudo ovsdb-client dump" > >>> on the host and send me the output? > >>> > >>> Have you configured the ovn controller to connect to the > >>> OVN north? You can do it using "vdsm-tool ovn-config" or > >>> using the OVN tools directly. > >>> Please check out: <a class="moz-txt-link-freetext" href="https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/">https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/</a> > >>> for details. > >>> > >>> Also please note that the OVN provider is completely different > >>> from the neutron-openvswitch plugin. Please don't mix the two. > >>> > >>> Marcin > >>> > >>> > >>> ----- Original Message ----- > >>>> From: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>> To: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>> Sent: Thursday, December 29, 2016 9:27:19 AM > >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >>>> network > >>>> > >>>> Hi, > >>>> > >>>> br-int is the OVN integration bridge, it should have been created > >>>> when installing OVN. I assume you have the following packages installed > >>>> on the host: > >>>> openvswitch-ovn-common > >>>> openvswitch-ovn-host > >>>> python-openvswitch > >>>> > >>>> Please give me some time to look at the connectivity problem. > >>>> > >>>> Marcin > >>>> > >>>> > >>>> > >>>> ----- Original Message ----- > >>>>> From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>> To: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>> Sent: Thursday, December 29, 2016 12:47:04 AM > >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >>>>> network > >>>>> > >>>>> From > >>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook > >>>>> (installed by ovirt-provider-ovn-driver rpm): > >>>>> > >>>>> BRIDGE_NAME = 'br-int' > >>>>> > >>>>> > >>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: > >>>>>> Googling on the message about br-int suggested adding that bridge to > >>>>>> ovs: > >>>>>> > >>>>>> ovs-vsctl add-br br-int > >>>>>> > >>>>>> Then the VM is able to boot, but it fails to get network connectivity. > >>>>>> Output in /var/log/messages: > >>>>>> > >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > >>>>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > >>>>>> -- set Interface vnet0 > >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > >>>>>> set Interface vnet0 > >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > >>>>>> Interface vnet0 external-ids:iface-status=active > >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > >>>>>> libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev > >>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out > >>>>>> vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 > >>>>>> -g FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in > >>>>>> vnet0 -g HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev > >>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out > >>>>>> vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in > >>>>>> vnet0 -g FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in > >>>>>> vnet0 -g HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > >>>>>> libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 > >>>>>> libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: > >>>>>> > >>>>>> > >>>>>> [root@h2 etc]# ovs-vsctl show > >>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > >>>>>> Bridge ovirtbridge > >>>>>> Port "ovirtport0" > >>>>>> Interface "ovirtport0" > >>>>>> type: internal > >>>>>> Port ovirtbridge > >>>>>> Interface ovirtbridge > >>>>>> type: internal > >>>>>> Bridge "ovsbridge0" > >>>>>> Port "ovsbridge0" > >>>>>> Interface "ovsbridge0" > >>>>>> type: internal > >>>>>> Port "eth0" > >>>>>> Interface "eth0" > >>>>>> Bridge br-int > >>>>>> Port br-int > >>>>>> Interface br-int > >>>>>> type: internal > >>>>>> Port "vnet0" > >>>>>> Interface "vnet0" > >>>>>> ovs_version: "2.6.90" > >>>>>> > >>>>>> Searching through the code it appears that br-int comes from > >>>>>> neutron-openvswitch plugin ?? > >>>>>> > >>>>>> [root@h2 share]# rpm -qf > >>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py > >>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch > >>>>>> > >>>>>> > >>>>>> /Sverker > >>>>>> > >>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: > >>>>>>> In addition I had to add an alias to modprobe: > >>>>>>> > >>>>>>> [root@h2 modprobe.d]# cat dummy.conf > >>>>>>> alias dummy0 dummy > >>>>>>> > >>>>>>> > >>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: > >>>>>>>> Hi > >>>>>>>> I first tried to set device name to dummy_0, but then ifup did not > >>>>>>>> succeed in creating the device unless I first did 'ip link add > >>>>>>>> dummy_0 type dummy' but then it would not suceed to establish the if > >>>>>>>> on reboot. > >>>>>>>> > >>>>>>>> Setting fake_nics = dummy0 would not work neither, but this works: > >>>>>>>> > >>>>>>>> fake_nics = dummy* > >>>>>>>> > >>>>>>>> The engine is now able to find the if and assign bridge ovirtmgmt to > >>>>>>>> it. > >>>>>>>> > >>>>>>>> However, I then run into the next issue when starting a VM: > >>>>>>>> > >>>>>>>> 2016-12-28 22:28:23,897 ERROR > >>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, > >>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit > >>>>>>>> message: Cannot get interface MTU on 'br-int': No such device. > >>>>>>>> > >>>>>>>> This VM has a nic on ovirtbridge, which comes from the OVN provider. > >>>>>>>> > >>>>>>>> /Sverker > >>>>>>>> > >>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: > >>>>>>>>> Sverker, > >>>>>>>>> > >>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, > >>>>>>>>> (or alternatively add the name of the vnic to > >>>>>>>>> vdsm.config fake_nics), and setup the management > >>>>>>>>> network using this vnic? > >>>>>>>>> I suppose adding the vnic you use for connecting > >>>>>>>>> to the engine to fake_nics should make it visible > >>>>>>>>> to the engine, and you should be able to use it for > >>>>>>>>> the setup. > >>>>>>>>> > >>>>>>>>> Marcin > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> ----- Original Message ----- > >>>>>>>>>> From: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>>>>>>> To: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM > >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>> ovirtmgmt network > >>>>>>>>>> > >>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port > >>>>>>>>>>> with > >>>>>>>>>>> IP address, but in the host network settings that port is not > >>>>>>>>>>> visible. > >>>>>>>>>> I just verified and unfortunately the virtual ports are not > >>>>>>>>>> visible in engine > >>>>>>>>>> to assign a network to :( > >>>>>>>>>> I'm afraid that the engine is not ready for such a scenario (even > >>>>>>>>>> if it > >>>>>>>>>> works). > >>>>>>>>>> Please give me some time to look for a solution. > >>>>>>>>>> > >>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>> From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>>> To: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>>>>>>>> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM > >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>>> ovirtmgmt > >>>>>>>>>>> network > >>>>>>>>>>> > >>>>>>>>>>> Hi Marcin > >>>>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 > >>>>>>>>>>> nor > >>>>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the network > >>>>>>>>>>> config > >>>>>>>>>>> so that the host will be unreachable. > >>>>>>>>>>> > >>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port > >>>>>>>>>>> with > >>>>>>>>>>> IP address, but in the host network settings that port is not > >>>>>>>>>>> visible. > >>>>>>>>>>> It doesn't help to name it ovirtmgmt. > >>>>>>>>>>> > >>>>>>>>>>> The engine is able to communicate with the host on the ip it has > >>>>>>>>>>> been > >>>>>>>>>>> given, it's just that it believes that it HAS to have a ovirtmgmt > >>>>>>>>>>> network which can't be on OVN. > >>>>>>>>>>> > >>>>>>>>>>> /Sverker > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: > >>>>>>>>>>>> Hi Sverker, > >>>>>>>>>>>> > >>>>>>>>>>>> The management network is mandatory on each host. It's used by > >>>>>>>>>>>> the > >>>>>>>>>>>> engine to communicate with the host. > >>>>>>>>>>>> Looking at your description and the exception it looks like it > >>>>>>>>>>>> is > >>>>>>>>>>>> missing. > >>>>>>>>>>>> The error is caused by not having any network for the host > >>>>>>>>>>>> (network list retrieved in > >>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - > >>>>>>>>>>>> which > >>>>>>>>>>>> gets all the networks on nics for a host from vds_interface > >>>>>>>>>>>> table in the > >>>>>>>>>>>> DB). > >>>>>>>>>>>> > >>>>>>>>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as > >>>>>>>>>>>> I > >>>>>>>>>>>> understand you > >>>>>>>>>>>> have no physical nic available) and use this for the management > >>>>>>>>>>>> network? > >>>>>>>>>>>> > >>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private > >>>>>>>>>>>>> address. > >>>>>>>>>>>> I'm not quite sure I understand. Is this yet another bridge > >>>>>>>>>>>> connected to > >>>>>>>>>>>> ovsbridge0? > >>>>>>>>>>>> You could also attach the vnic for the management network here > >>>>>>>>>>>> if need > >>>>>>>>>>>> be. > >>>>>>>>>>>> > >>>>>>>>>>>> Please keep in mind that OVN has no use in setting up the > >>>>>>>>>>>> management > >>>>>>>>>>>> network. > >>>>>>>>>>>> The OVN provider can only handle external networks, which can > >>>>>>>>>>>> not be used > >>>>>>>>>>>> for a > >>>>>>>>>>>> management network. > >>>>>>>>>>>> > >>>>>>>>>>>> Marcin > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>> From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>>>>> To: <a class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a> > >>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM > >>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>>>>> ovirtmgmt > >>>>>>>>>>>>> network > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Hi > >>>>>>>>>>>>> For long time I've been looking for proper support in ovirt for > >>>>>>>>>>>>> Open > >>>>>>>>>>>>> vSwitch > >>>>>>>>>>>>> so I'm happy that it is moving in the right direction. However, > >>>>>>>>>>>>> there > >>>>>>>>>>>>> seems > >>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable > >>>>>>>>>>>>> to move > >>>>>>>>>>>>> that > >>>>>>>>>>>>> to the OVN provider. > >>>>>>>>>>>>> > >>>>>>>>>>>>> The hosting center where I rent hw instances has a bit special > >>>>>>>>>>>>> network > >>>>>>>>>>>>> setup, > >>>>>>>>>>>>> so I have one physical network port with a /32 netmask and > >>>>>>>>>>>>> point-to-point > >>>>>>>>>>>>> config to router. The physical port I connect to a ovs bridge > >>>>>>>>>>>>> which has > >>>>>>>>>>>>> the > >>>>>>>>>>>>> public ip. Since ovirt always messes up the network config when > >>>>>>>>>>>>> I've > >>>>>>>>>>>>> tried > >>>>>>>>>>>>> to let it have access to the network config for the physical > >>>>>>>>>>>>> port, I've > >>>>>>>>>>>>> set > >>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private > >>>>>>>>>>>>> address. With > >>>>>>>>>>>>> the > >>>>>>>>>>>>> OVN provider I am now able to import these into the engine and > >>>>>>>>>>>>> it looks > >>>>>>>>>>>>> good. When creating a VM I can select that it will have a vNic > >>>>>>>>>>>>> on my OVS > >>>>>>>>>>>>> bridge. > >>>>>>>>>>>>> > >>>>>>>>>>>>> However, I can't start the VM as an exception is thrown in the > >>>>>>>>>>>>> log: > >>>>>>>>>>>>> > >>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR > >>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] > >>>>>>>>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: > >>>>>>>>>>>>> java.lang.NullPointerException > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Looking at that section of code where the exception is thrown, > >>>>>>>>>>>>> I see > >>>>>>>>>>>>> that > >>>>>>>>>>>>> it > >>>>>>>>>>>>> iterates over host networks to find required networks, which I > >>>>>>>>>>>>> assume is > >>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see any > >>>>>>>>>>>>> networks at > >>>>>>>>>>>>> all > >>>>>>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN > >>>>>>>>>>>>> networks but > >>>>>>>>>>>>> these > >>>>>>>>>>>>> can't be statically assigned as they are added dynamically when > >>>>>>>>>>>>> needed, > >>>>>>>>>>>>> which is fine. > >>>>>>>>>>>>> > >>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt network or > >>>>>>>>>>>>> configure > >>>>>>>>>>>>> that > >>>>>>>>>>>>> it > >>>>>>>>>>>>> is provided by the OVN provider, but neither is possible. > >>>>>>>>>>>>> Preferably it > >>>>>>>>>>>>> shouldn't be hardcoded which network is management and > >>>>>>>>>>>>> mandatory but be > >>>>>>>>>>>>> possible to configure. > >>>>>>>>>>>>> > >>>>>>>>>>>>> /Sverker > >>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>> _______________________________________________ > >>>>>>>>>> Users mailing list > >>>>>>>>>> <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>>>>> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>>>>>> > >>>>>>>> _______________________________________________ > >>>>>>>> Users mailing list > >>>>>>>> <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>>> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>>> _______________________________________________ > >>>>>>> Users mailing list > >>>>>>> <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>> _______________________________________________ > >>>>>> Users mailing list > >>>>>> <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>> _______________________________________________ > >>>> Users mailing list > >>>> <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>> > >> > > </pre> </div> </body> </html> --------------3A8685D2E91226043764F247--
This is a multi-part message in MIME format. --------------6D1923E1AF4F24351B405BD3 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit After a reboot I ran into a new problem, vdsm-network did not want to start. First because of that it tried to establish default route on the dummy interface: Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: Traceback (most recent call last): Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/share/vdsm/vdsm-restore-net-config", line 482, in <module> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: restore(args) Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/share/vdsm/vdsm-restore-net-config", line 445, in restore Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: unified_restoration() Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/share/vdsm/vdsm-restore-net-config", line 145, in unified_restoration Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: '_inRollback': True}) Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/lib/python2.7/site-packages/vdsm/network/api.py", line 253, in setupNetworks Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: ipvalidator.validate(networks) Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/lib/python2.7/site-packages/vdsm/network/ip/validator.py", line 43, in validate Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: _validate_default_route(default_route_nets, no_default_route_nets) Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/lib/python2.7/site-packages/vdsm/network/ip/validator.py", line 53, in _validate_default_route Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: 'Only a singe default route network is allowed.') Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: vdsm.network.errors.ConfigNetworkError: (21, 'Only a singe default route network is allowed.') Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: Traceback (most recent call last): Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/bin/vdsm-tool", line 219, in main Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: return tool_command[cmd]["command"](*args) Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/lib/python2.7/site-packages/vdsm/tool/restore_nets.py", line 41, in restore_command Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: exec_restore(cmd) Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/lib/python2.7/site-packages/vdsm/tool/restore_nets.py", line 54, in exec_restore Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: raise EnvironmentError('Failed to restore the persisted networks') Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: EnvironmentError: Failed to restore the persisted networks I edit /var/lib/vdsm/persistence/netconf/nets/ovirtmgmt to set defaultroute=false, but then it complain about nameservers: Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: Traceback (most recent call last): Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/share/vdsm/vdsm-restore-net-config", line 482, in <module> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: restore(args) Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/share/vdsm/vdsm-restore-net-config", line 445, in restore Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: unified_restoration() Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/share/vdsm/vdsm-restore-net-config", line 145, in unified_restoration Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: '_inRollback': True}) Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/network/api.py", line 253, in setupNetworks Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: ipvalidator.validate(networks) Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/network/ip/validator.py", line 36, in validate Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: _validate_nameservers(net, attrs) Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/network/ip/validator.py", line 58, in _validate_nameservers Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: _validate_nameservers_network(attrs) Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/network/ip/validator.py", line 66, in _validate_nameservers_network Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: 'Name servers may only be defined on the default host network') Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: vdsm.network.errors.ConfigNetworkError: (21, 'Name servers may only be defined on the default host network') Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: Traceback (most recent call last): Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/bin/vdsm-tool", line 219, in main Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: return tool_command[cmd]["command"](*args) Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/tool/restore_nets.py", line 41, in restore_command Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: exec_restore(cmd) Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/tool/restore_nets.py", line 54, in exec_restore Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: raise EnvironmentError('Failed to restore the persisted networks') Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: EnvironmentError: Failed to restore the persisted networks So I remove the nameservers section as well. At first I could not get it to work, as vdsm-network would find the backup file /var/lib/vdsm/persistence/netconf/nets/ovirtmgmt~ but after removing that it worked fine. Not sure when nameservers and defaultroute was set in vdsm as it worked on reboot before. /Sverker Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:
The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker
-------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <mmirecki@redhat.com> Till: Sverker Abrahamsson <sverker@abrahamsson.com> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com>
Let me add the OVN team.
Lance, Numan,
Can you please look at this?
Trying to plug a vNIC results in:
>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl >> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- >> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >> -- set Interface vnet0 >> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- >> set Interface vnet0 >> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set >> Interface vnet0 external-ids:iface-status=active >> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >> libvirt-J-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
More details below
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Same problem still.. /Sverker
Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
Hi,
The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior.
Does the problem still occur after setting configuring the OVN-controller?
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host.
[root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch
After removing my manually created br-int and run
vdsm-tool ovn-config 127.0.0.1 172.27.1.1
then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel?
[root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90"
[root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:
trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept
The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki:
Hi,
Can you please do: "sudo ovsdb-client dump" on the host and send me the output?
Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ for details.
Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two.
Marcin
----- Original Message -----
From: "Marcin Mirecki"<mmirecki@redhat.com> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi,
br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch
Please give me some time to look at the connectivity problem.
Marcin
----- Original Message ----- > From: "Sverker Abrahamsson"<sverker@abrahamsson.com> > To: "Marcin Mirecki"<mmirecki@redhat.com> > Cc: "Ovirt Users"<users@ovirt.org> > Sent: Thursday, December 29, 2016 12:47:04 AM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > network > > From > /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook > (installed by ovirt-provider-ovn-driver rpm): > > BRIDGE_NAME = 'br-int' > > > Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >> Googling on the message about br-int suggested adding that bridge to >> ovs: >> >> ovs-vsctl add-br br-int >> >> Then the VM is able to boot, but it fails to get network connectivity. >> Output in /var/log/messages: >> >> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl >> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- >> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >> -- set Interface vnet0 >> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- >> set Interface vnet0 >> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set >> Interface vnet0 external-ids:iface-status=active >> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >> libvirt-J-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j >> libvirt-P-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out >> vnet0 -g FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 >> -g FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in >> vnet0 -g HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out >> vnet0 -g FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in >> vnet0 -g FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in >> vnet0 -g HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >> libvirt-I-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j >> libvirt-O-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 >> libvirt-O-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: >> >> >> [root@h2 etc]# ovs-vsctl show >> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >> Bridge ovirtbridge >> Port "ovirtport0" >> Interface "ovirtport0" >> type: internal >> Port ovirtbridge >> Interface ovirtbridge >> type: internal >> Bridge "ovsbridge0" >> Port "ovsbridge0" >> Interface "ovsbridge0" >> type: internal >> Port "eth0" >> Interface "eth0" >> Bridge br-int >> Port br-int >> Interface br-int >> type: internal >> Port "vnet0" >> Interface "vnet0" >> ovs_version: "2.6.90" >> >> Searching through the code it appears that br-int comes from >> neutron-openvswitch plugin ?? >> >> [root@h2 share]# rpm -qf >> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >> >> >> /Sverker >> >> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>> In addition I had to add an alias to modprobe: >>> >>> [root@h2 modprobe.d]# cat dummy.conf >>> alias dummy0 dummy >>> >>> >>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>> Hi >>>> I first tried to set device name to dummy_0, but then ifup did not >>>> succeed in creating the device unless I first did 'ip link add >>>> dummy_0 type dummy' but then it would not suceed to establish the if >>>> on reboot. >>>> >>>> Setting fake_nics = dummy0 would not work neither, but this works: >>>> >>>> fake_nics = dummy* >>>> >>>> The engine is now able to find the if and assign bridge ovirtmgmt to >>>> it. >>>> >>>> However, I then run into the next issue when starting a VM: >>>> >>>> 2016-12-28 22:28:23,897 ERROR >>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, >>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit >>>> message: Cannot get interface MTU on 'br-int': No such device. >>>> >>>> This VM has a nic on ovirtbridge, which comes from the OVN provider. >>>> >>>> /Sverker >>>> >>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>> Sverker, >>>>> >>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>> (or alternatively add the name of the vnic to >>>>> vdsm.config fake_nics), and setup the management >>>>> network using this vnic? >>>>> I suppose adding the vnic you use for connecting >>>>> to the engine to fake_nics should make it visible >>>>> to the engine, and you should be able to use it for >>>>> the setup. >>>>> >>>>> Marcin >>>>> >>>>> >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt network >>>>>> >>>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>>> with >>>>>>> IP address, but in the host network settings that port is not >>>>>>> visible. >>>>>> I just verified and unfortunately the virtual ports are not >>>>>> visible in engine >>>>>> to assign a network to :( >>>>>> I'm afraid that the engine is not ready for such a scenario (even >>>>>> if it >>>>>> works). >>>>>> Please give me some time to look for a solution. >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt >>>>>>> network >>>>>>> >>>>>>> Hi Marcin >>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 >>>>>>> nor >>>>>>> ovsbridge0 since as soon as it sees them it messes up the network >>>>>>> config >>>>>>> so that the host will be unreachable. >>>>>>> >>>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>>> with >>>>>>> IP address, but in the host network settings that port is not >>>>>>> visible. >>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>> >>>>>>> The engine is able to communicate with the host on the ip it has >>>>>>> been >>>>>>> given, it's just that it believes that it HAS to have a ovirtmgmt >>>>>>> network which can't be on OVN. >>>>>>> >>>>>>> /Sverker >>>>>>> >>>>>>> >>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>> Hi Sverker, >>>>>>>> >>>>>>>> The management network is mandatory on each host. It's used by >>>>>>>> the >>>>>>>> engine to communicate with the host. >>>>>>>> Looking at your description and the exception it looks like it >>>>>>>> is >>>>>>>> missing. >>>>>>>> The error is caused by not having any network for the host >>>>>>>> (network list retrieved in >>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>> which >>>>>>>> gets all the networks on nics for a host from vds_interface >>>>>>>> table in the >>>>>>>> DB). >>>>>>>> >>>>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as >>>>>>>> I >>>>>>>> understand you >>>>>>>> have no physical nic available) and use this for the management >>>>>>>> network? >>>>>>>> >>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>> address. >>>>>>>> I'm not quite sure I understand. Is this yet another bridge >>>>>>>> connected to >>>>>>>> ovsbridge0? >>>>>>>> You could also attach the vnic for the management network here >>>>>>>> if need >>>>>>>> be. >>>>>>>> >>>>>>>> Please keep in mind that OVN has no use in setting up the >>>>>>>> management >>>>>>>> network. >>>>>>>> The OVN provider can only handle external networks, which can >>>>>>>> not be used >>>>>>>> for a >>>>>>>> management network. >>>>>>>> >>>>>>>> Marcin >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> To:users@ovirt.org >>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt >>>>>>>>> network >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Hi >>>>>>>>> For long time I've been looking for proper support in ovirt for >>>>>>>>> Open >>>>>>>>> vSwitch >>>>>>>>> so I'm happy that it is moving in the right direction. However, >>>>>>>>> there >>>>>>>>> seems >>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>>>>>>>> to move >>>>>>>>> that >>>>>>>>> to the OVN provider. >>>>>>>>> >>>>>>>>> The hosting center where I rent hw instances has a bit special >>>>>>>>> network >>>>>>>>> setup, >>>>>>>>> so I have one physical network port with a /32 netmask and >>>>>>>>> point-to-point >>>>>>>>> config to router. The physical port I connect to a ovs bridge >>>>>>>>> which has >>>>>>>>> the >>>>>>>>> public ip. Since ovirt always messes up the network config when >>>>>>>>> I've >>>>>>>>> tried >>>>>>>>> to let it have access to the network config for the physical >>>>>>>>> port, I've >>>>>>>>> set >>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>> >>>>>>>>> >>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>> address. With >>>>>>>>> the >>>>>>>>> OVN provider I am now able to import these into the engine and >>>>>>>>> it looks >>>>>>>>> good. When creating a VM I can select that it will have a vNic >>>>>>>>> on my OVS >>>>>>>>> bridge. >>>>>>>>> >>>>>>>>> However, I can't start the VM as an exception is thrown in the >>>>>>>>> log: >>>>>>>>> >>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>>>>>>> java.lang.NullPointerException >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> >>>>>>>>> >>>>>>>>> Looking at that section of code where the exception is thrown, >>>>>>>>> I see >>>>>>>>> that >>>>>>>>> it >>>>>>>>> iterates over host networks to find required networks, which I >>>>>>>>> assume is >>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see any >>>>>>>>> networks at >>>>>>>>> all >>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>>>> networks but >>>>>>>>> these >>>>>>>>> can't be statically assigned as they are added dynamically when >>>>>>>>> needed, >>>>>>>>> which is fine. >>>>>>>>> >>>>>>>>> I believe that I either need to remove ovirtmgmt network or >>>>>>>>> configure >>>>>>>>> that >>>>>>>>> it >>>>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>>>> Preferably it >>>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>>> mandatory but be >>>>>>>>> possible to configure. >>>>>>>>> >>>>>>>>> /Sverker >>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>> >>>>>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>>Users@ovirt.org >>>>>>http://lists.ovirt.org/mailman/listinfo/users >>>>>> >>>> _______________________________________________ >>>> Users mailing list >>>>Users@ovirt.org >>>>http://lists.ovirt.org/mailman/listinfo/users >>> _______________________________________________ >>> Users mailing list >>>Users@ovirt.org >>>http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >>Users@ovirt.org >>http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------6D1923E1AF4F24351B405BD3 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>After a reboot I ran into a new problem, vdsm-network did not want to start. First because of that it tried to establish default route on the dummy interface:<br> </p> <p>Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: Traceback (most recent call last):<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/share/vdsm/vdsm-restore-net-config", line 482, in <module><br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: restore(args)<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/share/vdsm/vdsm-restore-net-config", line 445, in restore<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: unified_restoration()<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/share/vdsm/vdsm-restore-net-config", line 145, in unified_restoration<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: '_inRollback': True})<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/lib/python2.7/site-packages/vdsm/network/api.py", line 253, in setupNetworks<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: ipvalidator.validate(networks)<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/lib/python2.7/site-packages/vdsm/network/ip/validator.py", line 43, in validate<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: _validate_default_route(default_route_nets, no_default_route_nets)<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/lib/python2.7/site-packages/vdsm/network/ip/validator.py", line 53, in _validate_default_route<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: 'Only a singe default route network is allowed.')<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: vdsm.network.errors.ConfigNetworkError: (21, 'Only a singe default route network is allowed.')<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: Traceback (most recent call last):<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/bin/vdsm-tool", line 219, in main<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: return tool_command[cmd]["command"](*args)<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/lib/python2.7/site-packages/vdsm/tool/restore_nets.py", line 41, in restore_command<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: exec_restore(cmd)<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: File "/usr/lib/python2.7/site-packages/vdsm/tool/restore_nets.py", line 54, in exec_restore<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: raise EnvironmentError('Failed to restore the persisted networks')<br> Dec 29 20:57:44 h2.limetransit.com vdsm-tool[23132]: EnvironmentError: Failed to restore the persisted networks<br> </p> <p>I edit /var/lib/vdsm/persistence/netconf/nets/ovirtmgmt to set defaultroute=false, but then it complain about nameservers:<br> </p> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: Traceback (most recent call last):<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/share/vdsm/vdsm-restore-net-config", line 482, in <module><br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: restore(args)<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/share/vdsm/vdsm-restore-net-config", line 445, in restore<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: unified_restoration()<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/share/vdsm/vdsm-restore-net-config", line 145, in unified_restoration<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: '_inRollback': True})<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/network/api.py", line 253, in setupNetworks<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: ipvalidator.validate(networks)<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/network/ip/validator.py", line 36, in validate<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: _validate_nameservers(net, attrs)<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/network/ip/validator.py", line 58, in _validate_nameservers<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: _validate_nameservers_network(attrs)<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/network/ip/validator.py", line 66, in _validate_nameservers_network<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: 'Name servers may only be defined on the default host network')<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: vdsm.network.errors.ConfigNetworkError: (21, 'Name servers may only be defined on the default host network')<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: Traceback (most recent call last):<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/bin/vdsm-tool", line 219, in main<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: return tool_command[cmd]["command"](*args)<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/tool/restore_nets.py", line 41, in restore_command<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: exec_restore(cmd)<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: File "/usr/lib/python2.7/site-packages/vdsm/tool/restore_nets.py", line 54, in exec_restore<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: raise EnvironmentError('Failed to restore the persisted networks')<br> Dec 29 21:08:09 h2.limetransit.com vdsm-tool[3736]: EnvironmentError: Failed to restore the persisted networks<br> <br> So I remove the nameservers section as well. At first I could not get it to work, as vdsm-network would find the backup file /var/lib/vdsm/persistence/netconf/nets/ovirtmgmt~ but after removing that it worked fine.<br> <br> Not sure when nameservers and defaultroute was set in vdsm as it worked on reboot before.<br> /Sverker<br> <div class="moz-cite-prefix"><br> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:<br> </div> <blockquote cite="mid:040302e6-9ed0-c957-39af-8b443d263156@abrahamsson.com" type="cite"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <p>The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created?<br> /Sverker<br> </p> <div class="moz-forward-container">-------- Vidarebefordrat meddelande -------- <table class="moz-email-headers-table" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Ämne: </th> <td>Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network</td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Datum: </th> <td>Thu, 29 Dec 2016 08:06:29 -0500 (EST)</td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Från: </th> <td>Marcin Mirecki <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a></td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Till: </th> <td>Sverker Abrahamsson <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a></td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Kopia: </th> <td>Ovirt Users <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a>, Lance Richardson <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:lrichard@redhat.com"><lrichard@redhat.com></a>, Numan Siddique <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:nusiddiq@redhat.com"><nusiddiq@redhat.com></a></td> </tr> </tbody> </table> <br> <br> <pre>Let me add the OVN team. Lance, Numan, Can you please look at this? Trying to plug a vNIC results in: > >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > >>>>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > >>>>>> -- set Interface vnet0 > >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > >>>>>> set Interface vnet0 > >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > >>>>>> Interface vnet0 external-ids:iface-status=active > >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: More details below ----- Original Message ----- > From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > Sent: Thursday, December 29, 2016 1:42:11 PM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network > > Hi > Same problem still.. > /Sverker > > Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: > > Hi, > > > > The tunnels are created to connect multiple OVN controllers. > > If there is only one, there is no need for the tunnels, so none > > will be created, this is the correct behavior. > > > > Does the problem still occur after setting configuring the OVN-controller? > > > > Marcin > > > > ----- Original Message ----- > >> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >> Sent: Thursday, December 29, 2016 11:44:32 AM > >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >> network > >> > >> Hi > >> The rpm packages you listed in the other mail are installed but I had > >> not run vdsm-tool ovn-config to create tunnel as the OVN controller is > >> on the same host. > >> > >> [root@h2 ~]# rpm -q openvswitch-ovn-common > >> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 > >> [root@h2 ~]# rpm -q openvswitch-ovn-host > >> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 > >> [root@h2 ~]# rpm -q python-openvswitch > >> python-openvswitch-2.6.90-1.el7.centos.noarch > >> > >> After removing my manually created br-int and run > >> > >> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 > >> > >> then I have the br-int but 'ip link show' does not show any link > >> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these > >> are when there is an actual tunnel? > >> > >> [root@h2 ~]# ovs-vsctl show > >> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > >> Bridge br-int > >> fail_mode: secure > >> Port br-int > >> Interface br-int > >> type: internal > >> Bridge ovirtbridge > >> Port ovirtbridge > >> Interface ovirtbridge > >> type: internal > >> Bridge "ovsbridge0" > >> Port "ovsbridge0" > >> Interface "ovsbridge0" > >> type: internal > >> Port "eth0" > >> Interface "eth0" > >> ovs_version: "2.6.90" > >> > >> [root@h2 ~]# ip link show > >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode > >> DEFAULT qlen 1 > >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > >> master ovs-system state UP mode DEFAULT qlen 1000 > >> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff > >> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode > >> DEFAULT qlen 1000 > >> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff > >> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff > >> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode > >> DEFAULT qlen 1000 > >> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff > >> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff > >> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master > >> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff > >> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UP mode DEFAULT qlen 1000 > >> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff > >> > >> Firewall settings: > >> [root@h2 ~]# firewall-cmd --list-all-zones > >> work > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> drop > >> target: DROP > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> internal > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client mdns samba-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> external > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: ssh > >> ports: > >> protocols: > >> masquerade: yes > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> trusted > >> target: ACCEPT > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> home > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client mdns samba-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> dmz > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> public (active) > >> target: default > >> icmp-block-inversion: no > >> interfaces: eth0 ovsbridge0 > >> sources: > >> services: dhcpv6-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> block > >> target: %%REJECT%% > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> ovirt (active) > >> target: default > >> icmp-block-inversion: no > >> interfaces: ovirtbridge ovirtmgmt > >> sources: > >> services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https > >> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn > >> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm > >> ports: > >> protocols: > >> masquerade: yes > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> rule family="ipv4" port port="6641" protocol="tcp" accept > >> rule family="ipv4" port port="6642" protocol="tcp" accept > >> > >> The db dump is attached > >> /Sverker > >> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: > >>> Hi, > >>> > >>> Can you please do: "sudo ovsdb-client dump" > >>> on the host and send me the output? > >>> > >>> Have you configured the ovn controller to connect to the > >>> OVN north? You can do it using "vdsm-tool ovn-config" or > >>> using the OVN tools directly. > >>> Please check out: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/">https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/</a> > >>> for details. > >>> > >>> Also please note that the OVN provider is completely different > >>> from the neutron-openvswitch plugin. Please don't mix the two. > >>> > >>> Marcin > >>> > >>> > >>> ----- Original Message ----- > >>>> From: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>> To: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>> Sent: Thursday, December 29, 2016 9:27:19 AM > >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >>>> network > >>>> > >>>> Hi, > >>>> > >>>> br-int is the OVN integration bridge, it should have been created > >>>> when installing OVN. I assume you have the following packages installed > >>>> on the host: > >>>> openvswitch-ovn-common > >>>> openvswitch-ovn-host > >>>> python-openvswitch > >>>> > >>>> Please give me some time to look at the connectivity problem. > >>>> > >>>> Marcin > >>>> > >>>> > >>>> > >>>> ----- Original Message ----- > >>>>> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>> Sent: Thursday, December 29, 2016 12:47:04 AM > >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >>>>> network > >>>>> > >>>>> From > >>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook > >>>>> (installed by ovirt-provider-ovn-driver rpm): > >>>>> > >>>>> BRIDGE_NAME = 'br-int' > >>>>> > >>>>> > >>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: > >>>>>> Googling on the message about br-int suggested adding that bridge to > >>>>>> ovs: > >>>>>> > >>>>>> ovs-vsctl add-br br-int > >>>>>> > >>>>>> Then the VM is able to boot, but it fails to get network connectivity. > >>>>>> Output in /var/log/messages: > >>>>>> > >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > >>>>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > >>>>>> -- set Interface vnet0 > >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > >>>>>> set Interface vnet0 > >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > >>>>>> Interface vnet0 external-ids:iface-status=active > >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > >>>>>> libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev > >>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out > >>>>>> vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 > >>>>>> -g FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in > >>>>>> vnet0 -g HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev > >>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out > >>>>>> vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in > >>>>>> vnet0 -g FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in > >>>>>> vnet0 -g HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > >>>>>> libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 > >>>>>> libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: > >>>>>> > >>>>>> > >>>>>> [root@h2 etc]# ovs-vsctl show > >>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > >>>>>> Bridge ovirtbridge > >>>>>> Port "ovirtport0" > >>>>>> Interface "ovirtport0" > >>>>>> type: internal > >>>>>> Port ovirtbridge > >>>>>> Interface ovirtbridge > >>>>>> type: internal > >>>>>> Bridge "ovsbridge0" > >>>>>> Port "ovsbridge0" > >>>>>> Interface "ovsbridge0" > >>>>>> type: internal > >>>>>> Port "eth0" > >>>>>> Interface "eth0" > >>>>>> Bridge br-int > >>>>>> Port br-int > >>>>>> Interface br-int > >>>>>> type: internal > >>>>>> Port "vnet0" > >>>>>> Interface "vnet0" > >>>>>> ovs_version: "2.6.90" > >>>>>> > >>>>>> Searching through the code it appears that br-int comes from > >>>>>> neutron-openvswitch plugin ?? > >>>>>> > >>>>>> [root@h2 share]# rpm -qf > >>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py > >>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch > >>>>>> > >>>>>> > >>>>>> /Sverker > >>>>>> > >>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: > >>>>>>> In addition I had to add an alias to modprobe: > >>>>>>> > >>>>>>> [root@h2 modprobe.d]# cat dummy.conf > >>>>>>> alias dummy0 dummy > >>>>>>> > >>>>>>> > >>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: > >>>>>>>> Hi > >>>>>>>> I first tried to set device name to dummy_0, but then ifup did not > >>>>>>>> succeed in creating the device unless I first did 'ip link add > >>>>>>>> dummy_0 type dummy' but then it would not suceed to establish the if > >>>>>>>> on reboot. > >>>>>>>> > >>>>>>>> Setting fake_nics = dummy0 would not work neither, but this works: > >>>>>>>> > >>>>>>>> fake_nics = dummy* > >>>>>>>> > >>>>>>>> The engine is now able to find the if and assign bridge ovirtmgmt to > >>>>>>>> it. > >>>>>>>> > >>>>>>>> However, I then run into the next issue when starting a VM: > >>>>>>>> > >>>>>>>> 2016-12-28 22:28:23,897 ERROR > >>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, > >>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit > >>>>>>>> message: Cannot get interface MTU on 'br-int': No such device. > >>>>>>>> > >>>>>>>> This VM has a nic on ovirtbridge, which comes from the OVN provider. > >>>>>>>> > >>>>>>>> /Sverker > >>>>>>>> > >>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: > >>>>>>>>> Sverker, > >>>>>>>>> > >>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, > >>>>>>>>> (or alternatively add the name of the vnic to > >>>>>>>>> vdsm.config fake_nics), and setup the management > >>>>>>>>> network using this vnic? > >>>>>>>>> I suppose adding the vnic you use for connecting > >>>>>>>>> to the engine to fake_nics should make it visible > >>>>>>>>> to the engine, and you should be able to use it for > >>>>>>>>> the setup. > >>>>>>>>> > >>>>>>>>> Marcin > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> ----- Original Message ----- > >>>>>>>>>> From: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>>>>>>> To: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM > >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>> ovirtmgmt network > >>>>>>>>>> > >>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port > >>>>>>>>>>> with > >>>>>>>>>>> IP address, but in the host network settings that port is not > >>>>>>>>>>> visible. > >>>>>>>>>> I just verified and unfortunately the virtual ports are not > >>>>>>>>>> visible in engine > >>>>>>>>>> to assign a network to :( > >>>>>>>>>> I'm afraid that the engine is not ready for such a scenario (even > >>>>>>>>>> if it > >>>>>>>>>> works). > >>>>>>>>>> Please give me some time to look for a solution. > >>>>>>>>>> > >>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>>> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>>>>>>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM > >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>>> ovirtmgmt > >>>>>>>>>>> network > >>>>>>>>>>> > >>>>>>>>>>> Hi Marcin > >>>>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 > >>>>>>>>>>> nor > >>>>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the network > >>>>>>>>>>> config > >>>>>>>>>>> so that the host will be unreachable. > >>>>>>>>>>> > >>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port > >>>>>>>>>>> with > >>>>>>>>>>> IP address, but in the host network settings that port is not > >>>>>>>>>>> visible. > >>>>>>>>>>> It doesn't help to name it ovirtmgmt. > >>>>>>>>>>> > >>>>>>>>>>> The engine is able to communicate with the host on the ip it has > >>>>>>>>>>> been > >>>>>>>>>>> given, it's just that it believes that it HAS to have a ovirtmgmt > >>>>>>>>>>> network which can't be on OVN. > >>>>>>>>>>> > >>>>>>>>>>> /Sverker > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: > >>>>>>>>>>>> Hi Sverker, > >>>>>>>>>>>> > >>>>>>>>>>>> The management network is mandatory on each host. It's used by > >>>>>>>>>>>> the > >>>>>>>>>>>> engine to communicate with the host. > >>>>>>>>>>>> Looking at your description and the exception it looks like it > >>>>>>>>>>>> is > >>>>>>>>>>>> missing. > >>>>>>>>>>>> The error is caused by not having any network for the host > >>>>>>>>>>>> (network list retrieved in > >>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - > >>>>>>>>>>>> which > >>>>>>>>>>>> gets all the networks on nics for a host from vds_interface > >>>>>>>>>>>> table in the > >>>>>>>>>>>> DB). > >>>>>>>>>>>> > >>>>>>>>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as > >>>>>>>>>>>> I > >>>>>>>>>>>> understand you > >>>>>>>>>>>> have no physical nic available) and use this for the management > >>>>>>>>>>>> network? > >>>>>>>>>>>> > >>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private > >>>>>>>>>>>>> address. > >>>>>>>>>>>> I'm not quite sure I understand. Is this yet another bridge > >>>>>>>>>>>> connected to > >>>>>>>>>>>> ovsbridge0? > >>>>>>>>>>>> You could also attach the vnic for the management network here > >>>>>>>>>>>> if need > >>>>>>>>>>>> be. > >>>>>>>>>>>> > >>>>>>>>>>>> Please keep in mind that OVN has no use in setting up the > >>>>>>>>>>>> management > >>>>>>>>>>>> network. > >>>>>>>>>>>> The OVN provider can only handle external networks, which can > >>>>>>>>>>>> not be used > >>>>>>>>>>>> for a > >>>>>>>>>>>> management network. > >>>>>>>>>>>> > >>>>>>>>>>>> Marcin > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>>>>> To: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a> > >>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM > >>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>>>>> ovirtmgmt > >>>>>>>>>>>>> network > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Hi > >>>>>>>>>>>>> For long time I've been looking for proper support in ovirt for > >>>>>>>>>>>>> Open > >>>>>>>>>>>>> vSwitch > >>>>>>>>>>>>> so I'm happy that it is moving in the right direction. However, > >>>>>>>>>>>>> there > >>>>>>>>>>>>> seems > >>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable > >>>>>>>>>>>>> to move > >>>>>>>>>>>>> that > >>>>>>>>>>>>> to the OVN provider. > >>>>>>>>>>>>> > >>>>>>>>>>>>> The hosting center where I rent hw instances has a bit special > >>>>>>>>>>>>> network > >>>>>>>>>>>>> setup, > >>>>>>>>>>>>> so I have one physical network port with a /32 netmask and > >>>>>>>>>>>>> point-to-point > >>>>>>>>>>>>> config to router. The physical port I connect to a ovs bridge > >>>>>>>>>>>>> which has > >>>>>>>>>>>>> the > >>>>>>>>>>>>> public ip. Since ovirt always messes up the network config when > >>>>>>>>>>>>> I've > >>>>>>>>>>>>> tried > >>>>>>>>>>>>> to let it have access to the network config for the physical > >>>>>>>>>>>>> port, I've > >>>>>>>>>>>>> set > >>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private > >>>>>>>>>>>>> address. With > >>>>>>>>>>>>> the > >>>>>>>>>>>>> OVN provider I am now able to import these into the engine and > >>>>>>>>>>>>> it looks > >>>>>>>>>>>>> good. When creating a VM I can select that it will have a vNic > >>>>>>>>>>>>> on my OVS > >>>>>>>>>>>>> bridge. > >>>>>>>>>>>>> > >>>>>>>>>>>>> However, I can't start the VM as an exception is thrown in the > >>>>>>>>>>>>> log: > >>>>>>>>>>>>> > >>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR > >>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] > >>>>>>>>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: > >>>>>>>>>>>>> java.lang.NullPointerException > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Looking at that section of code where the exception is thrown, > >>>>>>>>>>>>> I see > >>>>>>>>>>>>> that > >>>>>>>>>>>>> it > >>>>>>>>>>>>> iterates over host networks to find required networks, which I > >>>>>>>>>>>>> assume is > >>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see any > >>>>>>>>>>>>> networks at > >>>>>>>>>>>>> all > >>>>>>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN > >>>>>>>>>>>>> networks but > >>>>>>>>>>>>> these > >>>>>>>>>>>>> can't be statically assigned as they are added dynamically when > >>>>>>>>>>>>> needed, > >>>>>>>>>>>>> which is fine. > >>>>>>>>>>>>> > >>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt network or > >>>>>>>>>>>>> configure > >>>>>>>>>>>>> that > >>>>>>>>>>>>> it > >>>>>>>>>>>>> is provided by the OVN provider, but neither is possible. > >>>>>>>>>>>>> Preferably it > >>>>>>>>>>>>> shouldn't be hardcoded which network is management and > >>>>>>>>>>>>> mandatory but be > >>>>>>>>>>>>> possible to configure. > >>>>>>>>>>>>> > >>>>>>>>>>>>> /Sverker > >>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>> _______________________________________________ > >>>>>>>>>> Users mailing list > >>>>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>>>>>> > >>>>>>>> _______________________________________________ > >>>>>>>> Users mailing list > >>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>>> _______________________________________________ > >>>>>>> Users mailing list > >>>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>> _______________________________________________ > >>>>>> Users mailing list > >>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>> _______________________________________________ > >>>> Users mailing list > >>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>> > >> > > </pre> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> </body> </html> --------------6D1923E1AF4F24351B405BD3--
This is a multi-part message in MIME format. --------------A13E96D10914C45BE06D4805 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now. It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge?? /Sverker Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:
The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker
-------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <mmirecki@redhat.com> Till: Sverker Abrahamsson <sverker@abrahamsson.com> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com>
Let me add the OVN team.
Lance, Numan,
Can you please look at this?
Trying to plug a vNIC results in:
>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl >> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- >> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >> -- set Interface vnet0 >> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- >> set Interface vnet0 >> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set >> Interface vnet0 external-ids:iface-status=active >> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >> libvirt-J-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
More details below
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Same problem still.. /Sverker
Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
Hi,
The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior.
Does the problem still occur after setting configuring the OVN-controller?
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host.
[root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch
After removing my manually created br-int and run
vdsm-tool ovn-config 127.0.0.1 172.27.1.1
then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel?
[root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90"
[root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:
trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept
The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki:
Hi,
Can you please do: "sudo ovsdb-client dump" on the host and send me the output?
Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ for details.
Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two.
Marcin
----- Original Message -----
From: "Marcin Mirecki"<mmirecki@redhat.com> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi,
br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch
Please give me some time to look at the connectivity problem.
Marcin
----- Original Message ----- > From: "Sverker Abrahamsson"<sverker@abrahamsson.com> > To: "Marcin Mirecki"<mmirecki@redhat.com> > Cc: "Ovirt Users"<users@ovirt.org> > Sent: Thursday, December 29, 2016 12:47:04 AM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > network > > From > /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook > (installed by ovirt-provider-ovn-driver rpm): > > BRIDGE_NAME = 'br-int' > > > Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >> Googling on the message about br-int suggested adding that bridge to >> ovs: >> >> ovs-vsctl add-br br-int >> >> Then the VM is able to boot, but it fails to get network connectivity. >> Output in /var/log/messages: >> >> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl >> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- >> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >> -- set Interface vnet0 >> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- >> set Interface vnet0 >> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set >> Interface vnet0 external-ids:iface-status=active >> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >> libvirt-J-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j >> libvirt-P-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out >> vnet0 -g FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 >> -g FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in >> vnet0 -g HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out >> vnet0 -g FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in >> vnet0 -g FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in >> vnet0 -g HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >> libvirt-I-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j >> libvirt-O-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 >> libvirt-O-vnet0' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: >> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: >> >> >> [root@h2 etc]# ovs-vsctl show >> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >> Bridge ovirtbridge >> Port "ovirtport0" >> Interface "ovirtport0" >> type: internal >> Port ovirtbridge >> Interface ovirtbridge >> type: internal >> Bridge "ovsbridge0" >> Port "ovsbridge0" >> Interface "ovsbridge0" >> type: internal >> Port "eth0" >> Interface "eth0" >> Bridge br-int >> Port br-int >> Interface br-int >> type: internal >> Port "vnet0" >> Interface "vnet0" >> ovs_version: "2.6.90" >> >> Searching through the code it appears that br-int comes from >> neutron-openvswitch plugin ?? >> >> [root@h2 share]# rpm -qf >> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >> >> >> /Sverker >> >> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>> In addition I had to add an alias to modprobe: >>> >>> [root@h2 modprobe.d]# cat dummy.conf >>> alias dummy0 dummy >>> >>> >>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>> Hi >>>> I first tried to set device name to dummy_0, but then ifup did not >>>> succeed in creating the device unless I first did 'ip link add >>>> dummy_0 type dummy' but then it would not suceed to establish the if >>>> on reboot. >>>> >>>> Setting fake_nics = dummy0 would not work neither, but this works: >>>> >>>> fake_nics = dummy* >>>> >>>> The engine is now able to find the if and assign bridge ovirtmgmt to >>>> it. >>>> >>>> However, I then run into the next issue when starting a VM: >>>> >>>> 2016-12-28 22:28:23,897 ERROR >>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, >>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit >>>> message: Cannot get interface MTU on 'br-int': No such device. >>>> >>>> This VM has a nic on ovirtbridge, which comes from the OVN provider. >>>> >>>> /Sverker >>>> >>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>> Sverker, >>>>> >>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>> (or alternatively add the name of the vnic to >>>>> vdsm.config fake_nics), and setup the management >>>>> network using this vnic? >>>>> I suppose adding the vnic you use for connecting >>>>> to the engine to fake_nics should make it visible >>>>> to the engine, and you should be able to use it for >>>>> the setup. >>>>> >>>>> Marcin >>>>> >>>>> >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt network >>>>>> >>>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>>> with >>>>>>> IP address, but in the host network settings that port is not >>>>>>> visible. >>>>>> I just verified and unfortunately the virtual ports are not >>>>>> visible in engine >>>>>> to assign a network to :( >>>>>> I'm afraid that the engine is not ready for such a scenario (even >>>>>> if it >>>>>> works). >>>>>> Please give me some time to look for a solution. >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt >>>>>>> network >>>>>>> >>>>>>> Hi Marcin >>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 >>>>>>> nor >>>>>>> ovsbridge0 since as soon as it sees them it messes up the network >>>>>>> config >>>>>>> so that the host will be unreachable. >>>>>>> >>>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>>> with >>>>>>> IP address, but in the host network settings that port is not >>>>>>> visible. >>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>> >>>>>>> The engine is able to communicate with the host on the ip it has >>>>>>> been >>>>>>> given, it's just that it believes that it HAS to have a ovirtmgmt >>>>>>> network which can't be on OVN. >>>>>>> >>>>>>> /Sverker >>>>>>> >>>>>>> >>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>> Hi Sverker, >>>>>>>> >>>>>>>> The management network is mandatory on each host. It's used by >>>>>>>> the >>>>>>>> engine to communicate with the host. >>>>>>>> Looking at your description and the exception it looks like it >>>>>>>> is >>>>>>>> missing. >>>>>>>> The error is caused by not having any network for the host >>>>>>>> (network list retrieved in >>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>> which >>>>>>>> gets all the networks on nics for a host from vds_interface >>>>>>>> table in the >>>>>>>> DB). >>>>>>>> >>>>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as >>>>>>>> I >>>>>>>> understand you >>>>>>>> have no physical nic available) and use this for the management >>>>>>>> network? >>>>>>>> >>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>> address. >>>>>>>> I'm not quite sure I understand. Is this yet another bridge >>>>>>>> connected to >>>>>>>> ovsbridge0? >>>>>>>> You could also attach the vnic for the management network here >>>>>>>> if need >>>>>>>> be. >>>>>>>> >>>>>>>> Please keep in mind that OVN has no use in setting up the >>>>>>>> management >>>>>>>> network. >>>>>>>> The OVN provider can only handle external networks, which can >>>>>>>> not be used >>>>>>>> for a >>>>>>>> management network. >>>>>>>> >>>>>>>> Marcin >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> To:users@ovirt.org >>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt >>>>>>>>> network >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Hi >>>>>>>>> For long time I've been looking for proper support in ovirt for >>>>>>>>> Open >>>>>>>>> vSwitch >>>>>>>>> so I'm happy that it is moving in the right direction. However, >>>>>>>>> there >>>>>>>>> seems >>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>>>>>>>> to move >>>>>>>>> that >>>>>>>>> to the OVN provider. >>>>>>>>> >>>>>>>>> The hosting center where I rent hw instances has a bit special >>>>>>>>> network >>>>>>>>> setup, >>>>>>>>> so I have one physical network port with a /32 netmask and >>>>>>>>> point-to-point >>>>>>>>> config to router. The physical port I connect to a ovs bridge >>>>>>>>> which has >>>>>>>>> the >>>>>>>>> public ip. Since ovirt always messes up the network config when >>>>>>>>> I've >>>>>>>>> tried >>>>>>>>> to let it have access to the network config for the physical >>>>>>>>> port, I've >>>>>>>>> set >>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>> >>>>>>>>> >>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>> address. With >>>>>>>>> the >>>>>>>>> OVN provider I am now able to import these into the engine and >>>>>>>>> it looks >>>>>>>>> good. When creating a VM I can select that it will have a vNic >>>>>>>>> on my OVS >>>>>>>>> bridge. >>>>>>>>> >>>>>>>>> However, I can't start the VM as an exception is thrown in the >>>>>>>>> log: >>>>>>>>> >>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>>>>>>> java.lang.NullPointerException >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> at >>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>> >>>>>>>>> [bll.jar:] >>>>>>>>> >>>>>>>>> >>>>>>>>> Looking at that section of code where the exception is thrown, >>>>>>>>> I see >>>>>>>>> that >>>>>>>>> it >>>>>>>>> iterates over host networks to find required networks, which I >>>>>>>>> assume is >>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see any >>>>>>>>> networks at >>>>>>>>> all >>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>>>> networks but >>>>>>>>> these >>>>>>>>> can't be statically assigned as they are added dynamically when >>>>>>>>> needed, >>>>>>>>> which is fine. >>>>>>>>> >>>>>>>>> I believe that I either need to remove ovirtmgmt network or >>>>>>>>> configure >>>>>>>>> that >>>>>>>>> it >>>>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>>>> Preferably it >>>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>>> mandatory but be >>>>>>>>> possible to configure. >>>>>>>>> >>>>>>>>> /Sverker >>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>> >>>>>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>>Users@ovirt.org >>>>>>http://lists.ovirt.org/mailman/listinfo/users >>>>>> >>>> _______________________________________________ >>>> Users mailing list >>>>Users@ovirt.org >>>>http://lists.ovirt.org/mailman/listinfo/users >>> _______________________________________________ >>> Users mailing list >>>Users@ovirt.org >>>http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >>Users@ovirt.org >>http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------A13E96D10914C45BE06D4805 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now.</p> <p>It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge??</p> <p>/Sverker<br> </p> <div class="moz-cite-prefix">Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:<br> </div> <blockquote cite="mid:040302e6-9ed0-c957-39af-8b443d263156@abrahamsson.com" type="cite"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <p>The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created?<br> /Sverker<br> </p> <div class="moz-forward-container">-------- Vidarebefordrat meddelande -------- <table class="moz-email-headers-table" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Ämne: </th> <td>Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network</td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Datum: </th> <td>Thu, 29 Dec 2016 08:06:29 -0500 (EST)</td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Från: </th> <td>Marcin Mirecki <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a></td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Till: </th> <td>Sverker Abrahamsson <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a></td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Kopia: </th> <td>Ovirt Users <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a>, Lance Richardson <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:lrichard@redhat.com"><lrichard@redhat.com></a>, Numan Siddique <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:nusiddiq@redhat.com"><nusiddiq@redhat.com></a></td> </tr> </tbody> </table> <br> <br> <pre>Let me add the OVN team. Lance, Numan, Can you please look at this? Trying to plug a vNIC results in: > >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > >>>>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > >>>>>> -- set Interface vnet0 > >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > >>>>>> set Interface vnet0 > >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > >>>>>> Interface vnet0 external-ids:iface-status=active > >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: More details below ----- Original Message ----- > From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > Sent: Thursday, December 29, 2016 1:42:11 PM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network > > Hi > Same problem still.. > /Sverker > > Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: > > Hi, > > > > The tunnels are created to connect multiple OVN controllers. > > If there is only one, there is no need for the tunnels, so none > > will be created, this is the correct behavior. > > > > Does the problem still occur after setting configuring the OVN-controller? > > > > Marcin > > > > ----- Original Message ----- > >> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >> Sent: Thursday, December 29, 2016 11:44:32 AM > >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >> network > >> > >> Hi > >> The rpm packages you listed in the other mail are installed but I had > >> not run vdsm-tool ovn-config to create tunnel as the OVN controller is > >> on the same host. > >> > >> [root@h2 ~]# rpm -q openvswitch-ovn-common > >> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 > >> [root@h2 ~]# rpm -q openvswitch-ovn-host > >> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 > >> [root@h2 ~]# rpm -q python-openvswitch > >> python-openvswitch-2.6.90-1.el7.centos.noarch > >> > >> After removing my manually created br-int and run > >> > >> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 > >> > >> then I have the br-int but 'ip link show' does not show any link > >> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these > >> are when there is an actual tunnel? > >> > >> [root@h2 ~]# ovs-vsctl show > >> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > >> Bridge br-int > >> fail_mode: secure > >> Port br-int > >> Interface br-int > >> type: internal > >> Bridge ovirtbridge > >> Port ovirtbridge > >> Interface ovirtbridge > >> type: internal > >> Bridge "ovsbridge0" > >> Port "ovsbridge0" > >> Interface "ovsbridge0" > >> type: internal > >> Port "eth0" > >> Interface "eth0" > >> ovs_version: "2.6.90" > >> > >> [root@h2 ~]# ip link show > >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode > >> DEFAULT qlen 1 > >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > >> master ovs-system state UP mode DEFAULT qlen 1000 > >> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff > >> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode > >> DEFAULT qlen 1000 > >> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff > >> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff > >> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode > >> DEFAULT qlen 1000 > >> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff > >> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff > >> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master > >> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff > >> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UP mode DEFAULT qlen 1000 > >> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff > >> > >> Firewall settings: > >> [root@h2 ~]# firewall-cmd --list-all-zones > >> work > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> drop > >> target: DROP > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> internal > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client mdns samba-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> external > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: ssh > >> ports: > >> protocols: > >> masquerade: yes > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> trusted > >> target: ACCEPT > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> home > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client mdns samba-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> dmz > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> public (active) > >> target: default > >> icmp-block-inversion: no > >> interfaces: eth0 ovsbridge0 > >> sources: > >> services: dhcpv6-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> block > >> target: %%REJECT%% > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> ovirt (active) > >> target: default > >> icmp-block-inversion: no > >> interfaces: ovirtbridge ovirtmgmt > >> sources: > >> services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https > >> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn > >> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm > >> ports: > >> protocols: > >> masquerade: yes > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> rule family="ipv4" port port="6641" protocol="tcp" accept > >> rule family="ipv4" port port="6642" protocol="tcp" accept > >> > >> The db dump is attached > >> /Sverker > >> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: > >>> Hi, > >>> > >>> Can you please do: "sudo ovsdb-client dump" > >>> on the host and send me the output? > >>> > >>> Have you configured the ovn controller to connect to the > >>> OVN north? You can do it using "vdsm-tool ovn-config" or > >>> using the OVN tools directly. > >>> Please check out: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/">https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/</a> > >>> for details. > >>> > >>> Also please note that the OVN provider is completely different > >>> from the neutron-openvswitch plugin. Please don't mix the two. > >>> > >>> Marcin > >>> > >>> > >>> ----- Original Message ----- > >>>> From: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>> To: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>> Sent: Thursday, December 29, 2016 9:27:19 AM > >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >>>> network > >>>> > >>>> Hi, > >>>> > >>>> br-int is the OVN integration bridge, it should have been created > >>>> when installing OVN. I assume you have the following packages installed > >>>> on the host: > >>>> openvswitch-ovn-common > >>>> openvswitch-ovn-host > >>>> python-openvswitch > >>>> > >>>> Please give me some time to look at the connectivity problem. > >>>> > >>>> Marcin > >>>> > >>>> > >>>> > >>>> ----- Original Message ----- > >>>>> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>> Sent: Thursday, December 29, 2016 12:47:04 AM > >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >>>>> network > >>>>> > >>>>> From > >>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook > >>>>> (installed by ovirt-provider-ovn-driver rpm): > >>>>> > >>>>> BRIDGE_NAME = 'br-int' > >>>>> > >>>>> > >>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: > >>>>>> Googling on the message about br-int suggested adding that bridge to > >>>>>> ovs: > >>>>>> > >>>>>> ovs-vsctl add-br br-int > >>>>>> > >>>>>> Then the VM is able to boot, but it fails to get network connectivity. > >>>>>> Output in /var/log/messages: > >>>>>> > >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > >>>>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > >>>>>> -- set Interface vnet0 > >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > >>>>>> set Interface vnet0 > >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > >>>>>> Interface vnet0 external-ids:iface-status=active > >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > >>>>>> libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev > >>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out > >>>>>> vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 > >>>>>> -g FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in > >>>>>> vnet0 -g HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev > >>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out > >>>>>> vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in > >>>>>> vnet0 -g FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in > >>>>>> vnet0 -g HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > >>>>>> libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 > >>>>>> libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: > >>>>>> > >>>>>> > >>>>>> [root@h2 etc]# ovs-vsctl show > >>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > >>>>>> Bridge ovirtbridge > >>>>>> Port "ovirtport0" > >>>>>> Interface "ovirtport0" > >>>>>> type: internal > >>>>>> Port ovirtbridge > >>>>>> Interface ovirtbridge > >>>>>> type: internal > >>>>>> Bridge "ovsbridge0" > >>>>>> Port "ovsbridge0" > >>>>>> Interface "ovsbridge0" > >>>>>> type: internal > >>>>>> Port "eth0" > >>>>>> Interface "eth0" > >>>>>> Bridge br-int > >>>>>> Port br-int > >>>>>> Interface br-int > >>>>>> type: internal > >>>>>> Port "vnet0" > >>>>>> Interface "vnet0" > >>>>>> ovs_version: "2.6.90" > >>>>>> > >>>>>> Searching through the code it appears that br-int comes from > >>>>>> neutron-openvswitch plugin ?? > >>>>>> > >>>>>> [root@h2 share]# rpm -qf > >>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py > >>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch > >>>>>> > >>>>>> > >>>>>> /Sverker > >>>>>> > >>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: > >>>>>>> In addition I had to add an alias to modprobe: > >>>>>>> > >>>>>>> [root@h2 modprobe.d]# cat dummy.conf > >>>>>>> alias dummy0 dummy > >>>>>>> > >>>>>>> > >>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: > >>>>>>>> Hi > >>>>>>>> I first tried to set device name to dummy_0, but then ifup did not > >>>>>>>> succeed in creating the device unless I first did 'ip link add > >>>>>>>> dummy_0 type dummy' but then it would not suceed to establish the if > >>>>>>>> on reboot. > >>>>>>>> > >>>>>>>> Setting fake_nics = dummy0 would not work neither, but this works: > >>>>>>>> > >>>>>>>> fake_nics = dummy* > >>>>>>>> > >>>>>>>> The engine is now able to find the if and assign bridge ovirtmgmt to > >>>>>>>> it. > >>>>>>>> > >>>>>>>> However, I then run into the next issue when starting a VM: > >>>>>>>> > >>>>>>>> 2016-12-28 22:28:23,897 ERROR > >>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, > >>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit > >>>>>>>> message: Cannot get interface MTU on 'br-int': No such device. > >>>>>>>> > >>>>>>>> This VM has a nic on ovirtbridge, which comes from the OVN provider. > >>>>>>>> > >>>>>>>> /Sverker > >>>>>>>> > >>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: > >>>>>>>>> Sverker, > >>>>>>>>> > >>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, > >>>>>>>>> (or alternatively add the name of the vnic to > >>>>>>>>> vdsm.config fake_nics), and setup the management > >>>>>>>>> network using this vnic? > >>>>>>>>> I suppose adding the vnic you use for connecting > >>>>>>>>> to the engine to fake_nics should make it visible > >>>>>>>>> to the engine, and you should be able to use it for > >>>>>>>>> the setup. > >>>>>>>>> > >>>>>>>>> Marcin > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> ----- Original Message ----- > >>>>>>>>>> From: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>>>>>>> To: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM > >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>> ovirtmgmt network > >>>>>>>>>> > >>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port > >>>>>>>>>>> with > >>>>>>>>>>> IP address, but in the host network settings that port is not > >>>>>>>>>>> visible. > >>>>>>>>>> I just verified and unfortunately the virtual ports are not > >>>>>>>>>> visible in engine > >>>>>>>>>> to assign a network to :( > >>>>>>>>>> I'm afraid that the engine is not ready for such a scenario (even > >>>>>>>>>> if it > >>>>>>>>>> works). > >>>>>>>>>> Please give me some time to look for a solution. > >>>>>>>>>> > >>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>>> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>>>>>>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM > >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>>> ovirtmgmt > >>>>>>>>>>> network > >>>>>>>>>>> > >>>>>>>>>>> Hi Marcin > >>>>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 > >>>>>>>>>>> nor > >>>>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the network > >>>>>>>>>>> config > >>>>>>>>>>> so that the host will be unreachable. > >>>>>>>>>>> > >>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port > >>>>>>>>>>> with > >>>>>>>>>>> IP address, but in the host network settings that port is not > >>>>>>>>>>> visible. > >>>>>>>>>>> It doesn't help to name it ovirtmgmt. > >>>>>>>>>>> > >>>>>>>>>>> The engine is able to communicate with the host on the ip it has > >>>>>>>>>>> been > >>>>>>>>>>> given, it's just that it believes that it HAS to have a ovirtmgmt > >>>>>>>>>>> network which can't be on OVN. > >>>>>>>>>>> > >>>>>>>>>>> /Sverker > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: > >>>>>>>>>>>> Hi Sverker, > >>>>>>>>>>>> > >>>>>>>>>>>> The management network is mandatory on each host. It's used by > >>>>>>>>>>>> the > >>>>>>>>>>>> engine to communicate with the host. > >>>>>>>>>>>> Looking at your description and the exception it looks like it > >>>>>>>>>>>> is > >>>>>>>>>>>> missing. > >>>>>>>>>>>> The error is caused by not having any network for the host > >>>>>>>>>>>> (network list retrieved in > >>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - > >>>>>>>>>>>> which > >>>>>>>>>>>> gets all the networks on nics for a host from vds_interface > >>>>>>>>>>>> table in the > >>>>>>>>>>>> DB). > >>>>>>>>>>>> > >>>>>>>>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as > >>>>>>>>>>>> I > >>>>>>>>>>>> understand you > >>>>>>>>>>>> have no physical nic available) and use this for the management > >>>>>>>>>>>> network? > >>>>>>>>>>>> > >>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private > >>>>>>>>>>>>> address. > >>>>>>>>>>>> I'm not quite sure I understand. Is this yet another bridge > >>>>>>>>>>>> connected to > >>>>>>>>>>>> ovsbridge0? > >>>>>>>>>>>> You could also attach the vnic for the management network here > >>>>>>>>>>>> if need > >>>>>>>>>>>> be. > >>>>>>>>>>>> > >>>>>>>>>>>> Please keep in mind that OVN has no use in setting up the > >>>>>>>>>>>> management > >>>>>>>>>>>> network. > >>>>>>>>>>>> The OVN provider can only handle external networks, which can > >>>>>>>>>>>> not be used > >>>>>>>>>>>> for a > >>>>>>>>>>>> management network. > >>>>>>>>>>>> > >>>>>>>>>>>> Marcin > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>>>>> To: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a> > >>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM > >>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>>>>> ovirtmgmt > >>>>>>>>>>>>> network > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Hi > >>>>>>>>>>>>> For long time I've been looking for proper support in ovirt for > >>>>>>>>>>>>> Open > >>>>>>>>>>>>> vSwitch > >>>>>>>>>>>>> so I'm happy that it is moving in the right direction. However, > >>>>>>>>>>>>> there > >>>>>>>>>>>>> seems > >>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable > >>>>>>>>>>>>> to move > >>>>>>>>>>>>> that > >>>>>>>>>>>>> to the OVN provider. > >>>>>>>>>>>>> > >>>>>>>>>>>>> The hosting center where I rent hw instances has a bit special > >>>>>>>>>>>>> network > >>>>>>>>>>>>> setup, > >>>>>>>>>>>>> so I have one physical network port with a /32 netmask and > >>>>>>>>>>>>> point-to-point > >>>>>>>>>>>>> config to router. The physical port I connect to a ovs bridge > >>>>>>>>>>>>> which has > >>>>>>>>>>>>> the > >>>>>>>>>>>>> public ip. Since ovirt always messes up the network config when > >>>>>>>>>>>>> I've > >>>>>>>>>>>>> tried > >>>>>>>>>>>>> to let it have access to the network config for the physical > >>>>>>>>>>>>> port, I've > >>>>>>>>>>>>> set > >>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private > >>>>>>>>>>>>> address. With > >>>>>>>>>>>>> the > >>>>>>>>>>>>> OVN provider I am now able to import these into the engine and > >>>>>>>>>>>>> it looks > >>>>>>>>>>>>> good. When creating a VM I can select that it will have a vNic > >>>>>>>>>>>>> on my OVS > >>>>>>>>>>>>> bridge. > >>>>>>>>>>>>> > >>>>>>>>>>>>> However, I can't start the VM as an exception is thrown in the > >>>>>>>>>>>>> log: > >>>>>>>>>>>>> > >>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR > >>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] > >>>>>>>>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: > >>>>>>>>>>>>> java.lang.NullPointerException > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Looking at that section of code where the exception is thrown, > >>>>>>>>>>>>> I see > >>>>>>>>>>>>> that > >>>>>>>>>>>>> it > >>>>>>>>>>>>> iterates over host networks to find required networks, which I > >>>>>>>>>>>>> assume is > >>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see any > >>>>>>>>>>>>> networks at > >>>>>>>>>>>>> all > >>>>>>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN > >>>>>>>>>>>>> networks but > >>>>>>>>>>>>> these > >>>>>>>>>>>>> can't be statically assigned as they are added dynamically when > >>>>>>>>>>>>> needed, > >>>>>>>>>>>>> which is fine. > >>>>>>>>>>>>> > >>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt network or > >>>>>>>>>>>>> configure > >>>>>>>>>>>>> that > >>>>>>>>>>>>> it > >>>>>>>>>>>>> is provided by the OVN provider, but neither is possible. > >>>>>>>>>>>>> Preferably it > >>>>>>>>>>>>> shouldn't be hardcoded which network is management and > >>>>>>>>>>>>> mandatory but be > >>>>>>>>>>>>> possible to configure. > >>>>>>>>>>>>> > >>>>>>>>>>>>> /Sverker > >>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>> _______________________________________________ > >>>>>>>>>> Users mailing list > >>>>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>>>>>> > >>>>>>>> _______________________________________________ > >>>>>>>> Users mailing list > >>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>>> _______________________________________________ > >>>>>>> Users mailing list > >>>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>> _______________________________________________ > >>>>>> Users mailing list > >>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>> _______________________________________________ > >>>> Users mailing list > >>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>> > >> > > </pre> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> </body> </html> --------------A13E96D10914C45BE06D4805--
This is a multi-part message in MIME format. --------------08BAAA2E9CDD32DE62D1A70E Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp. /Sverker Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:
By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now.
It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge??
/Sverker
Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:
The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker
-------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <mmirecki@redhat.com> Till: Sverker Abrahamsson <sverker@abrahamsson.com> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com>
Let me add the OVN team.
Lance, Numan,
Can you please look at this?
Trying to plug a vNIC results in:
>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl >>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- >>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>> -- set Interface vnet0 >>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- >>> set Interface vnet0 >>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set >>> Interface vnet0 external-ids:iface-status=active >>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >>> libvirt-J-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
More details below
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Same problem still.. /Sverker
Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
Hi,
The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior.
Does the problem still occur after setting configuring the OVN-controller?
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host.
[root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch
After removing my manually created br-int and run
vdsm-tool ovn-config 127.0.0.1 172.27.1.1
then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel?
[root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90"
[root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:
trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept
The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki:
Hi,
Can you please do: "sudo ovsdb-client dump" on the host and send me the output?
Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ for details.
Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two.
Marcin
----- Original Message ----- > From: "Marcin Mirecki"<mmirecki@redhat.com> > To: "Sverker Abrahamsson"<sverker@abrahamsson.com> > Cc: "Ovirt Users"<users@ovirt.org> > Sent: Thursday, December 29, 2016 9:27:19 AM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > network > > Hi, > > br-int is the OVN integration bridge, it should have been created > when installing OVN. I assume you have the following packages installed > on the host: > openvswitch-ovn-common > openvswitch-ovn-host > python-openvswitch > > Please give me some time to look at the connectivity problem. > > Marcin > > > > ----- Original Message ----- >> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >> To: "Marcin Mirecki"<mmirecki@redhat.com> >> Cc: "Ovirt Users"<users@ovirt.org> >> Sent: Thursday, December 29, 2016 12:47:04 AM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >> network >> >> From >> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >> (installed by ovirt-provider-ovn-driver rpm): >> >> BRIDGE_NAME = 'br-int' >> >> >> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>> Googling on the message about br-int suggested adding that bridge to >>> ovs: >>> >>> ovs-vsctl add-br br-int >>> >>> Then the VM is able to boot, but it fails to get network connectivity. >>> Output in /var/log/messages: >>> >>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl >>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- >>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>> -- set Interface vnet0 >>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- >>> set Interface vnet0 >>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set >>> Interface vnet0 external-ids:iface-status=active >>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >>> libvirt-J-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j >>> libvirt-P-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out >>> vnet0 -g FO-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 >>> -g FI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in >>> vnet0 -g HI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out >>> vnet0 -g FO-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in >>> vnet0 -g FI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in >>> vnet0 -g HI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >>> libvirt-I-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j >>> libvirt-O-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 >>> libvirt-O-vnet0' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: >>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: >>> >>> >>> [root@h2 etc]# ovs-vsctl show >>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>> Bridge ovirtbridge >>> Port "ovirtport0" >>> Interface "ovirtport0" >>> type: internal >>> Port ovirtbridge >>> Interface ovirtbridge >>> type: internal >>> Bridge "ovsbridge0" >>> Port "ovsbridge0" >>> Interface "ovsbridge0" >>> type: internal >>> Port "eth0" >>> Interface "eth0" >>> Bridge br-int >>> Port br-int >>> Interface br-int >>> type: internal >>> Port "vnet0" >>> Interface "vnet0" >>> ovs_version: "2.6.90" >>> >>> Searching through the code it appears that br-int comes from >>> neutron-openvswitch plugin ?? >>> >>> [root@h2 share]# rpm -qf >>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>> >>> >>> /Sverker >>> >>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>> In addition I had to add an alias to modprobe: >>>> >>>> [root@h2 modprobe.d]# cat dummy.conf >>>> alias dummy0 dummy >>>> >>>> >>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>> Hi >>>>> I first tried to set device name to dummy_0, but then ifup did not >>>>> succeed in creating the device unless I first did 'ip link add >>>>> dummy_0 type dummy' but then it would not suceed to establish the if >>>>> on reboot. >>>>> >>>>> Setting fake_nics = dummy0 would not work neither, but this works: >>>>> >>>>> fake_nics = dummy* >>>>> >>>>> The engine is now able to find the if and assign bridge ovirtmgmt to >>>>> it. >>>>> >>>>> However, I then run into the next issue when starting a VM: >>>>> >>>>> 2016-12-28 22:28:23,897 ERROR >>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, >>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit >>>>> message: Cannot get interface MTU on 'br-int': No such device. >>>>> >>>>> This VM has a nic on ovirtbridge, which comes from the OVN provider. >>>>> >>>>> /Sverker >>>>> >>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>> Sverker, >>>>>> >>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>> (or alternatively add the name of the vnic to >>>>>> vdsm.config fake_nics), and setup the management >>>>>> network using this vnic? >>>>>> I suppose adding the vnic you use for connecting >>>>>> to the engine to fake_nics should make it visible >>>>>> to the engine, and you should be able to use it for >>>>>> the setup. >>>>>> >>>>>> Marcin >>>>>> >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt network >>>>>>> >>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>>>> with >>>>>>>> IP address, but in the host network settings that port is not >>>>>>>> visible. >>>>>>> I just verified and unfortunately the virtual ports are not >>>>>>> visible in engine >>>>>>> to assign a network to :( >>>>>>> I'm afraid that the engine is not ready for such a scenario (even >>>>>>> if it >>>>>>> works). >>>>>>> Please give me some time to look for a solution. >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt >>>>>>>> network >>>>>>>> >>>>>>>> Hi Marcin >>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 >>>>>>>> nor >>>>>>>> ovsbridge0 since as soon as it sees them it messes up the network >>>>>>>> config >>>>>>>> so that the host will be unreachable. >>>>>>>> >>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>>>> with >>>>>>>> IP address, but in the host network settings that port is not >>>>>>>> visible. >>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>> >>>>>>>> The engine is able to communicate with the host on the ip it has >>>>>>>> been >>>>>>>> given, it's just that it believes that it HAS to have a ovirtmgmt >>>>>>>> network which can't be on OVN. >>>>>>>> >>>>>>>> /Sverker >>>>>>>> >>>>>>>> >>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>> Hi Sverker, >>>>>>>>> >>>>>>>>> The management network is mandatory on each host. It's used by >>>>>>>>> the >>>>>>>>> engine to communicate with the host. >>>>>>>>> Looking at your description and the exception it looks like it >>>>>>>>> is >>>>>>>>> missing. >>>>>>>>> The error is caused by not having any network for the host >>>>>>>>> (network list retrieved in >>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>> which >>>>>>>>> gets all the networks on nics for a host from vds_interface >>>>>>>>> table in the >>>>>>>>> DB). >>>>>>>>> >>>>>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as >>>>>>>>> I >>>>>>>>> understand you >>>>>>>>> have no physical nic available) and use this for the management >>>>>>>>> network? >>>>>>>>> >>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>> address. >>>>>>>>> I'm not quite sure I understand. Is this yet another bridge >>>>>>>>> connected to >>>>>>>>> ovsbridge0? >>>>>>>>> You could also attach the vnic for the management network here >>>>>>>>> if need >>>>>>>>> be. >>>>>>>>> >>>>>>>>> Please keep in mind that OVN has no use in setting up the >>>>>>>>> management >>>>>>>>> network. >>>>>>>>> The OVN provider can only handle external networks, which can >>>>>>>>> not be used >>>>>>>>> for a >>>>>>>>> management network. >>>>>>>>> >>>>>>>>> Marcin >>>>>>>>> >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>> To:users@ovirt.org >>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>> ovirtmgmt >>>>>>>>>> network >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Hi >>>>>>>>>> For long time I've been looking for proper support in ovirt for >>>>>>>>>> Open >>>>>>>>>> vSwitch >>>>>>>>>> so I'm happy that it is moving in the right direction. However, >>>>>>>>>> there >>>>>>>>>> seems >>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>>>>>>>>> to move >>>>>>>>>> that >>>>>>>>>> to the OVN provider. >>>>>>>>>> >>>>>>>>>> The hosting center where I rent hw instances has a bit special >>>>>>>>>> network >>>>>>>>>> setup, >>>>>>>>>> so I have one physical network port with a /32 netmask and >>>>>>>>>> point-to-point >>>>>>>>>> config to router. The physical port I connect to a ovs bridge >>>>>>>>>> which has >>>>>>>>>> the >>>>>>>>>> public ip. Since ovirt always messes up the network config when >>>>>>>>>> I've >>>>>>>>>> tried >>>>>>>>>> to let it have access to the network config for the physical >>>>>>>>>> port, I've >>>>>>>>>> set >>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>> address. With >>>>>>>>>> the >>>>>>>>>> OVN provider I am now able to import these into the engine and >>>>>>>>>> it looks >>>>>>>>>> good. When creating a VM I can select that it will have a vNic >>>>>>>>>> on my OVS >>>>>>>>>> bridge. >>>>>>>>>> >>>>>>>>>> However, I can't start the VM as an exception is thrown in the >>>>>>>>>> log: >>>>>>>>>> >>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>>>>>>>> java.lang.NullPointerException >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>> >>>>>>>>>> [bll.jar:] >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Looking at that section of code where the exception is thrown, >>>>>>>>>> I see >>>>>>>>>> that >>>>>>>>>> it >>>>>>>>>> iterates over host networks to find required networks, which I >>>>>>>>>> assume is >>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see any >>>>>>>>>> networks at >>>>>>>>>> all >>>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>>>>> networks but >>>>>>>>>> these >>>>>>>>>> can't be statically assigned as they are added dynamically when >>>>>>>>>> needed, >>>>>>>>>> which is fine. >>>>>>>>>> >>>>>>>>>> I believe that I either need to remove ovirtmgmt network or >>>>>>>>>> configure >>>>>>>>>> that >>>>>>>>>> it >>>>>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>>>>> Preferably it >>>>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>>>> mandatory but be >>>>>>>>>> possible to configure. >>>>>>>>>> >>>>>>>>>> /Sverker >>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>> >>>>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>>Users@ovirt.org >>>>>>>http://lists.ovirt.org/mailman/listinfo/users >>>>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>>Users@ovirt.org >>>>>http://lists.ovirt.org/mailman/listinfo/users >>>> _______________________________________________ >>>> Users mailing list >>>>Users@ovirt.org >>>>http://lists.ovirt.org/mailman/listinfo/users >>> _______________________________________________ >>> Users mailing list >>>Users@ovirt.org >>>http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ > Users mailing list >Users@ovirt.org >http://lists.ovirt.org/mailman/listinfo/users >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------08BAAA2E9CDD32DE62D1A70E Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp.</p> <p>/Sverker<br> </p> <div class="moz-cite-prefix">Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:<br> </div> <blockquote cite="mid:2fbfbff5-e3d5-253b-277d-b2b7ca2f1370@abrahamsson.com" type="cite"> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> <p>By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now.</p> <p>It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge??</p> <p>/Sverker<br> </p> <div class="moz-cite-prefix">Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:<br> </div> <blockquote cite="mid:040302e6-9ed0-c957-39af-8b443d263156@abrahamsson.com" type="cite"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <p>The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created?<br> /Sverker<br> </p> <div class="moz-forward-container">-------- Vidarebefordrat meddelande -------- <table class="moz-email-headers-table" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Ämne: </th> <td>Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network</td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Datum: </th> <td>Thu, 29 Dec 2016 08:06:29 -0500 (EST)</td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Från: </th> <td>Marcin Mirecki <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a></td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Till: </th> <td>Sverker Abrahamsson <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a></td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Kopia: </th> <td>Ovirt Users <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a>, Lance Richardson <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:lrichard@redhat.com"><lrichard@redhat.com></a>, Numan Siddique <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:nusiddiq@redhat.com"><nusiddiq@redhat.com></a></td> </tr> </tbody> </table> <br> <br> <pre>Let me add the OVN team. Lance, Numan, Can you please look at this? Trying to plug a vNIC results in: > >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > >>>>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > >>>>>> -- set Interface vnet0 > >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > >>>>>> set Interface vnet0 > >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > >>>>>> Interface vnet0 external-ids:iface-status=active > >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: More details below ----- Original Message ----- > From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > Sent: Thursday, December 29, 2016 1:42:11 PM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network > > Hi > Same problem still.. > /Sverker > > Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: > > Hi, > > > > The tunnels are created to connect multiple OVN controllers. > > If there is only one, there is no need for the tunnels, so none > > will be created, this is the correct behavior. > > > > Does the problem still occur after setting configuring the OVN-controller? > > > > Marcin > > > > ----- Original Message ----- > >> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >> Sent: Thursday, December 29, 2016 11:44:32 AM > >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >> network > >> > >> Hi > >> The rpm packages you listed in the other mail are installed but I had > >> not run vdsm-tool ovn-config to create tunnel as the OVN controller is > >> on the same host. > >> > >> [root@h2 ~]# rpm -q openvswitch-ovn-common > >> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 > >> [root@h2 ~]# rpm -q openvswitch-ovn-host > >> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 > >> [root@h2 ~]# rpm -q python-openvswitch > >> python-openvswitch-2.6.90-1.el7.centos.noarch > >> > >> After removing my manually created br-int and run > >> > >> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 > >> > >> then I have the br-int but 'ip link show' does not show any link > >> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these > >> are when there is an actual tunnel? > >> > >> [root@h2 ~]# ovs-vsctl show > >> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > >> Bridge br-int > >> fail_mode: secure > >> Port br-int > >> Interface br-int > >> type: internal > >> Bridge ovirtbridge > >> Port ovirtbridge > >> Interface ovirtbridge > >> type: internal > >> Bridge "ovsbridge0" > >> Port "ovsbridge0" > >> Interface "ovsbridge0" > >> type: internal > >> Port "eth0" > >> Interface "eth0" > >> ovs_version: "2.6.90" > >> > >> [root@h2 ~]# ip link show > >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode > >> DEFAULT qlen 1 > >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > >> master ovs-system state UP mode DEFAULT qlen 1000 > >> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff > >> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode > >> DEFAULT qlen 1000 > >> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff > >> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff > >> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode > >> DEFAULT qlen 1000 > >> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff > >> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff > >> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master > >> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 > >> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff > >> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > >> state UP mode DEFAULT qlen 1000 > >> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff > >> > >> Firewall settings: > >> [root@h2 ~]# firewall-cmd --list-all-zones > >> work > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> drop > >> target: DROP > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> internal > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client mdns samba-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> external > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: ssh > >> ports: > >> protocols: > >> masquerade: yes > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> trusted > >> target: ACCEPT > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> home > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: dhcpv6-client mdns samba-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> dmz > >> target: default > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> public (active) > >> target: default > >> icmp-block-inversion: no > >> interfaces: eth0 ovsbridge0 > >> sources: > >> services: dhcpv6-client ssh > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> block > >> target: %%REJECT%% > >> icmp-block-inversion: no > >> interfaces: > >> sources: > >> services: > >> ports: > >> protocols: > >> masquerade: no > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> > >> > >> ovirt (active) > >> target: default > >> icmp-block-inversion: no > >> interfaces: ovirtbridge ovirtmgmt > >> sources: > >> services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https > >> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn > >> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm > >> ports: > >> protocols: > >> masquerade: yes > >> forward-ports: > >> sourceports: > >> icmp-blocks: > >> rich rules: > >> rule family="ipv4" port port="6641" protocol="tcp" accept > >> rule family="ipv4" port port="6642" protocol="tcp" accept > >> > >> The db dump is attached > >> /Sverker > >> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: > >>> Hi, > >>> > >>> Can you please do: "sudo ovsdb-client dump" > >>> on the host and send me the output? > >>> > >>> Have you configured the ovn controller to connect to the > >>> OVN north? You can do it using "vdsm-tool ovn-config" or > >>> using the OVN tools directly. > >>> Please check out: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/">https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/</a> > >>> for details. > >>> > >>> Also please note that the OVN provider is completely different > >>> from the neutron-openvswitch plugin. Please don't mix the two. > >>> > >>> Marcin > >>> > >>> > >>> ----- Original Message ----- > >>>> From: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>> To: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>> Sent: Thursday, December 29, 2016 9:27:19 AM > >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >>>> network > >>>> > >>>> Hi, > >>>> > >>>> br-int is the OVN integration bridge, it should have been created > >>>> when installing OVN. I assume you have the following packages installed > >>>> on the host: > >>>> openvswitch-ovn-common > >>>> openvswitch-ovn-host > >>>> python-openvswitch > >>>> > >>>> Please give me some time to look at the connectivity problem. > >>>> > >>>> Marcin > >>>> > >>>> > >>>> > >>>> ----- Original Message ----- > >>>>> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>> Sent: Thursday, December 29, 2016 12:47:04 AM > >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > >>>>> network > >>>>> > >>>>> From > >>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook > >>>>> (installed by ovirt-provider-ovn-driver rpm): > >>>>> > >>>>> BRIDGE_NAME = 'br-int' > >>>>> > >>>>> > >>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: > >>>>>> Googling on the message about br-int suggested adding that bridge to > >>>>>> ovs: > >>>>>> > >>>>>> ovs-vsctl add-br br-int > >>>>>> > >>>>>> Then the VM is able to boot, but it fails to get network connectivity. > >>>>>> Output in /var/log/messages: > >>>>>> > >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl > >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > >>>>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" > >>>>>> -- set Interface vnet0 > >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- > >>>>>> set Interface vnet0 > >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set > >>>>>> Interface vnet0 external-ids:iface-status=active > >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > >>>>>> libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev > >>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out > >>>>>> vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 > >>>>>> -g FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in > >>>>>> vnet0 -g HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev > >>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out > >>>>>> vnet0 -g FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in > >>>>>> vnet0 -g FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in > >>>>>> vnet0 -g HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j > >>>>>> libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j > >>>>>> libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 > >>>>>> libvirt-O-vnet0' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: > >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: > >>>>>> > >>>>>> > >>>>>> [root@h2 etc]# ovs-vsctl show > >>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > >>>>>> Bridge ovirtbridge > >>>>>> Port "ovirtport0" > >>>>>> Interface "ovirtport0" > >>>>>> type: internal > >>>>>> Port ovirtbridge > >>>>>> Interface ovirtbridge > >>>>>> type: internal > >>>>>> Bridge "ovsbridge0" > >>>>>> Port "ovsbridge0" > >>>>>> Interface "ovsbridge0" > >>>>>> type: internal > >>>>>> Port "eth0" > >>>>>> Interface "eth0" > >>>>>> Bridge br-int > >>>>>> Port br-int > >>>>>> Interface br-int > >>>>>> type: internal > >>>>>> Port "vnet0" > >>>>>> Interface "vnet0" > >>>>>> ovs_version: "2.6.90" > >>>>>> > >>>>>> Searching through the code it appears that br-int comes from > >>>>>> neutron-openvswitch plugin ?? > >>>>>> > >>>>>> [root@h2 share]# rpm -qf > >>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py > >>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch > >>>>>> > >>>>>> > >>>>>> /Sverker > >>>>>> > >>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: > >>>>>>> In addition I had to add an alias to modprobe: > >>>>>>> > >>>>>>> [root@h2 modprobe.d]# cat dummy.conf > >>>>>>> alias dummy0 dummy > >>>>>>> > >>>>>>> > >>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: > >>>>>>>> Hi > >>>>>>>> I first tried to set device name to dummy_0, but then ifup did not > >>>>>>>> succeed in creating the device unless I first did 'ip link add > >>>>>>>> dummy_0 type dummy' but then it would not suceed to establish the if > >>>>>>>> on reboot. > >>>>>>>> > >>>>>>>> Setting fake_nics = dummy0 would not work neither, but this works: > >>>>>>>> > >>>>>>>> fake_nics = dummy* > >>>>>>>> > >>>>>>>> The engine is now able to find the if and assign bridge ovirtmgmt to > >>>>>>>> it. > >>>>>>>> > >>>>>>>> However, I then run into the next issue when starting a VM: > >>>>>>>> > >>>>>>>> 2016-12-28 22:28:23,897 ERROR > >>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, > >>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit > >>>>>>>> message: Cannot get interface MTU on 'br-int': No such device. > >>>>>>>> > >>>>>>>> This VM has a nic on ovirtbridge, which comes from the OVN provider. > >>>>>>>> > >>>>>>>> /Sverker > >>>>>>>> > >>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: > >>>>>>>>> Sverker, > >>>>>>>>> > >>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, > >>>>>>>>> (or alternatively add the name of the vnic to > >>>>>>>>> vdsm.config fake_nics), and setup the management > >>>>>>>>> network using this vnic? > >>>>>>>>> I suppose adding the vnic you use for connecting > >>>>>>>>> to the engine to fake_nics should make it visible > >>>>>>>>> to the engine, and you should be able to use it for > >>>>>>>>> the setup. > >>>>>>>>> > >>>>>>>>> Marcin > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> ----- Original Message ----- > >>>>>>>>>> From: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>>>>>>> To: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM > >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>> ovirtmgmt network > >>>>>>>>>> > >>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port > >>>>>>>>>>> with > >>>>>>>>>>> IP address, but in the host network settings that port is not > >>>>>>>>>>> visible. > >>>>>>>>>> I just verified and unfortunately the virtual ports are not > >>>>>>>>>> visible in engine > >>>>>>>>>> to assign a network to :( > >>>>>>>>>> I'm afraid that the engine is not ready for such a scenario (even > >>>>>>>>>> if it > >>>>>>>>>> works). > >>>>>>>>>> Please give me some time to look for a solution. > >>>>>>>>>> > >>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>>> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> > >>>>>>>>>>> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> > >>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM > >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>>> ovirtmgmt > >>>>>>>>>>> network > >>>>>>>>>>> > >>>>>>>>>>> Hi Marcin > >>>>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 > >>>>>>>>>>> nor > >>>>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the network > >>>>>>>>>>> config > >>>>>>>>>>> so that the host will be unreachable. > >>>>>>>>>>> > >>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port > >>>>>>>>>>> with > >>>>>>>>>>> IP address, but in the host network settings that port is not > >>>>>>>>>>> visible. > >>>>>>>>>>> It doesn't help to name it ovirtmgmt. > >>>>>>>>>>> > >>>>>>>>>>> The engine is able to communicate with the host on the ip it has > >>>>>>>>>>> been > >>>>>>>>>>> given, it's just that it believes that it HAS to have a ovirtmgmt > >>>>>>>>>>> network which can't be on OVN. > >>>>>>>>>>> > >>>>>>>>>>> /Sverker > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: > >>>>>>>>>>>> Hi Sverker, > >>>>>>>>>>>> > >>>>>>>>>>>> The management network is mandatory on each host. It's used by > >>>>>>>>>>>> the > >>>>>>>>>>>> engine to communicate with the host. > >>>>>>>>>>>> Looking at your description and the exception it looks like it > >>>>>>>>>>>> is > >>>>>>>>>>>> missing. > >>>>>>>>>>>> The error is caused by not having any network for the host > >>>>>>>>>>>> (network list retrieved in > >>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - > >>>>>>>>>>>> which > >>>>>>>>>>>> gets all the networks on nics for a host from vds_interface > >>>>>>>>>>>> table in the > >>>>>>>>>>>> DB). > >>>>>>>>>>>> > >>>>>>>>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as > >>>>>>>>>>>> I > >>>>>>>>>>>> understand you > >>>>>>>>>>>> have no physical nic available) and use this for the management > >>>>>>>>>>>> network? > >>>>>>>>>>>> > >>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private > >>>>>>>>>>>>> address. > >>>>>>>>>>>> I'm not quite sure I understand. Is this yet another bridge > >>>>>>>>>>>> connected to > >>>>>>>>>>>> ovsbridge0? > >>>>>>>>>>>> You could also attach the vnic for the management network here > >>>>>>>>>>>> if need > >>>>>>>>>>>> be. > >>>>>>>>>>>> > >>>>>>>>>>>> Please keep in mind that OVN has no use in setting up the > >>>>>>>>>>>> management > >>>>>>>>>>>> network. > >>>>>>>>>>>> The OVN provider can only handle external networks, which can > >>>>>>>>>>>> not be used > >>>>>>>>>>>> for a > >>>>>>>>>>>> management network. > >>>>>>>>>>>> > >>>>>>>>>>>> Marcin > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>> From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> > >>>>>>>>>>>>> To: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a> > >>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM > >>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory > >>>>>>>>>>>>> ovirtmgmt > >>>>>>>>>>>>> network > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Hi > >>>>>>>>>>>>> For long time I've been looking for proper support in ovirt for > >>>>>>>>>>>>> Open > >>>>>>>>>>>>> vSwitch > >>>>>>>>>>>>> so I'm happy that it is moving in the right direction. However, > >>>>>>>>>>>>> there > >>>>>>>>>>>>> seems > >>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable > >>>>>>>>>>>>> to move > >>>>>>>>>>>>> that > >>>>>>>>>>>>> to the OVN provider. > >>>>>>>>>>>>> > >>>>>>>>>>>>> The hosting center where I rent hw instances has a bit special > >>>>>>>>>>>>> network > >>>>>>>>>>>>> setup, > >>>>>>>>>>>>> so I have one physical network port with a /32 netmask and > >>>>>>>>>>>>> point-to-point > >>>>>>>>>>>>> config to router. The physical port I connect to a ovs bridge > >>>>>>>>>>>>> which has > >>>>>>>>>>>>> the > >>>>>>>>>>>>> public ip. Since ovirt always messes up the network config when > >>>>>>>>>>>>> I've > >>>>>>>>>>>>> tried > >>>>>>>>>>>>> to let it have access to the network config for the physical > >>>>>>>>>>>>> port, I've > >>>>>>>>>>>>> set > >>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private > >>>>>>>>>>>>> address. With > >>>>>>>>>>>>> the > >>>>>>>>>>>>> OVN provider I am now able to import these into the engine and > >>>>>>>>>>>>> it looks > >>>>>>>>>>>>> good. When creating a VM I can select that it will have a vNic > >>>>>>>>>>>>> on my OVS > >>>>>>>>>>>>> bridge. > >>>>>>>>>>>>> > >>>>>>>>>>>>> However, I can't start the VM as an exception is thrown in the > >>>>>>>>>>>>> log: > >>>>>>>>>>>>> > >>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR > >>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] > >>>>>>>>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: > >>>>>>>>>>>>> java.lang.NullPointerException > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> at > >>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) > >>>>>>>>>>>>> > >>>>>>>>>>>>> [bll.jar:] > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Looking at that section of code where the exception is thrown, > >>>>>>>>>>>>> I see > >>>>>>>>>>>>> that > >>>>>>>>>>>>> it > >>>>>>>>>>>>> iterates over host networks to find required networks, which I > >>>>>>>>>>>>> assume is > >>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see any > >>>>>>>>>>>>> networks at > >>>>>>>>>>>>> all > >>>>>>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN > >>>>>>>>>>>>> networks but > >>>>>>>>>>>>> these > >>>>>>>>>>>>> can't be statically assigned as they are added dynamically when > >>>>>>>>>>>>> needed, > >>>>>>>>>>>>> which is fine. > >>>>>>>>>>>>> > >>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt network or > >>>>>>>>>>>>> configure > >>>>>>>>>>>>> that > >>>>>>>>>>>>> it > >>>>>>>>>>>>> is provided by the OVN provider, but neither is possible. > >>>>>>>>>>>>> Preferably it > >>>>>>>>>>>>> shouldn't be hardcoded which network is management and > >>>>>>>>>>>>> mandatory but be > >>>>>>>>>>>>> possible to configure. > >>>>>>>>>>>>> > >>>>>>>>>>>>> /Sverker > >>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>> _______________________________________________ > >>>>>>>>>> Users mailing list > >>>>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>>>>>> > >>>>>>>> _______________________________________________ > >>>>>>>> Users mailing list > >>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>>> _______________________________________________ > >>>>>>> Users mailing list > >>>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>>>> _______________________________________________ > >>>>>> Users mailing list > >>>>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>> _______________________________________________ > >>>> Users mailing list > >>>> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> > >>>> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> > >>>> > >> > > </pre> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> </body> </html> --------------08BAAA2E9CDD32DE62D1A70E--
Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int. Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants /Sverker Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:
When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp.
/Sverker
Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:
By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now.
It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge??
/Sverker
Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:
The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker
-------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <mmirecki@redhat.com> Till: Sverker Abrahamsson <sverker@abrahamsson.com> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com>
Let me add the OVN team.
Lance, Numan,
Can you please look at this?
Trying to plug a vNIC results in:
>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl >>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- >>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>> -- set Interface vnet0 >>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- >>>> set Interface vnet0 >>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set >>>> Interface vnet0 external-ids:iface-status=active >>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >>>> libvirt-J-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
More details below
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Same problem still.. /Sverker
Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
Hi,
The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior.
Does the problem still occur after setting configuring the OVN-controller?
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host.
[root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch
After removing my manually created br-int and run
vdsm-tool ovn-config 127.0.0.1 172.27.1.1
then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel?
[root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90"
[root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:
trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept
The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: > Hi, > > Can you please do: "sudo ovsdb-client dump" > on the host and send me the output? > > Have you configured the ovn controller to connect to the > OVN north? You can do it using "vdsm-tool ovn-config" or > using the OVN tools directly. > Please check out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ > for details. > > Also please note that the OVN provider is completely different > from the neutron-openvswitch plugin. Please don't mix the two. > > Marcin > > > ----- Original Message ----- >> From: "Marcin Mirecki"<mmirecki@redhat.com> >> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >> Cc: "Ovirt Users"<users@ovirt.org> >> Sent: Thursday, December 29, 2016 9:27:19 AM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >> network >> >> Hi, >> >> br-int is the OVN integration bridge, it should have been created >> when installing OVN. I assume you have the following packages installed >> on the host: >> openvswitch-ovn-common >> openvswitch-ovn-host >> python-openvswitch >> >> Please give me some time to look at the connectivity problem. >> >> Marcin >> >> >> >> ----- Original Message ----- >>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>> Cc: "Ovirt Users"<users@ovirt.org> >>> Sent: Thursday, December 29, 2016 12:47:04 AM >>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >>> network >>> >>> From >>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>> (installed by ovirt-provider-ovn-driver rpm): >>> >>> BRIDGE_NAME = 'br-int' >>> >>> >>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>> Googling on the message about br-int suggested adding that bridge to >>>> ovs: >>>> >>>> ovs-vsctl add-br br-int >>>> >>>> Then the VM is able to boot, but it fails to get network connectivity. >>>> Output in /var/log/messages: >>>> >>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl >>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- >>>> set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>> -- set Interface vnet0 >>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- >>>> set Interface vnet0 >>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set >>>> Interface vnet0 external-ids:iface-status=active >>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >>>> libvirt-J-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j >>>> libvirt-P-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out >>>> vnet0 -g FO-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 >>>> -g FI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in >>>> vnet0 -g HI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out >>>> vnet0 -g FO-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in >>>> vnet0 -g FI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in >>>> vnet0 -g HI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j >>>> libvirt-I-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j >>>> libvirt-O-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 >>>> libvirt-O-vnet0' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: >>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: >>>> >>>> >>>> [root@h2 etc]# ovs-vsctl show >>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>> Bridge ovirtbridge >>>> Port "ovirtport0" >>>> Interface "ovirtport0" >>>> type: internal >>>> Port ovirtbridge >>>> Interface ovirtbridge >>>> type: internal >>>> Bridge "ovsbridge0" >>>> Port "ovsbridge0" >>>> Interface "ovsbridge0" >>>> type: internal >>>> Port "eth0" >>>> Interface "eth0" >>>> Bridge br-int >>>> Port br-int >>>> Interface br-int >>>> type: internal >>>> Port "vnet0" >>>> Interface "vnet0" >>>> ovs_version: "2.6.90" >>>> >>>> Searching through the code it appears that br-int comes from >>>> neutron-openvswitch plugin ?? >>>> >>>> [root@h2 share]# rpm -qf >>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>> >>>> >>>> /Sverker >>>> >>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>> In addition I had to add an alias to modprobe: >>>>> >>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>> alias dummy0 dummy >>>>> >>>>> >>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>> Hi >>>>>> I first tried to set device name to dummy_0, but then ifup did not >>>>>> succeed in creating the device unless I first did 'ip link add >>>>>> dummy_0 type dummy' but then it would not suceed to establish the if >>>>>> on reboot. >>>>>> >>>>>> Setting fake_nics = dummy0 would not work neither, but this works: >>>>>> >>>>>> fake_nics = dummy* >>>>>> >>>>>> The engine is now able to find the if and assign bridge ovirtmgmt to >>>>>> it. >>>>>> >>>>>> However, I then run into the next issue when starting a VM: >>>>>> >>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, >>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit >>>>>> message: Cannot get interface MTU on 'br-int': No such device. >>>>>> >>>>>> This VM has a nic on ovirtbridge, which comes from the OVN provider. >>>>>> >>>>>> /Sverker >>>>>> >>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>> Sverker, >>>>>>> >>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>> (or alternatively add the name of the vnic to >>>>>>> vdsm.config fake_nics), and setup the management >>>>>>> network using this vnic? >>>>>>> I suppose adding the vnic you use for connecting >>>>>>> to the engine to fake_nics should make it visible >>>>>>> to the engine, and you should be able to use it for >>>>>>> the setup. >>>>>>> >>>>>>> Marcin >>>>>>> >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt network >>>>>>>> >>>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>>>>> with >>>>>>>>> IP address, but in the host network settings that port is not >>>>>>>>> visible. >>>>>>>> I just verified and unfortunately the virtual ports are not >>>>>>>> visible in engine >>>>>>>> to assign a network to :( >>>>>>>> I'm afraid that the engine is not ready for such a scenario (even >>>>>>>> if it >>>>>>>> works). >>>>>>>> Please give me some time to look for a solution. >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt >>>>>>>>> network >>>>>>>>> >>>>>>>>> Hi Marcin >>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 >>>>>>>>> nor >>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the network >>>>>>>>> config >>>>>>>>> so that the host will be unreachable. >>>>>>>>> >>>>>>>>> I have an internal OVS bridge called ovirtbridge which has a port >>>>>>>>> with >>>>>>>>> IP address, but in the host network settings that port is not >>>>>>>>> visible. >>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>> >>>>>>>>> The engine is able to communicate with the host on the ip it has >>>>>>>>> been >>>>>>>>> given, it's just that it believes that it HAS to have a ovirtmgmt >>>>>>>>> network which can't be on OVN. >>>>>>>>> >>>>>>>>> /Sverker >>>>>>>>> >>>>>>>>> >>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>> Hi Sverker, >>>>>>>>>> >>>>>>>>>> The management network is mandatory on each host. It's used by >>>>>>>>>> the >>>>>>>>>> engine to communicate with the host. >>>>>>>>>> Looking at your description and the exception it looks like it >>>>>>>>>> is >>>>>>>>>> missing. >>>>>>>>>> The error is caused by not having any network for the host >>>>>>>>>> (network list retrieved in >>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>> which >>>>>>>>>> gets all the networks on nics for a host from vds_interface >>>>>>>>>> table in the >>>>>>>>>> DB). >>>>>>>>>> >>>>>>>>>> Could you maybe create a virtual nic connected to ovsbridge0 (as >>>>>>>>>> I >>>>>>>>>> understand you >>>>>>>>>> have no physical nic available) and use this for the management >>>>>>>>>> network? >>>>>>>>>> >>>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>>> address. >>>>>>>>>> I'm not quite sure I understand. Is this yet another bridge >>>>>>>>>> connected to >>>>>>>>>> ovsbridge0? >>>>>>>>>> You could also attach the vnic for the management network here >>>>>>>>>> if need >>>>>>>>>> be. >>>>>>>>>> >>>>>>>>>> Please keep in mind that OVN has no use in setting up the >>>>>>>>>> management >>>>>>>>>> network. >>>>>>>>>> The OVN provider can only handle external networks, which can >>>>>>>>>> not be used >>>>>>>>>> for a >>>>>>>>>> management network. >>>>>>>>>> >>>>>>>>>> Marcin >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>> ovirtmgmt >>>>>>>>>>> network >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Hi >>>>>>>>>>> For long time I've been looking for proper support in ovirt for >>>>>>>>>>> Open >>>>>>>>>>> vSwitch >>>>>>>>>>> so I'm happy that it is moving in the right direction. However, >>>>>>>>>>> there >>>>>>>>>>> seems >>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm unable >>>>>>>>>>> to move >>>>>>>>>>> that >>>>>>>>>>> to the OVN provider. >>>>>>>>>>> >>>>>>>>>>> The hosting center where I rent hw instances has a bit special >>>>>>>>>>> network >>>>>>>>>>> setup, >>>>>>>>>>> so I have one physical network port with a /32 netmask and >>>>>>>>>>> point-to-point >>>>>>>>>>> config to router. The physical port I connect to a ovs bridge >>>>>>>>>>> which has >>>>>>>>>>> the >>>>>>>>>>> public ip. Since ovirt always messes up the network config when >>>>>>>>>>> I've >>>>>>>>>>> tried >>>>>>>>>>> to let it have access to the network config for the physical >>>>>>>>>>> port, I've >>>>>>>>>>> set >>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>>> address. With >>>>>>>>>>> the >>>>>>>>>>> OVN provider I am now able to import these into the engine and >>>>>>>>>>> it looks >>>>>>>>>>> good. When creating a VM I can select that it will have a vNic >>>>>>>>>>> on my OVS >>>>>>>>>>> bridge. >>>>>>>>>>> >>>>>>>>>>> However, I can't start the VM as an exception is thrown in the >>>>>>>>>>> log: >>>>>>>>>>> >>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>> (default task-5) [3c882d53] Error during ValidateFailure.: >>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>> >>>>>>>>>>> [bll.jar:] >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Looking at that section of code where the exception is thrown, >>>>>>>>>>> I see >>>>>>>>>>> that >>>>>>>>>>> it >>>>>>>>>>> iterates over host networks to find required networks, which I >>>>>>>>>>> assume is >>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see any >>>>>>>>>>> networks at >>>>>>>>>>> all >>>>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>>>>>> networks but >>>>>>>>>>> these >>>>>>>>>>> can't be statically assigned as they are added dynamically when >>>>>>>>>>> needed, >>>>>>>>>>> which is fine. >>>>>>>>>>> >>>>>>>>>>> I believe that I either need to remove ovirtmgmt network or >>>>>>>>>>> configure >>>>>>>>>>> that >>>>>>>>>>> it >>>>>>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>>>>>> Preferably it >>>>>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>>>>> mandatory but be >>>>>>>>>>> possible to configure. >>>>>>>>>>> >>>>>>>>>>> /Sverker >>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Users mailing list >>>>>>>>Users@ovirt.org >>>>>>>>http://lists.ovirt.org/mailman/listinfo/users >>>>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>>Users@ovirt.org >>>>>>http://lists.ovirt.org/mailman/listinfo/users >>>>> _______________________________________________ >>>>> Users mailing list >>>>>Users@ovirt.org >>>>>http://lists.ovirt.org/mailman/listinfo/users >>>> _______________________________________________ >>>> Users mailing list >>>>Users@ovirt.org >>>>http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >>Users@ovirt.org >>http://lists.ovirt.org/mailman/listinfo/users >>
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Sverker, br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created). The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess. Marcin ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique" <nusiddiq@redhat.com> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int.
Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants
/Sverker
Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:
When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp.
/Sverker
Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:
By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now.
It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge??
/Sverker
Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:
The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker
-------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <mmirecki@redhat.com> Till: Sverker Abrahamsson <sverker@abrahamsson.com> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com>
Let me add the OVN team.
Lance, Numan,
Can you please look at this?
Trying to plug a vNIC results in:
>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>> ovs-vsctl >>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>> vnet0 -- >>>>> set Interface vnet0 >>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>> -- set Interface vnet0 >>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>> -- >>>>> set Interface vnet0 >>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- >>>>> set >>>>> Interface vnet0 external-ids:iface-status=active >>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>> -j >>>>> libvirt-J-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
More details below
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Same problem still.. /Sverker
Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
Hi,
The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior.
Does the problem still occur after setting configuring the OVN-controller?
Marcin
----- Original Message ----- > From: "Sverker Abrahamsson"<sverker@abrahamsson.com> > To: "Marcin Mirecki"<mmirecki@redhat.com> > Cc: "Ovirt Users"<users@ovirt.org> > Sent: Thursday, December 29, 2016 11:44:32 AM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > ovirtmgmt > network > > Hi > The rpm packages you listed in the other mail are installed but I > had > not run vdsm-tool ovn-config to create tunnel as the OVN controller > is > on the same host. > > [root@h2 ~]# rpm -q openvswitch-ovn-common > openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 > [root@h2 ~]# rpm -q openvswitch-ovn-host > openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 > [root@h2 ~]# rpm -q python-openvswitch > python-openvswitch-2.6.90-1.el7.centos.noarch > > After removing my manually created br-int and run > > vdsm-tool ovn-config 127.0.0.1 172.27.1.1 > > then I have the br-int but 'ip link show' does not show any link > 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume > these > are when there is an actual tunnel? > > [root@h2 ~]# ovs-vsctl show > ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 > Bridge br-int > fail_mode: secure > Port br-int > Interface br-int > type: internal > Bridge ovirtbridge > Port ovirtbridge > Interface ovirtbridge > type: internal > Bridge "ovsbridge0" > Port "ovsbridge0" > Interface "ovsbridge0" > type: internal > Port "eth0" > Interface "eth0" > ovs_version: "2.6.90" > > [root@h2 ~]# ip link show > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > mode > DEFAULT qlen 1 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > master ovs-system state UP mode DEFAULT qlen 1000 > link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff > 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN > mode > DEFAULT qlen 1000 > link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff > 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > noqueue > state UNKNOWN mode DEFAULT qlen 1000 > link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff > 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode > DEFAULT qlen 1000 > link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff > 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > noqueue > state UNKNOWN mode DEFAULT qlen 1000 > link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff > 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue > master > ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 > link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff > 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > noqueue > state UP mode DEFAULT qlen 1000 > link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff > > Firewall settings: > [root@h2 ~]# firewall-cmd --list-all-zones > work > target: default > icmp-block-inversion: no > interfaces: > sources: > services: dhcpv6-client ssh > ports: > protocols: > masquerade: no > forward-ports: > sourceports: > icmp-blocks: > rich rules: > > > drop > target: DROP > icmp-block-inversion: no > interfaces: > sources: > services: > ports: > protocols: > masquerade: no > forward-ports: > sourceports: > icmp-blocks: > rich rules: > > > internal > target: default > icmp-block-inversion: no > interfaces: > sources: > services: dhcpv6-client mdns samba-client ssh > ports: > protocols: > masquerade: no > forward-ports: > sourceports: > icmp-blocks: > rich rules: > > > external > target: default > icmp-block-inversion: no > interfaces: > sources: > services: ssh > ports: > protocols: > masquerade: yes > forward-ports: > sourceports: > icmp-blocks: > rich rules: > > > trusted > target: ACCEPT > icmp-block-inversion: no > interfaces: > sources: > services: > ports: > protocols: > masquerade: no > forward-ports: > sourceports: > icmp-blocks: > rich rules: > > > home > target: default > icmp-block-inversion: no > interfaces: > sources: > services: dhcpv6-client mdns samba-client ssh > ports: > protocols: > masquerade: no > forward-ports: > sourceports: > icmp-blocks: > rich rules: > > > dmz > target: default > icmp-block-inversion: no > interfaces: > sources: > services: ssh > ports: > protocols: > masquerade: no > forward-ports: > sourceports: > icmp-blocks: > rich rules: > > > public (active) > target: default > icmp-block-inversion: no > interfaces: eth0 ovsbridge0 > sources: > services: dhcpv6-client ssh > ports: > protocols: > masquerade: no > forward-ports: > sourceports: > icmp-blocks: > rich rules: > > > block > target: %%REJECT%% > icmp-block-inversion: no > interfaces: > sources: > services: > ports: > protocols: > masquerade: no > forward-ports: > sourceports: > icmp-blocks: > rich rules: > > > ovirt (active) > target: default > icmp-block-inversion: no > interfaces: ovirtbridge ovirtmgmt > sources: > services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https > ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn > ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm > ports: > protocols: > masquerade: yes > forward-ports: > sourceports: > icmp-blocks: > rich rules: > rule family="ipv4" port port="6641" protocol="tcp" accept > rule family="ipv4" port port="6642" protocol="tcp" accept > > The db dump is attached > /Sverker > Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >> Hi, >> >> Can you please do: "sudo ovsdb-client dump" >> on the host and send me the output? >> >> Have you configured the ovn controller to connect to the >> OVN north? You can do it using "vdsm-tool ovn-config" or >> using the OVN tools directly. >> Please check >> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >> for details. >> >> Also please note that the OVN provider is completely different >> from the neutron-openvswitch plugin. Please don't mix the two. >> >> Marcin >> >> >> ----- Original Message ----- >>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>> Cc: "Ovirt Users"<users@ovirt.org> >>> Sent: Thursday, December 29, 2016 9:27:19 AM >>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>> ovirtmgmt >>> network >>> >>> Hi, >>> >>> br-int is the OVN integration bridge, it should have been created >>> when installing OVN. I assume you have the following packages >>> installed >>> on the host: >>> openvswitch-ovn-common >>> openvswitch-ovn-host >>> python-openvswitch >>> >>> Please give me some time to look at the connectivity problem. >>> >>> Marcin >>> >>> >>> >>> ----- Original Message ----- >>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>> Cc: "Ovirt Users"<users@ovirt.org> >>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt >>>> network >>>> >>>> From >>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>> (installed by ovirt-provider-ovn-driver rpm): >>>> >>>> BRIDGE_NAME = 'br-int' >>>> >>>> >>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>> Googling on the message about br-int suggested adding that >>>>> bridge to >>>>> ovs: >>>>> >>>>> ovs-vsctl add-br br-int >>>>> >>>>> Then the VM is able to boot, but it fails to get network >>>>> connectivity. >>>>> Output in /var/log/messages: >>>>> >>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>> ovs-vsctl >>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>> vnet0 -- >>>>> set Interface vnet0 >>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>> -- set Interface vnet0 >>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>> -- >>>>> set Interface vnet0 >>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- >>>>> set >>>>> Interface vnet0 external-ids:iface-status=active >>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>> -j >>>>> libvirt-J-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 >>>>> -j >>>>> libvirt-P-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>> --physdev-out >>>>> vnet0 -g FO-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in >>>>> vnet0 >>>>> -g FI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>> --physdev-in >>>>> vnet0 -g HI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>> --physdev-out >>>>> vnet0 -g FO-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>> --physdev-in >>>>> vnet0 -g FI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev >>>>> --physdev-in >>>>> vnet0 -g HI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>> -j >>>>> libvirt-I-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 >>>>> -j >>>>> libvirt-O-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 >>>>> libvirt-O-vnet0' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' >>>>> failed: >>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' >>>>> failed: >>>>> >>>>> >>>>> [root@h2 etc]# ovs-vsctl show >>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>> Bridge ovirtbridge >>>>> Port "ovirtport0" >>>>> Interface "ovirtport0" >>>>> type: internal >>>>> Port ovirtbridge >>>>> Interface ovirtbridge >>>>> type: internal >>>>> Bridge "ovsbridge0" >>>>> Port "ovsbridge0" >>>>> Interface "ovsbridge0" >>>>> type: internal >>>>> Port "eth0" >>>>> Interface "eth0" >>>>> Bridge br-int >>>>> Port br-int >>>>> Interface br-int >>>>> type: internal >>>>> Port "vnet0" >>>>> Interface "vnet0" >>>>> ovs_version: "2.6.90" >>>>> >>>>> Searching through the code it appears that br-int comes from >>>>> neutron-openvswitch plugin ?? >>>>> >>>>> [root@h2 share]# rpm -qf >>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>> >>>>> >>>>> /Sverker >>>>> >>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>> In addition I had to add an alias to modprobe: >>>>>> >>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>> alias dummy0 dummy >>>>>> >>>>>> >>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>> Hi >>>>>>> I first tried to set device name to dummy_0, but then ifup did >>>>>>> not >>>>>>> succeed in creating the device unless I first did 'ip link add >>>>>>> dummy_0 type dummy' but then it would not suceed to establish >>>>>>> the if >>>>>>> on reboot. >>>>>>> >>>>>>> Setting fake_nics = dummy0 would not work neither, but this >>>>>>> works: >>>>>>> >>>>>>> fake_nics = dummy* >>>>>>> >>>>>>> The engine is now able to find the if and assign bridge >>>>>>> ovirtmgmt to >>>>>>> it. >>>>>>> >>>>>>> However, I then run into the next issue when starting a VM: >>>>>>> >>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: >>>>>>> null, >>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. >>>>>>> Exit >>>>>>> message: Cannot get interface MTU on 'br-int': No such device. >>>>>>> >>>>>>> This VM has a nic on ovirtbridge, which comes from the OVN >>>>>>> provider. >>>>>>> >>>>>>> /Sverker >>>>>>> >>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>> Sverker, >>>>>>>> >>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>> (or alternatively add the name of the vnic to >>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>> network using this vnic? >>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>> to the engine to fake_nics should make it visible >>>>>>>> to the engine, and you should be able to use it for >>>>>>>> the setup. >>>>>>>> >>>>>>>> Marcin >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt network >>>>>>>>> >>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has >>>>>>>>>> a port >>>>>>>>>> with >>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>> not >>>>>>>>>> visible. >>>>>>>>> I just verified and unfortunately the virtual ports are not >>>>>>>>> visible in engine >>>>>>>>> to assign a network to :( >>>>>>>>> I'm afraid that the engine is not ready for such a scenario >>>>>>>>> (even >>>>>>>>> if it >>>>>>>>> works). >>>>>>>>> Please give me some time to look for a solution. >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>> ovirtmgmt >>>>>>>>>> network >>>>>>>>>> >>>>>>>>>> Hi Marcin >>>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see >>>>>>>>>> eth0 >>>>>>>>>> nor >>>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the >>>>>>>>>> network >>>>>>>>>> config >>>>>>>>>> so that the host will be unreachable. >>>>>>>>>> >>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has >>>>>>>>>> a port >>>>>>>>>> with >>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>> not >>>>>>>>>> visible. >>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>> >>>>>>>>>> The engine is able to communicate with the host on the ip >>>>>>>>>> it has >>>>>>>>>> been >>>>>>>>>> given, it's just that it believes that it HAS to have a >>>>>>>>>> ovirtmgmt >>>>>>>>>> network which can't be on OVN. >>>>>>>>>> >>>>>>>>>> /Sverker >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>> Hi Sverker, >>>>>>>>>>> >>>>>>>>>>> The management network is mandatory on each host. It's >>>>>>>>>>> used by >>>>>>>>>>> the >>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>> Looking at your description and the exception it looks >>>>>>>>>>> like it >>>>>>>>>>> is >>>>>>>>>>> missing. >>>>>>>>>>> The error is caused by not having any network for the host >>>>>>>>>>> (network list retrieved in >>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>> which >>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>> vds_interface >>>>>>>>>>> table in the >>>>>>>>>>> DB). >>>>>>>>>>> >>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>> I >>>>>>>>>>> understand you >>>>>>>>>>> have no physical nic available) and use this for the >>>>>>>>>>> management >>>>>>>>>>> network? >>>>>>>>>>> >>>>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>>>> address. >>>>>>>>>>> I'm not quite sure I understand. Is this yet another >>>>>>>>>>> bridge >>>>>>>>>>> connected to >>>>>>>>>>> ovsbridge0? >>>>>>>>>>> You could also attach the vnic for the management network >>>>>>>>>>> here >>>>>>>>>>> if need >>>>>>>>>>> be. >>>>>>>>>>> >>>>>>>>>>> Please keep in mind that OVN has no use in setting up the >>>>>>>>>>> management >>>>>>>>>>> network. >>>>>>>>>>> The OVN provider can only handle external networks, which >>>>>>>>>>> can >>>>>>>>>>> not be used >>>>>>>>>>> for a >>>>>>>>>>> management network. >>>>>>>>>>> >>>>>>>>>>> Marcin >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>> network >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Hi >>>>>>>>>>>> For long time I've been looking for proper support in >>>>>>>>>>>> ovirt for >>>>>>>>>>>> Open >>>>>>>>>>>> vSwitch >>>>>>>>>>>> so I'm happy that it is moving in the right direction. >>>>>>>>>>>> However, >>>>>>>>>>>> there >>>>>>>>>>>> seems >>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm >>>>>>>>>>>> unable >>>>>>>>>>>> to move >>>>>>>>>>>> that >>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>> >>>>>>>>>>>> The hosting center where I rent hw instances has a bit >>>>>>>>>>>> special >>>>>>>>>>>> network >>>>>>>>>>>> setup, >>>>>>>>>>>> so I have one physical network port with a /32 netmask >>>>>>>>>>>> and >>>>>>>>>>>> point-to-point >>>>>>>>>>>> config to router. The physical port I connect to a ovs >>>>>>>>>>>> bridge >>>>>>>>>>>> which has >>>>>>>>>>>> the >>>>>>>>>>>> public ip. Since ovirt always messes up the network >>>>>>>>>>>> config when >>>>>>>>>>>> I've >>>>>>>>>>>> tried >>>>>>>>>>>> to let it have access to the network config for the >>>>>>>>>>>> physical >>>>>>>>>>>> port, I've >>>>>>>>>>>> set >>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>>>> address. With >>>>>>>>>>>> the >>>>>>>>>>>> OVN provider I am now able to import these into the >>>>>>>>>>>> engine and >>>>>>>>>>>> it looks >>>>>>>>>>>> good. When creating a VM I can select that it will have a >>>>>>>>>>>> vNic >>>>>>>>>>>> on my OVS >>>>>>>>>>>> bridge. >>>>>>>>>>>> >>>>>>>>>>>> However, I can't start the VM as an exception is thrown >>>>>>>>>>>> in the >>>>>>>>>>>> log: >>>>>>>>>>>> >>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> at >>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>> >>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Looking at that section of code where the exception is >>>>>>>>>>>> thrown, >>>>>>>>>>>> I see >>>>>>>>>>>> that >>>>>>>>>>>> it >>>>>>>>>>>> iterates over host networks to find required networks, >>>>>>>>>>>> which I >>>>>>>>>>>> assume is >>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see >>>>>>>>>>>> any >>>>>>>>>>>> networks at >>>>>>>>>>>> all >>>>>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>>>>>>> networks but >>>>>>>>>>>> these >>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>> dynamically when >>>>>>>>>>>> needed, >>>>>>>>>>>> which is fine. >>>>>>>>>>>> >>>>>>>>>>>> I believe that I either need to remove ovirtmgmt network >>>>>>>>>>>> or >>>>>>>>>>>> configure >>>>>>>>>>>> that >>>>>>>>>>>> it >>>>>>>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>>>>>>> Preferably it >>>>>>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>>>>>> mandatory but be >>>>>>>>>>>> possible to configure. >>>>>>>>>>>> >>>>>>>>>>>> /Sverker >>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Users mailing list >>>>>>>>>Users@ovirt.org >>>>>>>>>http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>>Users@ovirt.org >>>>>>>http://lists.ovirt.org/mailman/listinfo/users >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>>Users@ovirt.org >>>>>>http://lists.ovirt.org/mailman/listinfo/users >>>>> _______________________________________________ >>>>> Users mailing list >>>>>Users@ovirt.org >>>>>http://lists.ovirt.org/mailman/listinfo/users >>> _______________________________________________ >>> Users mailing list >>>Users@ovirt.org >>>http://lists.ovirt.org/mailman/listinfo/users >>> >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway? /Sverker Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:
Sverker,
br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created).
The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique" <nusiddiq@redhat.com> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int.
Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants
/Sverker
Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:
When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp.
/Sverker
Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:
By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now.
It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge??
/Sverker
Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:
The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker
-------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <mmirecki@redhat.com> Till: Sverker Abrahamsson <sverker@abrahamsson.com> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com>
Let me add the OVN team.
Lance, Numan,
Can you please look at this?
Trying to plug a vNIC results in:
>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>>> ovs-vsctl >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>>> vnet0 -- >>>>>> set Interface vnet0 >>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>> -- set Interface vnet0 >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>> -- >>>>>> set Interface vnet0 >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- >>>>>> set >>>>>> Interface vnet0 external-ids:iface-status=active >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>> -j >>>>>> libvirt-J-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: More details below
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Same problem still.. /Sverker
Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: > Hi, > > The tunnels are created to connect multiple OVN controllers. > If there is only one, there is no need for the tunnels, so none > will be created, this is the correct behavior. > > Does the problem still occur after setting configuring the > OVN-controller? > > Marcin > > ----- Original Message ----- >> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >> To: "Marcin Mirecki"<mmirecki@redhat.com> >> Cc: "Ovirt Users"<users@ovirt.org> >> Sent: Thursday, December 29, 2016 11:44:32 AM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >> ovirtmgmt >> network >> >> Hi >> The rpm packages you listed in the other mail are installed but I >> had >> not run vdsm-tool ovn-config to create tunnel as the OVN controller >> is >> on the same host. >> >> [root@h2 ~]# rpm -q openvswitch-ovn-common >> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >> [root@h2 ~]# rpm -q openvswitch-ovn-host >> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >> [root@h2 ~]# rpm -q python-openvswitch >> python-openvswitch-2.6.90-1.el7.centos.noarch >> >> After removing my manually created br-int and run >> >> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >> >> then I have the br-int but 'ip link show' does not show any link >> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume >> these >> are when there is an actual tunnel? >> >> [root@h2 ~]# ovs-vsctl show >> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >> Bridge br-int >> fail_mode: secure >> Port br-int >> Interface br-int >> type: internal >> Bridge ovirtbridge >> Port ovirtbridge >> Interface ovirtbridge >> type: internal >> Bridge "ovsbridge0" >> Port "ovsbridge0" >> Interface "ovsbridge0" >> type: internal >> Port "eth0" >> Interface "eth0" >> ovs_version: "2.6.90" >> >> [root@h2 ~]# ip link show >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN >> mode >> DEFAULT qlen 1 >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> master ovs-system state UP mode DEFAULT qlen 1000 >> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN >> mode >> DEFAULT qlen 1000 >> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff >> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >> noqueue >> state UNKNOWN mode DEFAULT qlen 1000 >> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode >> DEFAULT qlen 1000 >> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff >> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >> noqueue >> state UNKNOWN mode DEFAULT qlen 1000 >> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff >> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue >> master >> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >> noqueue >> state UP mode DEFAULT qlen 1000 >> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >> >> Firewall settings: >> [root@h2 ~]# firewall-cmd --list-all-zones >> work >> target: default >> icmp-block-inversion: no >> interfaces: >> sources: >> services: dhcpv6-client ssh >> ports: >> protocols: >> masquerade: no >> forward-ports: >> sourceports: >> icmp-blocks: >> rich rules: >> >> >> drop >> target: DROP >> icmp-block-inversion: no >> interfaces: >> sources: >> services: >> ports: >> protocols: >> masquerade: no >> forward-ports: >> sourceports: >> icmp-blocks: >> rich rules: >> >> >> internal >> target: default >> icmp-block-inversion: no >> interfaces: >> sources: >> services: dhcpv6-client mdns samba-client ssh >> ports: >> protocols: >> masquerade: no >> forward-ports: >> sourceports: >> icmp-blocks: >> rich rules: >> >> >> external >> target: default >> icmp-block-inversion: no >> interfaces: >> sources: >> services: ssh >> ports: >> protocols: >> masquerade: yes >> forward-ports: >> sourceports: >> icmp-blocks: >> rich rules: >> >> >> trusted >> target: ACCEPT >> icmp-block-inversion: no >> interfaces: >> sources: >> services: >> ports: >> protocols: >> masquerade: no >> forward-ports: >> sourceports: >> icmp-blocks: >> rich rules: >> >> >> home >> target: default >> icmp-block-inversion: no >> interfaces: >> sources: >> services: dhcpv6-client mdns samba-client ssh >> ports: >> protocols: >> masquerade: no >> forward-ports: >> sourceports: >> icmp-blocks: >> rich rules: >> >> >> dmz >> target: default >> icmp-block-inversion: no >> interfaces: >> sources: >> services: ssh >> ports: >> protocols: >> masquerade: no >> forward-ports: >> sourceports: >> icmp-blocks: >> rich rules: >> >> >> public (active) >> target: default >> icmp-block-inversion: no >> interfaces: eth0 ovsbridge0 >> sources: >> services: dhcpv6-client ssh >> ports: >> protocols: >> masquerade: no >> forward-ports: >> sourceports: >> icmp-blocks: >> rich rules: >> >> >> block >> target: %%REJECT%% >> icmp-block-inversion: no >> interfaces: >> sources: >> services: >> ports: >> protocols: >> masquerade: no >> forward-ports: >> sourceports: >> icmp-blocks: >> rich rules: >> >> >> ovirt (active) >> target: default >> icmp-block-inversion: no >> interfaces: ovirtbridge ovirtmgmt >> sources: >> services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https >> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >> ports: >> protocols: >> masquerade: yes >> forward-ports: >> sourceports: >> icmp-blocks: >> rich rules: >> rule family="ipv4" port port="6641" protocol="tcp" accept >> rule family="ipv4" port port="6642" protocol="tcp" accept >> >> The db dump is attached >> /Sverker >> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>> Hi, >>> >>> Can you please do: "sudo ovsdb-client dump" >>> on the host and send me the output? >>> >>> Have you configured the ovn controller to connect to the >>> OVN north? You can do it using "vdsm-tool ovn-config" or >>> using the OVN tools directly. >>> Please check >>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>> for details. >>> >>> Also please note that the OVN provider is completely different >>> from the neutron-openvswitch plugin. Please don't mix the two. >>> >>> Marcin >>> >>> >>> ----- Original Message ----- >>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>> Cc: "Ovirt Users"<users@ovirt.org> >>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt >>>> network >>>> >>>> Hi, >>>> >>>> br-int is the OVN integration bridge, it should have been created >>>> when installing OVN. I assume you have the following packages >>>> installed >>>> on the host: >>>> openvswitch-ovn-common >>>> openvswitch-ovn-host >>>> python-openvswitch >>>> >>>> Please give me some time to look at the connectivity problem. >>>> >>>> Marcin >>>> >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt >>>>> network >>>>> >>>>> From >>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>> >>>>> BRIDGE_NAME = 'br-int' >>>>> >>>>> >>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>> Googling on the message about br-int suggested adding that >>>>>> bridge to >>>>>> ovs: >>>>>> >>>>>> ovs-vsctl add-br br-int >>>>>> >>>>>> Then the VM is able to boot, but it fails to get network >>>>>> connectivity. >>>>>> Output in /var/log/messages: >>>>>> >>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>>> ovs-vsctl >>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>>> vnet0 -- >>>>>> set Interface vnet0 >>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>> -- set Interface vnet0 >>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>> -- >>>>>> set Interface vnet0 >>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- >>>>>> set >>>>>> Interface vnet0 external-ids:iface-status=active >>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>> -j >>>>>> libvirt-J-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 >>>>>> -j >>>>>> libvirt-P-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>> --physdev-out >>>>>> vnet0 -g FO-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in >>>>>> vnet0 >>>>>> -g FI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>>> --physdev-in >>>>>> vnet0 -g HI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>> --physdev-out >>>>>> vnet0 -g FO-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>> --physdev-in >>>>>> vnet0 -g FI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev >>>>>> --physdev-in >>>>>> vnet0 -g HI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>> -j >>>>>> libvirt-I-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 >>>>>> -j >>>>>> libvirt-O-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 >>>>>> libvirt-O-vnet0' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' >>>>>> failed: >>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' >>>>>> failed: >>>>>> >>>>>> >>>>>> [root@h2 etc]# ovs-vsctl show >>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>> Bridge ovirtbridge >>>>>> Port "ovirtport0" >>>>>> Interface "ovirtport0" >>>>>> type: internal >>>>>> Port ovirtbridge >>>>>> Interface ovirtbridge >>>>>> type: internal >>>>>> Bridge "ovsbridge0" >>>>>> Port "ovsbridge0" >>>>>> Interface "ovsbridge0" >>>>>> type: internal >>>>>> Port "eth0" >>>>>> Interface "eth0" >>>>>> Bridge br-int >>>>>> Port br-int >>>>>> Interface br-int >>>>>> type: internal >>>>>> Port "vnet0" >>>>>> Interface "vnet0" >>>>>> ovs_version: "2.6.90" >>>>>> >>>>>> Searching through the code it appears that br-int comes from >>>>>> neutron-openvswitch plugin ?? >>>>>> >>>>>> [root@h2 share]# rpm -qf >>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>> >>>>>> >>>>>> /Sverker >>>>>> >>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>> In addition I had to add an alias to modprobe: >>>>>>> >>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>> alias dummy0 dummy >>>>>>> >>>>>>> >>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>> Hi >>>>>>>> I first tried to set device name to dummy_0, but then ifup did >>>>>>>> not >>>>>>>> succeed in creating the device unless I first did 'ip link add >>>>>>>> dummy_0 type dummy' but then it would not suceed to establish >>>>>>>> the if >>>>>>>> on reboot. >>>>>>>> >>>>>>>> Setting fake_nics = dummy0 would not work neither, but this >>>>>>>> works: >>>>>>>> >>>>>>>> fake_nics = dummy* >>>>>>>> >>>>>>>> The engine is now able to find the if and assign bridge >>>>>>>> ovirtmgmt to >>>>>>>> it. >>>>>>>> >>>>>>>> However, I then run into the next issue when starting a VM: >>>>>>>> >>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: >>>>>>>> null, >>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. >>>>>>>> Exit >>>>>>>> message: Cannot get interface MTU on 'br-int': No such device. >>>>>>>> >>>>>>>> This VM has a nic on ovirtbridge, which comes from the OVN >>>>>>>> provider. >>>>>>>> >>>>>>>> /Sverker >>>>>>>> >>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>> Sverker, >>>>>>>>> >>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>> network using this vnic? >>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>> the setup. >>>>>>>>> >>>>>>>>> Marcin >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>> ovirtmgmt network >>>>>>>>>> >>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has >>>>>>>>>>> a port >>>>>>>>>>> with >>>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>>> not >>>>>>>>>>> visible. >>>>>>>>>> I just verified and unfortunately the virtual ports are not >>>>>>>>>> visible in engine >>>>>>>>>> to assign a network to :( >>>>>>>>>> I'm afraid that the engine is not ready for such a scenario >>>>>>>>>> (even >>>>>>>>>> if it >>>>>>>>>> works). >>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>> ovirtmgmt >>>>>>>>>>> network >>>>>>>>>>> >>>>>>>>>>> Hi Marcin >>>>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see >>>>>>>>>>> eth0 >>>>>>>>>>> nor >>>>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the >>>>>>>>>>> network >>>>>>>>>>> config >>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>> >>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has >>>>>>>>>>> a port >>>>>>>>>>> with >>>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>>> not >>>>>>>>>>> visible. >>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>> >>>>>>>>>>> The engine is able to communicate with the host on the ip >>>>>>>>>>> it has >>>>>>>>>>> been >>>>>>>>>>> given, it's just that it believes that it HAS to have a >>>>>>>>>>> ovirtmgmt >>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>> >>>>>>>>>>> /Sverker >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>> >>>>>>>>>>>> The management network is mandatory on each host. It's >>>>>>>>>>>> used by >>>>>>>>>>>> the >>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>> Looking at your description and the exception it looks >>>>>>>>>>>> like it >>>>>>>>>>>> is >>>>>>>>>>>> missing. >>>>>>>>>>>> The error is caused by not having any network for the host >>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>> which >>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>> vds_interface >>>>>>>>>>>> table in the >>>>>>>>>>>> DB). >>>>>>>>>>>> >>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>> I >>>>>>>>>>>> understand you >>>>>>>>>>>> have no physical nic available) and use this for the >>>>>>>>>>>> management >>>>>>>>>>>> network? >>>>>>>>>>>> >>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>>>>> address. >>>>>>>>>>>> I'm not quite sure I understand. Is this yet another >>>>>>>>>>>> bridge >>>>>>>>>>>> connected to >>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>> You could also attach the vnic for the management network >>>>>>>>>>>> here >>>>>>>>>>>> if need >>>>>>>>>>>> be. >>>>>>>>>>>> >>>>>>>>>>>> Please keep in mind that OVN has no use in setting up the >>>>>>>>>>>> management >>>>>>>>>>>> network. >>>>>>>>>>>> The OVN provider can only handle external networks, which >>>>>>>>>>>> can >>>>>>>>>>>> not be used >>>>>>>>>>>> for a >>>>>>>>>>>> management network. >>>>>>>>>>>> >>>>>>>>>>>> Marcin >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>> network >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Hi >>>>>>>>>>>>> For long time I've been looking for proper support in >>>>>>>>>>>>> ovirt for >>>>>>>>>>>>> Open >>>>>>>>>>>>> vSwitch >>>>>>>>>>>>> so I'm happy that it is moving in the right direction. >>>>>>>>>>>>> However, >>>>>>>>>>>>> there >>>>>>>>>>>>> seems >>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm >>>>>>>>>>>>> unable >>>>>>>>>>>>> to move >>>>>>>>>>>>> that >>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>> >>>>>>>>>>>>> The hosting center where I rent hw instances has a bit >>>>>>>>>>>>> special >>>>>>>>>>>>> network >>>>>>>>>>>>> setup, >>>>>>>>>>>>> so I have one physical network port with a /32 netmask >>>>>>>>>>>>> and >>>>>>>>>>>>> point-to-point >>>>>>>>>>>>> config to router. The physical port I connect to a ovs >>>>>>>>>>>>> bridge >>>>>>>>>>>>> which has >>>>>>>>>>>>> the >>>>>>>>>>>>> public ip. Since ovirt always messes up the network >>>>>>>>>>>>> config when >>>>>>>>>>>>> I've >>>>>>>>>>>>> tried >>>>>>>>>>>>> to let it have access to the network config for the >>>>>>>>>>>>> physical >>>>>>>>>>>>> port, I've >>>>>>>>>>>>> set >>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>>>>> address. With >>>>>>>>>>>>> the >>>>>>>>>>>>> OVN provider I am now able to import these into the >>>>>>>>>>>>> engine and >>>>>>>>>>>>> it looks >>>>>>>>>>>>> good. When creating a VM I can select that it will have a >>>>>>>>>>>>> vNic >>>>>>>>>>>>> on my OVS >>>>>>>>>>>>> bridge. >>>>>>>>>>>>> >>>>>>>>>>>>> However, I can't start the VM as an exception is thrown >>>>>>>>>>>>> in the >>>>>>>>>>>>> log: >>>>>>>>>>>>> >>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> at >>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>> >>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Looking at that section of code where the exception is >>>>>>>>>>>>> thrown, >>>>>>>>>>>>> I see >>>>>>>>>>>>> that >>>>>>>>>>>>> it >>>>>>>>>>>>> iterates over host networks to find required networks, >>>>>>>>>>>>> which I >>>>>>>>>>>>> assume is >>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see >>>>>>>>>>>>> any >>>>>>>>>>>>> networks at >>>>>>>>>>>>> all >>>>>>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>>>>>>>> networks but >>>>>>>>>>>>> these >>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>> dynamically when >>>>>>>>>>>>> needed, >>>>>>>>>>>>> which is fine. >>>>>>>>>>>>> >>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt network >>>>>>>>>>>>> or >>>>>>>>>>>>> configure >>>>>>>>>>>>> that >>>>>>>>>>>>> it >>>>>>>>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>>>>>>>> Preferably it >>>>>>>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>> >>>>>>>>>>>>> /Sverker >>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Users mailing list >>>>>>>>>> Users@ovirt.org >>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Users mailing list >>>>>>>> Users@ovirt.org >>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> Users@ovirt.org >>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> Users@ovirt.org >>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>> _______________________________________________ >>>> Users mailing list >>>> Users@ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>>>
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi, The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it, attaching the management network to the bridge. This was the reason for creating the bridge (the recommended setup would be to used a separate physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels. In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported).
What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM
I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge. Marcin ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway?
/Sverker
Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:
Sverker,
br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created).
The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique" <nusiddiq@redhat.com> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int.
Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants
/Sverker
Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:
When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp.
/Sverker
Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:
By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now.
It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge??
/Sverker
Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:
The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker
-------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <mmirecki@redhat.com> Till: Sverker Abrahamsson <sverker@abrahamsson.com> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com>
Let me add the OVN team.
Lance, Numan,
Can you please look at this?
Trying to plug a vNIC results in: >>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>>>> ovs-vsctl >>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>>>> vnet0 -- >>>>>>> set Interface vnet0 >>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>> -- set Interface vnet0 >>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>> -- >>>>>>> set Interface vnet0 >>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- >>>>>>> set >>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>> -j >>>>>>> libvirt-J-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: More details below
----- Original Message ----- > From: "Sverker Abrahamsson"<sverker@abrahamsson.com> > To: "Marcin Mirecki"<mmirecki@redhat.com> > Cc: "Ovirt Users"<users@ovirt.org> > Sent: Thursday, December 29, 2016 1:42:11 PM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > network > > Hi > Same problem still.. > /Sverker > > Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >> Hi, >> >> The tunnels are created to connect multiple OVN controllers. >> If there is only one, there is no need for the tunnels, so none >> will be created, this is the correct behavior. >> >> Does the problem still occur after setting configuring the >> OVN-controller? >> >> Marcin >> >> ----- Original Message ----- >>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>> Cc: "Ovirt Users"<users@ovirt.org> >>> Sent: Thursday, December 29, 2016 11:44:32 AM >>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>> ovirtmgmt >>> network >>> >>> Hi >>> The rpm packages you listed in the other mail are installed but I >>> had >>> not run vdsm-tool ovn-config to create tunnel as the OVN controller >>> is >>> on the same host. >>> >>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>> [root@h2 ~]# rpm -q python-openvswitch >>> python-openvswitch-2.6.90-1.el7.centos.noarch >>> >>> After removing my manually created br-int and run >>> >>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>> >>> then I have the br-int but 'ip link show' does not show any link >>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume >>> these >>> are when there is an actual tunnel? >>> >>> [root@h2 ~]# ovs-vsctl show >>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>> Bridge br-int >>> fail_mode: secure >>> Port br-int >>> Interface br-int >>> type: internal >>> Bridge ovirtbridge >>> Port ovirtbridge >>> Interface ovirtbridge >>> type: internal >>> Bridge "ovsbridge0" >>> Port "ovsbridge0" >>> Interface "ovsbridge0" >>> type: internal >>> Port "eth0" >>> Interface "eth0" >>> ovs_version: "2.6.90" >>> >>> [root@h2 ~]# ip link show >>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN >>> mode >>> DEFAULT qlen 1 >>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >>> master ovs-system state UP mode DEFAULT qlen 1000 >>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN >>> mode >>> DEFAULT qlen 1000 >>> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff >>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>> noqueue >>> state UNKNOWN mode DEFAULT qlen 1000 >>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode >>> DEFAULT qlen 1000 >>> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff >>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>> noqueue >>> state UNKNOWN mode DEFAULT qlen 1000 >>> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff >>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue >>> master >>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>> noqueue >>> state UP mode DEFAULT qlen 1000 >>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>> >>> Firewall settings: >>> [root@h2 ~]# firewall-cmd --list-all-zones >>> work >>> target: default >>> icmp-block-inversion: no >>> interfaces: >>> sources: >>> services: dhcpv6-client ssh >>> ports: >>> protocols: >>> masquerade: no >>> forward-ports: >>> sourceports: >>> icmp-blocks: >>> rich rules: >>> >>> >>> drop >>> target: DROP >>> icmp-block-inversion: no >>> interfaces: >>> sources: >>> services: >>> ports: >>> protocols: >>> masquerade: no >>> forward-ports: >>> sourceports: >>> icmp-blocks: >>> rich rules: >>> >>> >>> internal >>> target: default >>> icmp-block-inversion: no >>> interfaces: >>> sources: >>> services: dhcpv6-client mdns samba-client ssh >>> ports: >>> protocols: >>> masquerade: no >>> forward-ports: >>> sourceports: >>> icmp-blocks: >>> rich rules: >>> >>> >>> external >>> target: default >>> icmp-block-inversion: no >>> interfaces: >>> sources: >>> services: ssh >>> ports: >>> protocols: >>> masquerade: yes >>> forward-ports: >>> sourceports: >>> icmp-blocks: >>> rich rules: >>> >>> >>> trusted >>> target: ACCEPT >>> icmp-block-inversion: no >>> interfaces: >>> sources: >>> services: >>> ports: >>> protocols: >>> masquerade: no >>> forward-ports: >>> sourceports: >>> icmp-blocks: >>> rich rules: >>> >>> >>> home >>> target: default >>> icmp-block-inversion: no >>> interfaces: >>> sources: >>> services: dhcpv6-client mdns samba-client ssh >>> ports: >>> protocols: >>> masquerade: no >>> forward-ports: >>> sourceports: >>> icmp-blocks: >>> rich rules: >>> >>> >>> dmz >>> target: default >>> icmp-block-inversion: no >>> interfaces: >>> sources: >>> services: ssh >>> ports: >>> protocols: >>> masquerade: no >>> forward-ports: >>> sourceports: >>> icmp-blocks: >>> rich rules: >>> >>> >>> public (active) >>> target: default >>> icmp-block-inversion: no >>> interfaces: eth0 ovsbridge0 >>> sources: >>> services: dhcpv6-client ssh >>> ports: >>> protocols: >>> masquerade: no >>> forward-ports: >>> sourceports: >>> icmp-blocks: >>> rich rules: >>> >>> >>> block >>> target: %%REJECT%% >>> icmp-block-inversion: no >>> interfaces: >>> sources: >>> services: >>> ports: >>> protocols: >>> masquerade: no >>> forward-ports: >>> sourceports: >>> icmp-blocks: >>> rich rules: >>> >>> >>> ovirt (active) >>> target: default >>> icmp-block-inversion: no >>> interfaces: ovirtbridge ovirtmgmt >>> sources: >>> services: dhcp ovirt-fence-kdump-listener ovirt-http >>> ovirt-https >>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>> ports: >>> protocols: >>> masquerade: yes >>> forward-ports: >>> sourceports: >>> icmp-blocks: >>> rich rules: >>> rule family="ipv4" port port="6641" protocol="tcp" accept >>> rule family="ipv4" port port="6642" protocol="tcp" accept >>> >>> The db dump is attached >>> /Sverker >>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>> Hi, >>>> >>>> Can you please do: "sudo ovsdb-client dump" >>>> on the host and send me the output? >>>> >>>> Have you configured the ovn controller to connect to the >>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>> using the OVN tools directly. >>>> Please check >>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>> for details. >>>> >>>> Also please note that the OVN provider is completely different >>>> from the neutron-openvswitch plugin. Please don't mix the two. >>>> >>>> Marcin >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt >>>>> network >>>>> >>>>> Hi, >>>>> >>>>> br-int is the OVN integration bridge, it should have been created >>>>> when installing OVN. I assume you have the following packages >>>>> installed >>>>> on the host: >>>>> openvswitch-ovn-common >>>>> openvswitch-ovn-host >>>>> python-openvswitch >>>>> >>>>> Please give me some time to look at the connectivity problem. >>>>> >>>>> Marcin >>>>> >>>>> >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt >>>>>> network >>>>>> >>>>>> From >>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>> >>>>>> BRIDGE_NAME = 'br-int' >>>>>> >>>>>> >>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>> Googling on the message about br-int suggested adding that >>>>>>> bridge to >>>>>>> ovs: >>>>>>> >>>>>>> ovs-vsctl add-br br-int >>>>>>> >>>>>>> Then the VM is able to boot, but it fails to get network >>>>>>> connectivity. >>>>>>> Output in /var/log/messages: >>>>>>> >>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>>>> ovs-vsctl >>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>>>> vnet0 -- >>>>>>> set Interface vnet0 >>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>> -- set Interface vnet0 >>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>> -- >>>>>>> set Interface vnet0 >>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- >>>>>>> set >>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>> -j >>>>>>> libvirt-J-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 >>>>>>> -j >>>>>>> libvirt-P-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>> --physdev-out >>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in >>>>>>> vnet0 >>>>>>> -g FI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>>>> --physdev-in >>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>> --physdev-out >>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>> --physdev-in >>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev >>>>>>> --physdev-in >>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>> -j >>>>>>> libvirt-I-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 >>>>>>> -j >>>>>>> libvirt-O-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 >>>>>>> libvirt-O-vnet0' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' >>>>>>> failed: >>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' >>>>>>> failed: >>>>>>> >>>>>>> >>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>> Bridge ovirtbridge >>>>>>> Port "ovirtport0" >>>>>>> Interface "ovirtport0" >>>>>>> type: internal >>>>>>> Port ovirtbridge >>>>>>> Interface ovirtbridge >>>>>>> type: internal >>>>>>> Bridge "ovsbridge0" >>>>>>> Port "ovsbridge0" >>>>>>> Interface "ovsbridge0" >>>>>>> type: internal >>>>>>> Port "eth0" >>>>>>> Interface "eth0" >>>>>>> Bridge br-int >>>>>>> Port br-int >>>>>>> Interface br-int >>>>>>> type: internal >>>>>>> Port "vnet0" >>>>>>> Interface "vnet0" >>>>>>> ovs_version: "2.6.90" >>>>>>> >>>>>>> Searching through the code it appears that br-int comes from >>>>>>> neutron-openvswitch plugin ?? >>>>>>> >>>>>>> [root@h2 share]# rpm -qf >>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>> >>>>>>> >>>>>>> /Sverker >>>>>>> >>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>> >>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>> alias dummy0 dummy >>>>>>>> >>>>>>>> >>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>> Hi >>>>>>>>> I first tried to set device name to dummy_0, but then ifup did >>>>>>>>> not >>>>>>>>> succeed in creating the device unless I first did 'ip link add >>>>>>>>> dummy_0 type dummy' but then it would not suceed to establish >>>>>>>>> the if >>>>>>>>> on reboot. >>>>>>>>> >>>>>>>>> Setting fake_nics = dummy0 would not work neither, but this >>>>>>>>> works: >>>>>>>>> >>>>>>>>> fake_nics = dummy* >>>>>>>>> >>>>>>>>> The engine is now able to find the if and assign bridge >>>>>>>>> ovirtmgmt to >>>>>>>>> it. >>>>>>>>> >>>>>>>>> However, I then run into the next issue when starting a VM: >>>>>>>>> >>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: >>>>>>>>> null, >>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. >>>>>>>>> Exit >>>>>>>>> message: Cannot get interface MTU on 'br-int': No such device. >>>>>>>>> >>>>>>>>> This VM has a nic on ovirtbridge, which comes from the OVN >>>>>>>>> provider. >>>>>>>>> >>>>>>>>> /Sverker >>>>>>>>> >>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>> Sverker, >>>>>>>>>> >>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>> network using this vnic? >>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>> the setup. >>>>>>>>>> >>>>>>>>>> Marcin >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>> ovirtmgmt network >>>>>>>>>>> >>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has >>>>>>>>>>>> a port >>>>>>>>>>>> with >>>>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>>>> not >>>>>>>>>>>> visible. >>>>>>>>>>> I just verified and unfortunately the virtual ports are not >>>>>>>>>>> visible in engine >>>>>>>>>>> to assign a network to :( >>>>>>>>>>> I'm afraid that the engine is not ready for such a scenario >>>>>>>>>>> (even >>>>>>>>>>> if it >>>>>>>>>>> works). >>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>> network >>>>>>>>>>>> >>>>>>>>>>>> Hi Marcin >>>>>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see >>>>>>>>>>>> eth0 >>>>>>>>>>>> nor >>>>>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the >>>>>>>>>>>> network >>>>>>>>>>>> config >>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>> >>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has >>>>>>>>>>>> a port >>>>>>>>>>>> with >>>>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>>>> not >>>>>>>>>>>> visible. >>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>> >>>>>>>>>>>> The engine is able to communicate with the host on the ip >>>>>>>>>>>> it has >>>>>>>>>>>> been >>>>>>>>>>>> given, it's just that it believes that it HAS to have a >>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>> >>>>>>>>>>>> /Sverker >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>> >>>>>>>>>>>>> The management network is mandatory on each host. It's >>>>>>>>>>>>> used by >>>>>>>>>>>>> the >>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>> Looking at your description and the exception it looks >>>>>>>>>>>>> like it >>>>>>>>>>>>> is >>>>>>>>>>>>> missing. >>>>>>>>>>>>> The error is caused by not having any network for the host >>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>> which >>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>> vds_interface >>>>>>>>>>>>> table in the >>>>>>>>>>>>> DB). >>>>>>>>>>>>> >>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>> I >>>>>>>>>>>>> understand you >>>>>>>>>>>>> have no physical nic available) and use this for the >>>>>>>>>>>>> management >>>>>>>>>>>>> network? >>>>>>>>>>>>> >>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>>>>>> address. >>>>>>>>>>>>> I'm not quite sure I understand. Is this yet another >>>>>>>>>>>>> bridge >>>>>>>>>>>>> connected to >>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>> You could also attach the vnic for the management network >>>>>>>>>>>>> here >>>>>>>>>>>>> if need >>>>>>>>>>>>> be. >>>>>>>>>>>>> >>>>>>>>>>>>> Please keep in mind that OVN has no use in setting up the >>>>>>>>>>>>> management >>>>>>>>>>>>> network. >>>>>>>>>>>>> The OVN provider can only handle external networks, which >>>>>>>>>>>>> can >>>>>>>>>>>>> not be used >>>>>>>>>>>>> for a >>>>>>>>>>>>> management network. >>>>>>>>>>>>> >>>>>>>>>>>>> Marcin >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>> network >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi >>>>>>>>>>>>>> For long time I've been looking for proper support in >>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>> Open >>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>> so I'm happy that it is moving in the right direction. >>>>>>>>>>>>>> However, >>>>>>>>>>>>>> there >>>>>>>>>>>>>> seems >>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm >>>>>>>>>>>>>> unable >>>>>>>>>>>>>> to move >>>>>>>>>>>>>> that >>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>> >>>>>>>>>>>>>> The hosting center where I rent hw instances has a bit >>>>>>>>>>>>>> special >>>>>>>>>>>>>> network >>>>>>>>>>>>>> setup, >>>>>>>>>>>>>> so I have one physical network port with a /32 netmask >>>>>>>>>>>>>> and >>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>> config to router. The physical port I connect to a ovs >>>>>>>>>>>>>> bridge >>>>>>>>>>>>>> which has >>>>>>>>>>>>>> the >>>>>>>>>>>>>> public ip. Since ovirt always messes up the network >>>>>>>>>>>>>> config when >>>>>>>>>>>>>> I've >>>>>>>>>>>>>> tried >>>>>>>>>>>>>> to let it have access to the network config for the >>>>>>>>>>>>>> physical >>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>> set >>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>>>>>> address. With >>>>>>>>>>>>>> the >>>>>>>>>>>>>> OVN provider I am now able to import these into the >>>>>>>>>>>>>> engine and >>>>>>>>>>>>>> it looks >>>>>>>>>>>>>> good. When creating a VM I can select that it will have a >>>>>>>>>>>>>> vNic >>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>> >>>>>>>>>>>>>> However, I can't start the VM as an exception is thrown >>>>>>>>>>>>>> in the >>>>>>>>>>>>>> log: >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> at >>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>> >>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Looking at that section of code where the exception is >>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>> I see >>>>>>>>>>>>>> that >>>>>>>>>>>>>> it >>>>>>>>>>>>>> iterates over host networks to find required networks, >>>>>>>>>>>>>> which I >>>>>>>>>>>>>> assume is >>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see >>>>>>>>>>>>>> any >>>>>>>>>>>>>> networks at >>>>>>>>>>>>>> all >>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>>>>>>>>> networks but >>>>>>>>>>>>>> these >>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>> needed, >>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>> >>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt network >>>>>>>>>>>>>> or >>>>>>>>>>>>>> configure >>>>>>>>>>>>>> that >>>>>>>>>>>>>> it >>>>>>>>>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>> >>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Users mailing list >>>>>>>>>>> Users@ovirt.org >>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Users mailing list >>>>>>>>> Users@ovirt.org >>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>> _______________________________________________ >>>>>>>> Users mailing list >>>>>>>> Users@ovirt.org >>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> Users@ovirt.org >>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@ovirt.org >>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------794D87219F07BADE8F7C37F0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit 1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far. As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels. 2. On https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's. It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network. /Sverker Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:
Hi,
The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it, attaching the management network to the bridge. This was the reason for creating the bridge (the recommended setup would be to used a separate physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels.
In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported).
What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway?
/Sverker
Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:
Sverker,
br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created).
The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique" <nusiddiq@redhat.com> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int.
Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants
/Sverker
Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:
When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp.
/Sverker
Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:
By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now.
It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge??
/Sverker
Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: > The specific command most likely fails because there is no chain > named libvirt-J-vnet0, but when should that have been created? > /Sverker > > -------- Vidarebefordrat meddelande -------- > Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt > network > Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) > Från: Marcin Mirecki <mmirecki@redhat.com> > Till: Sverker Abrahamsson <sverker@abrahamsson.com> > Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson > <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com> > > > > Let me add the OVN team. > > Lance, Numan, > > Can you please look at this? > > Trying to plug a vNIC results in: >>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>>>>> ovs-vsctl >>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>>>>> vnet0 -- >>>>>>>> set Interface vnet0 >>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>> -- set Interface vnet0 >>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>> -- >>>>>>>> set Interface vnet0 >>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- >>>>>>>> set >>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>>> -j >>>>>>>> libvirt-J-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: > More details below > > > ----- Original Message ----- >> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >> To: "Marcin Mirecki"<mmirecki@redhat.com> >> Cc: "Ovirt Users"<users@ovirt.org> >> Sent: Thursday, December 29, 2016 1:42:11 PM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >> network >> >> Hi >> Same problem still.. >> /Sverker >> >> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>> Hi, >>> >>> The tunnels are created to connect multiple OVN controllers. >>> If there is only one, there is no need for the tunnels, so none >>> will be created, this is the correct behavior. >>> >>> Does the problem still occur after setting configuring the >>> OVN-controller? >>> >>> Marcin >>> >>> ----- Original Message ----- >>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>> Cc: "Ovirt Users"<users@ovirt.org> >>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt >>>> network >>>> >>>> Hi >>>> The rpm packages you listed in the other mail are installed but I >>>> had >>>> not run vdsm-tool ovn-config to create tunnel as the OVN controller >>>> is >>>> on the same host. >>>> >>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>> [root@h2 ~]# rpm -q python-openvswitch >>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>> >>>> After removing my manually created br-int and run >>>> >>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>> >>>> then I have the br-int but 'ip link show' does not show any link >>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume >>>> these >>>> are when there is an actual tunnel? >>>> >>>> [root@h2 ~]# ovs-vsctl show >>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>> Bridge br-int >>>> fail_mode: secure >>>> Port br-int >>>> Interface br-int >>>> type: internal >>>> Bridge ovirtbridge >>>> Port ovirtbridge >>>> Interface ovirtbridge >>>> type: internal >>>> Bridge "ovsbridge0" >>>> Port "ovsbridge0" >>>> Interface "ovsbridge0" >>>> type: internal >>>> Port "eth0" >>>> Interface "eth0" >>>> ovs_version: "2.6.90" >>>> >>>> [root@h2 ~]# ip link show >>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN >>>> mode >>>> DEFAULT qlen 1 >>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN >>>> mode >>>> DEFAULT qlen 1000 >>>> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff >>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>> noqueue >>>> state UNKNOWN mode DEFAULT qlen 1000 >>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode >>>> DEFAULT qlen 1000 >>>> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff >>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>> noqueue >>>> state UNKNOWN mode DEFAULT qlen 1000 >>>> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff >>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue >>>> master >>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>> noqueue >>>> state UP mode DEFAULT qlen 1000 >>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>> >>>> Firewall settings: >>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>> work >>>> target: default >>>> icmp-block-inversion: no >>>> interfaces: >>>> sources: >>>> services: dhcpv6-client ssh >>>> ports: >>>> protocols: >>>> masquerade: no >>>> forward-ports: >>>> sourceports: >>>> icmp-blocks: >>>> rich rules: >>>> >>>> >>>> drop >>>> target: DROP >>>> icmp-block-inversion: no >>>> interfaces: >>>> sources: >>>> services: >>>> ports: >>>> protocols: >>>> masquerade: no >>>> forward-ports: >>>> sourceports: >>>> icmp-blocks: >>>> rich rules: >>>> >>>> >>>> internal >>>> target: default >>>> icmp-block-inversion: no >>>> interfaces: >>>> sources: >>>> services: dhcpv6-client mdns samba-client ssh >>>> ports: >>>> protocols: >>>> masquerade: no >>>> forward-ports: >>>> sourceports: >>>> icmp-blocks: >>>> rich rules: >>>> >>>> >>>> external >>>> target: default >>>> icmp-block-inversion: no >>>> interfaces: >>>> sources: >>>> services: ssh >>>> ports: >>>> protocols: >>>> masquerade: yes >>>> forward-ports: >>>> sourceports: >>>> icmp-blocks: >>>> rich rules: >>>> >>>> >>>> trusted >>>> target: ACCEPT >>>> icmp-block-inversion: no >>>> interfaces: >>>> sources: >>>> services: >>>> ports: >>>> protocols: >>>> masquerade: no >>>> forward-ports: >>>> sourceports: >>>> icmp-blocks: >>>> rich rules: >>>> >>>> >>>> home >>>> target: default >>>> icmp-block-inversion: no >>>> interfaces: >>>> sources: >>>> services: dhcpv6-client mdns samba-client ssh >>>> ports: >>>> protocols: >>>> masquerade: no >>>> forward-ports: >>>> sourceports: >>>> icmp-blocks: >>>> rich rules: >>>> >>>> >>>> dmz >>>> target: default >>>> icmp-block-inversion: no >>>> interfaces: >>>> sources: >>>> services: ssh >>>> ports: >>>> protocols: >>>> masquerade: no >>>> forward-ports: >>>> sourceports: >>>> icmp-blocks: >>>> rich rules: >>>> >>>> >>>> public (active) >>>> target: default >>>> icmp-block-inversion: no >>>> interfaces: eth0 ovsbridge0 >>>> sources: >>>> services: dhcpv6-client ssh >>>> ports: >>>> protocols: >>>> masquerade: no >>>> forward-ports: >>>> sourceports: >>>> icmp-blocks: >>>> rich rules: >>>> >>>> >>>> block >>>> target: %%REJECT%% >>>> icmp-block-inversion: no >>>> interfaces: >>>> sources: >>>> services: >>>> ports: >>>> protocols: >>>> masquerade: no >>>> forward-ports: >>>> sourceports: >>>> icmp-blocks: >>>> rich rules: >>>> >>>> >>>> ovirt (active) >>>> target: default >>>> icmp-block-inversion: no >>>> interfaces: ovirtbridge ovirtmgmt >>>> sources: >>>> services: dhcp ovirt-fence-kdump-listener ovirt-http >>>> ovirt-https >>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>> ports: >>>> protocols: >>>> masquerade: yes >>>> forward-ports: >>>> sourceports: >>>> icmp-blocks: >>>> rich rules: >>>> rule family="ipv4" port port="6641" protocol="tcp" accept >>>> rule family="ipv4" port port="6642" protocol="tcp" accept >>>> >>>> The db dump is attached >>>> /Sverker >>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>> Hi, >>>>> >>>>> Can you please do: "sudo ovsdb-client dump" >>>>> on the host and send me the output? >>>>> >>>>> Have you configured the ovn controller to connect to the >>>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>>> using the OVN tools directly. >>>>> Please check >>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>> for details. >>>>> >>>>> Also please note that the OVN provider is completely different >>>>> from the neutron-openvswitch plugin. Please don't mix the two. >>>>> >>>>> Marcin >>>>> >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt >>>>>> network >>>>>> >>>>>> Hi, >>>>>> >>>>>> br-int is the OVN integration bridge, it should have been created >>>>>> when installing OVN. I assume you have the following packages >>>>>> installed >>>>>> on the host: >>>>>> openvswitch-ovn-common >>>>>> openvswitch-ovn-host >>>>>> python-openvswitch >>>>>> >>>>>> Please give me some time to look at the connectivity problem. >>>>>> >>>>>> Marcin >>>>>> >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt >>>>>>> network >>>>>>> >>>>>>> From >>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>> >>>>>>> BRIDGE_NAME = 'br-int' >>>>>>> >>>>>>> >>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>>> Googling on the message about br-int suggested adding that >>>>>>>> bridge to >>>>>>>> ovs: >>>>>>>> >>>>>>>> ovs-vsctl add-br br-int >>>>>>>> >>>>>>>> Then the VM is able to boot, but it fails to get network >>>>>>>> connectivity. >>>>>>>> Output in /var/log/messages: >>>>>>>> >>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>>>>> ovs-vsctl >>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>>>>> vnet0 -- >>>>>>>> set Interface vnet0 >>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>> -- set Interface vnet0 >>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>> -- >>>>>>>> set Interface vnet0 >>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- >>>>>>>> set >>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>>> -j >>>>>>>> libvirt-J-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 >>>>>>>> -j >>>>>>>> libvirt-P-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>> --physdev-out >>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in >>>>>>>> vnet0 >>>>>>>> -g FI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>>>>> --physdev-in >>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>> --physdev-out >>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>>> --physdev-in >>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev >>>>>>>> --physdev-in >>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>>> -j >>>>>>>> libvirt-I-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 >>>>>>>> -j >>>>>>>> libvirt-O-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 >>>>>>>> libvirt-O-vnet0' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' >>>>>>>> failed: >>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' >>>>>>>> failed: >>>>>>>> >>>>>>>> >>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>> Bridge ovirtbridge >>>>>>>> Port "ovirtport0" >>>>>>>> Interface "ovirtport0" >>>>>>>> type: internal >>>>>>>> Port ovirtbridge >>>>>>>> Interface ovirtbridge >>>>>>>> type: internal >>>>>>>> Bridge "ovsbridge0" >>>>>>>> Port "ovsbridge0" >>>>>>>> Interface "ovsbridge0" >>>>>>>> type: internal >>>>>>>> Port "eth0" >>>>>>>> Interface "eth0" >>>>>>>> Bridge br-int >>>>>>>> Port br-int >>>>>>>> Interface br-int >>>>>>>> type: internal >>>>>>>> Port "vnet0" >>>>>>>> Interface "vnet0" >>>>>>>> ovs_version: "2.6.90" >>>>>>>> >>>>>>>> Searching through the code it appears that br-int comes from >>>>>>>> neutron-openvswitch plugin ?? >>>>>>>> >>>>>>>> [root@h2 share]# rpm -qf >>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>> >>>>>>>> >>>>>>>> /Sverker >>>>>>>> >>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>> >>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>> alias dummy0 dummy >>>>>>>>> >>>>>>>>> >>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>>> Hi >>>>>>>>>> I first tried to set device name to dummy_0, but then ifup did >>>>>>>>>> not >>>>>>>>>> succeed in creating the device unless I first did 'ip link add >>>>>>>>>> dummy_0 type dummy' but then it would not suceed to establish >>>>>>>>>> the if >>>>>>>>>> on reboot. >>>>>>>>>> >>>>>>>>>> Setting fake_nics = dummy0 would not work neither, but this >>>>>>>>>> works: >>>>>>>>>> >>>>>>>>>> fake_nics = dummy* >>>>>>>>>> >>>>>>>>>> The engine is now able to find the if and assign bridge >>>>>>>>>> ovirtmgmt to >>>>>>>>>> it. >>>>>>>>>> >>>>>>>>>> However, I then run into the next issue when starting a VM: >>>>>>>>>> >>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: >>>>>>>>>> null, >>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. >>>>>>>>>> Exit >>>>>>>>>> message: Cannot get interface MTU on 'br-int': No such device. >>>>>>>>>> >>>>>>>>>> This VM has a nic on ovirtbridge, which comes from the OVN >>>>>>>>>> provider. >>>>>>>>>> >>>>>>>>>> /Sverker >>>>>>>>>> >>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>> Sverker, >>>>>>>>>>> >>>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>>> network using this vnic? >>>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>>> the setup. >>>>>>>>>>> >>>>>>>>>>> Marcin >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>> >>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has >>>>>>>>>>>>> a port >>>>>>>>>>>>> with >>>>>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>>>>> not >>>>>>>>>>>>> visible. >>>>>>>>>>>> I just verified and unfortunately the virtual ports are not >>>>>>>>>>>> visible in engine >>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>> I'm afraid that the engine is not ready for such a scenario >>>>>>>>>>>> (even >>>>>>>>>>>> if it >>>>>>>>>>>> works). >>>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>> network >>>>>>>>>>>>> >>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see >>>>>>>>>>>>> eth0 >>>>>>>>>>>>> nor >>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the >>>>>>>>>>>>> network >>>>>>>>>>>>> config >>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>> >>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which has >>>>>>>>>>>>> a port >>>>>>>>>>>>> with >>>>>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>>>>> not >>>>>>>>>>>>> visible. >>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>> >>>>>>>>>>>>> The engine is able to communicate with the host on the ip >>>>>>>>>>>>> it has >>>>>>>>>>>>> been >>>>>>>>>>>>> given, it's just that it believes that it HAS to have a >>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>> >>>>>>>>>>>>> /Sverker >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>> >>>>>>>>>>>>>> The management network is mandatory on each host. It's >>>>>>>>>>>>>> used by >>>>>>>>>>>>>> the >>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>> Looking at your description and the exception it looks >>>>>>>>>>>>>> like it >>>>>>>>>>>>>> is >>>>>>>>>>>>>> missing. >>>>>>>>>>>>>> The error is caused by not having any network for the host >>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>> which >>>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>> table in the >>>>>>>>>>>>>> DB). >>>>>>>>>>>>>> >>>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>> I >>>>>>>>>>>>>> understand you >>>>>>>>>>>>>> have no physical nic available) and use this for the >>>>>>>>>>>>>> management >>>>>>>>>>>>>> network? >>>>>>>>>>>>>> >>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>>>>>>> address. >>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet another >>>>>>>>>>>>>> bridge >>>>>>>>>>>>>> connected to >>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>> You could also attach the vnic for the management network >>>>>>>>>>>>>> here >>>>>>>>>>>>>> if need >>>>>>>>>>>>>> be. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Please keep in mind that OVN has no use in setting up the >>>>>>>>>>>>>> management >>>>>>>>>>>>>> network. >>>>>>>>>>>>>> The OVN provider can only handle external networks, which >>>>>>>>>>>>>> can >>>>>>>>>>>>>> not be used >>>>>>>>>>>>>> for a >>>>>>>>>>>>>> management network. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>> For long time I've been looking for proper support in >>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>> so I'm happy that it is moving in the right direction. >>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>> there >>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm >>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>> that >>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The hosting center where I rent hw instances has a bit >>>>>>>>>>>>>>> special >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>> so I have one physical network port with a /32 netmask >>>>>>>>>>>>>>> and >>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>> config to router. The physical port I connect to a ovs >>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>> the >>>>>>>>>>>>>>> public ip. Since ovirt always messes up the network >>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>> to let it have access to the network config for the >>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>> set >>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a private >>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>> the >>>>>>>>>>>>>>> OVN provider I am now able to import these into the >>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>> good. When creating a VM I can select that it will have a >>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> However, I can't start the VM as an exception is thrown >>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> at >>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Looking at that section of code where the exception is >>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>> that >>>>>>>>>>>>>>> it >>>>>>>>>>>>>>> iterates over host networks to find required networks, >>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see >>>>>>>>>>>>>>> any >>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>> all >>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also list the OVN >>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>> these >>>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt network >>>>>>>>>>>>>>> or >>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>> that >>>>>>>>>>>>>>> it >>>>>>>>>>>>>>> is provided by the OVN provider, but neither is possible. >>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Users mailing list >>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Users mailing list >>>>>>>>>> Users@ovirt.org >>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>> _______________________________________________ >>>>>>>>> Users mailing list >>>>>>>>> Users@ovirt.org >>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>> _______________________________________________ >>>>>>>> Users mailing list >>>>>>>> Users@ovirt.org >>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> Users@ovirt.org >>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>> > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------794D87219F07BADE8F7C37F0 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far.<br> </p> <p>As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels.</p> <p>2. On <a class="moz-txt-link-freetext" href="https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/">https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/</a> there is instructions how to add an OVS bridge to OVN with <code>ovn-nbctl ls-add <network name></code>. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's.</p> <p>It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network.</p> <p>/Sverker<br> </p> <div class="moz-cite-prefix">Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:<br> </div> <blockquote cite="mid:1657129865.5883785.1483108446741.JavaMail.zimbra@redhat.com" type="cite"> <pre wrap="">Hi, The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it, attaching the management network to the bridge. This was the reason for creating the bridge (the recommended setup would be to used a separate physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels. In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported). </pre> <blockquote type="cite"> <pre wrap="">What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM </pre> </blockquote> <pre wrap=""> I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway? /Sverker Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Sverker, br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created). The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a>, "Numan Siddique" <a class="moz-txt-link-rfc2396E" href="mailto:nusiddiq@redhat.com"><nusiddiq@redhat.com></a> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int. Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants /Sverker Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp. /Sverker Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now. It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge?? /Sverker Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker -------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Till: Sverker Abrahamsson <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> Kopia: Ovirt Users <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a>, Lance Richardson <a class="moz-txt-link-rfc2396E" href="mailto:lrichard@redhat.com"><lrichard@redhat.com></a>, Numan Siddique <a class="moz-txt-link-rfc2396E" href="mailto:nusiddiq@redhat.com"><nusiddiq@redhat.com></a> Let me add the OVN team. Lance, Numan, Can you please look at this? Trying to plug a vNIC results in: </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: </pre> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> <pre wrap="">More details below ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi Same problem still.. /Sverker Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi, The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior. Does the problem still occur after setting configuring the OVN-controller? Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host. [root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch After removing my manually created br-int and run vdsm-tool ovn-config 127.0.0.1 172.27.1.1 then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel? [root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90" [root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi, Can you please do: "sudo ovsdb-client dump" on the host and send me the output? Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out:<a class="moz-txt-link-freetext" href="https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/">https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/</a> for details. Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> To: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi, br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch Please give me some time to look at the connectivity problem. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm): BRIDGE_NAME = 'br-int' Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">Googling on the message about br-int suggested adding that bridge to ovs: ovs-vsctl add-br br-int Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages: Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: [root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90" Searching through the code it appears that br-int comes from neutron-openvswitch plugin ?? [root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch /Sverker Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">In addition I had to add an alias to modprobe: [root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot. Setting fake_nics = dummy0 would not work neither, but this works: fake_nics = dummy* The engine is now able to find the if and assign bridge ovirtmgmt to it. However, I then run into the next issue when starting a VM: 2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device. This VM has a nic on ovirtbridge, which comes from the OVN provider. /Sverker Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Sverker, Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> To: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network </pre> <blockquote type="cite"> <pre wrap="">I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. </pre> </blockquote> <pre wrap="">I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution. ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable. I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt. The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN. /Sverker Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi Sverker, The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB). Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network? </pre> <blockquote type="cite"> <pre wrap="">I then create a bridge for use with ovirt, with a private address. </pre> </blockquote> <pre wrap="">I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be. Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> <a class="moz-txt-link-abbreviated" href="mailto:To:users@ovirt.org">To:users@ovirt.org</a> Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider. The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf. I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge. However, I can't start the VM as an exception is thrown in the log: 2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:] Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine. I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure. /Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> </blockquote> </blockquote> <pre wrap=""> </pre> </blockquote> <pre wrap=""> _______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap=""> _______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap=""> _______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap=""> </pre> </blockquote> </blockquote> <pre wrap=""> </pre> </blockquote> <pre wrap=""> </pre> </blockquote> <br> </body> </html> --------------794D87219F07BADE8F7C37F0--
1. Why not use your physical nic for ovirtmgmt then? 2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider. Please look at: http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ You can get the latest rpms from here: http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov... ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 4:25:58 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far.
As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels.
2. On https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's.
It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network.
/Sverker
Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:
Hi,
The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it, attaching the management network to the bridge. This was the reason for creating the bridge (the recommended setup would be to used a separate physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels.
In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported).
What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway?
/Sverker
Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:
Sverker,
br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created).
The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique" <nusiddiq@redhat.com> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int.
Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants
/Sverker
Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:
When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp.
/Sverker
Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: > By default the vNic profile of my OVN bridge ovirtbridge gets a > Network filter named vdsm-no-mac-spoofing. If I instead set No filter > then I don't get those ebtables / iptables messages. It seems that > there is some issue between ovirt/vdsm and firewalld, which we can > put to the side for now. > > It is not clear for me why the port is added on br-int instead of the > bridge I've assigned to the VM, which is ovirtbridge?? > > /Sverker > > Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >> The specific command most likely fails because there is no chain >> named libvirt-J-vnet0, but when should that have been created? >> /Sverker >> >> -------- Vidarebefordrat meddelande -------- >> Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >> network >> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >> Från: Marcin Mirecki <mmirecki@redhat.com> >> Till: Sverker Abrahamsson <sverker@abrahamsson.com> >> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson >> <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com> >> >> >> >> Let me add the OVN team. >> >> Lance, Numan, >> >> Can you please look at this? >> >> Trying to plug a vNIC results in: >>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>>>>>> ovs-vsctl >>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>>>>>> vnet0 -- >>>>>>>>> set Interface vnet0 >>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>> -- set Interface vnet0 >>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>> -- >>>>>>>>> set Interface vnet0 >>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>> -- >>>>>>>>> set >>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous >>>>>>>>> mode >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>>>> -j >>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >> More details below >> >> >> ----- Original Message ----- >>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>> Cc: "Ovirt Users"<users@ovirt.org> >>> Sent: Thursday, December 29, 2016 1:42:11 PM >>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>> ovirtmgmt >>> network >>> >>> Hi >>> Same problem still.. >>> /Sverker >>> >>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>> Hi, >>>> >>>> The tunnels are created to connect multiple OVN controllers. >>>> If there is only one, there is no need for the tunnels, so none >>>> will be created, this is the correct behavior. >>>> >>>> Does the problem still occur after setting configuring the >>>> OVN-controller? >>>> >>>> Marcin >>>> >>>> ----- Original Message ----- >>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt >>>>> network >>>>> >>>>> Hi >>>>> The rpm packages you listed in the other mail are installed but I >>>>> had >>>>> not run vdsm-tool ovn-config to create tunnel as the OVN >>>>> controller >>>>> is >>>>> on the same host. >>>>> >>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>> >>>>> After removing my manually created br-int and run >>>>> >>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>> >>>>> then I have the br-int but 'ip link show' does not show any link >>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume >>>>> these >>>>> are when there is an actual tunnel? >>>>> >>>>> [root@h2 ~]# ovs-vsctl show >>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>> Bridge br-int >>>>> fail_mode: secure >>>>> Port br-int >>>>> Interface br-int >>>>> type: internal >>>>> Bridge ovirtbridge >>>>> Port ovirtbridge >>>>> Interface ovirtbridge >>>>> type: internal >>>>> Bridge "ovsbridge0" >>>>> Port "ovsbridge0" >>>>> Interface "ovsbridge0" >>>>> type: internal >>>>> Port "eth0" >>>>> Interface "eth0" >>>>> ovs_version: "2.6.90" >>>>> >>>>> [root@h2 ~]# ip link show >>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state >>>>> UNKNOWN >>>>> mode >>>>> DEFAULT qlen 1 >>>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>> pfifo_fast >>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state >>>>> DOWN >>>>> mode >>>>> DEFAULT qlen 1000 >>>>> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff >>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>> noqueue >>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN >>>>> mode >>>>> DEFAULT qlen 1000 >>>>> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff >>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>> noqueue >>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff >>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue >>>>> master >>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>> noqueue >>>>> state UP mode DEFAULT qlen 1000 >>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>> >>>>> Firewall settings: >>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>> work >>>>> target: default >>>>> icmp-block-inversion: no >>>>> interfaces: >>>>> sources: >>>>> services: dhcpv6-client ssh >>>>> ports: >>>>> protocols: >>>>> masquerade: no >>>>> forward-ports: >>>>> sourceports: >>>>> icmp-blocks: >>>>> rich rules: >>>>> >>>>> >>>>> drop >>>>> target: DROP >>>>> icmp-block-inversion: no >>>>> interfaces: >>>>> sources: >>>>> services: >>>>> ports: >>>>> protocols: >>>>> masquerade: no >>>>> forward-ports: >>>>> sourceports: >>>>> icmp-blocks: >>>>> rich rules: >>>>> >>>>> >>>>> internal >>>>> target: default >>>>> icmp-block-inversion: no >>>>> interfaces: >>>>> sources: >>>>> services: dhcpv6-client mdns samba-client ssh >>>>> ports: >>>>> protocols: >>>>> masquerade: no >>>>> forward-ports: >>>>> sourceports: >>>>> icmp-blocks: >>>>> rich rules: >>>>> >>>>> >>>>> external >>>>> target: default >>>>> icmp-block-inversion: no >>>>> interfaces: >>>>> sources: >>>>> services: ssh >>>>> ports: >>>>> protocols: >>>>> masquerade: yes >>>>> forward-ports: >>>>> sourceports: >>>>> icmp-blocks: >>>>> rich rules: >>>>> >>>>> >>>>> trusted >>>>> target: ACCEPT >>>>> icmp-block-inversion: no >>>>> interfaces: >>>>> sources: >>>>> services: >>>>> ports: >>>>> protocols: >>>>> masquerade: no >>>>> forward-ports: >>>>> sourceports: >>>>> icmp-blocks: >>>>> rich rules: >>>>> >>>>> >>>>> home >>>>> target: default >>>>> icmp-block-inversion: no >>>>> interfaces: >>>>> sources: >>>>> services: dhcpv6-client mdns samba-client ssh >>>>> ports: >>>>> protocols: >>>>> masquerade: no >>>>> forward-ports: >>>>> sourceports: >>>>> icmp-blocks: >>>>> rich rules: >>>>> >>>>> >>>>> dmz >>>>> target: default >>>>> icmp-block-inversion: no >>>>> interfaces: >>>>> sources: >>>>> services: ssh >>>>> ports: >>>>> protocols: >>>>> masquerade: no >>>>> forward-ports: >>>>> sourceports: >>>>> icmp-blocks: >>>>> rich rules: >>>>> >>>>> >>>>> public (active) >>>>> target: default >>>>> icmp-block-inversion: no >>>>> interfaces: eth0 ovsbridge0 >>>>> sources: >>>>> services: dhcpv6-client ssh >>>>> ports: >>>>> protocols: >>>>> masquerade: no >>>>> forward-ports: >>>>> sourceports: >>>>> icmp-blocks: >>>>> rich rules: >>>>> >>>>> >>>>> block >>>>> target: %%REJECT%% >>>>> icmp-block-inversion: no >>>>> interfaces: >>>>> sources: >>>>> services: >>>>> ports: >>>>> protocols: >>>>> masquerade: no >>>>> forward-ports: >>>>> sourceports: >>>>> icmp-blocks: >>>>> rich rules: >>>>> >>>>> >>>>> ovirt (active) >>>>> target: default >>>>> icmp-block-inversion: no >>>>> interfaces: ovirtbridge ovirtmgmt >>>>> sources: >>>>> services: dhcp ovirt-fence-kdump-listener ovirt-http >>>>> ovirt-https >>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>> ports: >>>>> protocols: >>>>> masquerade: yes >>>>> forward-ports: >>>>> sourceports: >>>>> icmp-blocks: >>>>> rich rules: >>>>> rule family="ipv4" port port="6641" protocol="tcp" >>>>> accept >>>>> rule family="ipv4" port port="6642" protocol="tcp" >>>>> accept >>>>> >>>>> The db dump is attached >>>>> /Sverker >>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>> Hi, >>>>>> >>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>> on the host and send me the output? >>>>>> >>>>>> Have you configured the ovn controller to connect to the >>>>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>>>> using the OVN tools directly. >>>>>> Please check >>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>> for details. >>>>>> >>>>>> Also please note that the OVN provider is completely different >>>>>> from the neutron-openvswitch plugin. Please don't mix the two. >>>>>> >>>>>> Marcin >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt >>>>>>> network >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> br-int is the OVN integration bridge, it should have been >>>>>>> created >>>>>>> when installing OVN. I assume you have the following packages >>>>>>> installed >>>>>>> on the host: >>>>>>> openvswitch-ovn-common >>>>>>> openvswitch-ovn-host >>>>>>> python-openvswitch >>>>>>> >>>>>>> Please give me some time to look at the connectivity problem. >>>>>>> >>>>>>> Marcin >>>>>>> >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt >>>>>>>> network >>>>>>>> >>>>>>>> From >>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>> >>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>> >>>>>>>> >>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>>>> Googling on the message about br-int suggested adding that >>>>>>>>> bridge to >>>>>>>>> ovs: >>>>>>>>> >>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>> >>>>>>>>> Then the VM is able to boot, but it fails to get network >>>>>>>>> connectivity. >>>>>>>>> Output in /var/log/messages: >>>>>>>>> >>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>>>>>> ovs-vsctl >>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>>>>>> vnet0 -- >>>>>>>>> set Interface vnet0 >>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>> -- set Interface vnet0 >>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>> -- >>>>>>>>> set Interface vnet0 >>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>> -- >>>>>>>>> set >>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous >>>>>>>>> mode >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>>>> -j >>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o >>>>>>>>> vnet0 >>>>>>>>> -j >>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>> --physdev-out >>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev >>>>>>>>> --physdev-in >>>>>>>>> vnet0 >>>>>>>>> -g FI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>>>>>> --physdev-in >>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>> --physdev-out >>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>>>> --physdev-in >>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev >>>>>>>>> --physdev-in >>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>>>> -j >>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o >>>>>>>>> vnet0 >>>>>>>>> -j >>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 >>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' >>>>>>>>> failed: >>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' >>>>>>>>> failed: >>>>>>>>> >>>>>>>>> >>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>> Bridge ovirtbridge >>>>>>>>> Port "ovirtport0" >>>>>>>>> Interface "ovirtport0" >>>>>>>>> type: internal >>>>>>>>> Port ovirtbridge >>>>>>>>> Interface ovirtbridge >>>>>>>>> type: internal >>>>>>>>> Bridge "ovsbridge0" >>>>>>>>> Port "ovsbridge0" >>>>>>>>> Interface "ovsbridge0" >>>>>>>>> type: internal >>>>>>>>> Port "eth0" >>>>>>>>> Interface "eth0" >>>>>>>>> Bridge br-int >>>>>>>>> Port br-int >>>>>>>>> Interface br-int >>>>>>>>> type: internal >>>>>>>>> Port "vnet0" >>>>>>>>> Interface "vnet0" >>>>>>>>> ovs_version: "2.6.90" >>>>>>>>> >>>>>>>>> Searching through the code it appears that br-int comes from >>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>> >>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>> >>>>>>>>> >>>>>>>>> /Sverker >>>>>>>>> >>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>> >>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>> alias dummy0 dummy >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>>>> Hi >>>>>>>>>>> I first tried to set device name to dummy_0, but then ifup >>>>>>>>>>> did >>>>>>>>>>> not >>>>>>>>>>> succeed in creating the device unless I first did 'ip link >>>>>>>>>>> add >>>>>>>>>>> dummy_0 type dummy' but then it would not suceed to >>>>>>>>>>> establish >>>>>>>>>>> the if >>>>>>>>>>> on reboot. >>>>>>>>>>> >>>>>>>>>>> Setting fake_nics = dummy0 would not work neither, but this >>>>>>>>>>> works: >>>>>>>>>>> >>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>> >>>>>>>>>>> The engine is now able to find the if and assign bridge >>>>>>>>>>> ovirtmgmt to >>>>>>>>>>> it. >>>>>>>>>>> >>>>>>>>>>> However, I then run into the next issue when starting a VM: >>>>>>>>>>> >>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call >>>>>>>>>>> Stack: >>>>>>>>>>> null, >>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. >>>>>>>>>>> Exit >>>>>>>>>>> message: Cannot get interface MTU on 'br-int': No such >>>>>>>>>>> device. >>>>>>>>>>> >>>>>>>>>>> This VM has a nic on ovirtbridge, which comes from the OVN >>>>>>>>>>> provider. >>>>>>>>>>> >>>>>>>>>>> /Sverker >>>>>>>>>>> >>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>> Sverker, >>>>>>>>>>>> >>>>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>>>> network using this vnic? >>>>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>>>> the setup. >>>>>>>>>>>> >>>>>>>>>>>> Marcin >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>> mandatory >>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>> >>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which >>>>>>>>>>>>>> has >>>>>>>>>>>>>> a port >>>>>>>>>>>>>> with >>>>>>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>>>>>> not >>>>>>>>>>>>>> visible. >>>>>>>>>>>>> I just verified and unfortunately the virtual ports are >>>>>>>>>>>>> not >>>>>>>>>>>>> visible in engine >>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>> I'm afraid that the engine is not ready for such a >>>>>>>>>>>>> scenario >>>>>>>>>>>>> (even >>>>>>>>>>>>> if it >>>>>>>>>>>>> works). >>>>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>> network >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see >>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>> nor >>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the >>>>>>>>>>>>>> network >>>>>>>>>>>>>> config >>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>> >>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which >>>>>>>>>>>>>> has >>>>>>>>>>>>>> a port >>>>>>>>>>>>>> with >>>>>>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>>>>>> not >>>>>>>>>>>>>> visible. >>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>> >>>>>>>>>>>>>> The engine is able to communicate with the host on the ip >>>>>>>>>>>>>> it has >>>>>>>>>>>>>> been >>>>>>>>>>>>>> given, it's just that it believes that it HAS to have a >>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>> >>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The management network is mandatory on each host. It's >>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>> the >>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>> Looking at your description and the exception it looks >>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>> is >>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>> The error is caused by not having any network for the >>>>>>>>>>>>>>> host >>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>> which >>>>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>> I >>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>> have no physical nic available) and use this for the >>>>>>>>>>>>>>> management >>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet another >>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>> You could also attach the vnic for the management >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> here >>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Please keep in mind that OVN has no use in setting up >>>>>>>>>>>>>>> the >>>>>>>>>>>>>>> management >>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>> The OVN provider can only handle external networks, >>>>>>>>>>>>>>> which >>>>>>>>>>>>>>> can >>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>> For long time I've been looking for proper support in >>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>> so I'm happy that it is moving in the right direction. >>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm >>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The hosting center where I rent hw instances has a bit >>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>> so I have one physical network port with a /32 netmask >>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>> config to router. The physical port I connect to a ovs >>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the network >>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>> to let it have access to the network config for the >>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>> OVN provider I am now able to import these into the >>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>> good. When creating a VM I can select that it will have >>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> However, I can't start the VM as an exception is thrown >>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Looking at that section of code where the exception is >>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>> iterates over host networks to find required networks, >>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see >>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also list the >>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>> is provided by the OVN provider, but neither is >>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Users mailing list >>>>>>>>>>> Users@ovirt.org >>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>> _______________________________________________ >>>>>>>>>> Users mailing list >>>>>>>>>> Users@ovirt.org >>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>> _______________________________________________ >>>>>>>>> Users mailing list >>>>>>>>> Users@ovirt.org >>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> Users@ovirt.org >>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work 2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached: First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post. The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes. Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's. /Sverker Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki:
1. Why not use your physical nic for ovirtmgmt then?
2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider.
Please look at: http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ You can get the latest rpms from here: http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov...
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 4:25:58 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far.
As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels.
2. On https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's.
It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network.
/Sverker
Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:
Hi,
The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it, attaching the management network to the bridge. This was the reason for creating the bridge (the recommended setup would be to used a separate physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels.
In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported).
What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway?
/Sverker
Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:
Sverker,
br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created).
The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique" <nusiddiq@redhat.com> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int.
Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants
/Sverker
Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: > When I change > /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook > to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then > I get the expected behaviour and I get a working network connectivity > in my VM with IP provided by dhcp. > > /Sverker > > Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >> By default the vNic profile of my OVN bridge ovirtbridge gets a >> Network filter named vdsm-no-mac-spoofing. If I instead set No filter >> then I don't get those ebtables / iptables messages. It seems that >> there is some issue between ovirt/vdsm and firewalld, which we can >> put to the side for now. >> >> It is not clear for me why the port is added on br-int instead of the >> bridge I've assigned to the VM, which is ovirtbridge?? >> >> /Sverker >> >> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>> The specific command most likely fails because there is no chain >>> named libvirt-J-vnet0, but when should that have been created? >>> /Sverker >>> >>> -------- Vidarebefordrat meddelande -------- >>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt >>> network >>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>> Från: Marcin Mirecki <mmirecki@redhat.com> >>> Till: Sverker Abrahamsson <sverker@abrahamsson.com> >>> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson >>> <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com> >>> >>> >>> >>> Let me add the OVN team. >>> >>> Lance, Numan, >>> >>> Can you please look at this? >>> >>> Trying to plug a vNIC results in: >>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>>>>>>> ovs-vsctl >>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>>>>>>> vnet0 -- >>>>>>>>>> set Interface vnet0 >>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>> -- set Interface vnet0 >>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>> -- >>>>>>>>>> set Interface vnet0 >>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>> -- >>>>>>>>>> set >>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous >>>>>>>>>> mode >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>>>>> -j >>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>> More details below >>> >>> >>> ----- Original Message ----- >>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>> Cc: "Ovirt Users"<users@ovirt.org> >>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt >>>> network >>>> >>>> Hi >>>> Same problem still.. >>>> /Sverker >>>> >>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>> Hi, >>>>> >>>>> The tunnels are created to connect multiple OVN controllers. >>>>> If there is only one, there is no need for the tunnels, so none >>>>> will be created, this is the correct behavior. >>>>> >>>>> Does the problem still occur after setting configuring the >>>>> OVN-controller? >>>>> >>>>> Marcin >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt >>>>>> network >>>>>> >>>>>> Hi >>>>>> The rpm packages you listed in the other mail are installed but I >>>>>> had >>>>>> not run vdsm-tool ovn-config to create tunnel as the OVN >>>>>> controller >>>>>> is >>>>>> on the same host. >>>>>> >>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>> >>>>>> After removing my manually created br-int and run >>>>>> >>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>> >>>>>> then I have the br-int but 'ip link show' does not show any link >>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume >>>>>> these >>>>>> are when there is an actual tunnel? >>>>>> >>>>>> [root@h2 ~]# ovs-vsctl show >>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>> Bridge br-int >>>>>> fail_mode: secure >>>>>> Port br-int >>>>>> Interface br-int >>>>>> type: internal >>>>>> Bridge ovirtbridge >>>>>> Port ovirtbridge >>>>>> Interface ovirtbridge >>>>>> type: internal >>>>>> Bridge "ovsbridge0" >>>>>> Port "ovsbridge0" >>>>>> Interface "ovsbridge0" >>>>>> type: internal >>>>>> Port "eth0" >>>>>> Interface "eth0" >>>>>> ovs_version: "2.6.90" >>>>>> >>>>>> [root@h2 ~]# ip link show >>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state >>>>>> UNKNOWN >>>>>> mode >>>>>> DEFAULT qlen 1 >>>>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>> pfifo_fast >>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state >>>>>> DOWN >>>>>> mode >>>>>> DEFAULT qlen 1000 >>>>>> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff >>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>> noqueue >>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN >>>>>> mode >>>>>> DEFAULT qlen 1000 >>>>>> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff >>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>> noqueue >>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff >>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue >>>>>> master >>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>> noqueue >>>>>> state UP mode DEFAULT qlen 1000 >>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>> >>>>>> Firewall settings: >>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>> work >>>>>> target: default >>>>>> icmp-block-inversion: no >>>>>> interfaces: >>>>>> sources: >>>>>> services: dhcpv6-client ssh >>>>>> ports: >>>>>> protocols: >>>>>> masquerade: no >>>>>> forward-ports: >>>>>> sourceports: >>>>>> icmp-blocks: >>>>>> rich rules: >>>>>> >>>>>> >>>>>> drop >>>>>> target: DROP >>>>>> icmp-block-inversion: no >>>>>> interfaces: >>>>>> sources: >>>>>> services: >>>>>> ports: >>>>>> protocols: >>>>>> masquerade: no >>>>>> forward-ports: >>>>>> sourceports: >>>>>> icmp-blocks: >>>>>> rich rules: >>>>>> >>>>>> >>>>>> internal >>>>>> target: default >>>>>> icmp-block-inversion: no >>>>>> interfaces: >>>>>> sources: >>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>> ports: >>>>>> protocols: >>>>>> masquerade: no >>>>>> forward-ports: >>>>>> sourceports: >>>>>> icmp-blocks: >>>>>> rich rules: >>>>>> >>>>>> >>>>>> external >>>>>> target: default >>>>>> icmp-block-inversion: no >>>>>> interfaces: >>>>>> sources: >>>>>> services: ssh >>>>>> ports: >>>>>> protocols: >>>>>> masquerade: yes >>>>>> forward-ports: >>>>>> sourceports: >>>>>> icmp-blocks: >>>>>> rich rules: >>>>>> >>>>>> >>>>>> trusted >>>>>> target: ACCEPT >>>>>> icmp-block-inversion: no >>>>>> interfaces: >>>>>> sources: >>>>>> services: >>>>>> ports: >>>>>> protocols: >>>>>> masquerade: no >>>>>> forward-ports: >>>>>> sourceports: >>>>>> icmp-blocks: >>>>>> rich rules: >>>>>> >>>>>> >>>>>> home >>>>>> target: default >>>>>> icmp-block-inversion: no >>>>>> interfaces: >>>>>> sources: >>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>> ports: >>>>>> protocols: >>>>>> masquerade: no >>>>>> forward-ports: >>>>>> sourceports: >>>>>> icmp-blocks: >>>>>> rich rules: >>>>>> >>>>>> >>>>>> dmz >>>>>> target: default >>>>>> icmp-block-inversion: no >>>>>> interfaces: >>>>>> sources: >>>>>> services: ssh >>>>>> ports: >>>>>> protocols: >>>>>> masquerade: no >>>>>> forward-ports: >>>>>> sourceports: >>>>>> icmp-blocks: >>>>>> rich rules: >>>>>> >>>>>> >>>>>> public (active) >>>>>> target: default >>>>>> icmp-block-inversion: no >>>>>> interfaces: eth0 ovsbridge0 >>>>>> sources: >>>>>> services: dhcpv6-client ssh >>>>>> ports: >>>>>> protocols: >>>>>> masquerade: no >>>>>> forward-ports: >>>>>> sourceports: >>>>>> icmp-blocks: >>>>>> rich rules: >>>>>> >>>>>> >>>>>> block >>>>>> target: %%REJECT%% >>>>>> icmp-block-inversion: no >>>>>> interfaces: >>>>>> sources: >>>>>> services: >>>>>> ports: >>>>>> protocols: >>>>>> masquerade: no >>>>>> forward-ports: >>>>>> sourceports: >>>>>> icmp-blocks: >>>>>> rich rules: >>>>>> >>>>>> >>>>>> ovirt (active) >>>>>> target: default >>>>>> icmp-block-inversion: no >>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>> sources: >>>>>> services: dhcp ovirt-fence-kdump-listener ovirt-http >>>>>> ovirt-https >>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>> ports: >>>>>> protocols: >>>>>> masquerade: yes >>>>>> forward-ports: >>>>>> sourceports: >>>>>> icmp-blocks: >>>>>> rich rules: >>>>>> rule family="ipv4" port port="6641" protocol="tcp" >>>>>> accept >>>>>> rule family="ipv4" port port="6642" protocol="tcp" >>>>>> accept >>>>>> >>>>>> The db dump is attached >>>>>> /Sverker >>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>> Hi, >>>>>>> >>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>> on the host and send me the output? >>>>>>> >>>>>>> Have you configured the ovn controller to connect to the >>>>>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>>>>> using the OVN tools directly. >>>>>>> Please check >>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>> for details. >>>>>>> >>>>>>> Also please note that the OVN provider is completely different >>>>>>> from the neutron-openvswitch plugin. Please don't mix the two. >>>>>>> >>>>>>> Marcin >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt >>>>>>>> network >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> br-int is the OVN integration bridge, it should have been >>>>>>>> created >>>>>>>> when installing OVN. I assume you have the following packages >>>>>>>> installed >>>>>>>> on the host: >>>>>>>> openvswitch-ovn-common >>>>>>>> openvswitch-ovn-host >>>>>>>> python-openvswitch >>>>>>>> >>>>>>>> Please give me some time to look at the connectivity problem. >>>>>>>> >>>>>>>> Marcin >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt >>>>>>>>> network >>>>>>>>> >>>>>>>>> From >>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>> >>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>> >>>>>>>>> >>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>>>>> Googling on the message about br-int suggested adding that >>>>>>>>>> bridge to >>>>>>>>>> ovs: >>>>>>>>>> >>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>> >>>>>>>>>> Then the VM is able to boot, but it fails to get network >>>>>>>>>> connectivity. >>>>>>>>>> Output in /var/log/messages: >>>>>>>>>> >>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>>>>>>>>> ovs-vsctl >>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int >>>>>>>>>> vnet0 -- >>>>>>>>>> set Interface vnet0 >>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>> -- set Interface vnet0 >>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>> -- >>>>>>>>>> set Interface vnet0 >>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>> -- >>>>>>>>>> set >>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous >>>>>>>>>> mode >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>>>>> -j >>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o >>>>>>>>>> vnet0 >>>>>>>>>> -j >>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>> --physdev-out >>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev >>>>>>>>>> --physdev-in >>>>>>>>>> vnet0 >>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>>>>>>> --physdev-in >>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>> --physdev-out >>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>>>>> --physdev-in >>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev >>>>>>>>>> --physdev-in >>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 >>>>>>>>>> -j >>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o >>>>>>>>>> vnet0 >>>>>>>>>> -j >>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 >>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' >>>>>>>>>> failed: >>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' >>>>>>>>>> failed: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>> Bridge ovirtbridge >>>>>>>>>> Port "ovirtport0" >>>>>>>>>> Interface "ovirtport0" >>>>>>>>>> type: internal >>>>>>>>>> Port ovirtbridge >>>>>>>>>> Interface ovirtbridge >>>>>>>>>> type: internal >>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>> Port "ovsbridge0" >>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>> type: internal >>>>>>>>>> Port "eth0" >>>>>>>>>> Interface "eth0" >>>>>>>>>> Bridge br-int >>>>>>>>>> Port br-int >>>>>>>>>> Interface br-int >>>>>>>>>> type: internal >>>>>>>>>> Port "vnet0" >>>>>>>>>> Interface "vnet0" >>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>> >>>>>>>>>> Searching through the code it appears that br-int comes from >>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>> >>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> /Sverker >>>>>>>>>> >>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>> >>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>>>>> Hi >>>>>>>>>>>> I first tried to set device name to dummy_0, but then ifup >>>>>>>>>>>> did >>>>>>>>>>>> not >>>>>>>>>>>> succeed in creating the device unless I first did 'ip link >>>>>>>>>>>> add >>>>>>>>>>>> dummy_0 type dummy' but then it would not suceed to >>>>>>>>>>>> establish >>>>>>>>>>>> the if >>>>>>>>>>>> on reboot. >>>>>>>>>>>> >>>>>>>>>>>> Setting fake_nics = dummy0 would not work neither, but this >>>>>>>>>>>> works: >>>>>>>>>>>> >>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>> >>>>>>>>>>>> The engine is now able to find the if and assign bridge >>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>> it. >>>>>>>>>>>> >>>>>>>>>>>> However, I then run into the next issue when starting a VM: >>>>>>>>>>>> >>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call >>>>>>>>>>>> Stack: >>>>>>>>>>>> null, >>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down with error. >>>>>>>>>>>> Exit >>>>>>>>>>>> message: Cannot get interface MTU on 'br-int': No such >>>>>>>>>>>> device. >>>>>>>>>>>> >>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes from the OVN >>>>>>>>>>>> provider. >>>>>>>>>>>> >>>>>>>>>>>> /Sverker >>>>>>>>>>>> >>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>> Sverker, >>>>>>>>>>>>> >>>>>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>>>>> the setup. >>>>>>>>>>>>> >>>>>>>>>>>>> Marcin >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>> >>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which >>>>>>>>>>>>>>> has >>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>> with >>>>>>>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>>>>>>> not >>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>> I just verified and unfortunately the virtual ports are >>>>>>>>>>>>>> not >>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>> I'm afraid that the engine is not ready for such a >>>>>>>>>>>>>> scenario >>>>>>>>>>>>>> (even >>>>>>>>>>>>>> if it >>>>>>>>>>>>>> works). >>>>>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let ovirt/vdsm see >>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it messes up the >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> config >>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge which >>>>>>>>>>>>>>> has >>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>> with >>>>>>>>>>>>>>> IP address, but in the host network settings that port is >>>>>>>>>>>>>>> not >>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The engine is able to communicate with the host on the ip >>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>> been >>>>>>>>>>>>>>> given, it's just that it believes that it HAS to have a >>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The management network is mandatory on each host. It's >>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>> Looking at your description and the exception it looks >>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>> The error is caused by not having any network for the >>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>> have no physical nic available) and use this for the >>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet another >>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>> You could also attach the vnic for the management >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in setting up >>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>> The OVN provider can only handle external networks, >>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>> For long time I've been looking for proper support in >>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right direction. >>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge and I'm >>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> The hosting center where I rent hw instances has a bit >>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>> so I have one physical network port with a /32 netmask >>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>> config to router. The physical port I connect to a ovs >>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the network >>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>> to let it have access to the network config for the >>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>> OVN provider I am now able to import these into the >>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>> good. When creating a VM I can select that it will have >>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> However, I can't start the VM as an exception is thrown >>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Looking at that section of code where the exception is >>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>> iterates over host networks to find required networks, >>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I don't see >>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also list the >>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>> is provided by the OVN provider, but neither is >>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is management and >>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Users mailing list >>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Users mailing list >>>>>>>>>>> Users@ovirt.org >>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>> _______________________________________________ >>>>>>>>>> Users mailing list >>>>>>>>>> Users@ovirt.org >>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>> _______________________________________________ >>>>>>>> Users mailing list >>>>>>>> Users@ovirt.org >>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>> >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list. Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view.. Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson:
1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work
2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached:
First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post.
The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes.
Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's.
/Sverker
Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki:
1. Why not use your physical nic for ovirtmgmt then?
2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider.
Please look at: http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ You can get the latest rpms from here: http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov...
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 4:25:58 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far.
As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels.
2. On https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide...
there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's.
It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network.
/Sverker
Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:
Hi,
The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it, attaching the management network to the bridge. This was the reason for creating the bridge (the recommended setup would be to used a separate physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels.
In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported).
What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway?
/Sverker
Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:
Sverker,
br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created).
The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess.
Marcin
----- Original Message ----- > From: "Sverker Abrahamsson" <sverker@abrahamsson.com> > To: "Marcin Mirecki" <mmirecki@redhat.com> > Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique" > <nusiddiq@redhat.com> > Sent: Friday, December 30, 2016 1:14:50 AM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > ovirtmgmt > network > > Even better, if the value is not hardcoded then the configured > value is > used. Might be that I'm missunderstanding something but this is the > behaviour I expected instead of that it is using br-int. > > Attached is a patch which properly sets up the xml, in case > there is > already a virtual port there + testcode of some variants > > /Sverker > > Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >> When I change >> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >> >> to instead of hardcoded to br-int use BRIDGE_NAME = >> 'ovirtbridge' then >> I get the expected behaviour and I get a working network >> connectivity >> in my VM with IP provided by dhcp. >> >> /Sverker >> >> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>> By default the vNic profile of my OVN bridge ovirtbridge gets a >>> Network filter named vdsm-no-mac-spoofing. If I instead set No >>> filter >>> then I don't get those ebtables / iptables messages. It seems >>> that >>> there is some issue between ovirt/vdsm and firewalld, which we >>> can >>> put to the side for now. >>> >>> It is not clear for me why the port is added on br-int instead >>> of the >>> bridge I've assigned to the VM, which is ovirtbridge?? >>> >>> /Sverker >>> >>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>> The specific command most likely fails because there is no chain >>>> named libvirt-J-vnet0, but when should that have been created? >>>> /Sverker >>>> >>>> -------- Vidarebefordrat meddelande -------- >>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt >>>> network >>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>> Från: Marcin Mirecki <mmirecki@redhat.com> >>>> Till: Sverker Abrahamsson <sverker@abrahamsson.com> >>>> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson >>>> <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com> >>>> >>>> >>>> >>>> Let me add the OVN team. >>>> >>>> Lance, Numan, >>>> >>>> Can you please look at this? >>>> >>>> Trying to plug a vNIC results in: >>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>> ovs-vsctl >>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>> br-int >>>>>>>>>>> vnet0 -- >>>>>>>>>>> set Interface vnet0 >>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> set Interface vnet0 >>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> set >>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>> promiscuous >>>>>>>>>>> mode >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>> -i vnet0 >>>>>>>>>>> -j >>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>> More details below >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt >>>>> network >>>>> >>>>> Hi >>>>> Same problem still.. >>>>> /Sverker >>>>> >>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>> Hi, >>>>>> >>>>>> The tunnels are created to connect multiple OVN controllers. >>>>>> If there is only one, there is no need for the tunnels, so >>>>>> none >>>>>> will be created, this is the correct behavior. >>>>>> >>>>>> Does the problem still occur after setting configuring the >>>>>> OVN-controller? >>>>>> >>>>>> Marcin >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt >>>>>>> network >>>>>>> >>>>>>> Hi >>>>>>> The rpm packages you listed in the other mail are >>>>>>> installed but I >>>>>>> had >>>>>>> not run vdsm-tool ovn-config to create tunnel as the OVN >>>>>>> controller >>>>>>> is >>>>>>> on the same host. >>>>>>> >>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>> >>>>>>> After removing my manually created br-int and run >>>>>>> >>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>> >>>>>>> then I have the br-int but 'ip link show' does not show >>>>>>> any link >>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I >>>>>>> assume >>>>>>> these >>>>>>> are when there is an actual tunnel? >>>>>>> >>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>> Bridge br-int >>>>>>> fail_mode: secure >>>>>>> Port br-int >>>>>>> Interface br-int >>>>>>> type: internal >>>>>>> Bridge ovirtbridge >>>>>>> Port ovirtbridge >>>>>>> Interface ovirtbridge >>>>>>> type: internal >>>>>>> Bridge "ovsbridge0" >>>>>>> Port "ovsbridge0" >>>>>>> Interface "ovsbridge0" >>>>>>> type: internal >>>>>>> Port "eth0" >>>>>>> Interface "eth0" >>>>>>> ovs_version: "2.6.90" >>>>>>> >>>>>>> [root@h2 ~]# ip link show >>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state >>>>>>> UNKNOWN >>>>>>> mode >>>>>>> DEFAULT qlen 1 >>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>> 00:00:00:00:00:00 >>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>>> pfifo_fast >>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>> state >>>>>>> DOWN >>>>>>> mode >>>>>>> DEFAULT qlen 1000 >>>>>>> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff >>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>> qdisc >>>>>>> noqueue >>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state >>>>>>> DOWN >>>>>>> mode >>>>>>> DEFAULT qlen 1000 >>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff >>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>> qdisc >>>>>>> noqueue >>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff >>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc >>>>>>> noqueue >>>>>>> master >>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>> qdisc >>>>>>> noqueue >>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>>> >>>>>>> Firewall settings: >>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>> work >>>>>>> target: default >>>>>>> icmp-block-inversion: no >>>>>>> interfaces: >>>>>>> sources: >>>>>>> services: dhcpv6-client ssh >>>>>>> ports: >>>>>>> protocols: >>>>>>> masquerade: no >>>>>>> forward-ports: >>>>>>> sourceports: >>>>>>> icmp-blocks: >>>>>>> rich rules: >>>>>>> >>>>>>> >>>>>>> drop >>>>>>> target: DROP >>>>>>> icmp-block-inversion: no >>>>>>> interfaces: >>>>>>> sources: >>>>>>> services: >>>>>>> ports: >>>>>>> protocols: >>>>>>> masquerade: no >>>>>>> forward-ports: >>>>>>> sourceports: >>>>>>> icmp-blocks: >>>>>>> rich rules: >>>>>>> >>>>>>> >>>>>>> internal >>>>>>> target: default >>>>>>> icmp-block-inversion: no >>>>>>> interfaces: >>>>>>> sources: >>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>> ports: >>>>>>> protocols: >>>>>>> masquerade: no >>>>>>> forward-ports: >>>>>>> sourceports: >>>>>>> icmp-blocks: >>>>>>> rich rules: >>>>>>> >>>>>>> >>>>>>> external >>>>>>> target: default >>>>>>> icmp-block-inversion: no >>>>>>> interfaces: >>>>>>> sources: >>>>>>> services: ssh >>>>>>> ports: >>>>>>> protocols: >>>>>>> masquerade: yes >>>>>>> forward-ports: >>>>>>> sourceports: >>>>>>> icmp-blocks: >>>>>>> rich rules: >>>>>>> >>>>>>> >>>>>>> trusted >>>>>>> target: ACCEPT >>>>>>> icmp-block-inversion: no >>>>>>> interfaces: >>>>>>> sources: >>>>>>> services: >>>>>>> ports: >>>>>>> protocols: >>>>>>> masquerade: no >>>>>>> forward-ports: >>>>>>> sourceports: >>>>>>> icmp-blocks: >>>>>>> rich rules: >>>>>>> >>>>>>> >>>>>>> home >>>>>>> target: default >>>>>>> icmp-block-inversion: no >>>>>>> interfaces: >>>>>>> sources: >>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>> ports: >>>>>>> protocols: >>>>>>> masquerade: no >>>>>>> forward-ports: >>>>>>> sourceports: >>>>>>> icmp-blocks: >>>>>>> rich rules: >>>>>>> >>>>>>> >>>>>>> dmz >>>>>>> target: default >>>>>>> icmp-block-inversion: no >>>>>>> interfaces: >>>>>>> sources: >>>>>>> services: ssh >>>>>>> ports: >>>>>>> protocols: >>>>>>> masquerade: no >>>>>>> forward-ports: >>>>>>> sourceports: >>>>>>> icmp-blocks: >>>>>>> rich rules: >>>>>>> >>>>>>> >>>>>>> public (active) >>>>>>> target: default >>>>>>> icmp-block-inversion: no >>>>>>> interfaces: eth0 ovsbridge0 >>>>>>> sources: >>>>>>> services: dhcpv6-client ssh >>>>>>> ports: >>>>>>> protocols: >>>>>>> masquerade: no >>>>>>> forward-ports: >>>>>>> sourceports: >>>>>>> icmp-blocks: >>>>>>> rich rules: >>>>>>> >>>>>>> >>>>>>> block >>>>>>> target: %%REJECT%% >>>>>>> icmp-block-inversion: no >>>>>>> interfaces: >>>>>>> sources: >>>>>>> services: >>>>>>> ports: >>>>>>> protocols: >>>>>>> masquerade: no >>>>>>> forward-ports: >>>>>>> sourceports: >>>>>>> icmp-blocks: >>>>>>> rich rules: >>>>>>> >>>>>>> >>>>>>> ovirt (active) >>>>>>> target: default >>>>>>> icmp-block-inversion: no >>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>> sources: >>>>>>> services: dhcp ovirt-fence-kdump-listener ovirt-http >>>>>>> ovirt-https >>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>> ports: >>>>>>> protocols: >>>>>>> masquerade: yes >>>>>>> forward-ports: >>>>>>> sourceports: >>>>>>> icmp-blocks: >>>>>>> rich rules: >>>>>>> rule family="ipv4" port port="6641" >>>>>>> protocol="tcp" >>>>>>> accept >>>>>>> rule family="ipv4" port port="6642" >>>>>>> protocol="tcp" >>>>>>> accept >>>>>>> >>>>>>> The db dump is attached >>>>>>> /Sverker >>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>> Hi, >>>>>>>> >>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>> on the host and send me the output? >>>>>>>> >>>>>>>> Have you configured the ovn controller to connect to the >>>>>>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>>>>>> using the OVN tools directly. >>>>>>>> Please check >>>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>> for details. >>>>>>>> >>>>>>>> Also please note that the OVN provider is completely >>>>>>>> different >>>>>>>> from the neutron-openvswitch plugin. Please don't mix the >>>>>>>> two. >>>>>>>> >>>>>>>> Marcin >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt >>>>>>>>> network >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> br-int is the OVN integration bridge, it should have been >>>>>>>>> created >>>>>>>>> when installing OVN. I assume you have the following >>>>>>>>> packages >>>>>>>>> installed >>>>>>>>> on the host: >>>>>>>>> openvswitch-ovn-common >>>>>>>>> openvswitch-ovn-host >>>>>>>>> python-openvswitch >>>>>>>>> >>>>>>>>> Please give me some time to look at the connectivity >>>>>>>>> problem. >>>>>>>>> >>>>>>>>> Marcin >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>> mandatory >>>>>>>>>> ovirtmgmt >>>>>>>>>> network >>>>>>>>>> >>>>>>>>>> From >>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>> >>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>> >>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>>>>>> Googling on the message about br-int suggested adding >>>>>>>>>>> that >>>>>>>>>>> bridge to >>>>>>>>>>> ovs: >>>>>>>>>>> >>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>> >>>>>>>>>>> Then the VM is able to boot, but it fails to get network >>>>>>>>>>> connectivity. >>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>> >>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>> ovs-vsctl >>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>> br-int >>>>>>>>>>> vnet0 -- >>>>>>>>>>> set Interface vnet0 >>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> set Interface vnet0 >>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> set >>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>> promiscuous >>>>>>>>>>> mode >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>> -i vnet0 >>>>>>>>>>> -j >>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o >>>>>>>>>>> vnet0 >>>>>>>>>>> -j >>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>> --physdev-out >>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>> --physdev-in >>>>>>>>>>> vnet0 >>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>>>>>>>> --physdev-in >>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>> --physdev-out >>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>> --physdev-in >>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev >>>>>>>>>>> --physdev-in >>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>> -i vnet0 >>>>>>>>>>> -j >>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o >>>>>>>>>>> vnet0 >>>>>>>>>>> -j >>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>> failed: >>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>> failed: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>> type: internal >>>>>>>>>>> Port ovirtbridge >>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>> type: internal >>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>> type: internal >>>>>>>>>>> Port "eth0" >>>>>>>>>>> Interface "eth0" >>>>>>>>>>> Bridge br-int >>>>>>>>>>> Port br-int >>>>>>>>>>> Interface br-int >>>>>>>>>>> type: internal >>>>>>>>>>> Port "vnet0" >>>>>>>>>>> Interface "vnet0" >>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>> >>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>> comes from >>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>> >>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>> >>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> /Sverker >>>>>>>>>>> >>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>> >>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>>>>>> Hi >>>>>>>>>>>>> I first tried to set device name to dummy_0, but >>>>>>>>>>>>> then ifup >>>>>>>>>>>>> did >>>>>>>>>>>>> not >>>>>>>>>>>>> succeed in creating the device unless I first did >>>>>>>>>>>>> 'ip link >>>>>>>>>>>>> add >>>>>>>>>>>>> dummy_0 type dummy' but then it would not suceed to >>>>>>>>>>>>> establish >>>>>>>>>>>>> the if >>>>>>>>>>>>> on reboot. >>>>>>>>>>>>> >>>>>>>>>>>>> Setting fake_nics = dummy0 would not work neither, >>>>>>>>>>>>> but this >>>>>>>>>>>>> works: >>>>>>>>>>>>> >>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>> >>>>>>>>>>>>> The engine is now able to find the if and assign bridge >>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>> it. >>>>>>>>>>>>> >>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>> >>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>> >>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call >>>>>>>>>>>>> Stack: >>>>>>>>>>>>> null, >>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down >>>>>>>>>>>>> with error. >>>>>>>>>>>>> Exit >>>>>>>>>>>>> message: Cannot get interface MTU on 'br-int': No such >>>>>>>>>>>>> device. >>>>>>>>>>>>> >>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes from >>>>>>>>>>>>> the OVN >>>>>>>>>>>>> provider. >>>>>>>>>>>>> >>>>>>>>>>>>> /Sverker >>>>>>>>>>>>> >>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>> IP address, but in the host network settings that >>>>>>>>>>>>>>>> port is >>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>> not >>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>> I'm afraid that the engine is not ready for such a >>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>> IP address, but in the host network settings that >>>>>>>>>>>>>>>> port is >>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The engine is able to communicate with the host >>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>> given, it's just that it believes that it HAS to >>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>> Looking at your description and the exception it >>>>>>>>>>>>>>>>> looks >>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>> The error is caused by not having any network >>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>> have no physical nic available) and use this for >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet >>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>> You could also attach the vnic for the management >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>> The OVN provider can only handle external networks, >>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right >>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge >>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> The hosting center where I rent hw instances >>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>> so I have one physical network port with a /32 >>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>> config to router. The physical port I connect >>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the >>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>> to let it have access to the network config for >>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> OVN provider I am now able to import these into >>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>> good. When creating a VM I can select that it >>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> However, I can't start the VM as an exception >>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>> iterates over host networks to find required >>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I >>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also >>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt >>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>> is provided by the OVN provider, but neither is >>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Users mailing list >>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Users mailing list >>>>>>>>>>> Users@ovirt.org >>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>> _______________________________________________ >>>>>>>>> Users mailing list >>>>>>>>> Users@ovirt.org >>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users@ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Found an issue with Ovirt - OVN integration. Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state: [root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this: ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine: ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active sb db after correcting the port: Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct: <interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface> Where is the ovs-vsctl command line built for this call? /Sverker Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:
Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list.
Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view..
Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker
Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson:
1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work
2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached:
First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post.
The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes.
Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's.
/Sverker
Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki:
1. Why not use your physical nic for ovirtmgmt then?
2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider.
Please look at: http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ You can get the latest rpms from here: http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov...
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 4:25:58 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far.
As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels.
2. On https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide...
there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's.
It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network.
/Sverker
Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:
Hi,
The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it, attaching the management network to the bridge. This was the reason for creating the bridge (the recommended setup would be to used a separate physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels.
In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported).
What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway?
/Sverker
Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: > Sverker, > > br-int is the integration bridge created by default in OVN. This > is the > bridge we use for the OVN provider. As OVN is required to be > installed, > we assume that this bridge is present. > Using any other ovs bridge is not supported, and will require > custom code > changes (such as the ones you created). > > The proper setup in your case would probably be to create br-int > and > connect > this to your ovirtbridge, although I don't know the details of > your env, > so > this is just my best guess. > > Marcin > > > ----- Original Message ----- >> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >> To: "Marcin Mirecki" <mmirecki@redhat.com> >> Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique" >> <nusiddiq@redhat.com> >> Sent: Friday, December 30, 2016 1:14:50 AM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >> ovirtmgmt >> network >> >> Even better, if the value is not hardcoded then the configured >> value is >> used. Might be that I'm missunderstanding something but this is >> the >> behaviour I expected instead of that it is using br-int. >> >> Attached is a patch which properly sets up the xml, in case >> there is >> already a virtual port there + testcode of some variants >> >> /Sverker >> >> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>> When I change >>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>> >>> to instead of hardcoded to br-int use BRIDGE_NAME = >>> 'ovirtbridge' then >>> I get the expected behaviour and I get a working network >>> connectivity >>> in my VM with IP provided by dhcp. >>> >>> /Sverker >>> >>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>> By default the vNic profile of my OVN bridge ovirtbridge gets a >>>> Network filter named vdsm-no-mac-spoofing. If I instead set >>>> No filter >>>> then I don't get those ebtables / iptables messages. It seems >>>> that >>>> there is some issue between ovirt/vdsm and firewalld, which >>>> we can >>>> put to the side for now. >>>> >>>> It is not clear for me why the port is added on br-int >>>> instead of the >>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>> >>>> /Sverker >>>> >>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>> The specific command most likely fails because there is no >>>>> chain >>>>> named libvirt-J-vnet0, but when should that have been created? >>>>> /Sverker >>>>> >>>>> -------- Vidarebefordrat meddelande -------- >>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt >>>>> network >>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>> Från: Marcin Mirecki <mmirecki@redhat.com> >>>>> Till: Sverker Abrahamsson <sverker@abrahamsson.com> >>>>> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson >>>>> <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com> >>>>> >>>>> >>>>> >>>>> Let me add the OVN team. >>>>> >>>>> Lance, Numan, >>>>> >>>>> Can you please look at this? >>>>> >>>>> Trying to plug a vNIC results in: >>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>> br-int >>>>>>>>>>>> vnet0 -- >>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> set >>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>> promiscuous >>>>>>>>>>>> mode >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>> -i vnet0 >>>>>>>>>>>> -j >>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>> More details below >>>>> >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt >>>>>> network >>>>>> >>>>>> Hi >>>>>> Same problem still.. >>>>>> /Sverker >>>>>> >>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>> Hi, >>>>>>> >>>>>>> The tunnels are created to connect multiple OVN controllers. >>>>>>> If there is only one, there is no need for the tunnels, so >>>>>>> none >>>>>>> will be created, this is the correct behavior. >>>>>>> >>>>>>> Does the problem still occur after setting configuring the >>>>>>> OVN-controller? >>>>>>> >>>>>>> Marcin >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt >>>>>>>> network >>>>>>>> >>>>>>>> Hi >>>>>>>> The rpm packages you listed in the other mail are >>>>>>>> installed but I >>>>>>>> had >>>>>>>> not run vdsm-tool ovn-config to create tunnel as the OVN >>>>>>>> controller >>>>>>>> is >>>>>>>> on the same host. >>>>>>>> >>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>>> >>>>>>>> After removing my manually created br-int and run >>>>>>>> >>>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>>> >>>>>>>> then I have the br-int but 'ip link show' does not show >>>>>>>> any link >>>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. >>>>>>>> I assume >>>>>>>> these >>>>>>>> are when there is an actual tunnel? >>>>>>>> >>>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>> Bridge br-int >>>>>>>> fail_mode: secure >>>>>>>> Port br-int >>>>>>>> Interface br-int >>>>>>>> type: internal >>>>>>>> Bridge ovirtbridge >>>>>>>> Port ovirtbridge >>>>>>>> Interface ovirtbridge >>>>>>>> type: internal >>>>>>>> Bridge "ovsbridge0" >>>>>>>> Port "ovsbridge0" >>>>>>>> Interface "ovsbridge0" >>>>>>>> type: internal >>>>>>>> Port "eth0" >>>>>>>> Interface "eth0" >>>>>>>> ovs_version: "2.6.90" >>>>>>>> >>>>>>>> [root@h2 ~]# ip link show >>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state >>>>>>>> UNKNOWN >>>>>>>> mode >>>>>>>> DEFAULT qlen 1 >>>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>>> 00:00:00:00:00:00 >>>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>> pfifo_fast >>>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>> state >>>>>>>> DOWN >>>>>>>> mode >>>>>>>> DEFAULT qlen 1000 >>>>>>>> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff >>>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>> qdisc >>>>>>>> noqueue >>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>> state DOWN >>>>>>>> mode >>>>>>>> DEFAULT qlen 1000 >>>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff >>>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>> 1500 qdisc >>>>>>>> noqueue >>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff >>>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>> noqueue >>>>>>>> master >>>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>> qdisc >>>>>>>> noqueue >>>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>>>> >>>>>>>> Firewall settings: >>>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>>> work >>>>>>>> target: default >>>>>>>> icmp-block-inversion: no >>>>>>>> interfaces: >>>>>>>> sources: >>>>>>>> services: dhcpv6-client ssh >>>>>>>> ports: >>>>>>>> protocols: >>>>>>>> masquerade: no >>>>>>>> forward-ports: >>>>>>>> sourceports: >>>>>>>> icmp-blocks: >>>>>>>> rich rules: >>>>>>>> >>>>>>>> >>>>>>>> drop >>>>>>>> target: DROP >>>>>>>> icmp-block-inversion: no >>>>>>>> interfaces: >>>>>>>> sources: >>>>>>>> services: >>>>>>>> ports: >>>>>>>> protocols: >>>>>>>> masquerade: no >>>>>>>> forward-ports: >>>>>>>> sourceports: >>>>>>>> icmp-blocks: >>>>>>>> rich rules: >>>>>>>> >>>>>>>> >>>>>>>> internal >>>>>>>> target: default >>>>>>>> icmp-block-inversion: no >>>>>>>> interfaces: >>>>>>>> sources: >>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>> ports: >>>>>>>> protocols: >>>>>>>> masquerade: no >>>>>>>> forward-ports: >>>>>>>> sourceports: >>>>>>>> icmp-blocks: >>>>>>>> rich rules: >>>>>>>> >>>>>>>> >>>>>>>> external >>>>>>>> target: default >>>>>>>> icmp-block-inversion: no >>>>>>>> interfaces: >>>>>>>> sources: >>>>>>>> services: ssh >>>>>>>> ports: >>>>>>>> protocols: >>>>>>>> masquerade: yes >>>>>>>> forward-ports: >>>>>>>> sourceports: >>>>>>>> icmp-blocks: >>>>>>>> rich rules: >>>>>>>> >>>>>>>> >>>>>>>> trusted >>>>>>>> target: ACCEPT >>>>>>>> icmp-block-inversion: no >>>>>>>> interfaces: >>>>>>>> sources: >>>>>>>> services: >>>>>>>> ports: >>>>>>>> protocols: >>>>>>>> masquerade: no >>>>>>>> forward-ports: >>>>>>>> sourceports: >>>>>>>> icmp-blocks: >>>>>>>> rich rules: >>>>>>>> >>>>>>>> >>>>>>>> home >>>>>>>> target: default >>>>>>>> icmp-block-inversion: no >>>>>>>> interfaces: >>>>>>>> sources: >>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>> ports: >>>>>>>> protocols: >>>>>>>> masquerade: no >>>>>>>> forward-ports: >>>>>>>> sourceports: >>>>>>>> icmp-blocks: >>>>>>>> rich rules: >>>>>>>> >>>>>>>> >>>>>>>> dmz >>>>>>>> target: default >>>>>>>> icmp-block-inversion: no >>>>>>>> interfaces: >>>>>>>> sources: >>>>>>>> services: ssh >>>>>>>> ports: >>>>>>>> protocols: >>>>>>>> masquerade: no >>>>>>>> forward-ports: >>>>>>>> sourceports: >>>>>>>> icmp-blocks: >>>>>>>> rich rules: >>>>>>>> >>>>>>>> >>>>>>>> public (active) >>>>>>>> target: default >>>>>>>> icmp-block-inversion: no >>>>>>>> interfaces: eth0 ovsbridge0 >>>>>>>> sources: >>>>>>>> services: dhcpv6-client ssh >>>>>>>> ports: >>>>>>>> protocols: >>>>>>>> masquerade: no >>>>>>>> forward-ports: >>>>>>>> sourceports: >>>>>>>> icmp-blocks: >>>>>>>> rich rules: >>>>>>>> >>>>>>>> >>>>>>>> block >>>>>>>> target: %%REJECT%% >>>>>>>> icmp-block-inversion: no >>>>>>>> interfaces: >>>>>>>> sources: >>>>>>>> services: >>>>>>>> ports: >>>>>>>> protocols: >>>>>>>> masquerade: no >>>>>>>> forward-ports: >>>>>>>> sourceports: >>>>>>>> icmp-blocks: >>>>>>>> rich rules: >>>>>>>> >>>>>>>> >>>>>>>> ovirt (active) >>>>>>>> target: default >>>>>>>> icmp-block-inversion: no >>>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>>> sources: >>>>>>>> services: dhcp ovirt-fence-kdump-listener ovirt-http >>>>>>>> ovirt-https >>>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>>> ports: >>>>>>>> protocols: >>>>>>>> masquerade: yes >>>>>>>> forward-ports: >>>>>>>> sourceports: >>>>>>>> icmp-blocks: >>>>>>>> rich rules: >>>>>>>> rule family="ipv4" port port="6641" >>>>>>>> protocol="tcp" >>>>>>>> accept >>>>>>>> rule family="ipv4" port port="6642" >>>>>>>> protocol="tcp" >>>>>>>> accept >>>>>>>> >>>>>>>> The db dump is attached >>>>>>>> /Sverker >>>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>>> on the host and send me the output? >>>>>>>>> >>>>>>>>> Have you configured the ovn controller to connect to the >>>>>>>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>>>>>>> using the OVN tools directly. >>>>>>>>> Please check >>>>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>>> for details. >>>>>>>>> >>>>>>>>> Also please note that the OVN provider is completely >>>>>>>>> different >>>>>>>>> from the neutron-openvswitch plugin. Please don't mix >>>>>>>>> the two. >>>>>>>>> >>>>>>>>> Marcin >>>>>>>>> >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>> mandatory >>>>>>>>>> ovirtmgmt >>>>>>>>>> network >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> br-int is the OVN integration bridge, it should have been >>>>>>>>>> created >>>>>>>>>> when installing OVN. I assume you have the following >>>>>>>>>> packages >>>>>>>>>> installed >>>>>>>>>> on the host: >>>>>>>>>> openvswitch-ovn-common >>>>>>>>>> openvswitch-ovn-host >>>>>>>>>> python-openvswitch >>>>>>>>>> >>>>>>>>>> Please give me some time to look at the connectivity >>>>>>>>>> problem. >>>>>>>>>> >>>>>>>>>> Marcin >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>> mandatory >>>>>>>>>>> ovirtmgmt >>>>>>>>>>> network >>>>>>>>>>> >>>>>>>>>>> From >>>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>>> >>>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>>> >>>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>>>>>>> Googling on the message about br-int suggested adding >>>>>>>>>>>> that >>>>>>>>>>>> bridge to >>>>>>>>>>>> ovs: >>>>>>>>>>>> >>>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>>> >>>>>>>>>>>> Then the VM is able to boot, but it fails to get network >>>>>>>>>>>> connectivity. >>>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>>> >>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>> br-int >>>>>>>>>>>> vnet0 -- >>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> set >>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>> promiscuous >>>>>>>>>>>> mode >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>> -i vnet0 >>>>>>>>>>>> -j >>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>> vnet0 >>>>>>>>>>>> -j >>>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>> --physdev-out >>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>> --physdev-in >>>>>>>>>>>> vnet0 >>>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>>>>>>>>> --physdev-in >>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>> --physdev-out >>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>> --physdev-in >>>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>> physdev >>>>>>>>>>>> --physdev-in >>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>> -i vnet0 >>>>>>>>>>>> -j >>>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>> vnet0 >>>>>>>>>>>> -j >>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>> failed: >>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>> failed: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>>> type: internal >>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>> type: internal >>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>> type: internal >>>>>>>>>>>> Port "eth0" >>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>> Bridge br-int >>>>>>>>>>>> Port br-int >>>>>>>>>>>> Interface br-int >>>>>>>>>>>> type: internal >>>>>>>>>>>> Port "vnet0" >>>>>>>>>>>> Interface "vnet0" >>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>> >>>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>>> comes from >>>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>>> >>>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>>> >>>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> /Sverker >>>>>>>>>>>> >>>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>>> >>>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>>>>>>> Hi >>>>>>>>>>>>>> I first tried to set device name to dummy_0, but >>>>>>>>>>>>>> then ifup >>>>>>>>>>>>>> did >>>>>>>>>>>>>> not >>>>>>>>>>>>>> succeed in creating the device unless I first did >>>>>>>>>>>>>> 'ip link >>>>>>>>>>>>>> add >>>>>>>>>>>>>> dummy_0 type dummy' but then it would not suceed to >>>>>>>>>>>>>> establish >>>>>>>>>>>>>> the if >>>>>>>>>>>>>> on reboot. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Setting fake_nics = dummy0 would not work neither, >>>>>>>>>>>>>> but this >>>>>>>>>>>>>> works: >>>>>>>>>>>>>> >>>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>>> >>>>>>>>>>>>>> The engine is now able to find the if and assign >>>>>>>>>>>>>> bridge >>>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>>> it. >>>>>>>>>>>>>> >>>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>>> >>>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, >>>>>>>>>>>>>> Call >>>>>>>>>>>>>> Stack: >>>>>>>>>>>>>> null, >>>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down >>>>>>>>>>>>>> with error. >>>>>>>>>>>>>> Exit >>>>>>>>>>>>>> message: Cannot get interface MTU on 'br-int': No such >>>>>>>>>>>>>> device. >>>>>>>>>>>>>> >>>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes from >>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>> provider. >>>>>>>>>>>>>> >>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>> >>>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>>> I'm afraid that the engine is not ready for such a >>>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> The engine is able to communicate with the host >>>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>>> given, it's just that it believes that it HAS to >>>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>>> Looking at your description and the exception >>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>>> The error is caused by not having any network >>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>>> have no physical nic available) and use this >>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet >>>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>>> You could also attach the vnic for the management >>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>>> The OVN provider can only handle external >>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right >>>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge >>>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> The hosting center where I rent hw instances >>>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>>> so I have one physical network port with a /32 >>>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>>> config to router. The physical port I connect >>>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the >>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>>> to let it have access to the network config >>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>> OVN provider I am now able to import these >>>>>>>>>>>>>>>>>>> into the >>>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>> good. When creating a VM I can select that it >>>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> However, I can't start the VM as an exception >>>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>> iterates over host networks to find required >>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I >>>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also >>>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt >>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>> is provided by the OVN provider, but neither is >>>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Users mailing list >>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>> _______________________________________________ >>>>>>>>>> Users mailing list >>>>>>>>>> Users@ovirt.org >>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@ovirt.org >>>>> http://lists.ovirt.org/mailman/listinfo/users >>>> _______________________________________________ >>>> Users mailing list >>>> Users@ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
How did you create this port?
From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Tuesday, January 3, 2017 2:06:22 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Found an issue with Ovirt - OVN integration.
Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state:
[root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
sb db after correcting the port:
Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct:
<interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface>
Where is the ovs-vsctl command line built for this call?
/Sverker
Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:
Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list.
Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view..
Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker
Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson:
1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work
2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached:
First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post.
The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes.
Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's.
/Sverker
Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki:
1. Why not use your physical nic for ovirtmgmt then?
2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider.
Please look at: http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ You can get the latest rpms from here: http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov...
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, December 30, 2016 4:25:58 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far.
As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels.
2. On https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide...
there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's.
It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network.
/Sverker
Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:
Hi,
The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it, attaching the management network to the bridge. This was the reason for creating the bridge (the recommended setup would be to used a separate physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels.
In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported).
> What is the purpose of > adding my bridges to Ovirt through the external provider and > configure > them on my VM I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge.
Marcin
----- Original Message ----- > From: "Sverker Abrahamsson" <sverker@abrahamsson.com> > To: "Marcin Mirecki" <mmirecki@redhat.com> > Cc: "Ovirt Users" <users@ovirt.org> > Sent: Friday, December 30, 2016 12:15:43 PM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > ovirtmgmt > network > > Hi > That is the logic I quite don't understand. What is the purpose of > adding my bridges to Ovirt through the external provider and > configure > them on my VM if you are disregarding that and using br-int anyway? > > /Sverker > > Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >> Sverker, >> >> br-int is the integration bridge created by default in OVN. This >> is the >> bridge we use for the OVN provider. As OVN is required to be >> installed, >> we assume that this bridge is present. >> Using any other ovs bridge is not supported, and will require >> custom code >> changes (such as the ones you created). >> >> The proper setup in your case would probably be to create br-int >> and >> connect >> this to your ovirtbridge, although I don't know the details of >> your env, >> so >> this is just my best guess. >> >> Marcin >> >> >> ----- Original Message ----- >>> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >>> To: "Marcin Mirecki" <mmirecki@redhat.com> >>> Cc: "Ovirt Users" <users@ovirt.org>, "Numan Siddique" >>> <nusiddiq@redhat.com> >>> Sent: Friday, December 30, 2016 1:14:50 AM >>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>> ovirtmgmt >>> network >>> >>> Even better, if the value is not hardcoded then the configured >>> value is >>> used. Might be that I'm missunderstanding something but this is >>> the >>> behaviour I expected instead of that it is using br-int. >>> >>> Attached is a patch which properly sets up the xml, in case >>> there is >>> already a virtual port there + testcode of some variants >>> >>> /Sverker >>> >>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>> When I change >>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>> >>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>> 'ovirtbridge' then >>>> I get the expected behaviour and I get a working network >>>> connectivity >>>> in my VM with IP provided by dhcp. >>>> >>>> /Sverker >>>> >>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>> By default the vNic profile of my OVN bridge ovirtbridge gets a >>>>> Network filter named vdsm-no-mac-spoofing. If I instead set >>>>> No filter >>>>> then I don't get those ebtables / iptables messages. It seems >>>>> that >>>>> there is some issue between ovirt/vdsm and firewalld, which >>>>> we can >>>>> put to the side for now. >>>>> >>>>> It is not clear for me why the port is added on br-int >>>>> instead of the >>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>> >>>>> /Sverker >>>>> >>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>> The specific command most likely fails because there is no >>>>>> chain >>>>>> named libvirt-J-vnet0, but when should that have been created? >>>>>> /Sverker >>>>>> >>>>>> -------- Vidarebefordrat meddelande -------- >>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt >>>>>> network >>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>> Från: Marcin Mirecki <mmirecki@redhat.com> >>>>>> Till: Sverker Abrahamsson <sverker@abrahamsson.com> >>>>>> Kopia: Ovirt Users <users@ovirt.org>, Lance Richardson >>>>>> <lrichard@redhat.com>, Numan Siddique <nusiddiq@redhat.com> >>>>>> >>>>>> >>>>>> >>>>>> Let me add the OVN team. >>>>>> >>>>>> Lance, Numan, >>>>>> >>>>>> Can you please look at this? >>>>>> >>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>>> br-int >>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> set >>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>> promiscuous >>>>>>>>>>>>> mode >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>> -j >>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>> More details below >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt >>>>>>> network >>>>>>> >>>>>>> Hi >>>>>>> Same problem still.. >>>>>>> /Sverker >>>>>>> >>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>> Hi, >>>>>>>> >>>>>>>> The tunnels are created to connect multiple OVN controllers. >>>>>>>> If there is only one, there is no need for the tunnels, so >>>>>>>> none >>>>>>>> will be created, this is the correct behavior. >>>>>>>> >>>>>>>> Does the problem still occur after setting configuring the >>>>>>>> OVN-controller? >>>>>>>> >>>>>>>> Marcin >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt >>>>>>>>> network >>>>>>>>> >>>>>>>>> Hi >>>>>>>>> The rpm packages you listed in the other mail are >>>>>>>>> installed but I >>>>>>>>> had >>>>>>>>> not run vdsm-tool ovn-config to create tunnel as the OVN >>>>>>>>> controller >>>>>>>>> is >>>>>>>>> on the same host. >>>>>>>>> >>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>>>> >>>>>>>>> After removing my manually created br-int and run >>>>>>>>> >>>>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>>>> >>>>>>>>> then I have the br-int but 'ip link show' does not show >>>>>>>>> any link >>>>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. >>>>>>>>> I assume >>>>>>>>> these >>>>>>>>> are when there is an actual tunnel? >>>>>>>>> >>>>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>> Bridge br-int >>>>>>>>> fail_mode: secure >>>>>>>>> Port br-int >>>>>>>>> Interface br-int >>>>>>>>> type: internal >>>>>>>>> Bridge ovirtbridge >>>>>>>>> Port ovirtbridge >>>>>>>>> Interface ovirtbridge >>>>>>>>> type: internal >>>>>>>>> Bridge "ovsbridge0" >>>>>>>>> Port "ovsbridge0" >>>>>>>>> Interface "ovsbridge0" >>>>>>>>> type: internal >>>>>>>>> Port "eth0" >>>>>>>>> Interface "eth0" >>>>>>>>> ovs_version: "2.6.90" >>>>>>>>> >>>>>>>>> [root@h2 ~]# ip link show >>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state >>>>>>>>> UNKNOWN >>>>>>>>> mode >>>>>>>>> DEFAULT qlen 1 >>>>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>>>> 00:00:00:00:00:00 >>>>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>>> pfifo_fast >>>>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>> state >>>>>>>>> DOWN >>>>>>>>> mode >>>>>>>>> DEFAULT qlen 1000 >>>>>>>>> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff >>>>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>> qdisc >>>>>>>>> noqueue >>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>> state DOWN >>>>>>>>> mode >>>>>>>>> DEFAULT qlen 1000 >>>>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff >>>>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>> 1500 qdisc >>>>>>>>> noqueue >>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff >>>>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>>> noqueue >>>>>>>>> master >>>>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>> qdisc >>>>>>>>> noqueue >>>>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>>>>> >>>>>>>>> Firewall settings: >>>>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>>>> work >>>>>>>>> target: default >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: >>>>>>>>> sources: >>>>>>>>> services: dhcpv6-client ssh >>>>>>>>> ports: >>>>>>>>> protocols: >>>>>>>>> masquerade: no >>>>>>>>> forward-ports: >>>>>>>>> sourceports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> >>>>>>>>> >>>>>>>>> drop >>>>>>>>> target: DROP >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: >>>>>>>>> sources: >>>>>>>>> services: >>>>>>>>> ports: >>>>>>>>> protocols: >>>>>>>>> masquerade: no >>>>>>>>> forward-ports: >>>>>>>>> sourceports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> >>>>>>>>> >>>>>>>>> internal >>>>>>>>> target: default >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: >>>>>>>>> sources: >>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>> ports: >>>>>>>>> protocols: >>>>>>>>> masquerade: no >>>>>>>>> forward-ports: >>>>>>>>> sourceports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> >>>>>>>>> >>>>>>>>> external >>>>>>>>> target: default >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: >>>>>>>>> sources: >>>>>>>>> services: ssh >>>>>>>>> ports: >>>>>>>>> protocols: >>>>>>>>> masquerade: yes >>>>>>>>> forward-ports: >>>>>>>>> sourceports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> >>>>>>>>> >>>>>>>>> trusted >>>>>>>>> target: ACCEPT >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: >>>>>>>>> sources: >>>>>>>>> services: >>>>>>>>> ports: >>>>>>>>> protocols: >>>>>>>>> masquerade: no >>>>>>>>> forward-ports: >>>>>>>>> sourceports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> >>>>>>>>> >>>>>>>>> home >>>>>>>>> target: default >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: >>>>>>>>> sources: >>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>> ports: >>>>>>>>> protocols: >>>>>>>>> masquerade: no >>>>>>>>> forward-ports: >>>>>>>>> sourceports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> >>>>>>>>> >>>>>>>>> dmz >>>>>>>>> target: default >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: >>>>>>>>> sources: >>>>>>>>> services: ssh >>>>>>>>> ports: >>>>>>>>> protocols: >>>>>>>>> masquerade: no >>>>>>>>> forward-ports: >>>>>>>>> sourceports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> >>>>>>>>> >>>>>>>>> public (active) >>>>>>>>> target: default >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: eth0 ovsbridge0 >>>>>>>>> sources: >>>>>>>>> services: dhcpv6-client ssh >>>>>>>>> ports: >>>>>>>>> protocols: >>>>>>>>> masquerade: no >>>>>>>>> forward-ports: >>>>>>>>> sourceports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> >>>>>>>>> >>>>>>>>> block >>>>>>>>> target: %%REJECT%% >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: >>>>>>>>> sources: >>>>>>>>> services: >>>>>>>>> ports: >>>>>>>>> protocols: >>>>>>>>> masquerade: no >>>>>>>>> forward-ports: >>>>>>>>> sourceports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> >>>>>>>>> >>>>>>>>> ovirt (active) >>>>>>>>> target: default >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>>>> sources: >>>>>>>>> services: dhcp ovirt-fence-kdump-listener ovirt-http >>>>>>>>> ovirt-https >>>>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>>>> ports: >>>>>>>>> protocols: >>>>>>>>> masquerade: yes >>>>>>>>> forward-ports: >>>>>>>>> sourceports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> rule family="ipv4" port port="6641" >>>>>>>>> protocol="tcp" >>>>>>>>> accept >>>>>>>>> rule family="ipv4" port port="6642" >>>>>>>>> protocol="tcp" >>>>>>>>> accept >>>>>>>>> >>>>>>>>> The db dump is attached >>>>>>>>> /Sverker >>>>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>>>> on the host and send me the output? >>>>>>>>>> >>>>>>>>>> Have you configured the ovn controller to connect to the >>>>>>>>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>>>>>>>> using the OVN tools directly. >>>>>>>>>> Please check >>>>>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>>>> for details. >>>>>>>>>> >>>>>>>>>> Also please note that the OVN provider is completely >>>>>>>>>> different >>>>>>>>>> from the neutron-openvswitch plugin. Please don't mix >>>>>>>>>> the two. >>>>>>>>>> >>>>>>>>>> Marcin >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>> mandatory >>>>>>>>>>> ovirtmgmt >>>>>>>>>>> network >>>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> br-int is the OVN integration bridge, it should have been >>>>>>>>>>> created >>>>>>>>>>> when installing OVN. I assume you have the following >>>>>>>>>>> packages >>>>>>>>>>> installed >>>>>>>>>>> on the host: >>>>>>>>>>> openvswitch-ovn-common >>>>>>>>>>> openvswitch-ovn-host >>>>>>>>>>> python-openvswitch >>>>>>>>>>> >>>>>>>>>>> Please give me some time to look at the connectivity >>>>>>>>>>> problem. >>>>>>>>>>> >>>>>>>>>>> Marcin >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>> mandatory >>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>> network >>>>>>>>>>>> >>>>>>>>>>>> From >>>>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>>>> >>>>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>>>> >>>>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>>>>>>>> Googling on the message about br-int suggested adding >>>>>>>>>>>>> that >>>>>>>>>>>>> bridge to >>>>>>>>>>>>> ovs: >>>>>>>>>>>>> >>>>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>>>> >>>>>>>>>>>>> Then the VM is able to boot, but it fails to get network >>>>>>>>>>>>> connectivity. >>>>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>>>> >>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>>> br-int >>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> set >>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>> promiscuous >>>>>>>>>>>>> mode >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>> -j >>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>> vnet0 >>>>>>>>>>>>> -j >>>>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>> vnet0 >>>>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>> physdev >>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>> -j >>>>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>> vnet0 >>>>>>>>>>>>> -j >>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>> failed: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>>>> type: internal >>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>> type: internal >>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>> type: internal >>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>> Port br-int >>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>> type: internal >>>>>>>>>>>>> Port "vnet0" >>>>>>>>>>>>> Interface "vnet0" >>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>> >>>>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>>>> comes from >>>>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>>>> >>>>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>>>> >>>>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> /Sverker >>>>>>>>>>>>> >>>>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>>>> >>>>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>> I first tried to set device name to dummy_0, but >>>>>>>>>>>>>>> then ifup >>>>>>>>>>>>>>> did >>>>>>>>>>>>>>> not >>>>>>>>>>>>>>> succeed in creating the device unless I first did >>>>>>>>>>>>>>> 'ip link >>>>>>>>>>>>>>> add >>>>>>>>>>>>>>> dummy_0 type dummy' but then it would not suceed to >>>>>>>>>>>>>>> establish >>>>>>>>>>>>>>> the if >>>>>>>>>>>>>>> on reboot. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Setting fake_nics = dummy0 would not work neither, >>>>>>>>>>>>>>> but this >>>>>>>>>>>>>>> works: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The engine is now able to find the if and assign >>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>>>> it. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, >>>>>>>>>>>>>>> Call >>>>>>>>>>>>>>> Stack: >>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down >>>>>>>>>>>>>>> with error. >>>>>>>>>>>>>>> Exit >>>>>>>>>>>>>>> message: Cannot get interface MTU on 'br-int': No such >>>>>>>>>>>>>>> device. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes from >>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>> provider. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>>>> I'm afraid that the engine is not ready for such a >>>>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> The engine is able to communicate with the host >>>>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>>>> given, it's just that it believes that it HAS to >>>>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>>>> Looking at your description and the exception >>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>>>> The error is caused by not having any network >>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>>>> have no physical nic available) and use this >>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet >>>>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>>>> You could also attach the vnic for the management >>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>>>> The OVN provider can only handle external >>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right >>>>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge >>>>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> The hosting center where I rent hw instances >>>>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>>>> so I have one physical network port with a /32 >>>>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>>>> config to router. The physical port I connect >>>>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the >>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>>>> to let it have access to the network config >>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> OVN provider I am now able to import these >>>>>>>>>>>>>>>>>>>> into the >>>>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>> good. When creating a VM I can select that it >>>>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> However, I can't start the VM as an exception >>>>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>> iterates over host networks to find required >>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I >>>>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also >>>>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt >>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>> is provided by the OVN provider, but neither is >>>>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Users mailing list >>>>>>>>>>> Users@ovirt.org >>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> Users@ovirt.org >>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@ovirt.org >>>>> http://lists.ovirt.org/mailman/listinfo/users >>>> _______________________________________________ >>>> Users mailing list >>>> Users@ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------1CAC321E64229B73541ABF38 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following: 2017-01-06 20:19:25,452 Request: GET : /v2.0/ports 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,670 Connected (number of retries: 2) 2017-01-06 20:19:25,670 Response code: 200 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 2017-01-06 20:19:25,673 Request body: { "port" : { "binding:host_id" : "h1.limetransit.com", "security_groups" : null } } 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,890 Connected (number of retries: 2) 2017-01-06 20:19:25,891 Response code: 200 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}} In /var/log/messages on h1 I get the following: Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems' Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*. Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72. [root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" I.e. the port is set up with the wrong ID and not attached to OVN. If I correct external-ids:iface-id like this: [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" then sb is correct: [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages. If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning. /Sverker Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:
How did you create this port? From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Tuesday, January 3, 2017 2:06:22 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Found an issue with Ovirt - OVN integration.
Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state:
[root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
sb db after correcting the port:
Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct:
<interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface>
Where is the ovs-vsctl command line built for this call?
/Sverker
Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:
Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list.
Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view..
Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker
Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson:
1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work
2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached:
First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post.
The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes.
Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's.
/Sverker
Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki:
1. Why not use your physical nic for ovirtmgmt then?
2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider.
Please look at: http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ You can get the latest rpms from here: http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov...
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Friday, December 30, 2016 4:25:58 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far.
As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels.
2. On https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide...
there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's.
It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network.
/Sverker
Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: > Hi, > > The OVN provider does not require you to add any bridges manually. > As I understand we were dealing with two problems: > 1. You only had one physical nic and wanted to put a bridge on it, > attaching the management network to the bridge. This was the > reason for > creating the bridge (the recommended setup would be to used a > separate > physical nic for the management network). This bridge has > nothing to > do with the OVN bridge. > 2. OVN - you want to use OVN on this system. For this you have to > install > OVN on your hosts. This should create the br-int bridge, > which are > then used by the OVN provider. This br-int bridge must be > configured > to connect to other hosts using the geneve tunnels. > > In both cases the systems will not be aware of any bridges you > create. > They need a nic (be it physical or virtual) to connect to other > system. > Usually this is the physical nic. In your case you decided to put > a bridge > on the physical nic, and give oVirt a virtual nic attached to this > bridge. > This works, but keep in mind that the bridge you have introduced > is outside > of oVirt's (and OVN) control (and as such is not supported). > >> What is the purpose of >> adding my bridges to Ovirt through the external provider and >> configure >> them on my VM > I am not quite sure I understand. > The external provider (OVN provider to be specific), does not add any > bridges > to the system. It is using the br-int bridge created by OVN. The > networks > created by the OVN provider are purely logical entities, > implemented using > the OVN br-int bridge. > > Marcin > > > ----- Original Message ----- >> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >> To: "Marcin Mirecki"<mmirecki@redhat.com> >> Cc: "Ovirt Users"<users@ovirt.org> >> Sent: Friday, December 30, 2016 12:15:43 PM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >> ovirtmgmt >> network >> >> Hi >> That is the logic I quite don't understand. What is the purpose of >> adding my bridges to Ovirt through the external provider and >> configure >> them on my VM if you are disregarding that and using br-int anyway? >> >> /Sverker >> >> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >>> Sverker, >>> >>> br-int is the integration bridge created by default in OVN. This >>> is the >>> bridge we use for the OVN provider. As OVN is required to be >>> installed, >>> we assume that this bridge is present. >>> Using any other ovs bridge is not supported, and will require >>> custom code >>> changes (such as the ones you created). >>> >>> The proper setup in your case would probably be to create br-int >>> and >>> connect >>> this to your ovirtbridge, although I don't know the details of >>> your env, >>> so >>> this is just my best guess. >>> >>> Marcin >>> >>> >>> ----- Original Message ----- >>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>> Cc: "Ovirt Users"<users@ovirt.org>, "Numan Siddique" >>>> <nusiddiq@redhat.com> >>>> Sent: Friday, December 30, 2016 1:14:50 AM >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt >>>> network >>>> >>>> Even better, if the value is not hardcoded then the configured >>>> value is >>>> used. Might be that I'm missunderstanding something but this is >>>> the >>>> behaviour I expected instead of that it is using br-int. >>>> >>>> Attached is a patch which properly sets up the xml, in case >>>> there is >>>> already a virtual port there + testcode of some variants >>>> >>>> /Sverker >>>> >>>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>>> When I change >>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>> >>>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>>> 'ovirtbridge' then >>>>> I get the expected behaviour and I get a working network >>>>> connectivity >>>>> in my VM with IP provided by dhcp. >>>>> >>>>> /Sverker >>>>> >>>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>>> By default the vNic profile of my OVN bridge ovirtbridge gets a >>>>>> Network filter named vdsm-no-mac-spoofing. If I instead set >>>>>> No filter >>>>>> then I don't get those ebtables / iptables messages. It seems >>>>>> that >>>>>> there is some issue between ovirt/vdsm and firewalld, which >>>>>> we can >>>>>> put to the side for now. >>>>>> >>>>>> It is not clear for me why the port is added on br-int >>>>>> instead of the >>>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>>> >>>>>> /Sverker >>>>>> >>>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>>> The specific command most likely fails because there is no >>>>>>> chain >>>>>>> named libvirt-J-vnet0, but when should that have been created? >>>>>>> /Sverker >>>>>>> >>>>>>> -------- Vidarebefordrat meddelande -------- >>>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt >>>>>>> network >>>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>>> Från: Marcin Mirecki<mmirecki@redhat.com> >>>>>>> Till: Sverker Abrahamsson<sverker@abrahamsson.com> >>>>>>> Kopia: Ovirt Users<users@ovirt.org>, Lance Richardson >>>>>>> <lrichard@redhat.com>, Numan Siddique<nusiddiq@redhat.com> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Let me add the OVN team. >>>>>>> >>>>>>> Lance, Numan, >>>>>>> >>>>>>> Can you please look at this? >>>>>>> >>>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>>>> br-int >>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> set >>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>> mode >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>> -j >>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>> More details below >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt >>>>>>>> network >>>>>>>> >>>>>>>> Hi >>>>>>>> Same problem still.. >>>>>>>> /Sverker >>>>>>>> >>>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> The tunnels are created to connect multiple OVN controllers. >>>>>>>>> If there is only one, there is no need for the tunnels, so >>>>>>>>> none >>>>>>>>> will be created, this is the correct behavior. >>>>>>>>> >>>>>>>>> Does the problem still occur after setting configuring the >>>>>>>>> OVN-controller? >>>>>>>>> >>>>>>>>> Marcin >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>> ovirtmgmt >>>>>>>>>> network >>>>>>>>>> >>>>>>>>>> Hi >>>>>>>>>> The rpm packages you listed in the other mail are >>>>>>>>>> installed but I >>>>>>>>>> had >>>>>>>>>> not run vdsm-tool ovn-config to create tunnel as the OVN >>>>>>>>>> controller >>>>>>>>>> is >>>>>>>>>> on the same host. >>>>>>>>>> >>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>>>>> >>>>>>>>>> After removing my manually created br-int and run >>>>>>>>>> >>>>>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>>>>> >>>>>>>>>> then I have the br-int but 'ip link show' does not show >>>>>>>>>> any link >>>>>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. >>>>>>>>>> I assume >>>>>>>>>> these >>>>>>>>>> are when there is an actual tunnel? >>>>>>>>>> >>>>>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>> Bridge br-int >>>>>>>>>> fail_mode: secure >>>>>>>>>> Port br-int >>>>>>>>>> Interface br-int >>>>>>>>>> type: internal >>>>>>>>>> Bridge ovirtbridge >>>>>>>>>> Port ovirtbridge >>>>>>>>>> Interface ovirtbridge >>>>>>>>>> type: internal >>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>> Port "ovsbridge0" >>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>> type: internal >>>>>>>>>> Port "eth0" >>>>>>>>>> Interface "eth0" >>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>> >>>>>>>>>> [root@h2 ~]# ip link show >>>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state >>>>>>>>>> UNKNOWN >>>>>>>>>> mode >>>>>>>>>> DEFAULT qlen 1 >>>>>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>>>>> 00:00:00:00:00:00 >>>>>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>>>> pfifo_fast >>>>>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>> state >>>>>>>>>> DOWN >>>>>>>>>> mode >>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff >>>>>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>> qdisc >>>>>>>>>> noqueue >>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>> state DOWN >>>>>>>>>> mode >>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff >>>>>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>> 1500 qdisc >>>>>>>>>> noqueue >>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff >>>>>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>>>> noqueue >>>>>>>>>> master >>>>>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>> qdisc >>>>>>>>>> noqueue >>>>>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>>>>>> >>>>>>>>>> Firewall settings: >>>>>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>>>>> work >>>>>>>>>> target: default >>>>>>>>>> icmp-block-inversion: no >>>>>>>>>> interfaces: >>>>>>>>>> sources: >>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>> ports: >>>>>>>>>> protocols: >>>>>>>>>> masquerade: no >>>>>>>>>> forward-ports: >>>>>>>>>> sourceports: >>>>>>>>>> icmp-blocks: >>>>>>>>>> rich rules: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> drop >>>>>>>>>> target: DROP >>>>>>>>>> icmp-block-inversion: no >>>>>>>>>> interfaces: >>>>>>>>>> sources: >>>>>>>>>> services: >>>>>>>>>> ports: >>>>>>>>>> protocols: >>>>>>>>>> masquerade: no >>>>>>>>>> forward-ports: >>>>>>>>>> sourceports: >>>>>>>>>> icmp-blocks: >>>>>>>>>> rich rules: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> internal >>>>>>>>>> target: default >>>>>>>>>> icmp-block-inversion: no >>>>>>>>>> interfaces: >>>>>>>>>> sources: >>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>> ports: >>>>>>>>>> protocols: >>>>>>>>>> masquerade: no >>>>>>>>>> forward-ports: >>>>>>>>>> sourceports: >>>>>>>>>> icmp-blocks: >>>>>>>>>> rich rules: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> external >>>>>>>>>> target: default >>>>>>>>>> icmp-block-inversion: no >>>>>>>>>> interfaces: >>>>>>>>>> sources: >>>>>>>>>> services: ssh >>>>>>>>>> ports: >>>>>>>>>> protocols: >>>>>>>>>> masquerade: yes >>>>>>>>>> forward-ports: >>>>>>>>>> sourceports: >>>>>>>>>> icmp-blocks: >>>>>>>>>> rich rules: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> trusted >>>>>>>>>> target: ACCEPT >>>>>>>>>> icmp-block-inversion: no >>>>>>>>>> interfaces: >>>>>>>>>> sources: >>>>>>>>>> services: >>>>>>>>>> ports: >>>>>>>>>> protocols: >>>>>>>>>> masquerade: no >>>>>>>>>> forward-ports: >>>>>>>>>> sourceports: >>>>>>>>>> icmp-blocks: >>>>>>>>>> rich rules: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> home >>>>>>>>>> target: default >>>>>>>>>> icmp-block-inversion: no >>>>>>>>>> interfaces: >>>>>>>>>> sources: >>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>> ports: >>>>>>>>>> protocols: >>>>>>>>>> masquerade: no >>>>>>>>>> forward-ports: >>>>>>>>>> sourceports: >>>>>>>>>> icmp-blocks: >>>>>>>>>> rich rules: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> dmz >>>>>>>>>> target: default >>>>>>>>>> icmp-block-inversion: no >>>>>>>>>> interfaces: >>>>>>>>>> sources: >>>>>>>>>> services: ssh >>>>>>>>>> ports: >>>>>>>>>> protocols: >>>>>>>>>> masquerade: no >>>>>>>>>> forward-ports: >>>>>>>>>> sourceports: >>>>>>>>>> icmp-blocks: >>>>>>>>>> rich rules: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> public (active) >>>>>>>>>> target: default >>>>>>>>>> icmp-block-inversion: no >>>>>>>>>> interfaces: eth0 ovsbridge0 >>>>>>>>>> sources: >>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>> ports: >>>>>>>>>> protocols: >>>>>>>>>> masquerade: no >>>>>>>>>> forward-ports: >>>>>>>>>> sourceports: >>>>>>>>>> icmp-blocks: >>>>>>>>>> rich rules: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> block >>>>>>>>>> target: %%REJECT%% >>>>>>>>>> icmp-block-inversion: no >>>>>>>>>> interfaces: >>>>>>>>>> sources: >>>>>>>>>> services: >>>>>>>>>> ports: >>>>>>>>>> protocols: >>>>>>>>>> masquerade: no >>>>>>>>>> forward-ports: >>>>>>>>>> sourceports: >>>>>>>>>> icmp-blocks: >>>>>>>>>> rich rules: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ovirt (active) >>>>>>>>>> target: default >>>>>>>>>> icmp-block-inversion: no >>>>>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>>>>> sources: >>>>>>>>>> services: dhcp ovirt-fence-kdump-listener ovirt-http >>>>>>>>>> ovirt-https >>>>>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>>>>> ports: >>>>>>>>>> protocols: >>>>>>>>>> masquerade: yes >>>>>>>>>> forward-ports: >>>>>>>>>> sourceports: >>>>>>>>>> icmp-blocks: >>>>>>>>>> rich rules: >>>>>>>>>> rule family="ipv4" port port="6641" >>>>>>>>>> protocol="tcp" >>>>>>>>>> accept >>>>>>>>>> rule family="ipv4" port port="6642" >>>>>>>>>> protocol="tcp" >>>>>>>>>> accept >>>>>>>>>> >>>>>>>>>> The db dump is attached >>>>>>>>>> /Sverker >>>>>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>>>>> on the host and send me the output? >>>>>>>>>>> >>>>>>>>>>> Have you configured the ovn controller to connect to the >>>>>>>>>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>>>>>>>>> using the OVN tools directly. >>>>>>>>>>> Please check >>>>>>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>>>>> for details. >>>>>>>>>>> >>>>>>>>>>> Also please note that the OVN provider is completely >>>>>>>>>>> different >>>>>>>>>>> from the neutron-openvswitch plugin. Please don't mix >>>>>>>>>>> the two. >>>>>>>>>>> >>>>>>>>>>> Marcin >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>> mandatory >>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>> network >>>>>>>>>>>> >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> br-int is the OVN integration bridge, it should have been >>>>>>>>>>>> created >>>>>>>>>>>> when installing OVN. I assume you have the following >>>>>>>>>>>> packages >>>>>>>>>>>> installed >>>>>>>>>>>> on the host: >>>>>>>>>>>> openvswitch-ovn-common >>>>>>>>>>>> openvswitch-ovn-host >>>>>>>>>>>> python-openvswitch >>>>>>>>>>>> >>>>>>>>>>>> Please give me some time to look at the connectivity >>>>>>>>>>>> problem. >>>>>>>>>>>> >>>>>>>>>>>> Marcin >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>> mandatory >>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>> network >>>>>>>>>>>>> >>>>>>>>>>>>> From >>>>>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>>>>> >>>>>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>>>>> >>>>>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>>>>>>>>> Googling on the message about br-int suggested adding >>>>>>>>>>>>>> that >>>>>>>>>>>>>> bridge to >>>>>>>>>>>>>> ovs: >>>>>>>>>>>>>> >>>>>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>>>>> >>>>>>>>>>>>>> Then the VM is able to boot, but it fails to get network >>>>>>>>>>>>>> connectivity. >>>>>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>>>> br-int >>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> set >>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>> mode >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>> -j >>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>> -j >>>>>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>> physdev >>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>> -j >>>>>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>> -j >>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>> failed: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>> Port "vnet0" >>>>>>>>>>>>>> Interface "vnet0" >>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>> >>>>>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>>>>> comes from >>>>>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>>>>> >>>>>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>>>>> >>>>>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>> >>>>>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>> I first tried to set device name to dummy_0, but >>>>>>>>>>>>>>>> then ifup >>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>> succeed in creating the device unless I first did >>>>>>>>>>>>>>>> 'ip link >>>>>>>>>>>>>>>> add >>>>>>>>>>>>>>>> dummy_0 type dummy' but then it would not suceed to >>>>>>>>>>>>>>>> establish >>>>>>>>>>>>>>>> the if >>>>>>>>>>>>>>>> on reboot. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Setting fake_nics = dummy0 would not work neither, >>>>>>>>>>>>>>>> but this >>>>>>>>>>>>>>>> works: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The engine is now able to find the if and assign >>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>>>>> it. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, >>>>>>>>>>>>>>>> Call >>>>>>>>>>>>>>>> Stack: >>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down >>>>>>>>>>>>>>>> with error. >>>>>>>>>>>>>>>> Exit >>>>>>>>>>>>>>>> message: Cannot get interface MTU on 'br-int': No such >>>>>>>>>>>>>>>> device. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes from >>>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>>> provider. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>>>>> I'm afraid that the engine is not ready for such a >>>>>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> The engine is able to communicate with the host >>>>>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>>>>> given, it's just that it believes that it HAS to >>>>>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>>>>> Looking at your description and the exception >>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>>>>> The error is caused by not having any network >>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>>>>> have no physical nic available) and use this >>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet >>>>>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>>>>> You could also attach the vnic for the management >>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>>>>> The OVN provider can only handle external >>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right >>>>>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge >>>>>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> The hosting center where I rent hw instances >>>>>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>>>>> so I have one physical network port with a /32 >>>>>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>>>>> config to router. The physical port I connect >>>>>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the >>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>>>>> to let it have access to the network config >>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>> OVN provider I am now able to import these >>>>>>>>>>>>>>>>>>>>> into the >>>>>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>> good. When creating a VM I can select that it >>>>>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> However, I can't start the VM as an exception >>>>>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>> iterates over host networks to find required >>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I >>>>>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also >>>>>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt >>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>> is provided by the OVN provider, but neither is >>>>>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Users mailing list >>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> Users@ovirt.org >>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> Users@ovirt.org >>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@ovirt.org >>>>> http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------1CAC321E64229B73541ABF38 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following:<br> </p> <p>2017-01-06 20:19:25,452 Request: GET : /v2.0/ports<br> 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641<br> 2017-01-06 20:19:25,670 Connected (number of retries: 2)<br> 2017-01-06 20:19:25,670 Response code: 200<br> 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]}<br> 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5<br> 2017-01-06 20:19:25,673 Request body:<br> {<br> "port" : {<br> "binding:host_id" : "h1.limetransit.com",<br> "security_groups" : null<br> }<br> }<br> 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641<br> 2017-01-06 20:19:25,890 Connected (number of retries: 2)<br> 2017-01-06 20:19:25,891 Response code: 200<br> 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}}<br> </p> <p>In /var/log/messages on h1 I get the following:<br> </p> <p>Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems'<br> Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active<br> Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode<br> Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*.<br> Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72.<br> Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72.<br> Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.<br> <br> </p> [root@h2 ~]# ovn-nbctl show<br> switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge)<br> port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873<br> addresses: ["00:1a:4a:16:01:51"]<br> port 92f6d3c8-68b3-4986-9c09-60bee04644b5<br> addresses: ["00:1a:4a:16:01:52"]<br> port ovirtbridge-port2<br> addresses: ["unknown"]<br> port ovirtbridge-port1<br> addresses: ["unknown"]<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5"<br> hostname: "h2.limetransit.com"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9"<br> hostname: "h1.limetransit.com"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> <br> I.e. the port is set up with the wrong ID and not attached to OVN.<br> <br> If I correct external-ids:iface-id like this:<br> [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\""<br> <br> then sb is correct:<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5"<br> hostname: "h2.limetransit.com"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9"<br> hostname: "h1.limetransit.com"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"<br> <br> I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages.<br> <br> If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning.<br> /Sverker<br> <br> <div class="moz-cite-prefix">Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:<br> </div> <blockquote cite="mid:1312574967.6272280.1483435399446.JavaMail.zimbra@redhat.com" type="cite"> <pre wrap="">How did you create this port?
From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Tuesday, January 3, 2017 2:06:22 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Found an issue with Ovirt - OVN integration. Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state: [root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this: ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine: ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active sb db after correcting the port: Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct: <interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface> Where is the ovs-vsctl command line built for this call? /Sverker Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list. Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view.. Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work 2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached: First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post. The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes. Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's. /Sverker Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">1. Why not use your physical nic for ovirtmgmt then? 2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider. Please look at: <a class="moz-txt-link-freetext" href="http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/">http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/</a> You can get the latest rpms from here: <a class="moz-txt-link-freetext" href="http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ovn_fc24_46/rpm/fc24/noarch/">http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ovn_fc24_46/rpm/fc24/noarch/</a> ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Friday, December 30, 2016 4:25:58 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network 1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far. As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels. 2. On <a class="moz-txt-link-freetext" href="https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/">https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/</a> there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's. It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network. /Sverker Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi, The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it, attaching the management network to the bridge. This was the reason for creating the bridge (the recommended setup would be to used a separate physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels. In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported). </pre> <blockquote type="cite"> <pre wrap="">What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM </pre> </blockquote> <pre wrap="">I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway? /Sverker Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Sverker, br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created). The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson" <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki" <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a>, "Numan Siddique" <a class="moz-txt-link-rfc2396E" href="mailto:nusiddiq@redhat.com"><nusiddiq@redhat.com></a> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int. Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants /Sverker Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp. /Sverker Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now. It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge?? /Sverker Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker -------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Till: Sverker Abrahamsson <a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> Kopia: Ovirt Users <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a>, Lance Richardson <a class="moz-txt-link-rfc2396E" href="mailto:lrichard@redhat.com"><lrichard@redhat.com></a>, Numan Siddique <a class="moz-txt-link-rfc2396E" href="mailto:nusiddiq@redhat.com"><nusiddiq@redhat.com></a> Let me add the OVN team. Lance, Numan, Can you please look at this? Trying to plug a vNIC results in: </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: </pre> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> <pre wrap="">More details below ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi Same problem still.. /Sverker Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi, The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior. Does the problem still occur after setting configuring the OVN-controller? Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host. [root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch After removing my manually created br-int and run vdsm-tool ovn-config 127.0.0.1 172.27.1.1 then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel? [root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90" [root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi, Can you please do: "sudo ovsdb-client dump" on the host and send me the output? Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out:<a class="moz-txt-link-freetext" href="https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/">https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/</a> for details. Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> To: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi, br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch Please give me some time to look at the connectivity problem. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm): BRIDGE_NAME = 'br-int' Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">Googling on the message about br-int suggested adding that bridge to ovs: ovs-vsctl add-br br-int Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages: Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: [root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90" Searching through the code it appears that br-int comes from neutron-openvswitch plugin ?? [root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch /Sverker Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">In addition I had to add an alias to modprobe: [root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot. Setting fake_nics = dummy0 would not work neither, but this works: fake_nics = dummy* The engine is now able to find the if and assign bridge ovirtmgmt to it. However, I then run into the next issue when starting a VM: 2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device. This VM has a nic on ovirtbridge, which comes from the OVN provider. /Sverker Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Sverker, Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> To: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network </pre> <blockquote type="cite"> <pre wrap="">I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. </pre> </blockquote> <pre wrap="">I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution. ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable. I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt. The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN. /Sverker Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi Sverker, The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB). Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network? </pre> <blockquote type="cite"> <pre wrap="">I then create a bridge for use with ovirt, with a private address. </pre> </blockquote> <pre wrap="">I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be. Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> <a class="moz-txt-link-abbreviated" href="mailto:To:users@ovirt.org">To:users@ovirt.org</a> Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider. The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf. I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge. However, I can't start the VM as an exception is thrown in the log: 2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:] Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine. I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure. /Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap=""> </pre> </blockquote> </blockquote> <br> </body> </html> --------------1CAC321E64229B73541ABF38--
This is a multi-part message in MIME format. --------------6467089868C667BB658FC240 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit I created a new VM in the ui and assigned it to host h1. In /var/log/ovirt-provider-ovn.log I get the following: 2017-01-06 20:54:11,940 Request: GET : /v2.0/ports 2017-01-06 20:54:11,940 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,157 Connected (number of retries: 2) 2017-01-06 20:54:12,158 Response code: 200 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:54:12,160 Request: SHOW : /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 2017-01-06 20:54:12,160 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,377 Connected (number of retries: 2) 2017-01-06 20:54:12,378 Response code: 200 2017-01-06 20:54:12,378 Response body: {"network": {"id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports 2017-01-06 20:54:12,380 Request body: { "port" : { "name" : "nic1", "binding:host_id" : "h1.limetransit.com", "admin_state_up" : true, "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", "device_owner" : "oVirt", "mac_address" : "00:1a:4a:16:01:54", "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" } } 2017-01-06 20:54:12,380 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,610 Connected (number of retries: 2) 2017-01-06 20:54:12,614 Response code: 200 2017-01-06 20:54:12,614 Response body: {"port": {"name": "912cba79-982e-4a87-868e-241fedccb59a", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:54", "id": "912cba79-982e-4a87-868e-241fedccb59a", "device_id": "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}} h1:/var/log/messages Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- set Interface vnet1 "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set Interface vnet1 "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set Interface vnet1 external-ids:iface-status=active [root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 912cba79-982e-4a87-868e-241fedccb59a addresses: ["00:1a:4a:16:01:54"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" I.e. same issue /Sverker Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:
The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following:
2017-01-06 20:19:25,452 Request: GET : /v2.0/ports 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,670 Connected (number of retries: 2) 2017-01-06 20:19:25,670 Response code: 200 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 2017-01-06 20:19:25,673 Request body: { "port" : { "binding:host_id" : "h1.limetransit.com", "security_groups" : null } } 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,890 Connected (number of retries: 2) 2017-01-06 20:19:25,891 Response code: 200 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}}
In /var/log/messages on h1 I get the following:
Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems' Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*. Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
I.e. the port is set up with the wrong ID and not attached to OVN.
If I correct external-ids:iface-id like this: [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\""
then sb is correct: [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages.
If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning. /Sverker
Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:
How did you create this port? From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Tuesday, January 3, 2017 2:06:22 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Found an issue with Ovirt - OVN integration.
Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state:
[root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
sb db after correcting the port:
Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct:
<interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface>
Where is the ovs-vsctl command line built for this call?
/Sverker
Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:
Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list.
Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view..
Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker
Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson:
1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work
2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached:
First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post.
The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes.
Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's.
/Sverker
Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki:
1. Why not use your physical nic for ovirtmgmt then?
2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider.
Please look at: http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ You can get the latest rpms from here: http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov...
----- Original Message ----- > From: "Sverker Abrahamsson"<sverker@abrahamsson.com> > To: "Marcin Mirecki"<mmirecki@redhat.com> > Cc: "Ovirt Users"<users@ovirt.org> > Sent: Friday, December 30, 2016 4:25:58 PM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > ovirtmgmt network > > 1. No, I did not want to put the ovirtmgmt bridge on my physical > nic as > it always messed up the network config making the host unreachable. I > have put a ovs bridge on this nic which I will use to make tunnels > when > I add other hosts. Maybe br-int will be used for that instead, will > see > when I get that far. > > As it is now I have a dummy if for ovirtmgmt bridge but this will > probably not work when I add other hosts as that bridge cannot connect > to the other hosts. I'm considering keeping this just as a dummy to > keep > ovirt engine satisfied while the actual communication will happen over > OVN/OVS bridges and tunnels. > > 2. On > https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... > > there is instructions how to add an OVS bridge to OVN with |ovn-nbctl > ls-add <network name>|. If you want to use br-int then it makes > sense to > make that bridge visible in ovirt webui under networks so that it > can be > selected for VM's. > > It quite doesn't make sense to me that I can select other network > for my > VM but then that setting is not used when setting up the network. > > /Sverker > > Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: >> Hi, >> >> The OVN provider does not require you to add any bridges manually. >> As I understand we were dealing with two problems: >> 1. You only had one physical nic and wanted to put a bridge on it, >> attaching the management network to the bridge. This was the >> reason for >> creating the bridge (the recommended setup would be to used a >> separate >> physical nic for the management network). This bridge has >> nothing to >> do with the OVN bridge. >> 2. OVN - you want to use OVN on this system. For this you have to >> install >> OVN on your hosts. This should create the br-int bridge, >> which are >> then used by the OVN provider. This br-int bridge must be >> configured >> to connect to other hosts using the geneve tunnels. >> >> In both cases the systems will not be aware of any bridges you >> create. >> They need a nic (be it physical or virtual) to connect to other >> system. >> Usually this is the physical nic. In your case you decided to put >> a bridge >> on the physical nic, and give oVirt a virtual nic attached to this >> bridge. >> This works, but keep in mind that the bridge you have introduced >> is outside >> of oVirt's (and OVN) control (and as such is not supported). >> >>> What is the purpose of >>> adding my bridges to Ovirt through the external provider and >>> configure >>> them on my VM >> I am not quite sure I understand. >> The external provider (OVN provider to be specific), does not add any >> bridges >> to the system. It is using the br-int bridge created by OVN. The >> networks >> created by the OVN provider are purely logical entities, >> implemented using >> the OVN br-int bridge. >> >> Marcin >> >> >> ----- Original Message ----- >>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>> Cc: "Ovirt Users"<users@ovirt.org> >>> Sent: Friday, December 30, 2016 12:15:43 PM >>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>> ovirtmgmt >>> network >>> >>> Hi >>> That is the logic I quite don't understand. What is the purpose of >>> adding my bridges to Ovirt through the external provider and >>> configure >>> them on my VM if you are disregarding that and using br-int anyway? >>> >>> /Sverker >>> >>> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >>>> Sverker, >>>> >>>> br-int is the integration bridge created by default in OVN. This >>>> is the >>>> bridge we use for the OVN provider. As OVN is required to be >>>> installed, >>>> we assume that this bridge is present. >>>> Using any other ovs bridge is not supported, and will require >>>> custom code >>>> changes (such as the ones you created). >>>> >>>> The proper setup in your case would probably be to create br-int >>>> and >>>> connect >>>> this to your ovirtbridge, although I don't know the details of >>>> your env, >>>> so >>>> this is just my best guess. >>>> >>>> Marcin >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>> Cc: "Ovirt Users"<users@ovirt.org>, "Numan Siddique" >>>>> <nusiddiq@redhat.com> >>>>> Sent: Friday, December 30, 2016 1:14:50 AM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt >>>>> network >>>>> >>>>> Even better, if the value is not hardcoded then the configured >>>>> value is >>>>> used. Might be that I'm missunderstanding something but this is >>>>> the >>>>> behaviour I expected instead of that it is using br-int. >>>>> >>>>> Attached is a patch which properly sets up the xml, in case >>>>> there is >>>>> already a virtual port there + testcode of some variants >>>>> >>>>> /Sverker >>>>> >>>>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>>>> When I change >>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>> >>>>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>>>> 'ovirtbridge' then >>>>>> I get the expected behaviour and I get a working network >>>>>> connectivity >>>>>> in my VM with IP provided by dhcp. >>>>>> >>>>>> /Sverker >>>>>> >>>>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>>>> By default the vNic profile of my OVN bridge ovirtbridge gets a >>>>>>> Network filter named vdsm-no-mac-spoofing. If I instead set >>>>>>> No filter >>>>>>> then I don't get those ebtables / iptables messages. It seems >>>>>>> that >>>>>>> there is some issue between ovirt/vdsm and firewalld, which >>>>>>> we can >>>>>>> put to the side for now. >>>>>>> >>>>>>> It is not clear for me why the port is added on br-int >>>>>>> instead of the >>>>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>>>> >>>>>>> /Sverker >>>>>>> >>>>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>>>> The specific command most likely fails because there is no >>>>>>>> chain >>>>>>>> named libvirt-J-vnet0, but when should that have been created? >>>>>>>> /Sverker >>>>>>>> >>>>>>>> -------- Vidarebefordrat meddelande -------- >>>>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt >>>>>>>> network >>>>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>>>> Från: Marcin Mirecki<mmirecki@redhat.com> >>>>>>>> Till: Sverker Abrahamsson<sverker@abrahamsson.com> >>>>>>>> Kopia: Ovirt Users<users@ovirt.org>, Lance Richardson >>>>>>>> <lrichard@redhat.com>, Numan Siddique<nusiddiq@redhat.com> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Let me add the OVN team. >>>>>>>> >>>>>>>> Lance, Numan, >>>>>>>> >>>>>>>> Can you please look at this? >>>>>>>> >>>>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> set >>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>> More details below >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt >>>>>>>>> network >>>>>>>>> >>>>>>>>> Hi >>>>>>>>> Same problem still.. >>>>>>>>> /Sverker >>>>>>>>> >>>>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> The tunnels are created to connect multiple OVN controllers. >>>>>>>>>> If there is only one, there is no need for the tunnels, so >>>>>>>>>> none >>>>>>>>>> will be created, this is the correct behavior. >>>>>>>>>> >>>>>>>>>> Does the problem still occur after setting configuring the >>>>>>>>>> OVN-controller? >>>>>>>>>> >>>>>>>>>> Marcin >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>> ovirtmgmt >>>>>>>>>>> network >>>>>>>>>>> >>>>>>>>>>> Hi >>>>>>>>>>> The rpm packages you listed in the other mail are >>>>>>>>>>> installed but I >>>>>>>>>>> had >>>>>>>>>>> not run vdsm-tool ovn-config to create tunnel as the OVN >>>>>>>>>>> controller >>>>>>>>>>> is >>>>>>>>>>> on the same host. >>>>>>>>>>> >>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>>>>>> >>>>>>>>>>> After removing my manually created br-int and run >>>>>>>>>>> >>>>>>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>>>>>> >>>>>>>>>>> then I have the br-int but 'ip link show' does not show >>>>>>>>>>> any link >>>>>>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. >>>>>>>>>>> I assume >>>>>>>>>>> these >>>>>>>>>>> are when there is an actual tunnel? >>>>>>>>>>> >>>>>>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>> Bridge br-int >>>>>>>>>>> fail_mode: secure >>>>>>>>>>> Port br-int >>>>>>>>>>> Interface br-int >>>>>>>>>>> type: internal >>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>> Port ovirtbridge >>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>> type: internal >>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>> type: internal >>>>>>>>>>> Port "eth0" >>>>>>>>>>> Interface "eth0" >>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>> >>>>>>>>>>> [root@h2 ~]# ip link show >>>>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state >>>>>>>>>>> UNKNOWN >>>>>>>>>>> mode >>>>>>>>>>> DEFAULT qlen 1 >>>>>>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>>>>>> 00:00:00:00:00:00 >>>>>>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>>>>> pfifo_fast >>>>>>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>>> state >>>>>>>>>>> DOWN >>>>>>>>>>> mode >>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>> link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff >>>>>>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>>> qdisc >>>>>>>>>>> noqueue >>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff >>>>>>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>>> state DOWN >>>>>>>>>>> mode >>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff >>>>>>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>>> 1500 qdisc >>>>>>>>>>> noqueue >>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>> link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff >>>>>>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>>>>> noqueue >>>>>>>>>>> master >>>>>>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>>> qdisc >>>>>>>>>>> noqueue >>>>>>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff >>>>>>>>>>> >>>>>>>>>>> Firewall settings: >>>>>>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>>>>>> work >>>>>>>>>>> target: default >>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>> interfaces: >>>>>>>>>>> sources: >>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>> ports: >>>>>>>>>>> protocols: >>>>>>>>>>> masquerade: no >>>>>>>>>>> forward-ports: >>>>>>>>>>> sourceports: >>>>>>>>>>> icmp-blocks: >>>>>>>>>>> rich rules: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> drop >>>>>>>>>>> target: DROP >>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>> interfaces: >>>>>>>>>>> sources: >>>>>>>>>>> services: >>>>>>>>>>> ports: >>>>>>>>>>> protocols: >>>>>>>>>>> masquerade: no >>>>>>>>>>> forward-ports: >>>>>>>>>>> sourceports: >>>>>>>>>>> icmp-blocks: >>>>>>>>>>> rich rules: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> internal >>>>>>>>>>> target: default >>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>> interfaces: >>>>>>>>>>> sources: >>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>> ports: >>>>>>>>>>> protocols: >>>>>>>>>>> masquerade: no >>>>>>>>>>> forward-ports: >>>>>>>>>>> sourceports: >>>>>>>>>>> icmp-blocks: >>>>>>>>>>> rich rules: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> external >>>>>>>>>>> target: default >>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>> interfaces: >>>>>>>>>>> sources: >>>>>>>>>>> services: ssh >>>>>>>>>>> ports: >>>>>>>>>>> protocols: >>>>>>>>>>> masquerade: yes >>>>>>>>>>> forward-ports: >>>>>>>>>>> sourceports: >>>>>>>>>>> icmp-blocks: >>>>>>>>>>> rich rules: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> trusted >>>>>>>>>>> target: ACCEPT >>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>> interfaces: >>>>>>>>>>> sources: >>>>>>>>>>> services: >>>>>>>>>>> ports: >>>>>>>>>>> protocols: >>>>>>>>>>> masquerade: no >>>>>>>>>>> forward-ports: >>>>>>>>>>> sourceports: >>>>>>>>>>> icmp-blocks: >>>>>>>>>>> rich rules: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> home >>>>>>>>>>> target: default >>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>> interfaces: >>>>>>>>>>> sources: >>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>> ports: >>>>>>>>>>> protocols: >>>>>>>>>>> masquerade: no >>>>>>>>>>> forward-ports: >>>>>>>>>>> sourceports: >>>>>>>>>>> icmp-blocks: >>>>>>>>>>> rich rules: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> dmz >>>>>>>>>>> target: default >>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>> interfaces: >>>>>>>>>>> sources: >>>>>>>>>>> services: ssh >>>>>>>>>>> ports: >>>>>>>>>>> protocols: >>>>>>>>>>> masquerade: no >>>>>>>>>>> forward-ports: >>>>>>>>>>> sourceports: >>>>>>>>>>> icmp-blocks: >>>>>>>>>>> rich rules: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> public (active) >>>>>>>>>>> target: default >>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>> interfaces: eth0 ovsbridge0 >>>>>>>>>>> sources: >>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>> ports: >>>>>>>>>>> protocols: >>>>>>>>>>> masquerade: no >>>>>>>>>>> forward-ports: >>>>>>>>>>> sourceports: >>>>>>>>>>> icmp-blocks: >>>>>>>>>>> rich rules: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> block >>>>>>>>>>> target: %%REJECT%% >>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>> interfaces: >>>>>>>>>>> sources: >>>>>>>>>>> services: >>>>>>>>>>> ports: >>>>>>>>>>> protocols: >>>>>>>>>>> masquerade: no >>>>>>>>>>> forward-ports: >>>>>>>>>>> sourceports: >>>>>>>>>>> icmp-blocks: >>>>>>>>>>> rich rules: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ovirt (active) >>>>>>>>>>> target: default >>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>>>>>> sources: >>>>>>>>>>> services: dhcp ovirt-fence-kdump-listener ovirt-http >>>>>>>>>>> ovirt-https >>>>>>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>>>>>> ports: >>>>>>>>>>> protocols: >>>>>>>>>>> masquerade: yes >>>>>>>>>>> forward-ports: >>>>>>>>>>> sourceports: >>>>>>>>>>> icmp-blocks: >>>>>>>>>>> rich rules: >>>>>>>>>>> rule family="ipv4" port port="6641" >>>>>>>>>>> protocol="tcp" >>>>>>>>>>> accept >>>>>>>>>>> rule family="ipv4" port port="6642" >>>>>>>>>>> protocol="tcp" >>>>>>>>>>> accept >>>>>>>>>>> >>>>>>>>>>> The db dump is attached >>>>>>>>>>> /Sverker >>>>>>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>>>>>> on the host and send me the output? >>>>>>>>>>>> >>>>>>>>>>>> Have you configured the ovn controller to connect to the >>>>>>>>>>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>>>>>>>>>> using the OVN tools directly. >>>>>>>>>>>> Please check >>>>>>>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>>>>>> for details. >>>>>>>>>>>> >>>>>>>>>>>> Also please note that the OVN provider is completely >>>>>>>>>>>> different >>>>>>>>>>>> from the neutron-openvswitch plugin. Please don't mix >>>>>>>>>>>> the two. >>>>>>>>>>>> >>>>>>>>>>>> Marcin >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>> mandatory >>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>> network >>>>>>>>>>>>> >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> br-int is the OVN integration bridge, it should have been >>>>>>>>>>>>> created >>>>>>>>>>>>> when installing OVN. I assume you have the following >>>>>>>>>>>>> packages >>>>>>>>>>>>> installed >>>>>>>>>>>>> on the host: >>>>>>>>>>>>> openvswitch-ovn-common >>>>>>>>>>>>> openvswitch-ovn-host >>>>>>>>>>>>> python-openvswitch >>>>>>>>>>>>> >>>>>>>>>>>>> Please give me some time to look at the connectivity >>>>>>>>>>>>> problem. >>>>>>>>>>>>> >>>>>>>>>>>>> Marcin >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>> network >>>>>>>>>>>>>> >>>>>>>>>>>>>> From >>>>>>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>>>>>> >>>>>>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>>>>>> >>>>>>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>> Googling on the message about br-int suggested adding >>>>>>>>>>>>>>> that >>>>>>>>>>>>>>> bridge to >>>>>>>>>>>>>>> ovs: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Then the VM is able to boot, but it fails to get network >>>>>>>>>>>>>>> connectivity. >>>>>>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> set >>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev >>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>> Port "vnet0" >>>>>>>>>>>>>>> Interface "vnet0" >>>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>>>>>> comes from >>>>>>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>> I first tried to set device name to dummy_0, but >>>>>>>>>>>>>>>>> then ifup >>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>> succeed in creating the device unless I first did >>>>>>>>>>>>>>>>> 'ip link >>>>>>>>>>>>>>>>> add >>>>>>>>>>>>>>>>> dummy_0 type dummy' but then it would not suceed to >>>>>>>>>>>>>>>>> establish >>>>>>>>>>>>>>>>> the if >>>>>>>>>>>>>>>>> on reboot. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Setting fake_nics = dummy0 would not work neither, >>>>>>>>>>>>>>>>> but this >>>>>>>>>>>>>>>>> works: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> The engine is now able to find the if and assign >>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>>>>>> it. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, >>>>>>>>>>>>>>>>> Call >>>>>>>>>>>>>>>>> Stack: >>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down >>>>>>>>>>>>>>>>> with error. >>>>>>>>>>>>>>>>> Exit >>>>>>>>>>>>>>>>> message: Cannot get interface MTU on 'br-int': No such >>>>>>>>>>>>>>>>> device. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes from >>>>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>>>> provider. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>>>>>> I'm afraid that the engine is not ready for such a >>>>>>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> The engine is able to communicate with the host >>>>>>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>>>>>> given, it's just that it believes that it HAS to >>>>>>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>>>>>> Looking at your description and the exception >>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>>>>>> The error is caused by not having any network >>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>>>>>> have no physical nic available) and use this >>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet >>>>>>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>>>>>> You could also attach the vnic for the management >>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>>>>>> The OVN provider can only handle external >>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right >>>>>>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge >>>>>>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> The hosting center where I rent hw instances >>>>>>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>>>>>> so I have one physical network port with a /32 >>>>>>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>>>>>> config to router. The physical port I connect >>>>>>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the >>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>>>>>> to let it have access to the network config >>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with a >>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>> OVN provider I am now able to import these >>>>>>>>>>>>>>>>>>>>>> into the >>>>>>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>> good. When creating a VM I can select that it >>>>>>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> However, I can't start the VM as an exception >>>>>>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>> iterates over host networks to find required >>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I >>>>>>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also >>>>>>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt >>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>> is provided by the OVN provider, but neither is >>>>>>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Users mailing list >>>>>>>> Users@ovirt.org >>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> Users@ovirt.org >>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> Users@ovirt.org >>>>>> http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------6467089868C667BB658FC240 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>I created a new VM in the ui and assigned it to host h1. In /var/log/ovirt-provider-ovn.log I get the following:</p> <p>2017-01-06 20:54:11,940 Request: GET : /v2.0/ports<br> 2017-01-06 20:54:11,940 Connecting to remote ovn database: tcp:127.0.0.1:6641<br> 2017-01-06 20:54:12,157 Connected (number of retries: 2)<br> 2017-01-06 20:54:12,158 Response code: 200<br> 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]}<br> 2017-01-06 20:54:12,160 Request: SHOW : /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601<br> 2017-01-06 20:54:12,160 Connecting to remote ovn database: tcp:127.0.0.1:6641<br> 2017-01-06 20:54:12,377 Connected (number of retries: 2)<br> 2017-01-06 20:54:12,378 Response code: 200<br> 2017-01-06 20:54:12,378 Response body: {"network": {"id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}}<br> 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports<br> 2017-01-06 20:54:12,380 Request body:<br> {<br> "port" : {<br> "name" : "nic1",<br> "binding:host_id" : "h1.limetransit.com",<br> "admin_state_up" : true,<br> "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe",<br> "device_owner" : "oVirt",<br> "mac_address" : "00:1a:4a:16:01:54",<br> "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601"<br> }<br> }<br> 2017-01-06 20:54:12,380 Connecting to remote ovn database: tcp:127.0.0.1:6641<br> 2017-01-06 20:54:12,610 Connected (number of retries: 2)<br> 2017-01-06 20:54:12,614 Response code: 200<br> 2017-01-06 20:54:12,614 Response body: {"port": {"name": "912cba79-982e-4a87-868e-241fedccb59a", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:54", "id": "912cba79-982e-4a87-868e-241fedccb59a", "device_id": "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}}<br> </p> <p>h1:/var/log/messages<br> Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- set Interface vnet1 "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set Interface vnet1 "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set Interface vnet1 external-ids:iface-status=active<br> </p> <p>[root@h2 ~]# ovn-nbctl show<br> switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge)<br> port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873<br> addresses: ["00:1a:4a:16:01:51"]<br> port 912cba79-982e-4a87-868e-241fedccb59a<br> addresses: ["00:1a:4a:16:01:54"]<br> port 92f6d3c8-68b3-4986-9c09-60bee04644b5<br> addresses: ["00:1a:4a:16:01:52"]<br> port ovirtbridge-port2<br> addresses: ["unknown"]<br> port ovirtbridge-port1<br> addresses: ["unknown"]<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5"<br> hostname: "h2.limetransit.com"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9"<br> hostname: "h1.limetransit.com"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"<br> </p> <p>I.e. same issue<br> /Sverker<br> </p> <div class="moz-cite-prefix">Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:<br> </div> <blockquote cite="mid:7b785156-6154-389e-0fcf-03f9d3c920a2@abrahamsson.com" type="cite"> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> <p>The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following:<br> </p> <p>2017-01-06 20:19:25,452 Request: GET : /v2.0/ports<br> 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641<br> 2017-01-06 20:19:25,670 Connected (number of retries: 2)<br> 2017-01-06 20:19:25,670 Response code: 200<br> 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]}<br> 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5<br> 2017-01-06 20:19:25,673 Request body:<br> {<br> "port" : {<br> "binding:host_id" : "h1.limetransit.com",<br> "security_groups" : null<br> }<br> }<br> 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641<br> 2017-01-06 20:19:25,890 Connected (number of retries: 2)<br> 2017-01-06 20:19:25,891 Response code: 200<br> 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}}<br> </p> <p>In /var/log/messages on h1 I get the following:<br> </p> <p>Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems'<br> Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active<br> Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode<br> Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*.<br> Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72.<br> Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72.<br> Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.<br> <br> </p> [root@h2 ~]# ovn-nbctl show<br> switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge)<br> port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873<br> addresses: ["00:1a:4a:16:01:51"]<br> port 92f6d3c8-68b3-4986-9c09-60bee04644b5<br> addresses: ["00:1a:4a:16:01:52"]<br> port ovirtbridge-port2<br> addresses: ["unknown"]<br> port ovirtbridge-port1<br> addresses: ["unknown"]<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5"<br> hostname: "h2.limetransit.com"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9"<br> hostname: "h1.limetransit.com"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> <br> I.e. the port is set up with the wrong ID and not attached to OVN.<br> <br> If I correct external-ids:iface-id like this:<br> [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\""<br> <br> then sb is correct:<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5"<br> hostname: "h2.limetransit.com"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9"<br> hostname: "h1.limetransit.com"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"<br> <br> I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages.<br> <br> If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning.<br> /Sverker<br> <br> <div class="moz-cite-prefix">Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:<br> </div> <blockquote cite="mid:1312574967.6272280.1483435399446.JavaMail.zimbra@redhat.com" type="cite"> <pre wrap="">How did you create this port?
From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Tuesday, January 3, 2017 2:06:22 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Found an issue with Ovirt - OVN integration. Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state: [root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this: ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine: ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active sb db after correcting the port: Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct: <interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface> Where is the ovs-vsctl command line built for this call? /Sverker Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list. Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view.. Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work 2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached: First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post. The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes. Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's. /Sverker Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">1. Why not use your physical nic for ovirtmgmt then? 2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider. Please look at: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/">http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/</a> You can get the latest rpms from here: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ovn_fc24_46/rpm/fc24/noarch/">http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ovn_fc24_46/rpm/fc24/noarch/</a> ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Friday, December 30, 2016 4:25:58 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network 1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far. As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels. 2. On <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/">https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/</a> there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's. It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network. /Sverker Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi, The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it, attaching the management network to the bridge. This was the reason for creating the bridge (the recommended setup would be to used a separate physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels. In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported). </pre> <blockquote type="cite"> <pre wrap="">What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM </pre> </blockquote> <pre wrap="">I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway? /Sverker Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Sverker, br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created). The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a>, "Numan Siddique" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:nusiddiq@redhat.com"><nusiddiq@redhat.com></a> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int. Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants /Sverker Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp. /Sverker Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now. It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge?? /Sverker Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker -------- Vidarebefordrat meddelande -------- Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Till: Sverker Abrahamsson <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> Kopia: Ovirt Users <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a>, Lance Richardson <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:lrichard@redhat.com"><lrichard@redhat.com></a>, Numan Siddique <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:nusiddiq@redhat.com"><nusiddiq@redhat.com></a> Let me add the OVN team. Lance, Numan, Can you please look at this? Trying to plug a vNIC results in: </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: </pre> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> <pre wrap="">More details below ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi Same problem still.. /Sverker Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi, The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior. Does the problem still occur after setting configuring the OVN-controller? Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host. [root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch After removing my manually created br-int and run vdsm-tool ovn-config 127.0.0.1 172.27.1.1 then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel? [root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Bridge ovirtbridge Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" ovs_version: "2.6.90" [root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi, Can you please do: "sudo ovsdb-client dump" on the host and send me the output? Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out:<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/">https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/</a> for details. Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Marcin Mirecki"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> To: "Sverker Abrahamsson"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> Cc: "Ovirt Users"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi, br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch Please give me some time to look at the connectivity problem. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook (installed by ovirt-provider-ovn-driver rpm): BRIDGE_NAME = 'br-int' Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">Googling on the message about br-int suggested adding that bridge to ovs: ovs-vsctl add-br br-int Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages: Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" -- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" -- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed: [root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge Port "ovirtport0" Interface "ovirtport0" type: internal Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0" Port "ovsbridge0" Interface "ovsbridge0" type: internal Port "eth0" Interface "eth0" Bridge br-int Port br-int Interface br-int type: internal Port "vnet0" Interface "vnet0" ovs_version: "2.6.90" Searching through the code it appears that br-int comes from neutron-openvswitch plugin ?? [root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch /Sverker Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">In addition I had to add an alias to modprobe: [root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: </pre> <blockquote type="cite"> <pre wrap="">Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot. Setting fake_nics = dummy0 would not work neither, but this works: fake_nics = dummy* The engine is now able to find the if and assign bridge ovirtmgmt to it. However, I then run into the next issue when starting a VM: 2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device. This VM has a nic on ovirtbridge, which comes from the OVN provider. /Sverker Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Sverker, Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Marcin Mirecki"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> To: "Sverker Abrahamsson"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> Cc: "Ovirt Users"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network </pre> <blockquote type="cite"> <pre wrap="">I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. </pre> </blockquote> <pre wrap="">I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution. ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> To: "Marcin Mirecki"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mmirecki@redhat.com"><mmirecki@redhat.com></a> Cc: "Ovirt Users"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org"><users@ovirt.org></a> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable. I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt. The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN. /Sverker Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: </pre> <blockquote type="cite"> <pre wrap="">Hi Sverker, The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB). Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network? </pre> <blockquote type="cite"> <pre wrap="">I then create a bridge for use with ovirt, with a private address. </pre> </blockquote> <pre wrap="">I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be. Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network. Marcin ----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Sverker Abrahamsson"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sverker@abrahamsson.com"><sverker@abrahamsson.com></a> <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:To:users@ovirt.org">To:users@ovirt.org</a> Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider. The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf. I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge. However, I can't start the VM as an exception is thrown in the log: 2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) [bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) [bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) [bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) [bll.jar:] Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine. I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure. /Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Users mailing list <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> </blockquote> </blockquote> <br> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> </body> </html> --------------6467089868C667BB658FC240--
The port is set up on the host by the ovirt-provider-ovn-driver. The driver is invoked by the vdsm hook whenever any operation on the port is done. Please ensure that this is installed properly. You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the hook was executed properly. ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, January 6, 2017 9:00:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I created a new VM in the ui and assigned it to host h1. In /var/log/ovirt-provider-ovn.log I get the following:
2017-01-06 20:54:11,940 Request: GET : /v2.0/ports 2017-01-06 20:54:11,940 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,157 Connected (number of retries: 2) 2017-01-06 20:54:12,158 Response code: 200 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:54:12,160 Request: SHOW : /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 2017-01-06 20:54:12,160 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,377 Connected (number of retries: 2) 2017-01-06 20:54:12,378 Response code: 200 2017-01-06 20:54:12,378 Response body: {"network": {"id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports 2017-01-06 20:54:12,380 Request body: { "port" : { "name" : "nic1", "binding:host_id" : "h1.limetransit.com", "admin_state_up" : true, "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", "device_owner" : "oVirt", "mac_address" : "00:1a:4a:16:01:54", "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" } } 2017-01-06 20:54:12,380 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,610 Connected (number of retries: 2) 2017-01-06 20:54:12,614 Response code: 200 2017-01-06 20:54:12,614 Response body: {"port": {"name": "912cba79-982e-4a87-868e-241fedccb59a", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:54", "id": "912cba79-982e-4a87-868e-241fedccb59a", "device_id": "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}}
h1:/var/log/messages Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- set Interface vnet1 "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set Interface vnet1 "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set Interface vnet1 external-ids:iface-status=active
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 912cba79-982e-4a87-868e-241fedccb59a addresses: ["00:1a:4a:16:01:54"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I.e. same issue /Sverker
Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:
The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following:
2017-01-06 20:19:25,452 Request: GET : /v2.0/ports 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,670 Connected (number of retries: 2) 2017-01-06 20:19:25,670 Response code: 200 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 2017-01-06 20:19:25,673 Request body: { "port" : { "binding:host_id" : "h1.limetransit.com", "security_groups" : null } } 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,890 Connected (number of retries: 2) 2017-01-06 20:19:25,891 Response code: 200 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}}
In /var/log/messages on h1 I get the following:
Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems' Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*. Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
I.e. the port is set up with the wrong ID and not attached to OVN.
If I correct external-ids:iface-id like this: [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\""
then sb is correct: [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages.
If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning. /Sverker
Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:
How did you create this port? From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Tuesday, January 3, 2017 2:06:22 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Found an issue with Ovirt - OVN integration.
Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state:
[root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
sb db after correcting the port:
Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct:
<interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface>
Where is the ovs-vsctl command line built for this call?
/Sverker
Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:
Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list.
Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view..
Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker
Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson:
1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work
2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached:
First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post.
The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes.
Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's.
/Sverker
Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki: > 1. Why not use your physical nic for ovirtmgmt then? > > 2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. > br-int is an internal OVN implementation detail, which the user > should not care about. What you see in the ovirt UI are logical > networks. They are implemented as OVN logical switches in case > of the OVN provider. > > Please look at: > http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ > You can get the latest rpms from here: > http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov... > > > ----- Original Message ----- >> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >> To: "Marcin Mirecki"<mmirecki@redhat.com> >> Cc: "Ovirt Users"<users@ovirt.org> >> Sent: Friday, December 30, 2016 4:25:58 PM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >> ovirtmgmt network >> >> 1. No, I did not want to put the ovirtmgmt bridge on my physical >> nic as >> it always messed up the network config making the host unreachable. I >> have put a ovs bridge on this nic which I will use to make tunnels >> when >> I add other hosts. Maybe br-int will be used for that instead, will >> see >> when I get that far. >> >> As it is now I have a dummy if for ovirtmgmt bridge but this will >> probably not work when I add other hosts as that bridge cannot >> connect >> to the other hosts. I'm considering keeping this just as a dummy to >> keep >> ovirt engine satisfied while the actual communication will happen >> over >> OVN/OVS bridges and tunnels. >> >> 2. On >> https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... >> >> there is instructions how to add an OVS bridge to OVN with |ovn-nbctl >> ls-add <network name>|. If you want to use br-int then it makes >> sense to >> make that bridge visible in ovirt webui under networks so that it >> can be >> selected for VM's. >> >> It quite doesn't make sense to me that I can select other network >> for my >> VM but then that setting is not used when setting up the network. >> >> /Sverker >> >> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: >>> Hi, >>> >>> The OVN provider does not require you to add any bridges manually. >>> As I understand we were dealing with two problems: >>> 1. You only had one physical nic and wanted to put a bridge on it, >>> attaching the management network to the bridge. This was the >>> reason for >>> creating the bridge (the recommended setup would be to used a >>> separate >>> physical nic for the management network). This bridge has >>> nothing to >>> do with the OVN bridge. >>> 2. OVN - you want to use OVN on this system. For this you have to >>> install >>> OVN on your hosts. This should create the br-int bridge, >>> which are >>> then used by the OVN provider. This br-int bridge must be >>> configured >>> to connect to other hosts using the geneve tunnels. >>> >>> In both cases the systems will not be aware of any bridges you >>> create. >>> They need a nic (be it physical or virtual) to connect to other >>> system. >>> Usually this is the physical nic. In your case you decided to put >>> a bridge >>> on the physical nic, and give oVirt a virtual nic attached to this >>> bridge. >>> This works, but keep in mind that the bridge you have introduced >>> is outside >>> of oVirt's (and OVN) control (and as such is not supported). >>> >>>> What is the purpose of >>>> adding my bridges to Ovirt through the external provider and >>>> configure >>>> them on my VM >>> I am not quite sure I understand. >>> The external provider (OVN provider to be specific), does not add >>> any >>> bridges >>> to the system. It is using the br-int bridge created by OVN. The >>> networks >>> created by the OVN provider are purely logical entities, >>> implemented using >>> the OVN br-int bridge. >>> >>> Marcin >>> >>> >>> ----- Original Message ----- >>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>> Cc: "Ovirt Users"<users@ovirt.org> >>>> Sent: Friday, December 30, 2016 12:15:43 PM >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt >>>> network >>>> >>>> Hi >>>> That is the logic I quite don't understand. What is the purpose of >>>> adding my bridges to Ovirt through the external provider and >>>> configure >>>> them on my VM if you are disregarding that and using br-int anyway? >>>> >>>> /Sverker >>>> >>>> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >>>>> Sverker, >>>>> >>>>> br-int is the integration bridge created by default in OVN. This >>>>> is the >>>>> bridge we use for the OVN provider. As OVN is required to be >>>>> installed, >>>>> we assume that this bridge is present. >>>>> Using any other ovs bridge is not supported, and will require >>>>> custom code >>>>> changes (such as the ones you created). >>>>> >>>>> The proper setup in your case would probably be to create br-int >>>>> and >>>>> connect >>>>> this to your ovirtbridge, although I don't know the details of >>>>> your env, >>>>> so >>>>> this is just my best guess. >>>>> >>>>> Marcin >>>>> >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>> Cc: "Ovirt Users"<users@ovirt.org>, "Numan Siddique" >>>>>> <nusiddiq@redhat.com> >>>>>> Sent: Friday, December 30, 2016 1:14:50 AM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt >>>>>> network >>>>>> >>>>>> Even better, if the value is not hardcoded then the configured >>>>>> value is >>>>>> used. Might be that I'm missunderstanding something but this is >>>>>> the >>>>>> behaviour I expected instead of that it is using br-int. >>>>>> >>>>>> Attached is a patch which properly sets up the xml, in case >>>>>> there is >>>>>> already a virtual port there + testcode of some variants >>>>>> >>>>>> /Sverker >>>>>> >>>>>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>>>>> When I change >>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>> >>>>>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>>>>> 'ovirtbridge' then >>>>>>> I get the expected behaviour and I get a working network >>>>>>> connectivity >>>>>>> in my VM with IP provided by dhcp. >>>>>>> >>>>>>> /Sverker >>>>>>> >>>>>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>>>>> By default the vNic profile of my OVN bridge ovirtbridge gets a >>>>>>>> Network filter named vdsm-no-mac-spoofing. If I instead set >>>>>>>> No filter >>>>>>>> then I don't get those ebtables / iptables messages. It seems >>>>>>>> that >>>>>>>> there is some issue between ovirt/vdsm and firewalld, which >>>>>>>> we can >>>>>>>> put to the side for now. >>>>>>>> >>>>>>>> It is not clear for me why the port is added on br-int >>>>>>>> instead of the >>>>>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>>>>> >>>>>>>> /Sverker >>>>>>>> >>>>>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>>>>> The specific command most likely fails because there is no >>>>>>>>> chain >>>>>>>>> named libvirt-J-vnet0, but when should that have been created? >>>>>>>>> /Sverker >>>>>>>>> >>>>>>>>> -------- Vidarebefordrat meddelande -------- >>>>>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt >>>>>>>>> network >>>>>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>>>>> Från: Marcin Mirecki<mmirecki@redhat.com> >>>>>>>>> Till: Sverker Abrahamsson<sverker@abrahamsson.com> >>>>>>>>> Kopia: Ovirt Users<users@ovirt.org>, Lance Richardson >>>>>>>>> <lrichard@redhat.com>, Numan Siddique<nusiddiq@redhat.com> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Let me add the OVN team. >>>>>>>>> >>>>>>>>> Lance, Numan, >>>>>>>>> >>>>>>>>> Can you please look at this? >>>>>>>>> >>>>>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>> More details below >>>>>>>>> >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>> ovirtmgmt >>>>>>>>>> network >>>>>>>>>> >>>>>>>>>> Hi >>>>>>>>>> Same problem still.. >>>>>>>>>> /Sverker >>>>>>>>>> >>>>>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> The tunnels are created to connect multiple OVN controllers. >>>>>>>>>>> If there is only one, there is no need for the tunnels, so >>>>>>>>>>> none >>>>>>>>>>> will be created, this is the correct behavior. >>>>>>>>>>> >>>>>>>>>>> Does the problem still occur after setting configuring the >>>>>>>>>>> OVN-controller? >>>>>>>>>>> >>>>>>>>>>> Marcin >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>> network >>>>>>>>>>>> >>>>>>>>>>>> Hi >>>>>>>>>>>> The rpm packages you listed in the other mail are >>>>>>>>>>>> installed but I >>>>>>>>>>>> had >>>>>>>>>>>> not run vdsm-tool ovn-config to create tunnel as the OVN >>>>>>>>>>>> controller >>>>>>>>>>>> is >>>>>>>>>>>> on the same host. >>>>>>>>>>>> >>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>>>>>>> >>>>>>>>>>>> After removing my manually created br-int and run >>>>>>>>>>>> >>>>>>>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>>>>>>> >>>>>>>>>>>> then I have the br-int but 'ip link show' does not show >>>>>>>>>>>> any link >>>>>>>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. >>>>>>>>>>>> I assume >>>>>>>>>>>> these >>>>>>>>>>>> are when there is an actual tunnel? >>>>>>>>>>>> >>>>>>>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>> Bridge br-int >>>>>>>>>>>> fail_mode: secure >>>>>>>>>>>> Port br-int >>>>>>>>>>>> Interface br-int >>>>>>>>>>>> type: internal >>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>> type: internal >>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>> type: internal >>>>>>>>>>>> Port "eth0" >>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>> >>>>>>>>>>>> [root@h2 ~]# ip link show >>>>>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state >>>>>>>>>>>> UNKNOWN >>>>>>>>>>>> mode >>>>>>>>>>>> DEFAULT qlen 1 >>>>>>>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>>>>>>> 00:00:00:00:00:00 >>>>>>>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>>>>>> pfifo_fast >>>>>>>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>>>> state >>>>>>>>>>>> DOWN >>>>>>>>>>>> mode >>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>> link/ether 5a:14:cf:28:47:e2 brd >>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>> qdisc >>>>>>>>>>>> noqueue >>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>>>> state DOWN >>>>>>>>>>>> mode >>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd >>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>>>> 1500 qdisc >>>>>>>>>>>> noqueue >>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>> link/ether a6:f6:e5:a4:5b:45 brd >>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>>>>>> noqueue >>>>>>>>>>>> master >>>>>>>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>> qdisc >>>>>>>>>>>> noqueue >>>>>>>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>> >>>>>>>>>>>> Firewall settings: >>>>>>>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>>>>>>> work >>>>>>>>>>>> target: default >>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>> interfaces: >>>>>>>>>>>> sources: >>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>> ports: >>>>>>>>>>>> protocols: >>>>>>>>>>>> masquerade: no >>>>>>>>>>>> forward-ports: >>>>>>>>>>>> sourceports: >>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>> rich rules: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> drop >>>>>>>>>>>> target: DROP >>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>> interfaces: >>>>>>>>>>>> sources: >>>>>>>>>>>> services: >>>>>>>>>>>> ports: >>>>>>>>>>>> protocols: >>>>>>>>>>>> masquerade: no >>>>>>>>>>>> forward-ports: >>>>>>>>>>>> sourceports: >>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>> rich rules: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> internal >>>>>>>>>>>> target: default >>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>> interfaces: >>>>>>>>>>>> sources: >>>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>>> ports: >>>>>>>>>>>> protocols: >>>>>>>>>>>> masquerade: no >>>>>>>>>>>> forward-ports: >>>>>>>>>>>> sourceports: >>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>> rich rules: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> external >>>>>>>>>>>> target: default >>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>> interfaces: >>>>>>>>>>>> sources: >>>>>>>>>>>> services: ssh >>>>>>>>>>>> ports: >>>>>>>>>>>> protocols: >>>>>>>>>>>> masquerade: yes >>>>>>>>>>>> forward-ports: >>>>>>>>>>>> sourceports: >>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>> rich rules: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> trusted >>>>>>>>>>>> target: ACCEPT >>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>> interfaces: >>>>>>>>>>>> sources: >>>>>>>>>>>> services: >>>>>>>>>>>> ports: >>>>>>>>>>>> protocols: >>>>>>>>>>>> masquerade: no >>>>>>>>>>>> forward-ports: >>>>>>>>>>>> sourceports: >>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>> rich rules: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> home >>>>>>>>>>>> target: default >>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>> interfaces: >>>>>>>>>>>> sources: >>>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>>> ports: >>>>>>>>>>>> protocols: >>>>>>>>>>>> masquerade: no >>>>>>>>>>>> forward-ports: >>>>>>>>>>>> sourceports: >>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>> rich rules: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> dmz >>>>>>>>>>>> target: default >>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>> interfaces: >>>>>>>>>>>> sources: >>>>>>>>>>>> services: ssh >>>>>>>>>>>> ports: >>>>>>>>>>>> protocols: >>>>>>>>>>>> masquerade: no >>>>>>>>>>>> forward-ports: >>>>>>>>>>>> sourceports: >>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>> rich rules: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> public (active) >>>>>>>>>>>> target: default >>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>> interfaces: eth0 ovsbridge0 >>>>>>>>>>>> sources: >>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>> ports: >>>>>>>>>>>> protocols: >>>>>>>>>>>> masquerade: no >>>>>>>>>>>> forward-ports: >>>>>>>>>>>> sourceports: >>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>> rich rules: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> block >>>>>>>>>>>> target: %%REJECT%% >>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>> interfaces: >>>>>>>>>>>> sources: >>>>>>>>>>>> services: >>>>>>>>>>>> ports: >>>>>>>>>>>> protocols: >>>>>>>>>>>> masquerade: no >>>>>>>>>>>> forward-ports: >>>>>>>>>>>> sourceports: >>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>> rich rules: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ovirt (active) >>>>>>>>>>>> target: default >>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>>>>>>> sources: >>>>>>>>>>>> services: dhcp ovirt-fence-kdump-listener >>>>>>>>>>>> ovirt-http >>>>>>>>>>>> ovirt-https >>>>>>>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>>>>>>> ports: >>>>>>>>>>>> protocols: >>>>>>>>>>>> masquerade: yes >>>>>>>>>>>> forward-ports: >>>>>>>>>>>> sourceports: >>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>> rich rules: >>>>>>>>>>>> rule family="ipv4" port port="6641" >>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>> accept >>>>>>>>>>>> rule family="ipv4" port port="6642" >>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>> accept >>>>>>>>>>>> >>>>>>>>>>>> The db dump is attached >>>>>>>>>>>> /Sverker >>>>>>>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>>>>>>> on the host and send me the output? >>>>>>>>>>>>> >>>>>>>>>>>>> Have you configured the ovn controller to connect to the >>>>>>>>>>>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>>>>>>>>>>> using the OVN tools directly. >>>>>>>>>>>>> Please check >>>>>>>>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>>>>>>> for details. >>>>>>>>>>>>> >>>>>>>>>>>>> Also please note that the OVN provider is completely >>>>>>>>>>>>> different >>>>>>>>>>>>> from the neutron-openvswitch plugin. Please don't mix >>>>>>>>>>>>> the two. >>>>>>>>>>>>> >>>>>>>>>>>>> Marcin >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>> network >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>> >>>>>>>>>>>>>> br-int is the OVN integration bridge, it should have been >>>>>>>>>>>>>> created >>>>>>>>>>>>>> when installing OVN. I assume you have the following >>>>>>>>>>>>>> packages >>>>>>>>>>>>>> installed >>>>>>>>>>>>>> on the host: >>>>>>>>>>>>>> openvswitch-ovn-common >>>>>>>>>>>>>> openvswitch-ovn-host >>>>>>>>>>>>>> python-openvswitch >>>>>>>>>>>>>> >>>>>>>>>>>>>> Please give me some time to look at the connectivity >>>>>>>>>>>>>> problem. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> From >>>>>>>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>>> Googling on the message about br-int suggested adding >>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>> bridge to >>>>>>>>>>>>>>>> ovs: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Then the VM is able to boot, but it fails to get >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> connectivity. >>>>>>>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>> Port "vnet0" >>>>>>>>>>>>>>>> Interface "vnet0" >>>>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>>>>>>> comes from >>>>>>>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>> I first tried to set device name to dummy_0, but >>>>>>>>>>>>>>>>>> then ifup >>>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>> succeed in creating the device unless I first did >>>>>>>>>>>>>>>>>> 'ip link >>>>>>>>>>>>>>>>>> add >>>>>>>>>>>>>>>>>> dummy_0 type dummy' but then it would not suceed to >>>>>>>>>>>>>>>>>> establish >>>>>>>>>>>>>>>>>> the if >>>>>>>>>>>>>>>>>> on reboot. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Setting fake_nics = dummy0 would not work neither, >>>>>>>>>>>>>>>>>> but this >>>>>>>>>>>>>>>>>> works: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> The engine is now able to find the if and assign >>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>>>>>>> it. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, >>>>>>>>>>>>>>>>>> Call >>>>>>>>>>>>>>>>>> Stack: >>>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down >>>>>>>>>>>>>>>>>> with error. >>>>>>>>>>>>>>>>>> Exit >>>>>>>>>>>>>>>>>> message: Cannot get interface MTU on 'br-int': No >>>>>>>>>>>>>>>>>> such >>>>>>>>>>>>>>>>>> device. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes from >>>>>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>>>>> provider. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>>>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>>>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>>>>>>> I'm afraid that the engine is not ready for such a >>>>>>>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> The engine is able to communicate with the host >>>>>>>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>>>>>>> given, it's just that it believes that it HAS to >>>>>>>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>>>>>>> Looking at your description and the exception >>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>>>>>>> The error is caused by not having any network >>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>>>>>>> have no physical nic available) and use this >>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with >>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet >>>>>>>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>>>>>>> You could also attach the vnic for the management >>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>>>>>>> The OVN provider can only handle external >>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right >>>>>>>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge >>>>>>>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> The hosting center where I rent hw instances >>>>>>>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>>>>>>> so I have one physical network port with a /32 >>>>>>>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>>>>>>> config to router. The physical port I connect >>>>>>>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the >>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>>>>>>> to let it have access to the network config >>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with >>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>> OVN provider I am now able to import these >>>>>>>>>>>>>>>>>>>>>>> into the >>>>>>>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>> good. When creating a VM I can select that it >>>>>>>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> However, I can't start the VM as an exception >>>>>>>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>> iterates over host networks to find required >>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I >>>>>>>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also >>>>>>>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>> is provided by the OVN provider, but neither is >>>>>>>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Users mailing list >>>>>>>>> Users@ovirt.org >>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>> _______________________________________________ >>>>>>>> Users mailing list >>>>>>>> Users@ovirt.org >>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> Users@ovirt.org >>>>>>> http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is the content of vdsm.log on h1 at this time: 2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC call VM.create succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') VM wrapper has started (vm:1901) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume path: /rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso (clientIF:374) 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') <?xml version='1.0' encoding='UTF-8'?> <domain xmlns:ovirt="http://ovirt.org/vm/tune/1.0" type="kvm"> <name>CentOS7_3</name> <uuid>6dd5291e-6556-4d29-8b4e-ea896e627645</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <maxMemory slots="16">4294967296</maxMemory> <vcpu current="1">16</vcpu> <devices> <channel type="unix"> <target name="com.redhat.rhevm.vdsm" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.com.redhat.rhevm.vdsm" /> </channel> <channel type="unix"> <target name="org.qemu.guest_agent.0" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.org.qemu.guest_agent.0" /> </channel> <input bus="ps2" type="mouse" /> <memballoon model="virtio" /> <controller index="0" model="virtio-scsi" type="scsi" /> <controller index="0" ports="16" type="virtio-serial" /> <video> <model heads="1" ram="65536" type="qxl" vgamem="16384" vram="32768" /> </video> <graphics autoport="yes" defaultMode="secure" passwd="*****" passwdValidTo="1970-01-01T00:00:01" port="-1" tlsPort="-1" type="spice"> <channel mode="secure" name="main" /> <channel mode="secure" name="inputs" /> <channel mode="secure" name="cursor" /> <channel mode="secure" name="playback" /> <channel mode="secure" name="record" /> <channel mode="secure" name="display" /> <channel mode="secure" name="smartcard" /> <channel mode="secure" name="usbredir" /> <listen network="vdsm-ovirtmgmt" type="network" /> </graphics> <interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface> <disk device="cdrom" snapshot="no" type="file"> <source file="/rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso" startupPolicy="optional" /> <target bus="ide" dev="hdc" /> <readonly /> <boot order="1" /> </disk> <channel type="spicevmc"> <target name="com.redhat.spice.0" type="virtio" /> </channel> </devices> <metadata> <ovirt:qos /> </metadata> <os> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0">hvm</type> <smbios mode="sysinfo" /> <bootmenu enable="yes" timeout="10000" /> </os> <sysinfo type="smbios"> <system> <entry name="manufacturer">oVirt</entry> <entry name="product">oVirt Node</entry> <entry name="version">7-3.1611.el7.centos</entry> <entry name="serial">62f1adff-b29e-4a7c-abba-c2c4c73248c6</entry> <entry name="uuid">6dd5291e-6556-4d29-8b4e-ea896e627645</entry> </system> </sysinfo> <clock adjustment="0" offset="variable"> <timer name="rtc" tickpolicy="catchup" /> <timer name="pit" tickpolicy="delay" /> <timer name="hpet" present="no" /> </clock> <features> <acpi /> </features> <cpu match="exact"> <model>SandyBridge</model> <topology cores="1" sockets="16" threads="1" /> <numa> <cell cpus="0" memory="1048576" /> </numa> </cpu> </domain> (vm:1988) 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: onResume (vm:4863) 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') Starting connection (guestagent:245) 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: domain initialization (vm:4863) 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC call Host.getVMFullList succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize(sdUUID=u'2ee54fb8-48f2-4576-8cff-f2346504b08b', spUUID=u'584ebd64-0268-0193-025b-00000000038e', imgUUID=u'5a3aae57-ffe0-4a3b-aa87-8461669db7f9', volUUID=u'b6a88789-fcb1-4d3e-911b-2a4d3b6c69c7', options=None) (logUtils:49) 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize, Return response: {'truesize': '1859723264', 'apparentsize': '21474836480'} (logUtils:52) 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52) 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52) 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC call Host.getStats succeeded in 0.01 seconds (__init__:515) Vdsm and the OVN driver must have been called as the port IS created, but with the wrong id. I don't find the faulty id in vdsm.log neither, the xml above have the correct id. /Sverker Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:
The port is set up on the host by the ovirt-provider-ovn-driver. The driver is invoked by the vdsm hook whenever any operation on the port is done. Please ensure that this is installed properly. You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the hook was executed properly.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, January 6, 2017 9:00:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I created a new VM in the ui and assigned it to host h1. In /var/log/ovirt-provider-ovn.log I get the following:
2017-01-06 20:54:11,940 Request: GET : /v2.0/ports 2017-01-06 20:54:11,940 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,157 Connected (number of retries: 2) 2017-01-06 20:54:12,158 Response code: 200 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:54:12,160 Request: SHOW : /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 2017-01-06 20:54:12,160 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,377 Connected (number of retries: 2) 2017-01-06 20:54:12,378 Response code: 200 2017-01-06 20:54:12,378 Response body: {"network": {"id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports 2017-01-06 20:54:12,380 Request body: { "port" : { "name" : "nic1", "binding:host_id" : "h1.limetransit.com", "admin_state_up" : true, "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", "device_owner" : "oVirt", "mac_address" : "00:1a:4a:16:01:54", "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" } } 2017-01-06 20:54:12,380 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,610 Connected (number of retries: 2) 2017-01-06 20:54:12,614 Response code: 200 2017-01-06 20:54:12,614 Response body: {"port": {"name": "912cba79-982e-4a87-868e-241fedccb59a", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:54", "id": "912cba79-982e-4a87-868e-241fedccb59a", "device_id": "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}}
h1:/var/log/messages Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- set Interface vnet1 "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set Interface vnet1 "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set Interface vnet1 external-ids:iface-status=active
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 912cba79-982e-4a87-868e-241fedccb59a addresses: ["00:1a:4a:16:01:54"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I.e. same issue /Sverker
Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:
The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following:
2017-01-06 20:19:25,452 Request: GET : /v2.0/ports 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,670 Connected (number of retries: 2) 2017-01-06 20:19:25,670 Response code: 200 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 2017-01-06 20:19:25,673 Request body: { "port" : { "binding:host_id" : "h1.limetransit.com", "security_groups" : null } } 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,890 Connected (number of retries: 2) 2017-01-06 20:19:25,891 Response code: 200 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}}
In /var/log/messages on h1 I get the following:
Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems' Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*. Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
I.e. the port is set up with the wrong ID and not attached to OVN.
If I correct external-ids:iface-id like this: [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\""
then sb is correct: [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages.
If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning. /Sverker
Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:
How did you create this port? From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Tuesday, January 3, 2017 2:06:22 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Found an issue with Ovirt - OVN integration.
Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state:
[root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
sb db after correcting the port:
Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct:
<interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface>
Where is the ovs-vsctl command line built for this call?
/Sverker
Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:
Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list.
Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view..
Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker
Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson: > 1. That is not possible as ovirt (or vdsm) will rewrite the network > configuration to a non-working state. That is why I've set that if as > hidden to vdsm and is why I'm keen on getting OVS/OVN to work > > 2. I've been reading the doc for OVN and starting to connect the > dots, which is not trivial as it is complex. Some insights reached: > > First step is the OVN database, installed by openvswitch-ovn-central, > which I currently have running on h2 host. The 'ovn-nbctl' and > 'ovn-sbctl' commands are only possible to execute on a database node. > Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel > ip>' as arguments, where <ip to database> is how this OVN node > reaches the database and <tunnel ip> is the ip to which other OVN > nodes sets up a tunnel to this node. I.e. it is not for creating a > tunnel to the database which I thought first from the description in > blog post. > > The tunnel between OVN nodes is of type geneve which is a UDP based > protocol but I have not been able to find anywhere which port is used > so that I can open it in firewalld. I have added OVN on another host, > called h1, and connected it to the db. I see there is traffic to the > db port, but I don't see any geneve traffic between the nodes. > > Ovirt is now able to create it's vnet0 interface on the br-int ovs > bridge, but then I run into the next issue. How do I create a > connection from the logical switch to the physical host? I need that > to a) get a connection out to the internet through a masqueraded if > or ipv6 and b) be able to run a dhcp server to give ip's to the VM's. > > /Sverker > > Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki: >> 1. Why not use your physical nic for ovirtmgmt then? >> >> 2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. >> br-int is an internal OVN implementation detail, which the user >> should not care about. What you see in the ovirt UI are logical >> networks. They are implemented as OVN logical switches in case >> of the OVN provider. >> >> Please look at: >> http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >> You can get the latest rpms from here: >> http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov... >> >> >> ----- Original Message ----- >>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>> Cc: "Ovirt Users"<users@ovirt.org> >>> Sent: Friday, December 30, 2016 4:25:58 PM >>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>> ovirtmgmt network >>> >>> 1. No, I did not want to put the ovirtmgmt bridge on my physical >>> nic as >>> it always messed up the network config making the host unreachable. I >>> have put a ovs bridge on this nic which I will use to make tunnels >>> when >>> I add other hosts. Maybe br-int will be used for that instead, will >>> see >>> when I get that far. >>> >>> As it is now I have a dummy if for ovirtmgmt bridge but this will >>> probably not work when I add other hosts as that bridge cannot >>> connect >>> to the other hosts. I'm considering keeping this just as a dummy to >>> keep >>> ovirt engine satisfied while the actual communication will happen >>> over >>> OVN/OVS bridges and tunnels. >>> >>> 2. On >>> https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... >>> >>> there is instructions how to add an OVS bridge to OVN with |ovn-nbctl >>> ls-add <network name>|. If you want to use br-int then it makes >>> sense to >>> make that bridge visible in ovirt webui under networks so that it >>> can be >>> selected for VM's. >>> >>> It quite doesn't make sense to me that I can select other network >>> for my >>> VM but then that setting is not used when setting up the network. >>> >>> /Sverker >>> >>> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: >>>> Hi, >>>> >>>> The OVN provider does not require you to add any bridges manually. >>>> As I understand we were dealing with two problems: >>>> 1. You only had one physical nic and wanted to put a bridge on it, >>>> attaching the management network to the bridge. This was the >>>> reason for >>>> creating the bridge (the recommended setup would be to used a >>>> separate >>>> physical nic for the management network). This bridge has >>>> nothing to >>>> do with the OVN bridge. >>>> 2. OVN - you want to use OVN on this system. For this you have to >>>> install >>>> OVN on your hosts. This should create the br-int bridge, >>>> which are >>>> then used by the OVN provider. This br-int bridge must be >>>> configured >>>> to connect to other hosts using the geneve tunnels. >>>> >>>> In both cases the systems will not be aware of any bridges you >>>> create. >>>> They need a nic (be it physical or virtual) to connect to other >>>> system. >>>> Usually this is the physical nic. In your case you decided to put >>>> a bridge >>>> on the physical nic, and give oVirt a virtual nic attached to this >>>> bridge. >>>> This works, but keep in mind that the bridge you have introduced >>>> is outside >>>> of oVirt's (and OVN) control (and as such is not supported). >>>> >>>>> What is the purpose of >>>>> adding my bridges to Ovirt through the external provider and >>>>> configure >>>>> them on my VM >>>> I am not quite sure I understand. >>>> The external provider (OVN provider to be specific), does not add >>>> any >>>> bridges >>>> to the system. It is using the br-int bridge created by OVN. The >>>> networks >>>> created by the OVN provider are purely logical entities, >>>> implemented using >>>> the OVN br-int bridge. >>>> >>>> Marcin >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>> Sent: Friday, December 30, 2016 12:15:43 PM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt >>>>> network >>>>> >>>>> Hi >>>>> That is the logic I quite don't understand. What is the purpose of >>>>> adding my bridges to Ovirt through the external provider and >>>>> configure >>>>> them on my VM if you are disregarding that and using br-int anyway? >>>>> >>>>> /Sverker >>>>> >>>>> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >>>>>> Sverker, >>>>>> >>>>>> br-int is the integration bridge created by default in OVN. This >>>>>> is the >>>>>> bridge we use for the OVN provider. As OVN is required to be >>>>>> installed, >>>>>> we assume that this bridge is present. >>>>>> Using any other ovs bridge is not supported, and will require >>>>>> custom code >>>>>> changes (such as the ones you created). >>>>>> >>>>>> The proper setup in your case would probably be to create br-int >>>>>> and >>>>>> connect >>>>>> this to your ovirtbridge, although I don't know the details of >>>>>> your env, >>>>>> so >>>>>> this is just my best guess. >>>>>> >>>>>> Marcin >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>> Cc: "Ovirt Users"<users@ovirt.org>, "Numan Siddique" >>>>>>> <nusiddiq@redhat.com> >>>>>>> Sent: Friday, December 30, 2016 1:14:50 AM >>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt >>>>>>> network >>>>>>> >>>>>>> Even better, if the value is not hardcoded then the configured >>>>>>> value is >>>>>>> used. Might be that I'm missunderstanding something but this is >>>>>>> the >>>>>>> behaviour I expected instead of that it is using br-int. >>>>>>> >>>>>>> Attached is a patch which properly sets up the xml, in case >>>>>>> there is >>>>>>> already a virtual port there + testcode of some variants >>>>>>> >>>>>>> /Sverker >>>>>>> >>>>>>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>>>>>> When I change >>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>> >>>>>>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>>>>>> 'ovirtbridge' then >>>>>>>> I get the expected behaviour and I get a working network >>>>>>>> connectivity >>>>>>>> in my VM with IP provided by dhcp. >>>>>>>> >>>>>>>> /Sverker >>>>>>>> >>>>>>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>>>>>> By default the vNic profile of my OVN bridge ovirtbridge gets a >>>>>>>>> Network filter named vdsm-no-mac-spoofing. If I instead set >>>>>>>>> No filter >>>>>>>>> then I don't get those ebtables / iptables messages. It seems >>>>>>>>> that >>>>>>>>> there is some issue between ovirt/vdsm and firewalld, which >>>>>>>>> we can >>>>>>>>> put to the side for now. >>>>>>>>> >>>>>>>>> It is not clear for me why the port is added on br-int >>>>>>>>> instead of the >>>>>>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>>>>>> >>>>>>>>> /Sverker >>>>>>>>> >>>>>>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>>>>>> The specific command most likely fails because there is no >>>>>>>>>> chain >>>>>>>>>> named libvirt-J-vnet0, but when should that have been created? >>>>>>>>>> /Sverker >>>>>>>>>> >>>>>>>>>> -------- Vidarebefordrat meddelande -------- >>>>>>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>> ovirtmgmt >>>>>>>>>> network >>>>>>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>>>>>> Från: Marcin Mirecki<mmirecki@redhat.com> >>>>>>>>>> Till: Sverker Abrahamsson<sverker@abrahamsson.com> >>>>>>>>>> Kopia: Ovirt Users<users@ovirt.org>, Lance Richardson >>>>>>>>>> <lrichard@redhat.com>, Numan Siddique<nusiddiq@redhat.com> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Let me add the OVN team. >>>>>>>>>> >>>>>>>>>> Lance, Numan, >>>>>>>>>> >>>>>>>>>> Can you please look at this? >>>>>>>>>> >>>>>>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>> More details below >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>> ovirtmgmt >>>>>>>>>>> network >>>>>>>>>>> >>>>>>>>>>> Hi >>>>>>>>>>> Same problem still.. >>>>>>>>>>> /Sverker >>>>>>>>>>> >>>>>>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> The tunnels are created to connect multiple OVN controllers. >>>>>>>>>>>> If there is only one, there is no need for the tunnels, so >>>>>>>>>>>> none >>>>>>>>>>>> will be created, this is the correct behavior. >>>>>>>>>>>> >>>>>>>>>>>> Does the problem still occur after setting configuring the >>>>>>>>>>>> OVN-controller? >>>>>>>>>>>> >>>>>>>>>>>> Marcin >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>> network >>>>>>>>>>>>> >>>>>>>>>>>>> Hi >>>>>>>>>>>>> The rpm packages you listed in the other mail are >>>>>>>>>>>>> installed but I >>>>>>>>>>>>> had >>>>>>>>>>>>> not run vdsm-tool ovn-config to create tunnel as the OVN >>>>>>>>>>>>> controller >>>>>>>>>>>>> is >>>>>>>>>>>>> on the same host. >>>>>>>>>>>>> >>>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>>>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>>>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>>>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>>>>>>>> >>>>>>>>>>>>> After removing my manually created br-int and run >>>>>>>>>>>>> >>>>>>>>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>>>>>>>> >>>>>>>>>>>>> then I have the br-int but 'ip link show' does not show >>>>>>>>>>>>> any link >>>>>>>>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. >>>>>>>>>>>>> I assume >>>>>>>>>>>>> these >>>>>>>>>>>>> are when there is an actual tunnel? >>>>>>>>>>>>> >>>>>>>>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>> fail_mode: secure >>>>>>>>>>>>> Port br-int >>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>> type: internal >>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>> type: internal >>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>> type: internal >>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>> >>>>>>>>>>>>> [root@h2 ~]# ip link show >>>>>>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state >>>>>>>>>>>>> UNKNOWN >>>>>>>>>>>>> mode >>>>>>>>>>>>> DEFAULT qlen 1 >>>>>>>>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>>>>>>>> 00:00:00:00:00:00 >>>>>>>>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>>>>>>> pfifo_fast >>>>>>>>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>>>>> state >>>>>>>>>>>>> DOWN >>>>>>>>>>>>> mode >>>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>>> link/ether 5a:14:cf:28:47:e2 brd >>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>>> qdisc >>>>>>>>>>>>> noqueue >>>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>>>>> state DOWN >>>>>>>>>>>>> mode >>>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd >>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>>>>> 1500 qdisc >>>>>>>>>>>>> noqueue >>>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>> link/ether a6:f6:e5:a4:5b:45 brd >>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc >>>>>>>>>>>>> noqueue >>>>>>>>>>>>> master >>>>>>>>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>>> qdisc >>>>>>>>>>>>> noqueue >>>>>>>>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>> >>>>>>>>>>>>> Firewall settings: >>>>>>>>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>>>>>>>> work >>>>>>>>>>>>> target: default >>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>> interfaces: >>>>>>>>>>>>> sources: >>>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>>> ports: >>>>>>>>>>>>> protocols: >>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>> sourceports: >>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>> rich rules: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> drop >>>>>>>>>>>>> target: DROP >>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>> interfaces: >>>>>>>>>>>>> sources: >>>>>>>>>>>>> services: >>>>>>>>>>>>> ports: >>>>>>>>>>>>> protocols: >>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>> sourceports: >>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>> rich rules: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> internal >>>>>>>>>>>>> target: default >>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>> interfaces: >>>>>>>>>>>>> sources: >>>>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>>>> ports: >>>>>>>>>>>>> protocols: >>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>> sourceports: >>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>> rich rules: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> external >>>>>>>>>>>>> target: default >>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>> interfaces: >>>>>>>>>>>>> sources: >>>>>>>>>>>>> services: ssh >>>>>>>>>>>>> ports: >>>>>>>>>>>>> protocols: >>>>>>>>>>>>> masquerade: yes >>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>> sourceports: >>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>> rich rules: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> trusted >>>>>>>>>>>>> target: ACCEPT >>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>> interfaces: >>>>>>>>>>>>> sources: >>>>>>>>>>>>> services: >>>>>>>>>>>>> ports: >>>>>>>>>>>>> protocols: >>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>> sourceports: >>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>> rich rules: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> home >>>>>>>>>>>>> target: default >>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>> interfaces: >>>>>>>>>>>>> sources: >>>>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>>>> ports: >>>>>>>>>>>>> protocols: >>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>> sourceports: >>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>> rich rules: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> dmz >>>>>>>>>>>>> target: default >>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>> interfaces: >>>>>>>>>>>>> sources: >>>>>>>>>>>>> services: ssh >>>>>>>>>>>>> ports: >>>>>>>>>>>>> protocols: >>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>> sourceports: >>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>> rich rules: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> public (active) >>>>>>>>>>>>> target: default >>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>> interfaces: eth0 ovsbridge0 >>>>>>>>>>>>> sources: >>>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>>> ports: >>>>>>>>>>>>> protocols: >>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>> sourceports: >>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>> rich rules: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> block >>>>>>>>>>>>> target: %%REJECT%% >>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>> interfaces: >>>>>>>>>>>>> sources: >>>>>>>>>>>>> services: >>>>>>>>>>>>> ports: >>>>>>>>>>>>> protocols: >>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>> sourceports: >>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>> rich rules: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ovirt (active) >>>>>>>>>>>>> target: default >>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>>>>>>>> sources: >>>>>>>>>>>>> services: dhcp ovirt-fence-kdump-listener >>>>>>>>>>>>> ovirt-http >>>>>>>>>>>>> ovirt-https >>>>>>>>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>>>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>>>>>>>> ports: >>>>>>>>>>>>> protocols: >>>>>>>>>>>>> masquerade: yes >>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>> sourceports: >>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>> rich rules: >>>>>>>>>>>>> rule family="ipv4" port port="6641" >>>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>>> accept >>>>>>>>>>>>> rule family="ipv4" port port="6642" >>>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>>> accept >>>>>>>>>>>>> >>>>>>>>>>>>> The db dump is attached >>>>>>>>>>>>> /Sverker >>>>>>>>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>>>>>>>> on the host and send me the output? >>>>>>>>>>>>>> >>>>>>>>>>>>>> Have you configured the ovn controller to connect to the >>>>>>>>>>>>>> OVN north? You can do it using "vdsm-tool ovn-config" or >>>>>>>>>>>>>> using the OVN tools directly. >>>>>>>>>>>>>> Please check >>>>>>>>>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>>>>>>>> for details. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Also please note that the OVN provider is completely >>>>>>>>>>>>>> different >>>>>>>>>>>>>> from the neutron-openvswitch plugin. Please don't mix >>>>>>>>>>>>>> the two. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> br-int is the OVN integration bridge, it should have been >>>>>>>>>>>>>>> created >>>>>>>>>>>>>>> when installing OVN. I assume you have the following >>>>>>>>>>>>>>> packages >>>>>>>>>>>>>>> installed >>>>>>>>>>>>>>> on the host: >>>>>>>>>>>>>>> openvswitch-ovn-common >>>>>>>>>>>>>>> openvswitch-ovn-host >>>>>>>>>>>>>>> python-openvswitch >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Please give me some time to look at the connectivity >>>>>>>>>>>>>>> problem. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> From >>>>>>>>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>>>> Googling on the message about br-int suggested adding >>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>> bridge to >>>>>>>>>>>>>>>>> ovs: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Then the VM is able to boot, but it fails to get >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> connectivity. >>>>>>>>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev >>>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev >>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING >>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: >>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>> Port "vnet0" >>>>>>>>>>>>>>>>> Interface "vnet0" >>>>>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>>>>>>>> comes from >>>>>>>>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>> I first tried to set device name to dummy_0, but >>>>>>>>>>>>>>>>>>> then ifup >>>>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>> succeed in creating the device unless I first did >>>>>>>>>>>>>>>>>>> 'ip link >>>>>>>>>>>>>>>>>>> add >>>>>>>>>>>>>>>>>>> dummy_0 type dummy' but then it would not suceed to >>>>>>>>>>>>>>>>>>> establish >>>>>>>>>>>>>>>>>>> the if >>>>>>>>>>>>>>>>>>> on reboot. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Setting fake_nics = dummy0 would not work neither, >>>>>>>>>>>>>>>>>>> but this >>>>>>>>>>>>>>>>>>> works: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> The engine is now able to find the if and assign >>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>>>>>>>> it. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: null, >>>>>>>>>>>>>>>>>>> Call >>>>>>>>>>>>>>>>>>> Stack: >>>>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down >>>>>>>>>>>>>>>>>>> with error. >>>>>>>>>>>>>>>>>>> Exit >>>>>>>>>>>>>>>>>>> message: Cannot get interface MTU on 'br-int': No >>>>>>>>>>>>>>>>>>> such >>>>>>>>>>>>>>>>>>> device. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes from >>>>>>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>>>>>> provider. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Can you try adding a vnic named veth_* or dummy_*, >>>>>>>>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>>>>>>>> vdsm.config fake_nics), and setup the management >>>>>>>>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>>>>>>>> I suppose adding the vnic you use for connecting >>>>>>>>>>>>>>>>>>>> to the engine to fake_nics should make it visible >>>>>>>>>>>>>>>>>>>> to the engine, and you should be able to use it for >>>>>>>>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>>>>>>>> I'm afraid that the engine is not ready for such a >>>>>>>>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>>>>>>>> Please give me some time to look for a solution. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 11:48:24 AM >>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called ovirtbridge >>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> The engine is able to communicate with the host >>>>>>>>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>>>>>>>> given, it's just that it believes that it HAS to >>>>>>>>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>>>>>>>> Looking at your description and the exception >>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>>>>>>>> The error is caused by not having any network >>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>> gets all the networks on nics for a host from >>>>>>>>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Could you maybe create a virtual nic connected to >>>>>>>>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>>>>>>>> have no physical nic available) and use this >>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with >>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet >>>>>>>>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>>>>>>>> You could also attach the vnic for the management >>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>>>>>>>> The OVN provider can only handle external >>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:39:59 AM >>>>>>>>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right >>>>>>>>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt bridge >>>>>>>>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> The hosting center where I rent hw instances >>>>>>>>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>>>>>>>> so I have one physical network port with a /32 >>>>>>>>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>>>>>>>> config to router. The physical port I connect >>>>>>>>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the >>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>>>>>>>> to let it have access to the network config >>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with ovirt, with >>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>> OVN provider I am now able to import these >>>>>>>>>>>>>>>>>>>>>>>> into the >>>>>>>>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>>> good. When creating a VM I can select that it >>>>>>>>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> However, I can't start the VM as an exception >>>>>>>>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>>> iterates over host networks to find required >>>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup dialog I >>>>>>>>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also >>>>>>>>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>>>>>>>> can't be statically assigned as they are added >>>>>>>>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> I believe that I either need to remove ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>>> is provided by the OVN provider, but neither is >>>>>>>>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Users mailing list >>>>>>>>>> Users@ovirt.org >>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>> _______________________________________________ >>>>>>>>> Users mailing list >>>>>>>>> Users@ovirt.org >>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>> _______________________________________________ >>>>>>>> Users mailing list >>>>>>>> Users@ovirt.org >>>>>>>> http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Ok, found it. The issue is right here: <interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface> There are two elements for virtualport, the first without id and the second with. On h2 I had fixed this which was the patch I posted earlier although I switched back to use br-int after understanding that was the correct way. When that hook was copied to h1 the port gets attached fine. Patch with updated testcase attached. /Sverker Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:
This is the content of vdsm.log on h1 at this time:
2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC call VM.create succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') VM wrapper has started (vm:1901) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume path: /rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso (clientIF:374) 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') <?xml version='1.0' encoding='UTF-8'?> <domain xmlns:ovirt="http://ovirt.org/vm/tune/1.0" type="kvm"> <name>CentOS7_3</name> <uuid>6dd5291e-6556-4d29-8b4e-ea896e627645</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <maxMemory slots="16">4294967296</maxMemory> <vcpu current="1">16</vcpu> <devices> <channel type="unix"> <target name="com.redhat.rhevm.vdsm" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.com.redhat.rhevm.vdsm" /> </channel> <channel type="unix"> <target name="org.qemu.guest_agent.0" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.org.qemu.guest_agent.0" /> </channel> <input bus="ps2" type="mouse" /> <memballoon model="virtio" /> <controller index="0" model="virtio-scsi" type="scsi" /> <controller index="0" ports="16" type="virtio-serial" /> <video> <model heads="1" ram="65536" type="qxl" vgamem="16384" vram="32768" /> </video> <graphics autoport="yes" defaultMode="secure" passwd="*****" passwdValidTo="1970-01-01T00:00:01" port="-1" tlsPort="-1" type="spice"> <channel mode="secure" name="main" /> <channel mode="secure" name="inputs" /> <channel mode="secure" name="cursor" /> <channel mode="secure" name="playback" /> <channel mode="secure" name="record" /> <channel mode="secure" name="display" /> <channel mode="secure" name="smartcard" /> <channel mode="secure" name="usbredir" /> <listen network="vdsm-ovirtmgmt" type="network" /> </graphics> <interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface> <disk device="cdrom" snapshot="no" type="file"> <source file="/rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso" startupPolicy="optional" /> <target bus="ide" dev="hdc" /> <readonly /> <boot order="1" /> </disk> <channel type="spicevmc"> <target name="com.redhat.spice.0" type="virtio" /> </channel> </devices> <metadata> <ovirt:qos /> </metadata> <os> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0">hvm</type> <smbios mode="sysinfo" /> <bootmenu enable="yes" timeout="10000" /> </os> <sysinfo type="smbios"> <system> <entry name="manufacturer">oVirt</entry> <entry name="product">oVirt Node</entry> <entry name="version">7-3.1611.el7.centos</entry> <entry name="serial">62f1adff-b29e-4a7c-abba-c2c4c73248c6</entry> <entry name="uuid">6dd5291e-6556-4d29-8b4e-ea896e627645</entry> </system> </sysinfo> <clock adjustment="0" offset="variable"> <timer name="rtc" tickpolicy="catchup" /> <timer name="pit" tickpolicy="delay" /> <timer name="hpet" present="no" /> </clock> <features> <acpi /> </features> <cpu match="exact"> <model>SandyBridge</model> <topology cores="1" sockets="16" threads="1" /> <numa> <cell cpus="0" memory="1048576" /> </numa> </cpu> </domain> (vm:1988) 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: onResume (vm:4863) 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') Starting connection (guestagent:245) 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: domain initialization (vm:4863) 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC call Host.getVMFullList succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize(sdUUID=u'2ee54fb8-48f2-4576-8cff-f2346504b08b', spUUID=u'584ebd64-0268-0193-025b-00000000038e', imgUUID=u'5a3aae57-ffe0-4a3b-aa87-8461669db7f9', volUUID=u'b6a88789-fcb1-4d3e-911b-2a4d3b6c69c7', options=None) (logUtils:49) 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize, Return response: {'truesize': '1859723264', 'apparentsize': '21474836480'} (logUtils:52) 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52) 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52) 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC call Host.getStats succeeded in 0.01 seconds (__init__:515)
Vdsm and the OVN driver must have been called as the port IS created, but with the wrong id. I don't find the faulty id in vdsm.log neither, the xml above have the correct id. /Sverker
Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:
The port is set up on the host by the ovirt-provider-ovn-driver. The driver is invoked by the vdsm hook whenever any operation on the port is done. Please ensure that this is installed properly. You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the hook was executed properly.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, January 6, 2017 9:00:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I created a new VM in the ui and assigned it to host h1. In /var/log/ovirt-provider-ovn.log I get the following:
2017-01-06 20:54:11,940 Request: GET : /v2.0/ports 2017-01-06 20:54:11,940 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,157 Connected (number of retries: 2) 2017-01-06 20:54:12,158 Response code: 200 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:54:12,160 Request: SHOW : /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 2017-01-06 20:54:12,160 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,377 Connected (number of retries: 2) 2017-01-06 20:54:12,378 Response code: 200 2017-01-06 20:54:12,378 Response body: {"network": {"id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports 2017-01-06 20:54:12,380 Request body: { "port" : { "name" : "nic1", "binding:host_id" : "h1.limetransit.com", "admin_state_up" : true, "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", "device_owner" : "oVirt", "mac_address" : "00:1a:4a:16:01:54", "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" } } 2017-01-06 20:54:12,380 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,610 Connected (number of retries: 2) 2017-01-06 20:54:12,614 Response code: 200 2017-01-06 20:54:12,614 Response body: {"port": {"name": "912cba79-982e-4a87-868e-241fedccb59a", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:54", "id": "912cba79-982e-4a87-868e-241fedccb59a", "device_id": "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}}
h1:/var/log/messages Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- set Interface vnet1 "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set Interface vnet1 "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set Interface vnet1 external-ids:iface-status=active
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 912cba79-982e-4a87-868e-241fedccb59a addresses: ["00:1a:4a:16:01:54"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I.e. same issue /Sverker
Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:
The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following:
2017-01-06 20:19:25,452 Request: GET : /v2.0/ports 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,670 Connected (number of retries: 2) 2017-01-06 20:19:25,670 Response code: 200 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 2017-01-06 20:19:25,673 Request body: { "port" : { "binding:host_id" : "h1.limetransit.com", "security_groups" : null } } 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,890 Connected (number of retries: 2) 2017-01-06 20:19:25,891 Response code: 200 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}}
In /var/log/messages on h1 I get the following:
Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems' Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*. Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
I.e. the port is set up with the wrong ID and not attached to OVN.
If I correct external-ids:iface-id like this: [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\""
then sb is correct: [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages.
If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning. /Sverker
Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:
How did you create this port? From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com> To: "Marcin Mirecki"<mmirecki@redhat.com> Cc: "Ovirt Users"<users@ovirt.org> Sent: Tuesday, January 3, 2017 2:06:22 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Found an issue with Ovirt - OVN integration.
Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state:
[root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
sb db after correcting the port:
Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct:
<interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface>
Where is the ovs-vsctl command line built for this call?
/Sverker
Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson: > Got it to work now by following the env8 example in OVN tutorial, > where a port is added with type l2gateway. Not sure how that is > different from the localnet variant, but didn't suceed in > getting that > one working. Now I'm able to ping and telnet over the tunnel, > but not > ssh even when the port is answering on telnet. Neither does nfs > traffic work even though mount did. Suspecting MTU issue. I did > notice > that ovn-controller starts too early, before network interfaces are > established and hence can't reach the db. As these is a purely > OVS/OVN > issue I'll ask about it on their mailing list. > > Getting back to the original issue with Ovirt, I've now added the > second host h1 to ovirt-engine. Had to do the same as with h2 to > create a dummy ovirtmgmt network but configured access via the > public > IP. My firewall settings was replaced with iptables config and > vdsm.conf was overwritten when engine was set up, so those had > to be > manually restored. It would be preferable if it would be > possible to > configure ovirt-engine that it does not "own" the host and instead > comply with the settings it has instead of enforcing it's own > view.. > > Apart from that it seems the second host works, although I need to > resolve the traffic issue over the OVS tunnel. > /Sverker > > Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson: >> 1. That is not possible as ovirt (or vdsm) will rewrite the >> network >> configuration to a non-working state. That is why I've set that >> if as >> hidden to vdsm and is why I'm keen on getting OVS/OVN to work >> >> 2. I've been reading the doc for OVN and starting to connect the >> dots, which is not trivial as it is complex. Some insights >> reached: >> >> First step is the OVN database, installed by >> openvswitch-ovn-central, >> which I currently have running on h2 host. The 'ovn-nbctl' and >> 'ovn-sbctl' commands are only possible to execute on a database >> node. >> Two ip's are given to 'vdsm-tool ovn-config <ip to database> >> <tunnel >> ip>' as arguments, where <ip to database> is how this OVN node >> reaches the database and <tunnel ip> is the ip to which other OVN >> nodes sets up a tunnel to this node. I.e. it is not for creating a >> tunnel to the database which I thought first from the >> description in >> blog post. >> >> The tunnel between OVN nodes is of type geneve which is a UDP >> based >> protocol but I have not been able to find anywhere which port >> is used >> so that I can open it in firewalld. I have added OVN on another >> host, >> called h1, and connected it to the db. I see there is traffic >> to the >> db port, but I don't see any geneve traffic between the nodes. >> >> Ovirt is now able to create it's vnet0 interface on the br-int ovs >> bridge, but then I run into the next issue. How do I create a >> connection from the logical switch to the physical host? I need >> that >> to a) get a connection out to the internet through a >> masqueraded if >> or ipv6 and b) be able to run a dhcp server to give ip's to the >> VM's. >> >> /Sverker >> >> Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki: >>> 1. Why not use your physical nic for ovirtmgmt then? >>> >>> 2. "ovn-nbctl ls-add" does not add a bridge, but a logical >>> switch. >>> br-int is an internal OVN implementation detail, which >>> the user >>> should not care about. What you see in the ovirt UI are >>> logical >>> networks. They are implemented as OVN logical switches >>> in case >>> of the OVN provider. >>> >>> Please look at: >>> http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>> You can get the latest rpms from here: >>> http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov... >>> >>> >>> >>> ----- Original Message ----- >>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>> Cc: "Ovirt Users"<users@ovirt.org> >>>> Sent: Friday, December 30, 2016 4:25:58 PM >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt network >>>> >>>> 1. No, I did not want to put the ovirtmgmt bridge on my physical >>>> nic as >>>> it always messed up the network config making the host >>>> unreachable. I >>>> have put a ovs bridge on this nic which I will use to make >>>> tunnels >>>> when >>>> I add other hosts. Maybe br-int will be used for that >>>> instead, will >>>> see >>>> when I get that far. >>>> >>>> As it is now I have a dummy if for ovirtmgmt bridge but this >>>> will >>>> probably not work when I add other hosts as that bridge cannot >>>> connect >>>> to the other hosts. I'm considering keeping this just as a >>>> dummy to >>>> keep >>>> ovirt engine satisfied while the actual communication will >>>> happen >>>> over >>>> OVN/OVS bridges and tunnels. >>>> >>>> 2. On >>>> https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... >>>> >>>> >>>> there is instructions how to add an OVS bridge to OVN with >>>> |ovn-nbctl >>>> ls-add <network name>|. If you want to use br-int then it makes >>>> sense to >>>> make that bridge visible in ovirt webui under networks so >>>> that it >>>> can be >>>> selected for VM's. >>>> >>>> It quite doesn't make sense to me that I can select other >>>> network >>>> for my >>>> VM but then that setting is not used when setting up the >>>> network. >>>> >>>> /Sverker >>>> >>>> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: >>>>> Hi, >>>>> >>>>> The OVN provider does not require you to add any bridges >>>>> manually. >>>>> As I understand we were dealing with two problems: >>>>> 1. You only had one physical nic and wanted to put a bridge >>>>> on it, >>>>> attaching the management network to the bridge. This >>>>> was the >>>>> reason for >>>>> creating the bridge (the recommended setup would be >>>>> to used a >>>>> separate >>>>> physical nic for the management network). This bridge >>>>> has >>>>> nothing to >>>>> do with the OVN bridge. >>>>> 2. OVN - you want to use OVN on this system. For this you >>>>> have to >>>>> install >>>>> OVN on your hosts. This should create the br-int bridge, >>>>> which are >>>>> then used by the OVN provider. This br-int bridge >>>>> must be >>>>> configured >>>>> to connect to other hosts using the geneve tunnels. >>>>> >>>>> In both cases the systems will not be aware of any bridges you >>>>> create. >>>>> They need a nic (be it physical or virtual) to connect to other >>>>> system. >>>>> Usually this is the physical nic. In your case you decided >>>>> to put >>>>> a bridge >>>>> on the physical nic, and give oVirt a virtual nic attached >>>>> to this >>>>> bridge. >>>>> This works, but keep in mind that the bridge you have >>>>> introduced >>>>> is outside >>>>> of oVirt's (and OVN) control (and as such is not supported). >>>>> >>>>>> What is the purpose of >>>>>> adding my bridges to Ovirt through the external provider and >>>>>> configure >>>>>> them on my VM >>>>> I am not quite sure I understand. >>>>> The external provider (OVN provider to be specific), does >>>>> not add >>>>> any >>>>> bridges >>>>> to the system. It is using the br-int bridge created by OVN. >>>>> The >>>>> networks >>>>> created by the OVN provider are purely logical entities, >>>>> implemented using >>>>> the OVN br-int bridge. >>>>> >>>>> Marcin >>>>> >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>> Sent: Friday, December 30, 2016 12:15:43 PM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt >>>>>> network >>>>>> >>>>>> Hi >>>>>> That is the logic I quite don't understand. What is the >>>>>> purpose of >>>>>> adding my bridges to Ovirt through the external provider and >>>>>> configure >>>>>> them on my VM if you are disregarding that and using br-int >>>>>> anyway? >>>>>> >>>>>> /Sverker >>>>>> >>>>>> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >>>>>>> Sverker, >>>>>>> >>>>>>> br-int is the integration bridge created by default in >>>>>>> OVN. This >>>>>>> is the >>>>>>> bridge we use for the OVN provider. As OVN is required to be >>>>>>> installed, >>>>>>> we assume that this bridge is present. >>>>>>> Using any other ovs bridge is not supported, and will require >>>>>>> custom code >>>>>>> changes (such as the ones you created). >>>>>>> >>>>>>> The proper setup in your case would probably be to create >>>>>>> br-int >>>>>>> and >>>>>>> connect >>>>>>> this to your ovirtbridge, although I don't know the >>>>>>> details of >>>>>>> your env, >>>>>>> so >>>>>>> this is just my best guess. >>>>>>> >>>>>>> Marcin >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>> Cc: "Ovirt Users"<users@ovirt.org>, "Numan Siddique" >>>>>>>> <nusiddiq@redhat.com> >>>>>>>> Sent: Friday, December 30, 2016 1:14:50 AM >>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt >>>>>>>> network >>>>>>>> >>>>>>>> Even better, if the value is not hardcoded then the >>>>>>>> configured >>>>>>>> value is >>>>>>>> used. Might be that I'm missunderstanding something but >>>>>>>> this is >>>>>>>> the >>>>>>>> behaviour I expected instead of that it is using br-int. >>>>>>>> >>>>>>>> Attached is a patch which properly sets up the xml, in case >>>>>>>> there is >>>>>>>> already a virtual port there + testcode of some variants >>>>>>>> >>>>>>>> /Sverker >>>>>>>> >>>>>>>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>>>>>>> When I change >>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>> >>>>>>>>> >>>>>>>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>>>>>>> 'ovirtbridge' then >>>>>>>>> I get the expected behaviour and I get a working network >>>>>>>>> connectivity >>>>>>>>> in my VM with IP provided by dhcp. >>>>>>>>> >>>>>>>>> /Sverker >>>>>>>>> >>>>>>>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>>>>>>> By default the vNic profile of my OVN bridge >>>>>>>>>> ovirtbridge gets a >>>>>>>>>> Network filter named vdsm-no-mac-spoofing. If I instead >>>>>>>>>> set >>>>>>>>>> No filter >>>>>>>>>> then I don't get those ebtables / iptables messages. It >>>>>>>>>> seems >>>>>>>>>> that >>>>>>>>>> there is some issue between ovirt/vdsm and firewalld, >>>>>>>>>> which >>>>>>>>>> we can >>>>>>>>>> put to the side for now. >>>>>>>>>> >>>>>>>>>> It is not clear for me why the port is added on br-int >>>>>>>>>> instead of the >>>>>>>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>>>>>>> >>>>>>>>>> /Sverker >>>>>>>>>> >>>>>>>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>>>>>>> The specific command most likely fails because there >>>>>>>>>>> is no >>>>>>>>>>> chain >>>>>>>>>>> named libvirt-J-vnet0, but when should that have been >>>>>>>>>>> created? >>>>>>>>>>> /Sverker >>>>>>>>>>> >>>>>>>>>>> -------- Vidarebefordrat meddelande -------- >>>>>>>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>> mandatory >>>>>>>>>>> ovirtmgmt >>>>>>>>>>> network >>>>>>>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>>>>>>> Från: Marcin Mirecki<mmirecki@redhat.com> >>>>>>>>>>> Till: Sverker Abrahamsson<sverker@abrahamsson.com> >>>>>>>>>>> Kopia: Ovirt Users<users@ovirt.org>, Lance Richardson >>>>>>>>>>> <lrichard@redhat.com>, Numan >>>>>>>>>>> Siddique<nusiddiq@redhat.com> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Let me add the OVN team. >>>>>>>>>>> >>>>>>>>>>> Lance, Numan, >>>>>>>>>>> >>>>>>>>>>> Can you please look at this? >>>>>>>>>>> >>>>>>>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- >>>>>>>>>>>>>>>>>> add-port >>>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>> More details below >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>> mandatory >>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>> network >>>>>>>>>>>> >>>>>>>>>>>> Hi >>>>>>>>>>>> Same problem still.. >>>>>>>>>>>> /Sverker >>>>>>>>>>>> >>>>>>>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> The tunnels are created to connect multiple OVN >>>>>>>>>>>>> controllers. >>>>>>>>>>>>> If there is only one, there is no need for the >>>>>>>>>>>>> tunnels, so >>>>>>>>>>>>> none >>>>>>>>>>>>> will be created, this is the correct behavior. >>>>>>>>>>>>> >>>>>>>>>>>>> Does the problem still occur after setting >>>>>>>>>>>>> configuring the >>>>>>>>>>>>> OVN-controller? >>>>>>>>>>>>> >>>>>>>>>>>>> Marcin >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>> network >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi >>>>>>>>>>>>>> The rpm packages you listed in the other mail are >>>>>>>>>>>>>> installed but I >>>>>>>>>>>>>> had >>>>>>>>>>>>>> not run vdsm-tool ovn-config to create tunnel as >>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>> controller >>>>>>>>>>>>>> is >>>>>>>>>>>>>> on the same host. >>>>>>>>>>>>>> >>>>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>>>>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>>>>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>>>>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>>>>>>>>> >>>>>>>>>>>>>> After removing my manually created br-int and run >>>>>>>>>>>>>> >>>>>>>>>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>>>>>>>>> >>>>>>>>>>>>>> then I have the br-int but 'ip link show' does not >>>>>>>>>>>>>> show >>>>>>>>>>>>>> any link >>>>>>>>>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for >>>>>>>>>>>>>> ovn. >>>>>>>>>>>>>> I assume >>>>>>>>>>>>>> these >>>>>>>>>>>>>> are when there is an actual tunnel? >>>>>>>>>>>>>> >>>>>>>>>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>> fail_mode: secure >>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>> >>>>>>>>>>>>>> [root@h2 ~]# ip link show >>>>>>>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc >>>>>>>>>>>>>> noqueue state >>>>>>>>>>>>>> UNKNOWN >>>>>>>>>>>>>> mode >>>>>>>>>>>>>> DEFAULT qlen 1 >>>>>>>>>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>>>>>>>>> 00:00:00:00:00:00 >>>>>>>>>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>> pfifo_fast >>>>>>>>>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc >>>>>>>>>>>>>> noop >>>>>>>>>>>>>> state >>>>>>>>>>>>>> DOWN >>>>>>>>>>>>>> mode >>>>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>>>> link/ether 5a:14:cf:28:47:e2 brd >>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> >>>>>>>>>>>>>> mtu 1500 >>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>>>>>> state DOWN >>>>>>>>>>>>>> mode >>>>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd >>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>>>>>> 1500 qdisc >>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>> link/ether a6:f6:e5:a4:5b:45 brd >>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>> master >>>>>>>>>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>>>>>> 1500 >>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>> >>>>>>>>>>>>>> Firewall settings: >>>>>>>>>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>>>>>>>>> work >>>>>>>>>>>>>> target: default >>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>> sources: >>>>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>>>> ports: >>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> drop >>>>>>>>>>>>>> target: DROP >>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>> sources: >>>>>>>>>>>>>> services: >>>>>>>>>>>>>> ports: >>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> internal >>>>>>>>>>>>>> target: default >>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>> sources: >>>>>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>>>>> ports: >>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> external >>>>>>>>>>>>>> target: default >>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>> sources: >>>>>>>>>>>>>> services: ssh >>>>>>>>>>>>>> ports: >>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>> masquerade: yes >>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> trusted >>>>>>>>>>>>>> target: ACCEPT >>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>> sources: >>>>>>>>>>>>>> services: >>>>>>>>>>>>>> ports: >>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> home >>>>>>>>>>>>>> target: default >>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>> sources: >>>>>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>>>>> ports: >>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> dmz >>>>>>>>>>>>>> target: default >>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>> sources: >>>>>>>>>>>>>> services: ssh >>>>>>>>>>>>>> ports: >>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> public (active) >>>>>>>>>>>>>> target: default >>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>> interfaces: eth0 ovsbridge0 >>>>>>>>>>>>>> sources: >>>>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>>>> ports: >>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> block >>>>>>>>>>>>>> target: %%REJECT%% >>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>> sources: >>>>>>>>>>>>>> services: >>>>>>>>>>>>>> ports: >>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ovirt (active) >>>>>>>>>>>>>> target: default >>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>>>>>>>>> sources: >>>>>>>>>>>>>> services: dhcp ovirt-fence-kdump-listener >>>>>>>>>>>>>> ovirt-http >>>>>>>>>>>>>> ovirt-https >>>>>>>>>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>>>>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>>>>>>>>> ports: >>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>> masquerade: yes >>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>> rule family="ipv4" port port="6641" >>>>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>>>> accept >>>>>>>>>>>>>> rule family="ipv4" port port="6642" >>>>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>>>> accept >>>>>>>>>>>>>> >>>>>>>>>>>>>> The db dump is attached >>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>>>>>>>>> on the host and send me the output? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Have you configured the ovn controller to connect >>>>>>>>>>>>>>> to the >>>>>>>>>>>>>>> OVN north? You can do it using "vdsm-tool >>>>>>>>>>>>>>> ovn-config" or >>>>>>>>>>>>>>> using the OVN tools directly. >>>>>>>>>>>>>>> Please check >>>>>>>>>>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> for details. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Also please note that the OVN provider is completely >>>>>>>>>>>>>>> different >>>>>>>>>>>>>>> from the neutron-openvswitch plugin. Please don't mix >>>>>>>>>>>>>>> the two. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> br-int is the OVN integration bridge, it should >>>>>>>>>>>>>>>> have been >>>>>>>>>>>>>>>> created >>>>>>>>>>>>>>>> when installing OVN. I assume you have the following >>>>>>>>>>>>>>>> packages >>>>>>>>>>>>>>>> installed >>>>>>>>>>>>>>>> on the host: >>>>>>>>>>>>>>>> openvswitch-ovn-common >>>>>>>>>>>>>>>> openvswitch-ovn-host >>>>>>>>>>>>>>>> python-openvswitch >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Please give me some time to look at the connectivity >>>>>>>>>>>>>>>> problem. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> From >>>>>>>>>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker >>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>> Googling on the message about br-int suggested >>>>>>>>>>>>>>>>>> adding >>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>> bridge to >>>>>>>>>>>>>>>>>> ovs: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Then the VM is able to boot, but it fails to get >>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>> connectivity. >>>>>>>>>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- >>>>>>>>>>>>>>>>>> add-port >>>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>> J-vnet0-mac' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>> J-vnet0-mac' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g >>>>>>>>>>>>>>>>>> FO-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m >>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g >>>>>>>>>>>>>>>>>> FO-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m >>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>> I-vnet0-mac' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>> I-vnet0-mac' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>> Port "vnet0" >>>>>>>>>>>>>>>>>> Interface "vnet0" >>>>>>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>>>>>>>>> comes from >>>>>>>>>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker >>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker >>>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>> I first tried to set device name to dummy_0, but >>>>>>>>>>>>>>>>>>>> then ifup >>>>>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>> succeed in creating the device unless I first >>>>>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>>>>> 'ip link >>>>>>>>>>>>>>>>>>>> add >>>>>>>>>>>>>>>>>>>> dummy_0 type dummy' but then it would not >>>>>>>>>>>>>>>>>>>> suceed to >>>>>>>>>>>>>>>>>>>> establish >>>>>>>>>>>>>>>>>>>> the if >>>>>>>>>>>>>>>>>>>> on reboot. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Setting fake_nics = dummy0 would not work >>>>>>>>>>>>>>>>>>>> neither, >>>>>>>>>>>>>>>>>>>> but this >>>>>>>>>>>>>>>>>>>> works: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> The engine is now able to find the if and assign >>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>>>>>>>>> it. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: >>>>>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>>>>> Call >>>>>>>>>>>>>>>>>>>> Stack: >>>>>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down >>>>>>>>>>>>>>>>>>>> with error. >>>>>>>>>>>>>>>>>>>> Exit >>>>>>>>>>>>>>>>>>>> message: Cannot get interface MTU on >>>>>>>>>>>>>>>>>>>> 'br-int': No >>>>>>>>>>>>>>>>>>>> such >>>>>>>>>>>>>>>>>>>> device. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes >>>>>>>>>>>>>>>>>>>> from >>>>>>>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>>>>>>> provider. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Can you try adding a vnic named veth_* or >>>>>>>>>>>>>>>>>>>>> dummy_*, >>>>>>>>>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>>>>>>>>> vdsm.config fake_nics), and setup the >>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>>>>>>>>> I suppose adding the vnic you use for >>>>>>>>>>>>>>>>>>>>> connecting >>>>>>>>>>>>>>>>>>>>> to the engine to fake_nics should make it >>>>>>>>>>>>>>>>>>>>> visible >>>>>>>>>>>>>>>>>>>>> to the engine, and you should be able to use >>>>>>>>>>>>>>>>>>>>> it for >>>>>>>>>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>>> To: "Sverker >>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called >>>>>>>>>>>>>>>>>>>>>>> ovirtbridge >>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>>>>>>>>> I'm afraid that the engine is not ready for >>>>>>>>>>>>>>>>>>>>>> such a >>>>>>>>>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>>>>>>>>> Please give me some time to look for a >>>>>>>>>>>>>>>>>>>>>> solution. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 >>>>>>>>>>>>>>>>>>>>>>> 11:48:24 AM >>>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called >>>>>>>>>>>>>>>>>>>>>>> ovirtbridge >>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> The engine is able to communicate with the >>>>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>>>>>>>>> given, it's just that it believes that it >>>>>>>>>>>>>>>>>>>>>>> HAS to >>>>>>>>>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin >>>>>>>>>>>>>>>>>>>>>>> Mirecki: >>>>>>>>>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>>>>>>>>> Looking at your description and the >>>>>>>>>>>>>>>>>>>>>>>> exception >>>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>>>>>>>>> The error is caused by not having any >>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>> gets all the networks on nics for a host >>>>>>>>>>>>>>>>>>>>>>>> from >>>>>>>>>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Could you maybe create a virtual nic >>>>>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>>>>>>>>> have no physical nic available) and use this >>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with >>>>>>>>>>>>>>>>>>>>>>>>> ovirt, with >>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet >>>>>>>>>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>>>>>>>>> You could also attach the vnic for the >>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>>>>>>>>> The OVN provider can only handle external >>>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 >>>>>>>>>>>>>>>>>>>>>>>>> 12:39:59 AM >>>>>>>>>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right >>>>>>>>>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> The hosting center where I rent hw >>>>>>>>>>>>>>>>>>>>>>>>> instances >>>>>>>>>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>>>>>>>>> so I have one physical network port with >>>>>>>>>>>>>>>>>>>>>>>>> a /32 >>>>>>>>>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>>>>>>>>> config to router. The physical port I >>>>>>>>>>>>>>>>>>>>>>>>> connect >>>>>>>>>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the >>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>>>>>>>>> to let it have access to the network config >>>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with >>>>>>>>>>>>>>>>>>>>>>>>> ovirt, with >>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>> OVN provider I am now able to import these >>>>>>>>>>>>>>>>>>>>>>>>> into the >>>>>>>>>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>>>> good. When creating a VM I can select >>>>>>>>>>>>>>>>>>>>>>>>> that it >>>>>>>>>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> However, I can't start the VM as an >>>>>>>>>>>>>>>>>>>>>>>>> exception >>>>>>>>>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>>>> iterates over host networks to find >>>>>>>>>>>>>>>>>>>>>>>>> required >>>>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup >>>>>>>>>>>>>>>>>>>>>>>>> dialog I >>>>>>>>>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also >>>>>>>>>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>>>>>>>>> can't be statically assigned as they are >>>>>>>>>>>>>>>>>>>>>>>>> added >>>>>>>>>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> I believe that I either need to remove >>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>>>> is provided by the OVN provider, but >>>>>>>>>>>>>>>>>>>>>>>>> neither is >>>>>>>>>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin >>>>>>>>>>>>>>>>>>>>>>>>> Mirecki: >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Users mailing list >>>>>>>>>>> Users@ovirt.org >>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>> _______________________________________________ >>>>>>>>>> Users mailing list >>>>>>>>>> Users@ovirt.org >>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>> _______________________________________________ >>>>>>>>> Users mailing list >>>>>>>>> Users@ovirt.org >>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Please push the patch into: https://gerrit.ovirt.org/ovirt-provider-ovn (let me know if you need some directions) ----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Monday, January 9, 2017 1:45:37 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Ok, found it. The issue is right here:
<interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface>
There are two elements for virtualport, the first without id and the second with. On h2 I had fixed this which was the patch I posted earlier although I switched back to use br-int after understanding that was the correct way. When that hook was copied to h1 the port gets attached fine.
Patch with updated testcase attached.
/Sverker
Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:
This is the content of vdsm.log on h1 at this time:
2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC call VM.create succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') VM wrapper has started (vm:1901) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume path: /rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso (clientIF:374) 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') <?xml version='1.0' encoding='UTF-8'?> <domain xmlns:ovirt="http://ovirt.org/vm/tune/1.0" type="kvm"> <name>CentOS7_3</name> <uuid>6dd5291e-6556-4d29-8b4e-ea896e627645</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <maxMemory slots="16">4294967296</maxMemory> <vcpu current="1">16</vcpu> <devices> <channel type="unix"> <target name="com.redhat.rhevm.vdsm" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.com.redhat.rhevm.vdsm" /> </channel> <channel type="unix"> <target name="org.qemu.guest_agent.0" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.org.qemu.guest_agent.0" /> </channel> <input bus="ps2" type="mouse" /> <memballoon model="virtio" /> <controller index="0" model="virtio-scsi" type="scsi" /> <controller index="0" ports="16" type="virtio-serial" /> <video> <model heads="1" ram="65536" type="qxl" vgamem="16384" vram="32768" /> </video> <graphics autoport="yes" defaultMode="secure" passwd="*****" passwdValidTo="1970-01-01T00:00:01" port="-1" tlsPort="-1" type="spice"> <channel mode="secure" name="main" /> <channel mode="secure" name="inputs" /> <channel mode="secure" name="cursor" /> <channel mode="secure" name="playback" /> <channel mode="secure" name="record" /> <channel mode="secure" name="display" /> <channel mode="secure" name="smartcard" /> <channel mode="secure" name="usbredir" /> <listen network="vdsm-ovirtmgmt" type="network" /> </graphics> <interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface> <disk device="cdrom" snapshot="no" type="file"> <source file="/rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso" startupPolicy="optional" /> <target bus="ide" dev="hdc" /> <readonly /> <boot order="1" /> </disk> <channel type="spicevmc"> <target name="com.redhat.spice.0" type="virtio" /> </channel> </devices> <metadata> <ovirt:qos /> </metadata> <os> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0">hvm</type> <smbios mode="sysinfo" /> <bootmenu enable="yes" timeout="10000" /> </os> <sysinfo type="smbios"> <system> <entry name="manufacturer">oVirt</entry> <entry name="product">oVirt Node</entry> <entry name="version">7-3.1611.el7.centos</entry> <entry name="serial">62f1adff-b29e-4a7c-abba-c2c4c73248c6</entry> <entry name="uuid">6dd5291e-6556-4d29-8b4e-ea896e627645</entry> </system> </sysinfo> <clock adjustment="0" offset="variable"> <timer name="rtc" tickpolicy="catchup" /> <timer name="pit" tickpolicy="delay" /> <timer name="hpet" present="no" /> </clock> <features> <acpi /> </features> <cpu match="exact"> <model>SandyBridge</model> <topology cores="1" sockets="16" threads="1" /> <numa> <cell cpus="0" memory="1048576" /> </numa> </cpu> </domain> (vm:1988) 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: onResume (vm:4863) 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') Starting connection (guestagent:245) 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: domain initialization (vm:4863) 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC call Host.getVMFullList succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize(sdUUID=u'2ee54fb8-48f2-4576-8cff-f2346504b08b', spUUID=u'584ebd64-0268-0193-025b-00000000038e', imgUUID=u'5a3aae57-ffe0-4a3b-aa87-8461669db7f9', volUUID=u'b6a88789-fcb1-4d3e-911b-2a4d3b6c69c7', options=None) (logUtils:49) 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize, Return response: {'truesize': '1859723264', 'apparentsize': '21474836480'} (logUtils:52) 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52) 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52) 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC call Host.getStats succeeded in 0.01 seconds (__init__:515)
Vdsm and the OVN driver must have been called as the port IS created, but with the wrong id. I don't find the faulty id in vdsm.log neither, the xml above have the correct id. /Sverker
Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:
The port is set up on the host by the ovirt-provider-ovn-driver. The driver is invoked by the vdsm hook whenever any operation on the port is done. Please ensure that this is installed properly. You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the hook was executed properly.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, January 6, 2017 9:00:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I created a new VM in the ui and assigned it to host h1. In /var/log/ovirt-provider-ovn.log I get the following:
2017-01-06 20:54:11,940 Request: GET : /v2.0/ports 2017-01-06 20:54:11,940 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,157 Connected (number of retries: 2) 2017-01-06 20:54:12,158 Response code: 200 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:54:12,160 Request: SHOW : /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 2017-01-06 20:54:12,160 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,377 Connected (number of retries: 2) 2017-01-06 20:54:12,378 Response code: 200 2017-01-06 20:54:12,378 Response body: {"network": {"id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports 2017-01-06 20:54:12,380 Request body: { "port" : { "name" : "nic1", "binding:host_id" : "h1.limetransit.com", "admin_state_up" : true, "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", "device_owner" : "oVirt", "mac_address" : "00:1a:4a:16:01:54", "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" } } 2017-01-06 20:54:12,380 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,610 Connected (number of retries: 2) 2017-01-06 20:54:12,614 Response code: 200 2017-01-06 20:54:12,614 Response body: {"port": {"name": "912cba79-982e-4a87-868e-241fedccb59a", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:54", "id": "912cba79-982e-4a87-868e-241fedccb59a", "device_id": "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}}
h1:/var/log/messages Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- set Interface vnet1 "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set Interface vnet1 "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set Interface vnet1 external-ids:iface-status=active
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 912cba79-982e-4a87-868e-241fedccb59a addresses: ["00:1a:4a:16:01:54"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I.e. same issue /Sverker
Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:
The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following:
2017-01-06 20:19:25,452 Request: GET : /v2.0/ports 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,670 Connected (number of retries: 2) 2017-01-06 20:19:25,670 Response code: 200 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 2017-01-06 20:19:25,673 Request body: { "port" : { "binding:host_id" : "h1.limetransit.com", "security_groups" : null } } 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,890 Connected (number of retries: 2) 2017-01-06 20:19:25,891 Response code: 200 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}}
In /var/log/messages on h1 I get the following:
Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems' Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*. Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
I.e. the port is set up with the wrong ID and not attached to OVN.
If I correct external-ids:iface-id like this: [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\""
then sb is correct: [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages.
If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning. /Sverker
Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:
How did you create this port? From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message ----- > From: "Sverker Abrahamsson"<sverker@abrahamsson.com> > To: "Marcin Mirecki"<mmirecki@redhat.com> > Cc: "Ovirt Users"<users@ovirt.org> > Sent: Tuesday, January 3, 2017 2:06:22 AM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > ovirtmgmt > network > > Found an issue with Ovirt - OVN integration. > > Engine and OVN central db running on host h2. Created VM to run > on host > h1, which is started. Ovn db state: > > [root@h2 env3]# ovn-nbctl show > switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) > port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 > addresses: ["00:1a:4a:16:01:51"] > port 92f6d3c8-68b3-4986-9c09-60bee04644b5 > addresses: ["00:1a:4a:16:01:52"] > port ovirtbridge-port2 > addresses: ["unknown"] > port ovirtbridge-port1 > addresses: ["unknown"] > [root@h2 env3]# ovn-sbctl show > Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" > hostname: "h2.limetransit.com" > Encap geneve > ip: "148.251.126.50" > options: {csum="true"} > Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" > Port_Binding "ovirtbridge-port1" > Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" > hostname: "h1.limetransit.com" > Encap geneve > ip: "144.76.84.73" > options: {csum="true"} > Port_Binding "ovirtbridge-port2" > > Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is > started on h1, but it is not assigned to that chassis. The reason is > that on h1 the port on br-int is created like this: > > ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port > br-int > vnet0 -- set Interface vnet0 > "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set > Interface vnet0 > "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" > -- set > Interface vnet0 > "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set > Interface vnet0 external-ids:iface-status=active > > I.e. the extrernal id of interface is wrong. When I manually > change to > the right id like this the port works fine: > > ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port > br-int > vnet0 -- set Interface vnet0 > "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set > Interface vnet0 > "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" > -- set > Interface vnet0 > "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set > Interface vnet0 external-ids:iface-status=active > > sb db after correcting the port: > > Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" > hostname: "h2.limetransit.com" > Encap geneve > ip: "148.251.126.50" > options: {csum="true"} > Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" > Port_Binding "ovirtbridge-port1" > Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" > hostname: "h1.limetransit.com" > Encap geneve > ip: "144.76.84.73" > options: {csum="true"} > Port_Binding "ovirtbridge-port2" > Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" > > I don't know from where the faulty id comes from, it's not in any > logs. > In the domain xml as printed in vdsm.log the id is correct: > > <interface type="bridge"> > <mac address="00:1a:4a:16:01:52" /> > <model type="virtio" /> > <source bridge="br-int" /> > <virtualport type="openvswitch" /> > <link state="up" /> > <boot order="2" /> > <bandwidth /> > <virtualport type="openvswitch"> > <parameters > interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> > </virtualport> > </interface> > > Where is the ovs-vsctl command line built for this call? > > /Sverker > > > Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson: >> Got it to work now by following the env8 example in OVN tutorial, >> where a port is added with type l2gateway. Not sure how that is >> different from the localnet variant, but didn't suceed in >> getting that >> one working. Now I'm able to ping and telnet over the tunnel, >> but not >> ssh even when the port is answering on telnet. Neither does nfs >> traffic work even though mount did. Suspecting MTU issue. I did >> notice >> that ovn-controller starts too early, before network interfaces are >> established and hence can't reach the db. As these is a purely >> OVS/OVN >> issue I'll ask about it on their mailing list. >> >> Getting back to the original issue with Ovirt, I've now added the >> second host h1 to ovirt-engine. Had to do the same as with h2 to >> create a dummy ovirtmgmt network but configured access via the >> public >> IP. My firewall settings was replaced with iptables config and >> vdsm.conf was overwritten when engine was set up, so those had >> to be >> manually restored. It would be preferable if it would be >> possible to >> configure ovirt-engine that it does not "own" the host and instead >> comply with the settings it has instead of enforcing it's own >> view.. >> >> Apart from that it seems the second host works, although I need to >> resolve the traffic issue over the OVS tunnel. >> /Sverker >> >> Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson: >>> 1. That is not possible as ovirt (or vdsm) will rewrite the >>> network >>> configuration to a non-working state. That is why I've set that >>> if as >>> hidden to vdsm and is why I'm keen on getting OVS/OVN to work >>> >>> 2. I've been reading the doc for OVN and starting to connect the >>> dots, which is not trivial as it is complex. Some insights >>> reached: >>> >>> First step is the OVN database, installed by >>> openvswitch-ovn-central, >>> which I currently have running on h2 host. The 'ovn-nbctl' and >>> 'ovn-sbctl' commands are only possible to execute on a database >>> node. >>> Two ip's are given to 'vdsm-tool ovn-config <ip to database> >>> <tunnel >>> ip>' as arguments, where <ip to database> is how this OVN node >>> reaches the database and <tunnel ip> is the ip to which other OVN >>> nodes sets up a tunnel to this node. I.e. it is not for creating a >>> tunnel to the database which I thought first from the >>> description in >>> blog post. >>> >>> The tunnel between OVN nodes is of type geneve which is a UDP >>> based >>> protocol but I have not been able to find anywhere which port >>> is used >>> so that I can open it in firewalld. I have added OVN on another >>> host, >>> called h1, and connected it to the db. I see there is traffic >>> to the >>> db port, but I don't see any geneve traffic between the nodes. >>> >>> Ovirt is now able to create it's vnet0 interface on the br-int ovs >>> bridge, but then I run into the next issue. How do I create a >>> connection from the logical switch to the physical host? I need >>> that >>> to a) get a connection out to the internet through a >>> masqueraded if >>> or ipv6 and b) be able to run a dhcp server to give ip's to the >>> VM's. >>> >>> /Sverker >>> >>> Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki: >>>> 1. Why not use your physical nic for ovirtmgmt then? >>>> >>>> 2. "ovn-nbctl ls-add" does not add a bridge, but a logical >>>> switch. >>>> br-int is an internal OVN implementation detail, which >>>> the user >>>> should not care about. What you see in the ovirt UI are >>>> logical >>>> networks. They are implemented as OVN logical switches >>>> in case >>>> of the OVN provider. >>>> >>>> Please look at: >>>> http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>> You can get the latest rpms from here: >>>> http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov... >>>> >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>> Sent: Friday, December 30, 2016 4:25:58 PM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt network >>>>> >>>>> 1. No, I did not want to put the ovirtmgmt bridge on my physical >>>>> nic as >>>>> it always messed up the network config making the host >>>>> unreachable. I >>>>> have put a ovs bridge on this nic which I will use to make >>>>> tunnels >>>>> when >>>>> I add other hosts. Maybe br-int will be used for that >>>>> instead, will >>>>> see >>>>> when I get that far. >>>>> >>>>> As it is now I have a dummy if for ovirtmgmt bridge but this >>>>> will >>>>> probably not work when I add other hosts as that bridge cannot >>>>> connect >>>>> to the other hosts. I'm considering keeping this just as a >>>>> dummy to >>>>> keep >>>>> ovirt engine satisfied while the actual communication will >>>>> happen >>>>> over >>>>> OVN/OVS bridges and tunnels. >>>>> >>>>> 2. On >>>>> https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... >>>>> >>>>> >>>>> there is instructions how to add an OVS bridge to OVN with >>>>> |ovn-nbctl >>>>> ls-add <network name>|. If you want to use br-int then it makes >>>>> sense to >>>>> make that bridge visible in ovirt webui under networks so >>>>> that it >>>>> can be >>>>> selected for VM's. >>>>> >>>>> It quite doesn't make sense to me that I can select other >>>>> network >>>>> for my >>>>> VM but then that setting is not used when setting up the >>>>> network. >>>>> >>>>> /Sverker >>>>> >>>>> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: >>>>>> Hi, >>>>>> >>>>>> The OVN provider does not require you to add any bridges >>>>>> manually. >>>>>> As I understand we were dealing with two problems: >>>>>> 1. You only had one physical nic and wanted to put a bridge >>>>>> on it, >>>>>> attaching the management network to the bridge. This >>>>>> was the >>>>>> reason for >>>>>> creating the bridge (the recommended setup would be >>>>>> to used a >>>>>> separate >>>>>> physical nic for the management network). This bridge >>>>>> has >>>>>> nothing to >>>>>> do with the OVN bridge. >>>>>> 2. OVN - you want to use OVN on this system. For this you >>>>>> have to >>>>>> install >>>>>> OVN on your hosts. This should create the br-int bridge, >>>>>> which are >>>>>> then used by the OVN provider. This br-int bridge >>>>>> must be >>>>>> configured >>>>>> to connect to other hosts using the geneve tunnels. >>>>>> >>>>>> In both cases the systems will not be aware of any bridges you >>>>>> create. >>>>>> They need a nic (be it physical or virtual) to connect to other >>>>>> system. >>>>>> Usually this is the physical nic. In your case you decided >>>>>> to put >>>>>> a bridge >>>>>> on the physical nic, and give oVirt a virtual nic attached >>>>>> to this >>>>>> bridge. >>>>>> This works, but keep in mind that the bridge you have >>>>>> introduced >>>>>> is outside >>>>>> of oVirt's (and OVN) control (and as such is not supported). >>>>>> >>>>>>> What is the purpose of >>>>>>> adding my bridges to Ovirt through the external provider and >>>>>>> configure >>>>>>> them on my VM >>>>>> I am not quite sure I understand. >>>>>> The external provider (OVN provider to be specific), does >>>>>> not add >>>>>> any >>>>>> bridges >>>>>> to the system. It is using the br-int bridge created by OVN. >>>>>> The >>>>>> networks >>>>>> created by the OVN provider are purely logical entities, >>>>>> implemented using >>>>>> the OVN br-int bridge. >>>>>> >>>>>> Marcin >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>> Sent: Friday, December 30, 2016 12:15:43 PM >>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt >>>>>>> network >>>>>>> >>>>>>> Hi >>>>>>> That is the logic I quite don't understand. What is the >>>>>>> purpose of >>>>>>> adding my bridges to Ovirt through the external provider and >>>>>>> configure >>>>>>> them on my VM if you are disregarding that and using br-int >>>>>>> anyway? >>>>>>> >>>>>>> /Sverker >>>>>>> >>>>>>> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >>>>>>>> Sverker, >>>>>>>> >>>>>>>> br-int is the integration bridge created by default in >>>>>>>> OVN. This >>>>>>>> is the >>>>>>>> bridge we use for the OVN provider. As OVN is required to be >>>>>>>> installed, >>>>>>>> we assume that this bridge is present. >>>>>>>> Using any other ovs bridge is not supported, and will require >>>>>>>> custom code >>>>>>>> changes (such as the ones you created). >>>>>>>> >>>>>>>> The proper setup in your case would probably be to create >>>>>>>> br-int >>>>>>>> and >>>>>>>> connect >>>>>>>> this to your ovirtbridge, although I don't know the >>>>>>>> details of >>>>>>>> your env, >>>>>>>> so >>>>>>>> this is just my best guess. >>>>>>>> >>>>>>>> Marcin >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org>, "Numan Siddique" >>>>>>>>> <nusiddiq@redhat.com> >>>>>>>>> Sent: Friday, December 30, 2016 1:14:50 AM >>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt >>>>>>>>> network >>>>>>>>> >>>>>>>>> Even better, if the value is not hardcoded then the >>>>>>>>> configured >>>>>>>>> value is >>>>>>>>> used. Might be that I'm missunderstanding something but >>>>>>>>> this is >>>>>>>>> the >>>>>>>>> behaviour I expected instead of that it is using br-int. >>>>>>>>> >>>>>>>>> Attached is a patch which properly sets up the xml, in case >>>>>>>>> there is >>>>>>>>> already a virtual port there + testcode of some variants >>>>>>>>> >>>>>>>>> /Sverker >>>>>>>>> >>>>>>>>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>>>>>>>> When I change >>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>>>>>>>> 'ovirtbridge' then >>>>>>>>>> I get the expected behaviour and I get a working network >>>>>>>>>> connectivity >>>>>>>>>> in my VM with IP provided by dhcp. >>>>>>>>>> >>>>>>>>>> /Sverker >>>>>>>>>> >>>>>>>>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>>>>>>>> By default the vNic profile of my OVN bridge >>>>>>>>>>> ovirtbridge gets a >>>>>>>>>>> Network filter named vdsm-no-mac-spoofing. If I instead >>>>>>>>>>> set >>>>>>>>>>> No filter >>>>>>>>>>> then I don't get those ebtables / iptables messages. It >>>>>>>>>>> seems >>>>>>>>>>> that >>>>>>>>>>> there is some issue between ovirt/vdsm and firewalld, >>>>>>>>>>> which >>>>>>>>>>> we can >>>>>>>>>>> put to the side for now. >>>>>>>>>>> >>>>>>>>>>> It is not clear for me why the port is added on br-int >>>>>>>>>>> instead of the >>>>>>>>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>>>>>>>> >>>>>>>>>>> /Sverker >>>>>>>>>>> >>>>>>>>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>>>>>>>> The specific command most likely fails because there >>>>>>>>>>>> is no >>>>>>>>>>>> chain >>>>>>>>>>>> named libvirt-J-vnet0, but when should that have been >>>>>>>>>>>> created? >>>>>>>>>>>> /Sverker >>>>>>>>>>>> >>>>>>>>>>>> -------- Vidarebefordrat meddelande -------- >>>>>>>>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>> mandatory >>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>> network >>>>>>>>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>>>>>>>> Från: Marcin Mirecki<mmirecki@redhat.com> >>>>>>>>>>>> Till: Sverker Abrahamsson<sverker@abrahamsson.com> >>>>>>>>>>>> Kopia: Ovirt Users<users@ovirt.org>, Lance Richardson >>>>>>>>>>>> <lrichard@redhat.com>, Numan >>>>>>>>>>>> Siddique<nusiddiq@redhat.com> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Let me add the OVN team. >>>>>>>>>>>> >>>>>>>>>>>> Lance, Numan, >>>>>>>>>>>> >>>>>>>>>>>> Can you please look at this? >>>>>>>>>>>> >>>>>>>>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- >>>>>>>>>>>>>>>>>>> add-port >>>>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>> More details below >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>> mandatory >>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>> network >>>>>>>>>>>>> >>>>>>>>>>>>> Hi >>>>>>>>>>>>> Same problem still.. >>>>>>>>>>>>> /Sverker >>>>>>>>>>>>> >>>>>>>>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>> >>>>>>>>>>>>>> The tunnels are created to connect multiple OVN >>>>>>>>>>>>>> controllers. >>>>>>>>>>>>>> If there is only one, there is no need for the >>>>>>>>>>>>>> tunnels, so >>>>>>>>>>>>>> none >>>>>>>>>>>>>> will be created, this is the correct behavior. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Does the problem still occur after setting >>>>>>>>>>>>>> configuring the >>>>>>>>>>>>>> OVN-controller? >>>>>>>>>>>>>> >>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>> The rpm packages you listed in the other mail are >>>>>>>>>>>>>>> installed but I >>>>>>>>>>>>>>> had >>>>>>>>>>>>>>> not run vdsm-tool ovn-config to create tunnel as >>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>> controller >>>>>>>>>>>>>>> is >>>>>>>>>>>>>>> on the same host. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>>>>>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>>>>>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>>>>>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> After removing my manually created br-int and run >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> then I have the br-int but 'ip link show' does not >>>>>>>>>>>>>>> show >>>>>>>>>>>>>>> any link >>>>>>>>>>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for >>>>>>>>>>>>>>> ovn. >>>>>>>>>>>>>>> I assume >>>>>>>>>>>>>>> these >>>>>>>>>>>>>>> are when there is an actual tunnel? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>>> fail_mode: secure >>>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [root@h2 ~]# ip link show >>>>>>>>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc >>>>>>>>>>>>>>> noqueue state >>>>>>>>>>>>>>> UNKNOWN >>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>> DEFAULT qlen 1 >>>>>>>>>>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>>>>>>>>>> 00:00:00:00:00:00 >>>>>>>>>>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>> pfifo_fast >>>>>>>>>>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc >>>>>>>>>>>>>>> noop >>>>>>>>>>>>>>> state >>>>>>>>>>>>>>> DOWN >>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>>>>> link/ether 5a:14:cf:28:47:e2 brd >>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> >>>>>>>>>>>>>>> mtu 1500 >>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>>>>>>> state DOWN >>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd >>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>>>>>>> 1500 qdisc >>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>>> link/ether a6:f6:e5:a4:5b:45 brd >>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>> master >>>>>>>>>>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>>>>>>> 1500 >>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Firewall settings: >>>>>>>>>>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>>>>>>>>>> work >>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> drop >>>>>>>>>>>>>>> target: DROP >>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>> services: >>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> internal >>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> external >>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>> services: ssh >>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>> masquerade: yes >>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> trusted >>>>>>>>>>>>>>> target: ACCEPT >>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>> services: >>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> home >>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> dmz >>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>> services: ssh >>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> public (active) >>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>> interfaces: eth0 ovsbridge0 >>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> block >>>>>>>>>>>>>>> target: %%REJECT%% >>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>> services: >>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ovirt (active) >>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>> services: dhcp ovirt-fence-kdump-listener >>>>>>>>>>>>>>> ovirt-http >>>>>>>>>>>>>>> ovirt-https >>>>>>>>>>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>>>>>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>> masquerade: yes >>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>> rule family="ipv4" port port="6641" >>>>>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>>>>> accept >>>>>>>>>>>>>>> rule family="ipv4" port port="6642" >>>>>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>>>>> accept >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The db dump is attached >>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>>>>>>>>>> on the host and send me the output? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Have you configured the ovn controller to connect >>>>>>>>>>>>>>>> to the >>>>>>>>>>>>>>>> OVN north? You can do it using "vdsm-tool >>>>>>>>>>>>>>>> ovn-config" or >>>>>>>>>>>>>>>> using the OVN tools directly. >>>>>>>>>>>>>>>> Please check >>>>>>>>>>>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> for details. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Also please note that the OVN provider is completely >>>>>>>>>>>>>>>> different >>>>>>>>>>>>>>>> from the neutron-openvswitch plugin. Please don't mix >>>>>>>>>>>>>>>> the two. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> br-int is the OVN integration bridge, it should >>>>>>>>>>>>>>>>> have been >>>>>>>>>>>>>>>>> created >>>>>>>>>>>>>>>>> when installing OVN. I assume you have the following >>>>>>>>>>>>>>>>> packages >>>>>>>>>>>>>>>>> installed >>>>>>>>>>>>>>>>> on the host: >>>>>>>>>>>>>>>>> openvswitch-ovn-common >>>>>>>>>>>>>>>>> openvswitch-ovn-host >>>>>>>>>>>>>>>>> python-openvswitch >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Please give me some time to look at the connectivity >>>>>>>>>>>>>>>>> problem. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> From >>>>>>>>>>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker >>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>> Googling on the message about br-int suggested >>>>>>>>>>>>>>>>>>> adding >>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>> bridge to >>>>>>>>>>>>>>>>>>> ovs: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Then the VM is able to boot, but it fails to get >>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>> connectivity. >>>>>>>>>>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- >>>>>>>>>>>>>>>>>>> add-port >>>>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>> J-vnet0-mac' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>> J-vnet0-mac' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g >>>>>>>>>>>>>>>>>>> FO-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m >>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g >>>>>>>>>>>>>>>>>>> FO-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m >>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>> I-vnet0-mac' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>> I-vnet0-mac' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>> Port "vnet0" >>>>>>>>>>>>>>>>>>> Interface "vnet0" >>>>>>>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>>>>>>>>>> comes from >>>>>>>>>>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker >>>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker >>>>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>> I first tried to set device name to dummy_0, but >>>>>>>>>>>>>>>>>>>>> then ifup >>>>>>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>> succeed in creating the device unless I first >>>>>>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>>>>>> 'ip link >>>>>>>>>>>>>>>>>>>>> add >>>>>>>>>>>>>>>>>>>>> dummy_0 type dummy' but then it would not >>>>>>>>>>>>>>>>>>>>> suceed to >>>>>>>>>>>>>>>>>>>>> establish >>>>>>>>>>>>>>>>>>>>> the if >>>>>>>>>>>>>>>>>>>>> on reboot. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Setting fake_nics = dummy0 would not work >>>>>>>>>>>>>>>>>>>>> neither, >>>>>>>>>>>>>>>>>>>>> but this >>>>>>>>>>>>>>>>>>>>> works: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> The engine is now able to find the if and assign >>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>>>>>>>>>> it. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: >>>>>>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>>>>>> Call >>>>>>>>>>>>>>>>>>>>> Stack: >>>>>>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down >>>>>>>>>>>>>>>>>>>>> with error. >>>>>>>>>>>>>>>>>>>>> Exit >>>>>>>>>>>>>>>>>>>>> message: Cannot get interface MTU on >>>>>>>>>>>>>>>>>>>>> 'br-int': No >>>>>>>>>>>>>>>>>>>>> such >>>>>>>>>>>>>>>>>>>>> device. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes >>>>>>>>>>>>>>>>>>>>> from >>>>>>>>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>>>>>>>> provider. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Can you try adding a vnic named veth_* or >>>>>>>>>>>>>>>>>>>>>> dummy_*, >>>>>>>>>>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>>>>>>>>>> vdsm.config fake_nics), and setup the >>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>>>>>>>>>> I suppose adding the vnic you use for >>>>>>>>>>>>>>>>>>>>>> connecting >>>>>>>>>>>>>>>>>>>>>> to the engine to fake_nics should make it >>>>>>>>>>>>>>>>>>>>>> visible >>>>>>>>>>>>>>>>>>>>>> to the engine, and you should be able to use >>>>>>>>>>>>>>>>>>>>>> it for >>>>>>>>>>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>>>> To: "Sverker >>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called >>>>>>>>>>>>>>>>>>>>>>>> ovirtbridge >>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>>>>>>>>>> I'm afraid that the engine is not ready for >>>>>>>>>>>>>>>>>>>>>>> such a >>>>>>>>>>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>>>>>>>>>> Please give me some time to look for a >>>>>>>>>>>>>>>>>>>>>>> solution. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 >>>>>>>>>>>>>>>>>>>>>>>> 11:48:24 AM >>>>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called >>>>>>>>>>>>>>>>>>>>>>>> ovirtbridge >>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> The engine is able to communicate with the >>>>>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>>>>>>>>>> given, it's just that it believes that it >>>>>>>>>>>>>>>>>>>>>>>> HAS to >>>>>>>>>>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin >>>>>>>>>>>>>>>>>>>>>>>> Mirecki: >>>>>>>>>>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>>>>>>>>>> Looking at your description and the >>>>>>>>>>>>>>>>>>>>>>>>> exception >>>>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>>>>>>>>>> The error is caused by not having any >>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>>> gets all the networks on nics for a host >>>>>>>>>>>>>>>>>>>>>>>>> from >>>>>>>>>>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Could you maybe create a virtual nic >>>>>>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>>>>>>>>>> have no physical nic available) and use this >>>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with >>>>>>>>>>>>>>>>>>>>>>>>>> ovirt, with >>>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet >>>>>>>>>>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>>>>>>>>>> You could also attach the vnic for the >>>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>>>>>>>>>> The OVN provider can only handle external >>>>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 >>>>>>>>>>>>>>>>>>>>>>>>>> 12:39:59 AM >>>>>>>>>>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right >>>>>>>>>>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> The hosting center where I rent hw >>>>>>>>>>>>>>>>>>>>>>>>>> instances >>>>>>>>>>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>>>>>>>>>> so I have one physical network port with >>>>>>>>>>>>>>>>>>>>>>>>>> a /32 >>>>>>>>>>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>>>>>>>>>> config to router. The physical port I >>>>>>>>>>>>>>>>>>>>>>>>>> connect >>>>>>>>>>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the >>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>>>>>>>>>> to let it have access to the network config >>>>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with >>>>>>>>>>>>>>>>>>>>>>>>>> ovirt, with >>>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>> OVN provider I am now able to import these >>>>>>>>>>>>>>>>>>>>>>>>>> into the >>>>>>>>>>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>>>>> good. When creating a VM I can select >>>>>>>>>>>>>>>>>>>>>>>>>> that it >>>>>>>>>>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> However, I can't start the VM as an >>>>>>>>>>>>>>>>>>>>>>>>>> exception >>>>>>>>>>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>>>>> iterates over host networks to find >>>>>>>>>>>>>>>>>>>>>>>>>> required >>>>>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup >>>>>>>>>>>>>>>>>>>>>>>>>> dialog I >>>>>>>>>>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also >>>>>>>>>>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>>>>>>>>>> can't be statically assigned as they are >>>>>>>>>>>>>>>>>>>>>>>>>> added >>>>>>>>>>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> I believe that I either need to remove >>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>>>>> is provided by the OVN provider, but >>>>>>>>>>>>>>>>>>>>>>>>>> neither is >>>>>>>>>>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin >>>>>>>>>>>>>>>>>>>>>>>>>> Mirecki: >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Users mailing list >>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Users mailing list >>>>>>>>>>> Users@ovirt.org >>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>> _______________________________________________ >>>>>>>>>> Users mailing list >>>>>>>>>> Users@ovirt.org >>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I've followed the instructions to best effort, so hopefully it's right.. Den 2017-01-13 kl. 10:31, skrev Marcin Mirecki:
Please push the patch into: https://gerrit.ovirt.org/ovirt-provider-ovn (let me know if you need some directions)
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Monday, January 9, 2017 1:45:37 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Ok, found it. The issue is right here:
<interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface>
There are two elements for virtualport, the first without id and the second with. On h2 I had fixed this which was the patch I posted earlier although I switched back to use br-int after understanding that was the correct way. When that hook was copied to h1 the port gets attached fine.
Patch with updated testcase attached.
/Sverker
Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:
This is the content of vdsm.log on h1 at this time:
2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC call VM.create succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') VM wrapper has started (vm:1901) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume path: /rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso (clientIF:374) 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') <?xml version='1.0' encoding='UTF-8'?> <domain xmlns:ovirt="http://ovirt.org/vm/tune/1.0" type="kvm"> <name>CentOS7_3</name> <uuid>6dd5291e-6556-4d29-8b4e-ea896e627645</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <maxMemory slots="16">4294967296</maxMemory> <vcpu current="1">16</vcpu> <devices> <channel type="unix"> <target name="com.redhat.rhevm.vdsm" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.com.redhat.rhevm.vdsm" /> </channel> <channel type="unix"> <target name="org.qemu.guest_agent.0" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.org.qemu.guest_agent.0" /> </channel> <input bus="ps2" type="mouse" /> <memballoon model="virtio" /> <controller index="0" model="virtio-scsi" type="scsi" /> <controller index="0" ports="16" type="virtio-serial" /> <video> <model heads="1" ram="65536" type="qxl" vgamem="16384" vram="32768" /> </video> <graphics autoport="yes" defaultMode="secure" passwd="*****" passwdValidTo="1970-01-01T00:00:01" port="-1" tlsPort="-1" type="spice"> <channel mode="secure" name="main" /> <channel mode="secure" name="inputs" /> <channel mode="secure" name="cursor" /> <channel mode="secure" name="playback" /> <channel mode="secure" name="record" /> <channel mode="secure" name="display" /> <channel mode="secure" name="smartcard" /> <channel mode="secure" name="usbredir" /> <listen network="vdsm-ovirtmgmt" type="network" /> </graphics> <interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface> <disk device="cdrom" snapshot="no" type="file"> <source file="/rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso" startupPolicy="optional" /> <target bus="ide" dev="hdc" /> <readonly /> <boot order="1" /> </disk> <channel type="spicevmc"> <target name="com.redhat.spice.0" type="virtio" /> </channel> </devices> <metadata> <ovirt:qos /> </metadata> <os> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0">hvm</type> <smbios mode="sysinfo" /> <bootmenu enable="yes" timeout="10000" /> </os> <sysinfo type="smbios"> <system> <entry name="manufacturer">oVirt</entry> <entry name="product">oVirt Node</entry> <entry name="version">7-3.1611.el7.centos</entry> <entry name="serial">62f1adff-b29e-4a7c-abba-c2c4c73248c6</entry> <entry name="uuid">6dd5291e-6556-4d29-8b4e-ea896e627645</entry> </system> </sysinfo> <clock adjustment="0" offset="variable"> <timer name="rtc" tickpolicy="catchup" /> <timer name="pit" tickpolicy="delay" /> <timer name="hpet" present="no" /> </clock> <features> <acpi /> </features> <cpu match="exact"> <model>SandyBridge</model> <topology cores="1" sockets="16" threads="1" /> <numa> <cell cpus="0" memory="1048576" /> </numa> </cpu> </domain> (vm:1988) 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: onResume (vm:4863) 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') Starting connection (guestagent:245) 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: domain initialization (vm:4863) 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC call Host.getVMFullList succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize(sdUUID=u'2ee54fb8-48f2-4576-8cff-f2346504b08b', spUUID=u'584ebd64-0268-0193-025b-00000000038e', imgUUID=u'5a3aae57-ffe0-4a3b-aa87-8461669db7f9', volUUID=u'b6a88789-fcb1-4d3e-911b-2a4d3b6c69c7', options=None) (logUtils:49) 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize, Return response: {'truesize': '1859723264', 'apparentsize': '21474836480'} (logUtils:52) 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52) 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52) 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC call Host.getStats succeeded in 0.01 seconds (__init__:515)
Vdsm and the OVN driver must have been called as the port IS created, but with the wrong id. I don't find the faulty id in vdsm.log neither, the xml above have the correct id. /Sverker
Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:
The port is set up on the host by the ovirt-provider-ovn-driver. The driver is invoked by the vdsm hook whenever any operation on the port is done. Please ensure that this is installed properly. You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the hook was executed properly.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, January 6, 2017 9:00:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I created a new VM in the ui and assigned it to host h1. In /var/log/ovirt-provider-ovn.log I get the following:
2017-01-06 20:54:11,940 Request: GET : /v2.0/ports 2017-01-06 20:54:11,940 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,157 Connected (number of retries: 2) 2017-01-06 20:54:12,158 Response code: 200 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:54:12,160 Request: SHOW : /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 2017-01-06 20:54:12,160 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,377 Connected (number of retries: 2) 2017-01-06 20:54:12,378 Response code: 200 2017-01-06 20:54:12,378 Response body: {"network": {"id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports 2017-01-06 20:54:12,380 Request body: { "port" : { "name" : "nic1", "binding:host_id" : "h1.limetransit.com", "admin_state_up" : true, "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", "device_owner" : "oVirt", "mac_address" : "00:1a:4a:16:01:54", "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" } } 2017-01-06 20:54:12,380 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,610 Connected (number of retries: 2) 2017-01-06 20:54:12,614 Response code: 200 2017-01-06 20:54:12,614 Response body: {"port": {"name": "912cba79-982e-4a87-868e-241fedccb59a", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:54", "id": "912cba79-982e-4a87-868e-241fedccb59a", "device_id": "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}}
h1:/var/log/messages Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- set Interface vnet1 "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set Interface vnet1 "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set Interface vnet1 external-ids:iface-status=active
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 912cba79-982e-4a87-868e-241fedccb59a addresses: ["00:1a:4a:16:01:54"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I.e. same issue /Sverker
Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:
The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following:
2017-01-06 20:19:25,452 Request: GET : /v2.0/ports 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,670 Connected (number of retries: 2) 2017-01-06 20:19:25,670 Response code: 200 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 2017-01-06 20:19:25,673 Request body: { "port" : { "binding:host_id" : "h1.limetransit.com", "security_groups" : null } } 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:19:25,890 Connected (number of retries: 2) 2017-01-06 20:19:25,891 Response code: 200 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}}
In /var/log/messages on h1 I get the following:
Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems' Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*. Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
I.e. the port is set up with the wrong ID and not attached to OVN.
If I correct external-ids:iface-id like this: [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\""
then sb is correct: [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages.
If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning. /Sverker
Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki: > How did you create this port? > From the oVirt engine UI? > The OVN provider creates the port when you add the port in the > engine UI, > it is then plugged into the ovs bridge by the VIF driver. > Please attach /var/log/ovirt-provider-ovn.log > > > > ----- Original Message ----- >> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >> To: "Marcin Mirecki"<mmirecki@redhat.com> >> Cc: "Ovirt Users"<users@ovirt.org> >> Sent: Tuesday, January 3, 2017 2:06:22 AM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >> ovirtmgmt >> network >> >> Found an issue with Ovirt - OVN integration. >> >> Engine and OVN central db running on host h2. Created VM to run >> on host >> h1, which is started. Ovn db state: >> >> [root@h2 env3]# ovn-nbctl show >> switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) >> port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 >> addresses: ["00:1a:4a:16:01:51"] >> port 92f6d3c8-68b3-4986-9c09-60bee04644b5 >> addresses: ["00:1a:4a:16:01:52"] >> port ovirtbridge-port2 >> addresses: ["unknown"] >> port ovirtbridge-port1 >> addresses: ["unknown"] >> [root@h2 env3]# ovn-sbctl show >> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >> hostname: "h2.limetransit.com" >> Encap geneve >> ip: "148.251.126.50" >> options: {csum="true"} >> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >> Port_Binding "ovirtbridge-port1" >> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >> hostname: "h1.limetransit.com" >> Encap geneve >> ip: "144.76.84.73" >> options: {csum="true"} >> Port_Binding "ovirtbridge-port2" >> >> Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is >> started on h1, but it is not assigned to that chassis. The reason is >> that on h1 the port on br-int is created like this: >> >> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port >> br-int >> vnet0 -- set Interface vnet0 >> "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set >> Interface vnet0 >> "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" >> -- set >> Interface vnet0 >> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set >> Interface vnet0 external-ids:iface-status=active >> >> I.e. the extrernal id of interface is wrong. When I manually >> change to >> the right id like this the port works fine: >> >> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port >> br-int >> vnet0 -- set Interface vnet0 >> "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set >> Interface vnet0 >> "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" >> -- set >> Interface vnet0 >> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set >> Interface vnet0 external-ids:iface-status=active >> >> sb db after correcting the port: >> >> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >> hostname: "h2.limetransit.com" >> Encap geneve >> ip: "148.251.126.50" >> options: {csum="true"} >> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >> Port_Binding "ovirtbridge-port1" >> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >> hostname: "h1.limetransit.com" >> Encap geneve >> ip: "144.76.84.73" >> options: {csum="true"} >> Port_Binding "ovirtbridge-port2" >> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" >> >> I don't know from where the faulty id comes from, it's not in any >> logs. >> In the domain xml as printed in vdsm.log the id is correct: >> >> <interface type="bridge"> >> <mac address="00:1a:4a:16:01:52" /> >> <model type="virtio" /> >> <source bridge="br-int" /> >> <virtualport type="openvswitch" /> >> <link state="up" /> >> <boot order="2" /> >> <bandwidth /> >> <virtualport type="openvswitch"> >> <parameters >> interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> >> </virtualport> >> </interface> >> >> Where is the ovs-vsctl command line built for this call? >> >> /Sverker >> >> >> Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson: >>> Got it to work now by following the env8 example in OVN tutorial, >>> where a port is added with type l2gateway. Not sure how that is >>> different from the localnet variant, but didn't suceed in >>> getting that >>> one working. Now I'm able to ping and telnet over the tunnel, >>> but not >>> ssh even when the port is answering on telnet. Neither does nfs >>> traffic work even though mount did. Suspecting MTU issue. I did >>> notice >>> that ovn-controller starts too early, before network interfaces are >>> established and hence can't reach the db. As these is a purely >>> OVS/OVN >>> issue I'll ask about it on their mailing list. >>> >>> Getting back to the original issue with Ovirt, I've now added the >>> second host h1 to ovirt-engine. Had to do the same as with h2 to >>> create a dummy ovirtmgmt network but configured access via the >>> public >>> IP. My firewall settings was replaced with iptables config and >>> vdsm.conf was overwritten when engine was set up, so those had >>> to be >>> manually restored. It would be preferable if it would be >>> possible to >>> configure ovirt-engine that it does not "own" the host and instead >>> comply with the settings it has instead of enforcing it's own >>> view.. >>> >>> Apart from that it seems the second host works, although I need to >>> resolve the traffic issue over the OVS tunnel. >>> /Sverker >>> >>> Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson: >>>> 1. That is not possible as ovirt (or vdsm) will rewrite the >>>> network >>>> configuration to a non-working state. That is why I've set that >>>> if as >>>> hidden to vdsm and is why I'm keen on getting OVS/OVN to work >>>> >>>> 2. I've been reading the doc for OVN and starting to connect the >>>> dots, which is not trivial as it is complex. Some insights >>>> reached: >>>> >>>> First step is the OVN database, installed by >>>> openvswitch-ovn-central, >>>> which I currently have running on h2 host. The 'ovn-nbctl' and >>>> 'ovn-sbctl' commands are only possible to execute on a database >>>> node. >>>> Two ip's are given to 'vdsm-tool ovn-config <ip to database> >>>> <tunnel >>>> ip>' as arguments, where <ip to database> is how this OVN node >>>> reaches the database and <tunnel ip> is the ip to which other OVN >>>> nodes sets up a tunnel to this node. I.e. it is not for creating a >>>> tunnel to the database which I thought first from the >>>> description in >>>> blog post. >>>> >>>> The tunnel between OVN nodes is of type geneve which is a UDP >>>> based >>>> protocol but I have not been able to find anywhere which port >>>> is used >>>> so that I can open it in firewalld. I have added OVN on another >>>> host, >>>> called h1, and connected it to the db. I see there is traffic >>>> to the >>>> db port, but I don't see any geneve traffic between the nodes. >>>> >>>> Ovirt is now able to create it's vnet0 interface on the br-int ovs >>>> bridge, but then I run into the next issue. How do I create a >>>> connection from the logical switch to the physical host? I need >>>> that >>>> to a) get a connection out to the internet through a >>>> masqueraded if >>>> or ipv6 and b) be able to run a dhcp server to give ip's to the >>>> VM's. >>>> >>>> /Sverker >>>> >>>> Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki: >>>>> 1. Why not use your physical nic for ovirtmgmt then? >>>>> >>>>> 2. "ovn-nbctl ls-add" does not add a bridge, but a logical >>>>> switch. >>>>> br-int is an internal OVN implementation detail, which >>>>> the user >>>>> should not care about. What you see in the ovirt UI are >>>>> logical >>>>> networks. They are implemented as OVN logical switches >>>>> in case >>>>> of the OVN provider. >>>>> >>>>> Please look at: >>>>> http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>> You can get the latest rpms from here: >>>>> http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov... >>>>> >>>>> >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>> Sent: Friday, December 30, 2016 4:25:58 PM >>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>> ovirtmgmt network >>>>>> >>>>>> 1. No, I did not want to put the ovirtmgmt bridge on my physical >>>>>> nic as >>>>>> it always messed up the network config making the host >>>>>> unreachable. I >>>>>> have put a ovs bridge on this nic which I will use to make >>>>>> tunnels >>>>>> when >>>>>> I add other hosts. Maybe br-int will be used for that >>>>>> instead, will >>>>>> see >>>>>> when I get that far. >>>>>> >>>>>> As it is now I have a dummy if for ovirtmgmt bridge but this >>>>>> will >>>>>> probably not work when I add other hosts as that bridge cannot >>>>>> connect >>>>>> to the other hosts. I'm considering keeping this just as a >>>>>> dummy to >>>>>> keep >>>>>> ovirt engine satisfied while the actual communication will >>>>>> happen >>>>>> over >>>>>> OVN/OVS bridges and tunnels. >>>>>> >>>>>> 2. On >>>>>> https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... >>>>>> >>>>>> >>>>>> there is instructions how to add an OVS bridge to OVN with >>>>>> |ovn-nbctl >>>>>> ls-add <network name>|. If you want to use br-int then it makes >>>>>> sense to >>>>>> make that bridge visible in ovirt webui under networks so >>>>>> that it >>>>>> can be >>>>>> selected for VM's. >>>>>> >>>>>> It quite doesn't make sense to me that I can select other >>>>>> network >>>>>> for my >>>>>> VM but then that setting is not used when setting up the >>>>>> network. >>>>>> >>>>>> /Sverker >>>>>> >>>>>> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: >>>>>>> Hi, >>>>>>> >>>>>>> The OVN provider does not require you to add any bridges >>>>>>> manually. >>>>>>> As I understand we were dealing with two problems: >>>>>>> 1. You only had one physical nic and wanted to put a bridge >>>>>>> on it, >>>>>>> attaching the management network to the bridge. This >>>>>>> was the >>>>>>> reason for >>>>>>> creating the bridge (the recommended setup would be >>>>>>> to used a >>>>>>> separate >>>>>>> physical nic for the management network). This bridge >>>>>>> has >>>>>>> nothing to >>>>>>> do with the OVN bridge. >>>>>>> 2. OVN - you want to use OVN on this system. For this you >>>>>>> have to >>>>>>> install >>>>>>> OVN on your hosts. This should create the br-int bridge, >>>>>>> which are >>>>>>> then used by the OVN provider. This br-int bridge >>>>>>> must be >>>>>>> configured >>>>>>> to connect to other hosts using the geneve tunnels. >>>>>>> >>>>>>> In both cases the systems will not be aware of any bridges you >>>>>>> create. >>>>>>> They need a nic (be it physical or virtual) to connect to other >>>>>>> system. >>>>>>> Usually this is the physical nic. In your case you decided >>>>>>> to put >>>>>>> a bridge >>>>>>> on the physical nic, and give oVirt a virtual nic attached >>>>>>> to this >>>>>>> bridge. >>>>>>> This works, but keep in mind that the bridge you have >>>>>>> introduced >>>>>>> is outside >>>>>>> of oVirt's (and OVN) control (and as such is not supported). >>>>>>> >>>>>>>> What is the purpose of >>>>>>>> adding my bridges to Ovirt through the external provider and >>>>>>>> configure >>>>>>>> them on my VM >>>>>>> I am not quite sure I understand. >>>>>>> The external provider (OVN provider to be specific), does >>>>>>> not add >>>>>>> any >>>>>>> bridges >>>>>>> to the system. It is using the br-int bridge created by OVN. >>>>>>> The >>>>>>> networks >>>>>>> created by the OVN provider are purely logical entities, >>>>>>> implemented using >>>>>>> the OVN br-int bridge. >>>>>>> >>>>>>> Marcin >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>> Sent: Friday, December 30, 2016 12:15:43 PM >>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt >>>>>>>> network >>>>>>>> >>>>>>>> Hi >>>>>>>> That is the logic I quite don't understand. What is the >>>>>>>> purpose of >>>>>>>> adding my bridges to Ovirt through the external provider and >>>>>>>> configure >>>>>>>> them on my VM if you are disregarding that and using br-int >>>>>>>> anyway? >>>>>>>> >>>>>>>> /Sverker >>>>>>>> >>>>>>>> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >>>>>>>>> Sverker, >>>>>>>>> >>>>>>>>> br-int is the integration bridge created by default in >>>>>>>>> OVN. This >>>>>>>>> is the >>>>>>>>> bridge we use for the OVN provider. As OVN is required to be >>>>>>>>> installed, >>>>>>>>> we assume that this bridge is present. >>>>>>>>> Using any other ovs bridge is not supported, and will require >>>>>>>>> custom code >>>>>>>>> changes (such as the ones you created). >>>>>>>>> >>>>>>>>> The proper setup in your case would probably be to create >>>>>>>>> br-int >>>>>>>>> and >>>>>>>>> connect >>>>>>>>> this to your ovirtbridge, although I don't know the >>>>>>>>> details of >>>>>>>>> your env, >>>>>>>>> so >>>>>>>>> this is just my best guess. >>>>>>>>> >>>>>>>>> Marcin >>>>>>>>> >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org>, "Numan Siddique" >>>>>>>>>> <nusiddiq@redhat.com> >>>>>>>>>> Sent: Friday, December 30, 2016 1:14:50 AM >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>> ovirtmgmt >>>>>>>>>> network >>>>>>>>>> >>>>>>>>>> Even better, if the value is not hardcoded then the >>>>>>>>>> configured >>>>>>>>>> value is >>>>>>>>>> used. Might be that I'm missunderstanding something but >>>>>>>>>> this is >>>>>>>>>> the >>>>>>>>>> behaviour I expected instead of that it is using br-int. >>>>>>>>>> >>>>>>>>>> Attached is a patch which properly sets up the xml, in case >>>>>>>>>> there is >>>>>>>>>> already a virtual port there + testcode of some variants >>>>>>>>>> >>>>>>>>>> /Sverker >>>>>>>>>> >>>>>>>>>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>>>>>>>>> When I change >>>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>>>>>>>>> 'ovirtbridge' then >>>>>>>>>>> I get the expected behaviour and I get a working network >>>>>>>>>>> connectivity >>>>>>>>>>> in my VM with IP provided by dhcp. >>>>>>>>>>> >>>>>>>>>>> /Sverker >>>>>>>>>>> >>>>>>>>>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>>>>>>>>> By default the vNic profile of my OVN bridge >>>>>>>>>>>> ovirtbridge gets a >>>>>>>>>>>> Network filter named vdsm-no-mac-spoofing. If I instead >>>>>>>>>>>> set >>>>>>>>>>>> No filter >>>>>>>>>>>> then I don't get those ebtables / iptables messages. It >>>>>>>>>>>> seems >>>>>>>>>>>> that >>>>>>>>>>>> there is some issue between ovirt/vdsm and firewalld, >>>>>>>>>>>> which >>>>>>>>>>>> we can >>>>>>>>>>>> put to the side for now. >>>>>>>>>>>> >>>>>>>>>>>> It is not clear for me why the port is added on br-int >>>>>>>>>>>> instead of the >>>>>>>>>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>>>>>>>>> >>>>>>>>>>>> /Sverker >>>>>>>>>>>> >>>>>>>>>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>>>>>>>>> The specific command most likely fails because there >>>>>>>>>>>>> is no >>>>>>>>>>>>> chain >>>>>>>>>>>>> named libvirt-J-vnet0, but when should that have been >>>>>>>>>>>>> created? >>>>>>>>>>>>> /Sverker >>>>>>>>>>>>> >>>>>>>>>>>>> -------- Vidarebefordrat meddelande -------- >>>>>>>>>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>> mandatory >>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>> network >>>>>>>>>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>>>>>>>>> Från: Marcin Mirecki<mmirecki@redhat.com> >>>>>>>>>>>>> Till: Sverker Abrahamsson<sverker@abrahamsson.com> >>>>>>>>>>>>> Kopia: Ovirt Users<users@ovirt.org>, Lance Richardson >>>>>>>>>>>>> <lrichard@redhat.com>, Numan >>>>>>>>>>>>> Siddique<nusiddiq@redhat.com> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Let me add the OVN team. >>>>>>>>>>>>> >>>>>>>>>>>>> Lance, Numan, >>>>>>>>>>>>> >>>>>>>>>>>>> Can you please look at this? >>>>>>>>>>>>> >>>>>>>>>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- >>>>>>>>>>>>>>>>>>>> add-port >>>>>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>> More details below >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>> network >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi >>>>>>>>>>>>>> Same problem still.. >>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>> >>>>>>>>>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The tunnels are created to connect multiple OVN >>>>>>>>>>>>>>> controllers. >>>>>>>>>>>>>>> If there is only one, there is no need for the >>>>>>>>>>>>>>> tunnels, so >>>>>>>>>>>>>>> none >>>>>>>>>>>>>>> will be created, this is the correct behavior. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Does the problem still occur after setting >>>>>>>>>>>>>>> configuring the >>>>>>>>>>>>>>> OVN-controller? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>> The rpm packages you listed in the other mail are >>>>>>>>>>>>>>>> installed but I >>>>>>>>>>>>>>>> had >>>>>>>>>>>>>>>> not run vdsm-tool ovn-config to create tunnel as >>>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>>> controller >>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>> on the same host. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>>>>>>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>>>>>>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>>>>>>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> After removing my manually created br-int and run >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> then I have the br-int but 'ip link show' does not >>>>>>>>>>>>>>>> show >>>>>>>>>>>>>>>> any link >>>>>>>>>>>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for >>>>>>>>>>>>>>>> ovn. >>>>>>>>>>>>>>>> I assume >>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>> are when there is an actual tunnel? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>>>> fail_mode: secure >>>>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [root@h2 ~]# ip link show >>>>>>>>>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc >>>>>>>>>>>>>>>> noqueue state >>>>>>>>>>>>>>>> UNKNOWN >>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>> DEFAULT qlen 1 >>>>>>>>>>>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>>>>>>>>>>> 00:00:00:00:00:00 >>>>>>>>>>>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>>> pfifo_fast >>>>>>>>>>>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc >>>>>>>>>>>>>>>> noop >>>>>>>>>>>>>>>> state >>>>>>>>>>>>>>>> DOWN >>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>>>>>> link/ether 5a:14:cf:28:47:e2 brd >>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> >>>>>>>>>>>>>>>> mtu 1500 >>>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>>>>>>>> state DOWN >>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd >>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>>>>>>>> 1500 qdisc >>>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>>>> link/ether a6:f6:e5:a4:5b:45 brd >>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>>> master >>>>>>>>>>>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>>>>>>>> 1500 >>>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Firewall settings: >>>>>>>>>>>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>>>>>>>>>>> work >>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> drop >>>>>>>>>>>>>>>> target: DROP >>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>> services: >>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> internal >>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> external >>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>> services: ssh >>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>> masquerade: yes >>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> trusted >>>>>>>>>>>>>>>> target: ACCEPT >>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>> services: >>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> home >>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>> services: dhcpv6-client mdns samba-client ssh >>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> dmz >>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>> services: ssh >>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> public (active) >>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>> interfaces: eth0 ovsbridge0 >>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> block >>>>>>>>>>>>>>>> target: %%REJECT%% >>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>> services: >>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ovirt (active) >>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>> services: dhcp ovirt-fence-kdump-listener >>>>>>>>>>>>>>>> ovirt-http >>>>>>>>>>>>>>>> ovirt-https >>>>>>>>>>>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>>>>>>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>> masquerade: yes >>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>> rule family="ipv4" port port="6641" >>>>>>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>>>>>> accept >>>>>>>>>>>>>>>> rule family="ipv4" port port="6642" >>>>>>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>>>>>> accept >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The db dump is attached >>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>>>>>>>>>>> on the host and send me the output? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Have you configured the ovn controller to connect >>>>>>>>>>>>>>>>> to the >>>>>>>>>>>>>>>>> OVN north? You can do it using "vdsm-tool >>>>>>>>>>>>>>>>> ovn-config" or >>>>>>>>>>>>>>>>> using the OVN tools directly. >>>>>>>>>>>>>>>>> Please check >>>>>>>>>>>>>>>>> out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> for details. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Also please note that the OVN provider is completely >>>>>>>>>>>>>>>>> different >>>>>>>>>>>>>>>>> from the neutron-openvswitch plugin. Please don't mix >>>>>>>>>>>>>>>>> the two. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> br-int is the OVN integration bridge, it should >>>>>>>>>>>>>>>>>> have been >>>>>>>>>>>>>>>>>> created >>>>>>>>>>>>>>>>>> when installing OVN. I assume you have the following >>>>>>>>>>>>>>>>>> packages >>>>>>>>>>>>>>>>>> installed >>>>>>>>>>>>>>>>>> on the host: >>>>>>>>>>>>>>>>>> openvswitch-ovn-common >>>>>>>>>>>>>>>>>> openvswitch-ovn-host >>>>>>>>>>>>>>>>>> python-openvswitch >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Please give me some time to look at the connectivity >>>>>>>>>>>>>>>>>> problem. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> From >>>>>>>>>>>>>>>>>>> /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker >>>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>>> Googling on the message about br-int suggested >>>>>>>>>>>>>>>>>>>> adding >>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>> bridge to >>>>>>>>>>>>>>>>>>>> ovs: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Then the VM is able to boot, but it fails to get >>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>> connectivity. >>>>>>>>>>>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- >>>>>>>>>>>>>>>>>>>> add-port >>>>>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>> J-vnet0-mac' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>> J-vnet0-mac' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g >>>>>>>>>>>>>>>>>>>> FO-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m >>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g >>>>>>>>>>>>>>>>>>>> FO-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m >>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>> I-vnet0-mac' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>> I-vnet0-mac' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>>> Port "vnet0" >>>>>>>>>>>>>>>>>>>> Interface "vnet0" >>>>>>>>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>>>>>>>>>>> comes from >>>>>>>>>>>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>>>>>>>>>>> /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.master.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker >>>>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker >>>>>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>>> I first tried to set device name to dummy_0, but >>>>>>>>>>>>>>>>>>>>>> then ifup >>>>>>>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>> succeed in creating the device unless I first >>>>>>>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>>>>>>> 'ip link >>>>>>>>>>>>>>>>>>>>>> add >>>>>>>>>>>>>>>>>>>>>> dummy_0 type dummy' but then it would not >>>>>>>>>>>>>>>>>>>>>> suceed to >>>>>>>>>>>>>>>>>>>>>> establish >>>>>>>>>>>>>>>>>>>>>> the if >>>>>>>>>>>>>>>>>>>>>> on reboot. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Setting fake_nics = dummy0 would not work >>>>>>>>>>>>>>>>>>>>>> neither, >>>>>>>>>>>>>>>>>>>>>> but this >>>>>>>>>>>>>>>>>>>>>> works: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> The engine is now able to find the if and assign >>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>>>>>>>>>>> it. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: >>>>>>>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>>>>>>> Call >>>>>>>>>>>>>>>>>>>>>> Stack: >>>>>>>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is down >>>>>>>>>>>>>>>>>>>>>> with error. >>>>>>>>>>>>>>>>>>>>>> Exit >>>>>>>>>>>>>>>>>>>>>> message: Cannot get interface MTU on >>>>>>>>>>>>>>>>>>>>>> 'br-int': No >>>>>>>>>>>>>>>>>>>>>> such >>>>>>>>>>>>>>>>>>>>>> device. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes >>>>>>>>>>>>>>>>>>>>>> from >>>>>>>>>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>>>>>>>>> provider. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Can you try adding a vnic named veth_* or >>>>>>>>>>>>>>>>>>>>>>> dummy_*, >>>>>>>>>>>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>>>>>>>>>>> vdsm.config fake_nics), and setup the >>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>>>>>>>>>>> I suppose adding the vnic you use for >>>>>>>>>>>>>>>>>>>>>>> connecting >>>>>>>>>>>>>>>>>>>>>>> to the engine to fake_nics should make it >>>>>>>>>>>>>>>>>>>>>>> visible >>>>>>>>>>>>>>>>>>>>>>> to the engine, and you should be able to use >>>>>>>>>>>>>>>>>>>>>>> it for >>>>>>>>>>>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>>>>> To: "Sverker >>>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 PM >>>>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called >>>>>>>>>>>>>>>>>>>>>>>>> ovirtbridge >>>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>>>>>>>>>>> I'm afraid that the engine is not ready for >>>>>>>>>>>>>>>>>>>>>>>> such a >>>>>>>>>>>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>>>>>>>>>>> Please give me some time to look for a >>>>>>>>>>>>>>>>>>>>>>>> solution. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 >>>>>>>>>>>>>>>>>>>>>>>>> 11:48:24 AM >>>>>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called >>>>>>>>>>>>>>>>>>>>>>>>> ovirtbridge >>>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> The engine is able to communicate with the >>>>>>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>>>>>>>>>>> given, it's just that it believes that it >>>>>>>>>>>>>>>>>>>>>>>>> HAS to >>>>>>>>>>>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin >>>>>>>>>>>>>>>>>>>>>>>>> Mirecki: >>>>>>>>>>>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>>>>>>>>>>> Looking at your description and the >>>>>>>>>>>>>>>>>>>>>>>>>> exception >>>>>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>>>>>>>>>>> The error is caused by not having any >>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster - >>>>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>>>> gets all the networks on nics for a host >>>>>>>>>>>>>>>>>>>>>>>>>> from >>>>>>>>>>>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Could you maybe create a virtual nic >>>>>>>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>>>>>>>>>>> have no physical nic available) and use this >>>>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with >>>>>>>>>>>>>>>>>>>>>>>>>>> ovirt, with >>>>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this yet >>>>>>>>>>>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>>>>>>>>>>> You could also attach the vnic for the >>>>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>>>>>>>>>>> The OVN provider can only handle external >>>>>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 >>>>>>>>>>>>>>>>>>>>>>>>>>> 12:39:59 AM >>>>>>>>>>>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the right >>>>>>>>>>>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> The hosting center where I rent hw >>>>>>>>>>>>>>>>>>>>>>>>>>> instances >>>>>>>>>>>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>>>>>>>>>>> so I have one physical network port with >>>>>>>>>>>>>>>>>>>>>>>>>>> a /32 >>>>>>>>>>>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>>>>>>>>>>> config to router. The physical port I >>>>>>>>>>>>>>>>>>>>>>>>>>> connect >>>>>>>>>>>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up the >>>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>>>>>>>>>>> to let it have access to the network config >>>>>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in vdsm.conf. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with >>>>>>>>>>>>>>>>>>>>>>>>>>> ovirt, with >>>>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>>> OVN provider I am now able to import these >>>>>>>>>>>>>>>>>>>>>>>>>>> into the >>>>>>>>>>>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>>>>>> good. When creating a VM I can select >>>>>>>>>>>>>>>>>>>>>>>>>>> that it >>>>>>>>>>>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> However, I can't start the VM as an >>>>>>>>>>>>>>>>>>>>>>>>>>> exception >>>>>>>>>>>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>>>>>> iterates over host networks to find >>>>>>>>>>>>>>>>>>>>>>>>>>> required >>>>>>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup >>>>>>>>>>>>>>>>>>>>>>>>>>> dialog I >>>>>>>>>>>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It also >>>>>>>>>>>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>>>>>>>>>>> can't be statically assigned as they are >>>>>>>>>>>>>>>>>>>>>>>>>>> added >>>>>>>>>>>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> I believe that I either need to remove >>>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>>>>>> is provided by the OVN provider, but >>>>>>>>>>>>>>>>>>>>>>>>>>> neither is >>>>>>>>>>>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin >>>>>>>>>>>>>>>>>>>>>>>>>>> Mirecki: >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Users mailing list >>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Users mailing list >>>>>>>>>>> Users@ovirt.org >>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>> _______________________________________________ >>>> Users mailing list >>>> Users@ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>> _______________________________________________ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Sverker, I can see you as a user in gerrit (sverker@abrahamsson.com), but there are no patches for your name. Please check for any errors after you issue: git push gerrit.ovirt.org:ovirt-provider-ovn HEAD:refs/for/master Also, please let me know if you need any other help on with gerrit. On Mon, Jan 16, 2017 at 8:49 PM, Sverker Abrahamsson < sverker@abrahamsson.com> wrote:
I've followed the instructions to best effort, so hopefully it's right..
Den 2017-01-13 kl. 10:31, skrev Marcin Mirecki:
Please push the patch into: https://gerrit.ovirt.org/ovirt-provider-ovn (let me know if you need some directions)
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Monday, January 9, 2017 1:45:37 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Ok, found it. The issue is right here:
<interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface>
There are two elements for virtualport, the first without id and the second with. On h2 I had fixed this which was the patch I posted earlier although I switched back to use br-int after understanding that was the correct way. When that hook was copied to h1 the port gets attached fine.
Patch with updated testcase attached.
/Sverker
Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:
This is the content of vdsm.log on h1 at this time:
2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC call VM.create succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') VM wrapper has started (vm:1901) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume path: /rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_export s_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111- 1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso (clientIF:374) 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') <?xml version='1.0' encoding='UTF-8'?> <domain xmlns:ovirt="http://ovirt.org/vm/tune/1.0" type="kvm"> <name>CentOS7_3</name> <uuid>6dd5291e-6556-4d29-8b4e-ea896e627645</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <maxMemory slots="16">4294967296</maxMemory> <vcpu current="1">16</vcpu> <devices> <channel type="unix"> <target name="com.redhat.rhevm.vdsm" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e -ea896e627645.com.redhat.rhevm.vdsm" /> </channel> <channel type="unix"> <target name="org.qemu.guest_agent.0" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e -ea896e627645.org.qemu.guest_agent.0" /> </channel> <input bus="ps2" type="mouse" /> <memballoon model="virtio" /> <controller index="0" model="virtio-scsi" type="scsi" /> <controller index="0" ports="16" type="virtio-serial" /> <video> <model heads="1" ram="65536" type="qxl" vgamem="16384" vram="32768" /> </video> <graphics autoport="yes" defaultMode="secure" passwd="*****" passwdValidTo="1970-01-01T00:00:01" port="-1" tlsPort="-1" type="spice"> <channel mode="secure" name="main" /> <channel mode="secure" name="inputs" /> <channel mode="secure" name="cursor" /> <channel mode="secure" name="playback" /> <channel mode="secure" name="record" /> <channel mode="secure" name="display" /> <channel mode="secure" name="smartcard" /> <channel mode="secure" name="usbredir" /> <listen network="vdsm-ovirtmgmt" type="network" /> </graphics> <interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface> <disk device="cdrom" snapshot="no" type="file"> <source file="/rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_ exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/1111 1111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso" startupPolicy="optional" /> <target bus="ide" dev="hdc" /> <readonly /> <boot order="1" /> </disk> <channel type="spicevmc"> <target name="com.redhat.spice.0" type="virtio" /> </channel> </devices> <metadata> <ovirt:qos /> </metadata> <os> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0">hvm</type> <smbios mode="sysinfo" /> <bootmenu enable="yes" timeout="10000" /> </os> <sysinfo type="smbios"> <system> <entry name="manufacturer">oVirt</entry> <entry name="product">oVirt Node</entry> <entry name="version">7-3.1611.el7.centos</entry> <entry name="serial">62f1adff-b29e-4a7c-abba-c2c4c73248c6</entry> <entry name="uuid">6dd5291e-6556-4d29-8b4e-ea896e627645</entry> </system> </sysinfo> <clock adjustment="0" offset="variable"> <timer name="rtc" tickpolicy="catchup" /> <timer name="pit" tickpolicy="delay" /> <timer name="hpet" present="no" /> </clock> <features> <acpi /> </features> <cpu match="exact"> <model>SandyBridge</model> <topology cores="1" sockets="16" threads="1" /> <numa> <cell cpus="0" memory="1048576" /> </numa> </cpu> </domain> (vm:1988) 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: onResume (vm:4863) 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') Starting connection (guestagent:245) 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: domain initialization (vm:4863) 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC call Host.getVMFullList succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize(sdUUID=u'2ee54fb8-48f2-4576-8cff-f2346504b08b', spUUID=u'584ebd64-0268-0193-025b-00000000038e', imgUUID=u'5a3aae57-ffe0-4a3b-aa87-8461669db7f9', volUUID=u'b6a88789-fcb1-4d3e-911b-2a4d3b6c69c7', options=None) (logUtils:49) 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize, Return response: {'truesize': '1859723264', 'apparentsize': '21474836480'} (logUtils:52) 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52) 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52) 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC call Host.getStats succeeded in 0.01 seconds (__init__:515)
Vdsm and the OVN driver must have been called as the port IS created, but with the wrong id. I don't find the faulty id in vdsm.log neither, the xml above have the correct id. /Sverker
Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:
The port is set up on the host by the ovirt-provider-ovn-driver. The driver is invoked by the vdsm hook whenever any operation on the port is done. Please ensure that this is installed properly. You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the hook was executed properly.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Friday, January 6, 2017 9:00:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I created a new VM in the ui and assigned it to host h1. In /var/log/ovirt-provider-ovn.log I get the following:
2017-01-06 20:54:11,940 Request: GET : /v2.0/ports 2017-01-06 20:54:11,940 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,157 Connected (number of retries: 2) 2017-01-06 20:54:12,158 Response code: 200 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:54:12,160 Request: SHOW : /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 2017-01-06 20:54:12,160 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,377 Connected (number of retries: 2) 2017-01-06 20:54:12,378 Response code: 200 2017-01-06 20:54:12,378 Response body: {"network": {"id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports 2017-01-06 20:54:12,380 Request body: { "port" : { "name" : "nic1", "binding:host_id" : "h1.limetransit.com", "admin_state_up" : true, "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", "device_owner" : "oVirt", "mac_address" : "00:1a:4a:16:01:54", "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" } } 2017-01-06 20:54:12,380 Connecting to remote ovn database: tcp:127.0.0.1:6641 2017-01-06 20:54:12,610 Connected (number of retries: 2) 2017-01-06 20:54:12,614 Response code: 200 2017-01-06 20:54:12,614 Response body: {"port": {"name": "912cba79-982e-4a87-868e-241fedccb59a", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:54", "id": "912cba79-982e-4a87-868e-241fedccb59a", "device_id": "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}}
h1:/var/log/messages Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- set Interface vnet1 "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set Interface vnet1 "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set Interface vnet1 external-ids:iface-status=active
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 912cba79-982e-4a87-868e-241fedccb59a addresses: ["00:1a:4a:16:01:54"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I.e. same issue /Sverker
Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:
> The port is created from Ovirt UI, the ovs-vsctl command below is > executed when VM is started. In /var/log/ovirt-provider-ovn.log on > h2 > I get the following: > > 2017-01-06 20:19:25,452 Request: GET : /v2.0/ports > 2017-01-06 20:19:25,452 Connecting to remote ovn database: > tcp:127.0.0.1:6641 > 2017-01-06 20:19:25,670 Connected (number of retries: 2) > 2017-01-06 20:19:25,670 Response code: 200 > 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": > "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": > "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", > "mac_address": "00:1a:4a:16:01:51", "id": > "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": > "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": > "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": > "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", > "mac_address": "00:1a:4a:16:01:52", "id": > "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": > "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} > 2017-01-06 20:19:25,673 Request: PUT : > /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 > 2017-01-06 20:19:25,673 Request body: > { > "port" : { > "binding:host_id" : "h1.limetransit.com", > "security_groups" : null > } > } > 2017-01-06 20:19:25,673 Connecting to remote ovn database: > tcp:127.0.0.1:6641 > 2017-01-06 20:19:25,890 Connected (number of retries: 2) > 2017-01-06 20:19:25,891 Response code: 200 > 2017-01-06 20:19:25,891 Response body: {"port": {"name": > "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": > "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", > "mac_address": "00:1a:4a:16:01:52", "id": > "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": > "4baefa8c-3822-4de0-9cd0-1d025bab7844"}} > > In /var/log/messages on h1 I get the following: > > Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully > activated service 'org.freedesktop.problems' > Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as > ovs-vsctl > --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- > set Interface vnet0 "external-ids:attached-mac=\"0 > 0:1a:4a:16:01:52\"" > -- set Interface vnet0 > "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- > set Interface vnet0 > "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set > Interface vnet0 external-ids:iface-status=active > Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode > Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record > for fe80::fc1a:4aff:fe16:152 on vnet0.*. > Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. > Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. > Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72. > > [root@h2 ~]# ovn-nbctl show > switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) > port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 > addresses: ["00:1a:4a:16:01:51"] > port 92f6d3c8-68b3-4986-9c09-60bee04644b5 > addresses: ["00:1a:4a:16:01:52"] > port ovirtbridge-port2 > addresses: ["unknown"] > port ovirtbridge-port1 > addresses: ["unknown"] > [root@h2 ~]# ovn-sbctl show > Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" > hostname: "h2.limetransit.com" > Encap geneve > ip: "148.251.126.50" > options: {csum="true"} > Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" > Port_Binding "ovirtbridge-port1" > Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" > hostname: "h1.limetransit.com" > Encap geneve > ip: "144.76.84.73" > options: {csum="true"} > Port_Binding "ovirtbridge-port2" > > I.e. the port is set up with the wrong ID and not attached to OVN. > > If I correct external-ids:iface-id like this: > [root@h1 ~]# ovs-vsctl set Interface vnet0 > "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" > > then sb is correct: > [root@h2 ~]# ovn-sbctl show > Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" > hostname: "h2.limetransit.com" > Encap geneve > ip: "148.251.126.50" > options: {csum="true"} > Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" > Port_Binding "ovirtbridge-port1" > Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" > hostname: "h1.limetransit.com" > Encap geneve > ip: "144.76.84.73" > options: {csum="true"} > Port_Binding "ovirtbridge-port2" > Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" > > I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 > comes from, doesn't show in any log other than /var/log/messages. > > If I do the same exercise on the same host as engine is running on > then the port for the VM gets the right id and is working from > beginning. > /Sverker > > Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki: > >> How did you create this port? >> From the oVirt engine UI? >> The OVN provider creates the port when you add the port in the >> engine UI, >> it is then plugged into the ovs bridge by the VIF driver. >> Please attach /var/log/ovirt-provider-ovn.log >> >> >> >> ----- Original Message ----- >> >>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>> Cc: "Ovirt Users"<users@ovirt.org> >>> Sent: Tuesday, January 3, 2017 2:06:22 AM >>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>> ovirtmgmt >>> network >>> >>> Found an issue with Ovirt - OVN integration. >>> >>> Engine and OVN central db running on host h2. Created VM to run >>> on host >>> h1, which is started. Ovn db state: >>> >>> [root@h2 env3]# ovn-nbctl show >>> switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) >>> port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 >>> addresses: ["00:1a:4a:16:01:51"] >>> port 92f6d3c8-68b3-4986-9c09-60bee04644b5 >>> addresses: ["00:1a:4a:16:01:52"] >>> port ovirtbridge-port2 >>> addresses: ["unknown"] >>> port ovirtbridge-port1 >>> addresses: ["unknown"] >>> [root@h2 env3]# ovn-sbctl show >>> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >>> hostname: "h2.limetransit.com" >>> Encap geneve >>> ip: "148.251.126.50" >>> options: {csum="true"} >>> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >>> Port_Binding "ovirtbridge-port1" >>> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >>> hostname: "h1.limetransit.com" >>> Encap geneve >>> ip: "144.76.84.73" >>> options: {csum="true"} >>> Port_Binding "ovirtbridge-port2" >>> >>> Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which >>> is >>> started on h1, but it is not assigned to that chassis. The reason >>> is >>> that on h1 the port on br-int is created like this: >>> >>> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port >>> br-int >>> vnet0 -- set Interface vnet0 >>> "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set >>> Interface vnet0 >>> "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" >>> -- set >>> Interface vnet0 >>> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- >>> set >>> Interface vnet0 external-ids:iface-status=active >>> >>> I.e. the extrernal id of interface is wrong. When I manually >>> change to >>> the right id like this the port works fine: >>> >>> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port >>> br-int >>> vnet0 -- set Interface vnet0 >>> "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set >>> Interface vnet0 >>> "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" >>> -- set >>> Interface vnet0 >>> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- >>> set >>> Interface vnet0 external-ids:iface-status=active >>> >>> sb db after correcting the port: >>> >>> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >>> hostname: "h2.limetransit.com" >>> Encap geneve >>> ip: "148.251.126.50" >>> options: {csum="true"} >>> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >>> Port_Binding "ovirtbridge-port1" >>> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >>> hostname: "h1.limetransit.com" >>> Encap geneve >>> ip: "144.76.84.73" >>> options: {csum="true"} >>> Port_Binding "ovirtbridge-port2" >>> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" >>> >>> I don't know from where the faulty id comes from, it's not in any >>> logs. >>> In the domain xml as printed in vdsm.log the id is correct: >>> >>> <interface type="bridge"> >>> <mac address="00:1a:4a:16:01:52" /> >>> <model type="virtio" /> >>> <source bridge="br-int" /> >>> <virtualport type="openvswitch" /> >>> <link state="up" /> >>> <boot order="2" /> >>> <bandwidth /> >>> <virtualport type="openvswitch"> >>> <parameters >>> interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> >>> </virtualport> >>> </interface> >>> >>> Where is the ovs-vsctl command line built for this call? >>> >>> /Sverker >>> >>> >>> Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson: >>> >>>> Got it to work now by following the env8 example in OVN tutorial, >>>> where a port is added with type l2gateway. Not sure how that is >>>> different from the localnet variant, but didn't suceed in >>>> getting that >>>> one working. Now I'm able to ping and telnet over the tunnel, >>>> but not >>>> ssh even when the port is answering on telnet. Neither does nfs >>>> traffic work even though mount did. Suspecting MTU issue. I did >>>> notice >>>> that ovn-controller starts too early, before network interfaces >>>> are >>>> established and hence can't reach the db. As these is a purely >>>> OVS/OVN >>>> issue I'll ask about it on their mailing list. >>>> >>>> Getting back to the original issue with Ovirt, I've now added the >>>> second host h1 to ovirt-engine. Had to do the same as with h2 to >>>> create a dummy ovirtmgmt network but configured access via the >>>> public >>>> IP. My firewall settings was replaced with iptables config and >>>> vdsm.conf was overwritten when engine was set up, so those had >>>> to be >>>> manually restored. It would be preferable if it would be >>>> possible to >>>> configure ovirt-engine that it does not "own" the host and instead >>>> comply with the settings it has instead of enforcing it's own >>>> view.. >>>> >>>> Apart from that it seems the second host works, although I need to >>>> resolve the traffic issue over the OVS tunnel. >>>> /Sverker >>>> >>>> Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson: >>>> >>>>> 1. That is not possible as ovirt (or vdsm) will rewrite the >>>>> network >>>>> configuration to a non-working state. That is why I've set that >>>>> if as >>>>> hidden to vdsm and is why I'm keen on getting OVS/OVN to work >>>>> >>>>> 2. I've been reading the doc for OVN and starting to connect the >>>>> dots, which is not trivial as it is complex. Some insights >>>>> reached: >>>>> >>>>> First step is the OVN database, installed by >>>>> openvswitch-ovn-central, >>>>> which I currently have running on h2 host. The 'ovn-nbctl' and >>>>> 'ovn-sbctl' commands are only possible to execute on a database >>>>> node. >>>>> Two ip's are given to 'vdsm-tool ovn-config <ip to database> >>>>> <tunnel >>>>> ip>' as arguments, where <ip to database> is how this OVN node >>>>> reaches the database and <tunnel ip> is the ip to which other OVN >>>>> nodes sets up a tunnel to this node. I.e. it is not for creating >>>>> a >>>>> tunnel to the database which I thought first from the >>>>> description in >>>>> blog post. >>>>> >>>>> The tunnel between OVN nodes is of type geneve which is a UDP >>>>> based >>>>> protocol but I have not been able to find anywhere which port >>>>> is used >>>>> so that I can open it in firewalld. I have added OVN on another >>>>> host, >>>>> called h1, and connected it to the db. I see there is traffic >>>>> to the >>>>> db port, but I don't see any geneve traffic between the nodes. >>>>> >>>>> Ovirt is now able to create it's vnet0 interface on the br-int >>>>> ovs >>>>> bridge, but then I run into the next issue. How do I create a >>>>> connection from the logical switch to the physical host? I need >>>>> that >>>>> to a) get a connection out to the internet through a >>>>> masqueraded if >>>>> or ipv6 and b) be able to run a dhcp server to give ip's to the >>>>> VM's. >>>>> >>>>> /Sverker >>>>> >>>>> Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki: >>>>> >>>>>> 1. Why not use your physical nic for ovirtmgmt then? >>>>>> >>>>>> 2. "ovn-nbctl ls-add" does not add a bridge, but a logical >>>>>> switch. >>>>>> br-int is an internal OVN implementation detail, which >>>>>> the user >>>>>> should not care about. What you see in the ovirt UI are >>>>>> logical >>>>>> networks. They are implemented as OVN logical switches >>>>>> in case >>>>>> of the OVN provider. >>>>>> >>>>>> Please look at: >>>>>> http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>> You can get the latest rpms from here: >>>>>> http://resources.ovirt.org/repos/ovirt/experimental/master/ >>>>>> ovirt-provider-ovn_fc24_46/rpm/fc24/noarch/ >>>>>> >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>> >>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>> Sent: Friday, December 30, 2016 4:25:58 PM >>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>> ovirtmgmt network >>>>>>> >>>>>>> 1. No, I did not want to put the ovirtmgmt bridge on my >>>>>>> physical >>>>>>> nic as >>>>>>> it always messed up the network config making the host >>>>>>> unreachable. I >>>>>>> have put a ovs bridge on this nic which I will use to make >>>>>>> tunnels >>>>>>> when >>>>>>> I add other hosts. Maybe br-int will be used for that >>>>>>> instead, will >>>>>>> see >>>>>>> when I get that far. >>>>>>> >>>>>>> As it is now I have a dummy if for ovirtmgmt bridge but this >>>>>>> will >>>>>>> probably not work when I add other hosts as that bridge cannot >>>>>>> connect >>>>>>> to the other hosts. I'm considering keeping this just as a >>>>>>> dummy to >>>>>>> keep >>>>>>> ovirt engine satisfied while the actual communication will >>>>>>> happen >>>>>>> over >>>>>>> OVN/OVS bridges and tunnels. >>>>>>> >>>>>>> 2. On >>>>>>> https://www.ovirt.org//develop/release-management/features/ >>>>>>> ovirt-ovn-provider/ >>>>>>> >>>>>>> >>>>>>> there is instructions how to add an OVS bridge to OVN with >>>>>>> |ovn-nbctl >>>>>>> ls-add <network name>|. If you want to use br-int then it makes >>>>>>> sense to >>>>>>> make that bridge visible in ovirt webui under networks so >>>>>>> that it >>>>>>> can be >>>>>>> selected for VM's. >>>>>>> >>>>>>> It quite doesn't make sense to me that I can select other >>>>>>> network >>>>>>> for my >>>>>>> VM but then that setting is not used when setting up the >>>>>>> network. >>>>>>> >>>>>>> /Sverker >>>>>>> >>>>>>> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> The OVN provider does not require you to add any bridges >>>>>>>> manually. >>>>>>>> As I understand we were dealing with two problems: >>>>>>>> 1. You only had one physical nic and wanted to put a bridge >>>>>>>> on it, >>>>>>>> attaching the management network to the bridge. This >>>>>>>> was the >>>>>>>> reason for >>>>>>>> creating the bridge (the recommended setup would be >>>>>>>> to used a >>>>>>>> separate >>>>>>>> physical nic for the management network). This bridge >>>>>>>> has >>>>>>>> nothing to >>>>>>>> do with the OVN bridge. >>>>>>>> 2. OVN - you want to use OVN on this system. For this you >>>>>>>> have to >>>>>>>> install >>>>>>>> OVN on your hosts. This should create the br-int >>>>>>>> bridge, >>>>>>>> which are >>>>>>>> then used by the OVN provider. This br-int bridge >>>>>>>> must be >>>>>>>> configured >>>>>>>> to connect to other hosts using the geneve tunnels. >>>>>>>> >>>>>>>> In both cases the systems will not be aware of any bridges you >>>>>>>> create. >>>>>>>> They need a nic (be it physical or virtual) to connect to >>>>>>>> other >>>>>>>> system. >>>>>>>> Usually this is the physical nic. In your case you decided >>>>>>>> to put >>>>>>>> a bridge >>>>>>>> on the physical nic, and give oVirt a virtual nic attached >>>>>>>> to this >>>>>>>> bridge. >>>>>>>> This works, but keep in mind that the bridge you have >>>>>>>> introduced >>>>>>>> is outside >>>>>>>> of oVirt's (and OVN) control (and as such is not supported). >>>>>>>> >>>>>>>> What is the purpose of >>>>>>>>> adding my bridges to Ovirt through the external provider and >>>>>>>>> configure >>>>>>>>> them on my VM >>>>>>>>> >>>>>>>> I am not quite sure I understand. >>>>>>>> The external provider (OVN provider to be specific), does >>>>>>>> not add >>>>>>>> any >>>>>>>> bridges >>>>>>>> to the system. It is using the br-int bridge created by OVN. >>>>>>>> The >>>>>>>> networks >>>>>>>> created by the OVN provider are purely logical entities, >>>>>>>> implemented using >>>>>>>> the OVN br-int bridge. >>>>>>>> >>>>>>>> Marcin >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>> >>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>> Sent: Friday, December 30, 2016 12:15:43 PM >>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt >>>>>>>>> network >>>>>>>>> >>>>>>>>> Hi >>>>>>>>> That is the logic I quite don't understand. What is the >>>>>>>>> purpose of >>>>>>>>> adding my bridges to Ovirt through the external provider and >>>>>>>>> configure >>>>>>>>> them on my VM if you are disregarding that and using br-int >>>>>>>>> anyway? >>>>>>>>> >>>>>>>>> /Sverker >>>>>>>>> >>>>>>>>> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >>>>>>>>> >>>>>>>>>> Sverker, >>>>>>>>>> >>>>>>>>>> br-int is the integration bridge created by default in >>>>>>>>>> OVN. This >>>>>>>>>> is the >>>>>>>>>> bridge we use for the OVN provider. As OVN is required to be >>>>>>>>>> installed, >>>>>>>>>> we assume that this bridge is present. >>>>>>>>>> Using any other ovs bridge is not supported, and will >>>>>>>>>> require >>>>>>>>>> custom code >>>>>>>>>> changes (such as the ones you created). >>>>>>>>>> >>>>>>>>>> The proper setup in your case would probably be to create >>>>>>>>>> br-int >>>>>>>>>> and >>>>>>>>>> connect >>>>>>>>>> this to your ovirtbridge, although I don't know the >>>>>>>>>> details of >>>>>>>>>> your env, >>>>>>>>>> so >>>>>>>>>> this is just my best guess. >>>>>>>>>> >>>>>>>>>> Marcin >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>> >>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org>, "Numan Siddique" >>>>>>>>>>> <nusiddiq@redhat.com> >>>>>>>>>>> Sent: Friday, December 30, 2016 1:14:50 AM >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>> ovirtmgmt >>>>>>>>>>> network >>>>>>>>>>> >>>>>>>>>>> Even better, if the value is not hardcoded then the >>>>>>>>>>> configured >>>>>>>>>>> value is >>>>>>>>>>> used. Might be that I'm missunderstanding something but >>>>>>>>>>> this is >>>>>>>>>>> the >>>>>>>>>>> behaviour I expected instead of that it is using br-int. >>>>>>>>>>> >>>>>>>>>>> Attached is a patch which properly sets up the xml, in case >>>>>>>>>>> there is >>>>>>>>>>> already a virtual port there + testcode of some variants >>>>>>>>>>> >>>>>>>>>>> /Sverker >>>>>>>>>>> >>>>>>>>>>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>>>>>>>>> >>>>>>>>>>>> When I change >>>>>>>>>>>> /usr/libexec/vdsm/hooks/before >>>>>>>>>>>> _device_create/ovirt_provider_ovn_hook >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>>>>>>>>>> 'ovirtbridge' then >>>>>>>>>>>> I get the expected behaviour and I get a working network >>>>>>>>>>>> connectivity >>>>>>>>>>>> in my VM with IP provided by dhcp. >>>>>>>>>>>> >>>>>>>>>>>> /Sverker >>>>>>>>>>>> >>>>>>>>>>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>>>>>>>>> >>>>>>>>>>>>> By default the vNic profile of my OVN bridge >>>>>>>>>>>>> ovirtbridge gets a >>>>>>>>>>>>> Network filter named vdsm-no-mac-spoofing. If I instead >>>>>>>>>>>>> set >>>>>>>>>>>>> No filter >>>>>>>>>>>>> then I don't get those ebtables / iptables messages. It >>>>>>>>>>>>> seems >>>>>>>>>>>>> that >>>>>>>>>>>>> there is some issue between ovirt/vdsm and firewalld, >>>>>>>>>>>>> which >>>>>>>>>>>>> we can >>>>>>>>>>>>> put to the side for now. >>>>>>>>>>>>> >>>>>>>>>>>>> It is not clear for me why the port is added on br-int >>>>>>>>>>>>> instead of the >>>>>>>>>>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>>>>>>>>>> >>>>>>>>>>>>> /Sverker >>>>>>>>>>>>> >>>>>>>>>>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>>>>>>>>> >>>>>>>>>>>>>> The specific command most likely fails because there >>>>>>>>>>>>>> is no >>>>>>>>>>>>>> chain >>>>>>>>>>>>>> named libvirt-J-vnet0, but when should that have been >>>>>>>>>>>>>> created? >>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>> >>>>>>>>>>>>>> -------- Vidarebefordrat meddelande -------- >>>>>>>>>>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>> network >>>>>>>>>>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>>>>>>>>>> Från: Marcin Mirecki<mmirecki@redhat.com> >>>>>>>>>>>>>> Till: Sverker Abrahamsson<sverker@abrahamsson.com> >>>>>>>>>>>>>> Kopia: Ovirt Users<users@ovirt.org>, Lance >>>>>>>>>>>>>> Richardson >>>>>>>>>>>>>> <lrichard@redhat.com>, Numan >>>>>>>>>>>>>> Siddique<nusiddiq@redhat.com> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Let me add the OVN team. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Lance, Numan, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Can you please look at this? >>>>>>>>>>>>>> >>>>>>>>>>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- >>>>>>>>>>>>>>>>>>>>> add-port >>>>>>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"0 >>>>>>>>>>>>>>>>>>>>> 0:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853 >>>>>>>>>>>>>>>>>>>>> aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60 >>>>>>>>>>>>>>>>>>>>> -ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> More details below >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>> >>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>> Same problem still.. >>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The tunnels are created to connect multiple OVN >>>>>>>>>>>>>>>> controllers. >>>>>>>>>>>>>>>> If there is only one, there is no need for the >>>>>>>>>>>>>>>> tunnels, so >>>>>>>>>>>>>>>> none >>>>>>>>>>>>>>>> will be created, this is the correct behavior. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Does the problem still occur after setting >>>>>>>>>>>>>>>> configuring the >>>>>>>>>>>>>>>> OVN-controller? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>> The rpm packages you listed in the other mail are >>>>>>>>>>>>>>>>> installed but I >>>>>>>>>>>>>>>>> had >>>>>>>>>>>>>>>>> not run vdsm-tool ovn-config to create tunnel as >>>>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>>>> controller >>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>> on the same host. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-common >>>>>>>>>>>>>>>>> openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>>>>>>> [root@h2 ~]# rpm -q openvswitch-ovn-host >>>>>>>>>>>>>>>>> openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 >>>>>>>>>>>>>>>>> [root@h2 ~]# rpm -q python-openvswitch >>>>>>>>>>>>>>>>> python-openvswitch-2.6.90-1.el7.centos.noarch >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> After removing my manually created br-int and run >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> vdsm-tool ovn-config 127.0.0.1 172.27.1.1 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> then I have the br-int but 'ip link show' does not >>>>>>>>>>>>>>>>> show >>>>>>>>>>>>>>>>> any link >>>>>>>>>>>>>>>>> 'genev_sys_' nor does 'ovs-vsctl show' any port for >>>>>>>>>>>>>>>>> ovn. >>>>>>>>>>>>>>>>> I assume >>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>> are when there is an actual tunnel? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [root@h2 ~]# ovs-vsctl show >>>>>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>>>>> fail_mode: secure >>>>>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> [root@h2 ~]# ip link show >>>>>>>>>>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc >>>>>>>>>>>>>>>>> noqueue state >>>>>>>>>>>>>>>>> UNKNOWN >>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>> DEFAULT qlen 1 >>>>>>>>>>>>>>>>> link/loopback 00:00:00:00:00:00 brd >>>>>>>>>>>>>>>>> 00:00:00:00:00:00 >>>>>>>>>>>>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>>>> pfifo_fast >>>>>>>>>>>>>>>>> master ovs-system state UP mode DEFAULT qlen 1000 >>>>>>>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>>> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc >>>>>>>>>>>>>>>>> noop >>>>>>>>>>>>>>>>> state >>>>>>>>>>>>>>>>> DOWN >>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>>>>>>> link/ether 5a:14:cf:28:47:e2 brd >>>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>>> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> >>>>>>>>>>>>>>>>> mtu 1500 >>>>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>>>>> link/ether 44:8a:5b:84:7d:b3 brd >>>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop >>>>>>>>>>>>>>>>> state DOWN >>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>> DEFAULT qlen 1000 >>>>>>>>>>>>>>>>> link/ether 9e:b0:3a:9d:f2:4b brd >>>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>>> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> >>>>>>>>>>>>>>>>> mtu >>>>>>>>>>>>>>>>> 1500 qdisc >>>>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>>>> state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>>>>> link/ether a6:f6:e5:a4:5b:45 brd >>>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>>> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 >>>>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>>>> master >>>>>>>>>>>>>>>>> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 >>>>>>>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>>> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu >>>>>>>>>>>>>>>>> 1500 >>>>>>>>>>>>>>>>> qdisc >>>>>>>>>>>>>>>>> noqueue >>>>>>>>>>>>>>>>> state UP mode DEFAULT qlen 1000 >>>>>>>>>>>>>>>>> link/ether 66:e0:1c:c3:a9:d8 brd >>>>>>>>>>>>>>>>> ff:ff:ff:ff:ff:ff >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Firewall settings: >>>>>>>>>>>>>>>>> [root@h2 ~]# firewall-cmd --list-all-zones >>>>>>>>>>>>>>>>> work >>>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> drop >>>>>>>>>>>>>>>>> target: DROP >>>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>>> services: >>>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> internal >>>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>>> services: dhcpv6-client mdns samba-client >>>>>>>>>>>>>>>>> ssh >>>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> external >>>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>>> services: ssh >>>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>>> masquerade: yes >>>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> trusted >>>>>>>>>>>>>>>>> target: ACCEPT >>>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>>> services: >>>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> home >>>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>>> services: dhcpv6-client mdns samba-client >>>>>>>>>>>>>>>>> ssh >>>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> dmz >>>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>>> services: ssh >>>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> public (active) >>>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>>> interfaces: eth0 ovsbridge0 >>>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>>> services: dhcpv6-client ssh >>>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> block >>>>>>>>>>>>>>>>> target: %%REJECT%% >>>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>>> interfaces: >>>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>>> services: >>>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>>> masquerade: no >>>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ovirt (active) >>>>>>>>>>>>>>>>> target: default >>>>>>>>>>>>>>>>> icmp-block-inversion: no >>>>>>>>>>>>>>>>> interfaces: ovirtbridge ovirtmgmt >>>>>>>>>>>>>>>>> sources: >>>>>>>>>>>>>>>>> services: dhcp ovirt-fence-kdump-listener >>>>>>>>>>>>>>>>> ovirt-http >>>>>>>>>>>>>>>>> ovirt-https >>>>>>>>>>>>>>>>> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn >>>>>>>>>>>>>>>>> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm >>>>>>>>>>>>>>>>> ports: >>>>>>>>>>>>>>>>> protocols: >>>>>>>>>>>>>>>>> masquerade: yes >>>>>>>>>>>>>>>>> forward-ports: >>>>>>>>>>>>>>>>> sourceports: >>>>>>>>>>>>>>>>> icmp-blocks: >>>>>>>>>>>>>>>>> rich rules: >>>>>>>>>>>>>>>>> rule family="ipv4" port port="6641" >>>>>>>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>>>>>>> accept >>>>>>>>>>>>>>>>> rule family="ipv4" port port="6642" >>>>>>>>>>>>>>>>> protocol="tcp" >>>>>>>>>>>>>>>>> accept >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> The db dump is attached >>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Can you please do: "sudo ovsdb-client dump" >>>>>>>>>>>>>>>>>> on the host and send me the output? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Have you configured the ovn controller to connect >>>>>>>>>>>>>>>>>> to the >>>>>>>>>>>>>>>>>> OVN north? You can do it using "vdsm-tool >>>>>>>>>>>>>>>>>> ovn-config" or >>>>>>>>>>>>>>>>>> using the OVN tools directly. >>>>>>>>>>>>>>>>>> Please check >>>>>>>>>>>>>>>>>> out:https://www.ovirt.org/blog >>>>>>>>>>>>>>>>>> /2016/11/ovirt-provider-ovn/ >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> for details. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Also please note that the OVN provider is completely >>>>>>>>>>>>>>>>>> different >>>>>>>>>>>>>>>>>> from the neutron-openvswitch plugin. Please don't >>>>>>>>>>>>>>>>>> mix >>>>>>>>>>>>>>>>>> the two. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 9:27:19 AM >>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> br-int is the OVN integration bridge, it should >>>>>>>>>>>>>>>>>>> have been >>>>>>>>>>>>>>>>>>> created >>>>>>>>>>>>>>>>>>> when installing OVN. I assume you have the >>>>>>>>>>>>>>>>>>> following >>>>>>>>>>>>>>>>>>> packages >>>>>>>>>>>>>>>>>>> installed >>>>>>>>>>>>>>>>>>> on the host: >>>>>>>>>>>>>>>>>>> openvswitch-ovn-common >>>>>>>>>>>>>>>>>>> openvswitch-ovn-host >>>>>>>>>>>>>>>>>>> python-openvswitch >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Please give me some time to look at the >>>>>>>>>>>>>>>>>>> connectivity >>>>>>>>>>>>>>>>>>> problem. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 12:47:04 AM >>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> From >>>>>>>>>>>>>>>>>>>> /usr/libexec/vdsm/hooks/before >>>>>>>>>>>>>>>>>>>> _device_create/ovirt_provider_ovn_hook >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> (installed by ovirt-provider-ovn-driver rpm): >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> BRIDGE_NAME = 'br-int' >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:56, skrev Sverker >>>>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Googling on the message about br-int suggested >>>>>>>>>>>>>>>>>>>>> adding >>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>> bridge to >>>>>>>>>>>>>>>>>>>>> ovs: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> ovs-vsctl add-br br-int >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Then the VM is able to boot, but it fails to get >>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>> connectivity. >>>>>>>>>>>>>>>>>>>>> Output in /var/log/messages: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- >>>>>>>>>>>>>>>>>>>>> add-port >>>>>>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"0 >>>>>>>>>>>>>>>>>>>>> 0:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853 >>>>>>>>>>>>>>>>>>>>> aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60 >>>>>>>>>>>>>>>>>>>>> -ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=active >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>>> J-vnet0-mac' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>>> J-vnet0-mac' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>>> J-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g >>>>>>>>>>>>>>>>>>>>> FO-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-in -m >>>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>>>>> -g FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>>> --physdev-is-bridged --physdev-out vnet0 -g >>>>>>>>>>>>>>>>>>>>> FO-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m >>>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>>> --physdev-out >>>>>>>>>>>>>>>>>>>>> vnet0 -g FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m >>>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>>>> vnet0 -g FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m >>>>>>>>>>>>>>>>>>>>> physdev >>>>>>>>>>>>>>>>>>>>> --physdev-in >>>>>>>>>>>>>>>>>>>>> vnet0 -g HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>>> POSTROUTING -o >>>>>>>>>>>>>>>>>>>>> vnet0 >>>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>>> libvirt-I-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -L >>>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -E >>>>>>>>>>>>>>>>>>>>> libvirt-P-vnet0 >>>>>>>>>>>>>>>>>>>>> libvirt-O-vnet0' failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>>> I-vnet0-mac' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>>> I-vnet0-mac' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -F >>>>>>>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -X >>>>>>>>>>>>>>>>>>>>> I-vnet0-arp-mac' >>>>>>>>>>>>>>>>>>>>> failed: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [root@h2 etc]# ovs-vsctl show >>>>>>>>>>>>>>>>>>>>> ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 >>>>>>>>>>>>>>>>>>>>> Bridge ovirtbridge >>>>>>>>>>>>>>>>>>>>> Port "ovirtport0" >>>>>>>>>>>>>>>>>>>>> Interface "ovirtport0" >>>>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>>>> Port ovirtbridge >>>>>>>>>>>>>>>>>>>>> Interface ovirtbridge >>>>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>>>> Bridge "ovsbridge0" >>>>>>>>>>>>>>>>>>>>> Port "ovsbridge0" >>>>>>>>>>>>>>>>>>>>> Interface "ovsbridge0" >>>>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>>>> Port "eth0" >>>>>>>>>>>>>>>>>>>>> Interface "eth0" >>>>>>>>>>>>>>>>>>>>> Bridge br-int >>>>>>>>>>>>>>>>>>>>> Port br-int >>>>>>>>>>>>>>>>>>>>> Interface br-int >>>>>>>>>>>>>>>>>>>>> type: internal >>>>>>>>>>>>>>>>>>>>> Port "vnet0" >>>>>>>>>>>>>>>>>>>>> Interface "vnet0" >>>>>>>>>>>>>>>>>>>>> ovs_version: "2.6.90" >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Searching through the code it appears that br-int >>>>>>>>>>>>>>>>>>>>> comes from >>>>>>>>>>>>>>>>>>>>> neutron-openvswitch plugin ?? >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [root@h2 share]# rpm -qf >>>>>>>>>>>>>>>>>>>>> /usr/share/otopi/plugins/ovirt >>>>>>>>>>>>>>>>>>>>> -host-deploy/openstack/neutron_openvswitch.py >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> ovirt-host-deploy-1.6.0-0.0.ma >>>>>>>>>>>>>>>>>>>>> ster.20161215101008.gitb76ad50.el7.centos.noarch >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:24, skrev Sverker >>>>>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> In addition I had to add an alias to modprobe: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [root@h2 modprobe.d]# cat dummy.conf >>>>>>>>>>>>>>>>>>>>>> alias dummy0 dummy >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 23:03, skrev Sverker >>>>>>>>>>>>>>>>>>>>>> Abrahamsson: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>>>> I first tried to set device name to dummy_0, >>>>>>>>>>>>>>>>>>>>>>> but >>>>>>>>>>>>>>>>>>>>>>> then ifup >>>>>>>>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>> succeed in creating the device unless I first >>>>>>>>>>>>>>>>>>>>>>> did >>>>>>>>>>>>>>>>>>>>>>> 'ip link >>>>>>>>>>>>>>>>>>>>>>> add >>>>>>>>>>>>>>>>>>>>>>> dummy_0 type dummy' but then it would not >>>>>>>>>>>>>>>>>>>>>>> suceed to >>>>>>>>>>>>>>>>>>>>>>> establish >>>>>>>>>>>>>>>>>>>>>>> the if >>>>>>>>>>>>>>>>>>>>>>> on reboot. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Setting fake_nics = dummy0 would not work >>>>>>>>>>>>>>>>>>>>>>> neither, >>>>>>>>>>>>>>>>>>>>>>> but this >>>>>>>>>>>>>>>>>>>>>>> works: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> fake_nics = dummy* >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> The engine is now able to find the if and >>>>>>>>>>>>>>>>>>>>>>> assign >>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt to >>>>>>>>>>>>>>>>>>>>>>> it. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> However, I then run into the next issue when >>>>>>>>>>>>>>>>>>>>>>> starting a VM: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> 2016-12-28 22:28:23,897 ERROR >>>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.dal.dbb >>>>>>>>>>>>>>>>>>>>>>> roker.auditloghandling.AuditLogDirector] >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> (ForkJoinPool-1-worker-2) [] Correlation ID: >>>>>>>>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>>>>>>>> Call >>>>>>>>>>>>>>>>>>>>>>> Stack: >>>>>>>>>>>>>>>>>>>>>>> null, >>>>>>>>>>>>>>>>>>>>>>> Custom Event ID: -1, Message: VM CentOS7 is >>>>>>>>>>>>>>>>>>>>>>> down >>>>>>>>>>>>>>>>>>>>>>> with error. >>>>>>>>>>>>>>>>>>>>>>> Exit >>>>>>>>>>>>>>>>>>>>>>> message: Cannot get interface MTU on >>>>>>>>>>>>>>>>>>>>>>> 'br-int': No >>>>>>>>>>>>>>>>>>>>>>> such >>>>>>>>>>>>>>>>>>>>>>> device. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> This VM has a nic on ovirtbridge, which comes >>>>>>>>>>>>>>>>>>>>>>> from >>>>>>>>>>>>>>>>>>>>>>> the OVN >>>>>>>>>>>>>>>>>>>>>>> provider. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Sverker, >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Can you try adding a vnic named veth_* or >>>>>>>>>>>>>>>>>>>>>>>> dummy_*, >>>>>>>>>>>>>>>>>>>>>>>> (or alternatively add the name of the vnic to >>>>>>>>>>>>>>>>>>>>>>>> vdsm.config fake_nics), and setup the >>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>> network using this vnic? >>>>>>>>>>>>>>>>>>>>>>>> I suppose adding the vnic you use for >>>>>>>>>>>>>>>>>>>>>>>> connecting >>>>>>>>>>>>>>>>>>>>>>>> to the engine to fake_nics should make it >>>>>>>>>>>>>>>>>>>>>>>> visible >>>>>>>>>>>>>>>>>>>>>>>> to the engine, and you should be able to use >>>>>>>>>>>>>>>>>>>>>>>> it for >>>>>>>>>>>>>>>>>>>>>>>> the setup. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> From: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>>>>>> To: "Sverker >>>>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 12:06:26 >>>>>>>>>>>>>>>>>>>>>>>>> PM >>>>>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt network >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called >>>>>>>>>>>>>>>>>>>>>>>>>> ovirtbridge >>>>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> I just verified and unfortunately the virtual >>>>>>>>>>>>>>>>>>>>>>>>> ports are >>>>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>>>> visible in engine >>>>>>>>>>>>>>>>>>>>>>>>> to assign a network to :( >>>>>>>>>>>>>>>>>>>>>>>>> I'm afraid that the engine is not ready for >>>>>>>>>>>>>>>>>>>>>>>>> such a >>>>>>>>>>>>>>>>>>>>>>>>> scenario >>>>>>>>>>>>>>>>>>>>>>>>> (even >>>>>>>>>>>>>>>>>>>>>>>>> if it >>>>>>>>>>>>>>>>>>>>>>>>> works). >>>>>>>>>>>>>>>>>>>>>>>>> Please give me some time to look for a >>>>>>>>>>>>>>>>>>>>>>>>> solution. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 >>>>>>>>>>>>>>>>>>>>>>>>>> 11:48:24 AM >>>>>>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Hi Marcin >>>>>>>>>>>>>>>>>>>>>>>>>> Yes, that is my issue. I don't want to let >>>>>>>>>>>>>>>>>>>>>>>>>> ovirt/vdsm see >>>>>>>>>>>>>>>>>>>>>>>>>> eth0 >>>>>>>>>>>>>>>>>>>>>>>>>> nor >>>>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0 since as soon as it sees them it >>>>>>>>>>>>>>>>>>>>>>>>>> messes up the >>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>>>>>>>>>>> so that the host will be unreachable. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> I have an internal OVS bridge called >>>>>>>>>>>>>>>>>>>>>>>>>> ovirtbridge >>>>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>>>> has >>>>>>>>>>>>>>>>>>>>>>>>>> a port >>>>>>>>>>>>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>>>>>>>>>>>> IP address, but in the host network settings >>>>>>>>>>>>>>>>>>>>>>>>>> that port is >>>>>>>>>>>>>>>>>>>>>>>>>> not >>>>>>>>>>>>>>>>>>>>>>>>>> visible. >>>>>>>>>>>>>>>>>>>>>>>>>> It doesn't help to name it ovirtmgmt. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> The engine is able to communicate with the >>>>>>>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>>>>>>> on the ip >>>>>>>>>>>>>>>>>>>>>>>>>> it has >>>>>>>>>>>>>>>>>>>>>>>>>> been >>>>>>>>>>>>>>>>>>>>>>>>>> given, it's just that it believes that it >>>>>>>>>>>>>>>>>>>>>>>>>> HAS to >>>>>>>>>>>>>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>> network which can't be on OVN. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-28 kl. 10:45, skrev Marcin >>>>>>>>>>>>>>>>>>>>>>>>>> Mirecki: >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> Hi Sverker, >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> The management network is mandatory on each >>>>>>>>>>>>>>>>>>>>>>>>>>> host. It's >>>>>>>>>>>>>>>>>>>>>>>>>>> used by >>>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>>> engine to communicate with the host. >>>>>>>>>>>>>>>>>>>>>>>>>>> Looking at your description and the >>>>>>>>>>>>>>>>>>>>>>>>>>> exception >>>>>>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>>>>>> like it >>>>>>>>>>>>>>>>>>>>>>>>>>> is >>>>>>>>>>>>>>>>>>>>>>>>>>> missing. >>>>>>>>>>>>>>>>>>>>>>>>>>> The error is caused by not having any >>>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>>>>> host >>>>>>>>>>>>>>>>>>>>>>>>>>> (network list retrieved in >>>>>>>>>>>>>>>>>>>>>>>>>>> InterfaceDaoImpl.getHostNetworksByCluster >>>>>>>>>>>>>>>>>>>>>>>>>>> - >>>>>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>>>>> gets all the networks on nics for a host >>>>>>>>>>>>>>>>>>>>>>>>>>> from >>>>>>>>>>>>>>>>>>>>>>>>>>> vds_interface >>>>>>>>>>>>>>>>>>>>>>>>>>> table in the >>>>>>>>>>>>>>>>>>>>>>>>>>> DB). >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> Could you maybe create a virtual nic >>>>>>>>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0 (as >>>>>>>>>>>>>>>>>>>>>>>>>>> I >>>>>>>>>>>>>>>>>>>>>>>>>>> understand you >>>>>>>>>>>>>>>>>>>>>>>>>>> have no physical nic available) and use >>>>>>>>>>>>>>>>>>>>>>>>>>> this >>>>>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>>>>> network? >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with >>>>>>>>>>>>>>>>>>>>>>>>>>>> ovirt, with >>>>>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>>>>>>> address. >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> I'm not quite sure I understand. Is this >>>>>>>>>>>>>>>>>>>>>>>>>>> yet >>>>>>>>>>>>>>>>>>>>>>>>>>> another >>>>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>>>> connected to >>>>>>>>>>>>>>>>>>>>>>>>>>> ovsbridge0? >>>>>>>>>>>>>>>>>>>>>>>>>>> You could also attach the vnic for the >>>>>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>>> here >>>>>>>>>>>>>>>>>>>>>>>>>>> if need >>>>>>>>>>>>>>>>>>>>>>>>>>> be. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> Please keep in mind that OVN has no use in >>>>>>>>>>>>>>>>>>>>>>>>>>> setting up >>>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>>> management >>>>>>>>>>>>>>>>>>>>>>>>>>> network. >>>>>>>>>>>>>>>>>>>>>>>>>>> The OVN provider can only handle external >>>>>>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>>>>>>>>>>> can >>>>>>>>>>>>>>>>>>>>>>>>>>> not be used >>>>>>>>>>>>>>>>>>>>>>>>>>> for a >>>>>>>>>>>>>>>>>>>>>>>>>>> management network. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> From: "Sverker >>>>>>>>>>>>>>>>>>>>>>>>>>>> Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>>>>>>>>>>>>> To:users@ovirt.org >>>>>>>>>>>>>>>>>>>>>>>>>>>> Sent: Wednesday, December 28, 2016 >>>>>>>>>>>>>>>>>>>>>>>>>>>> 12:39:59 AM >>>>>>>>>>>>>>>>>>>>>>>>>>>> Subject: [ovirt-users] Issue with >>>>>>>>>>>>>>>>>>>>>>>>>>>> OVN/OVS and >>>>>>>>>>>>>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>>>>>>>>>>> For long time I've been looking for proper >>>>>>>>>>>>>>>>>>>>>>>>>>>> support in >>>>>>>>>>>>>>>>>>>>>>>>>>>> ovirt for >>>>>>>>>>>>>>>>>>>>>>>>>>>> Open >>>>>>>>>>>>>>>>>>>>>>>>>>>> vSwitch >>>>>>>>>>>>>>>>>>>>>>>>>>>> so I'm happy that it is moving in the >>>>>>>>>>>>>>>>>>>>>>>>>>>> right >>>>>>>>>>>>>>>>>>>>>>>>>>>> direction. >>>>>>>>>>>>>>>>>>>>>>>>>>>> However, >>>>>>>>>>>>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>>>>>>>>>>>>>>> to still be a dependency on a ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>>>>> and I'm >>>>>>>>>>>>>>>>>>>>>>>>>>>> unable >>>>>>>>>>>>>>>>>>>>>>>>>>>> to move >>>>>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>>>>> to the OVN provider. >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> The hosting center where I rent hw >>>>>>>>>>>>>>>>>>>>>>>>>>>> instances >>>>>>>>>>>>>>>>>>>>>>>>>>>> has a bit >>>>>>>>>>>>>>>>>>>>>>>>>>>> special >>>>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>>>> setup, >>>>>>>>>>>>>>>>>>>>>>>>>>>> so I have one physical network port with >>>>>>>>>>>>>>>>>>>>>>>>>>>> a /32 >>>>>>>>>>>>>>>>>>>>>>>>>>>> netmask >>>>>>>>>>>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>>>>>>>>>>> point-to-point >>>>>>>>>>>>>>>>>>>>>>>>>>>> config to router. The physical port I >>>>>>>>>>>>>>>>>>>>>>>>>>>> connect >>>>>>>>>>>>>>>>>>>>>>>>>>>> to a ovs >>>>>>>>>>>>>>>>>>>>>>>>>>>> bridge >>>>>>>>>>>>>>>>>>>>>>>>>>>> which has >>>>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>>>> public ip. Since ovirt always messes up >>>>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>>>> config when >>>>>>>>>>>>>>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>>>>>>>>>>>>>> tried >>>>>>>>>>>>>>>>>>>>>>>>>>>> to let it have access to the network >>>>>>>>>>>>>>>>>>>>>>>>>>>> config >>>>>>>>>>>>>>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>>>>>>>>>>>>>> physical >>>>>>>>>>>>>>>>>>>>>>>>>>>> port, I've >>>>>>>>>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>>>>>>>>> eht0 and ovsbridge0 as hidden in >>>>>>>>>>>>>>>>>>>>>>>>>>>> vdsm.conf. >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> I then create a bridge for use with >>>>>>>>>>>>>>>>>>>>>>>>>>>> ovirt, with >>>>>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>>>>> private >>>>>>>>>>>>>>>>>>>>>>>>>>>> address. With >>>>>>>>>>>>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>>>>>>>>>> OVN provider I am now able to import these >>>>>>>>>>>>>>>>>>>>>>>>>>>> into the >>>>>>>>>>>>>>>>>>>>>>>>>>>> engine and >>>>>>>>>>>>>>>>>>>>>>>>>>>> it looks >>>>>>>>>>>>>>>>>>>>>>>>>>>> good. When creating a VM I can select >>>>>>>>>>>>>>>>>>>>>>>>>>>> that it >>>>>>>>>>>>>>>>>>>>>>>>>>>> will have >>>>>>>>>>>>>>>>>>>>>>>>>>>> a >>>>>>>>>>>>>>>>>>>>>>>>>>>> vNic >>>>>>>>>>>>>>>>>>>>>>>>>>>> on my OVS >>>>>>>>>>>>>>>>>>>>>>>>>>>> bridge. >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> However, I can't start the VM as an >>>>>>>>>>>>>>>>>>>>>>>>>>>> exception >>>>>>>>>>>>>>>>>>>>>>>>>>>> is thrown >>>>>>>>>>>>>>>>>>>>>>>>>>>> in the >>>>>>>>>>>>>>>>>>>>>>>>>>>> log: >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> 2016-12-28 00:13:33,350 ERROR >>>>>>>>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.RunVmCommand] >>>>>>>>>>>>>>>>>>>>>>>>>>>> (default task-5) [3c882d53] Error during >>>>>>>>>>>>>>>>>>>>>>>>>>>> ValidateFailure.: >>>>>>>>>>>>>>>>>>>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.sche >>>>>>>>>>>>>>>>>>>>>>>>>>>> duling.policyunits.NetworkPoli >>>>>>>>>>>>>>>>>>>>>>>>>>>> cyUnit.validateRequiredNetwork >>>>>>>>>>>>>>>>>>>>>>>>>>>> sAvailable(NetworkPolicyUnit.java:140) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.sche >>>>>>>>>>>>>>>>>>>>>>>>>>>> duling.policyunits.NetworkPoli >>>>>>>>>>>>>>>>>>>>>>>>>>>> cyUnit.filter(NetworkPolicyUnit.java:69) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.sche >>>>>>>>>>>>>>>>>>>>>>>>>>>> duling.SchedulingManager.runIn >>>>>>>>>>>>>>>>>>>>>>>>>>>> ternalFilters(SchedulingManager.java:597) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.sche >>>>>>>>>>>>>>>>>>>>>>>>>>>> duling.SchedulingManager.runFi >>>>>>>>>>>>>>>>>>>>>>>>>>>> lters(SchedulingManager.java:564) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.sche >>>>>>>>>>>>>>>>>>>>>>>>>>>> duling.SchedulingManager.canSc >>>>>>>>>>>>>>>>>>>>>>>>>>>> hedule(SchedulingManager.java:494) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.vali >>>>>>>>>>>>>>>>>>>>>>>>>>>> dator.RunVmValidator.canRunVm( >>>>>>>>>>>>>>>>>>>>>>>>>>>> RunVmValidator.java:133) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.RunV >>>>>>>>>>>>>>>>>>>>>>>>>>>> mCommand.validate(RunVmCommand.java:940) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Comm >>>>>>>>>>>>>>>>>>>>>>>>>>>> andBase.internalValidate(Comma >>>>>>>>>>>>>>>>>>>>>>>>>>>> ndBase.java:886) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Comm >>>>>>>>>>>>>>>>>>>>>>>>>>>> andBase.validateOnly(CommandBa >>>>>>>>>>>>>>>>>>>>>>>>>>>> se.java:366) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Prev >>>>>>>>>>>>>>>>>>>>>>>>>>>> alidatingMultipleActionsRunner >>>>>>>>>>>>>>>>>>>>>>>>>>>> .canRunActions(PrevalidatingMu >>>>>>>>>>>>>>>>>>>>>>>>>>>> ltipleActionsRunner.java:113) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Prev >>>>>>>>>>>>>>>>>>>>>>>>>>>> alidatingMultipleActionsRunner >>>>>>>>>>>>>>>>>>>>>>>>>>>> .invokeCommands(PrevalidatingM >>>>>>>>>>>>>>>>>>>>>>>>>>>> ultipleActionsRunner.java:99) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Prev >>>>>>>>>>>>>>>>>>>>>>>>>>>> alidatingMultipleActionsRunner >>>>>>>>>>>>>>>>>>>>>>>>>>>> .execute(PrevalidatingMultiple >>>>>>>>>>>>>>>>>>>>>>>>>>>> ActionsRunner.java:76) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Back >>>>>>>>>>>>>>>>>>>>>>>>>>>> end.runMultipleActionsImpl(Bac >>>>>>>>>>>>>>>>>>>>>>>>>>>> kend.java:613) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>>>>>>>>>>> org.ovirt.engine.core.bll.Back >>>>>>>>>>>>>>>>>>>>>>>>>>>> end.runMultipleActions(Backend.java:583) >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> [bll.jar:] >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> Looking at that section of code where the >>>>>>>>>>>>>>>>>>>>>>>>>>>> exception is >>>>>>>>>>>>>>>>>>>>>>>>>>>> thrown, >>>>>>>>>>>>>>>>>>>>>>>>>>>> I see >>>>>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>>>>>>> iterates over host networks to find >>>>>>>>>>>>>>>>>>>>>>>>>>>> required >>>>>>>>>>>>>>>>>>>>>>>>>>>> networks, >>>>>>>>>>>>>>>>>>>>>>>>>>>> which I >>>>>>>>>>>>>>>>>>>>>>>>>>>> assume is >>>>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt. In the host network setup >>>>>>>>>>>>>>>>>>>>>>>>>>>> dialog I >>>>>>>>>>>>>>>>>>>>>>>>>>>> don't see >>>>>>>>>>>>>>>>>>>>>>>>>>>> any >>>>>>>>>>>>>>>>>>>>>>>>>>>> networks at >>>>>>>>>>>>>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>>>>>>>>>>>>> but it lists ovirtmgmt as required. It >>>>>>>>>>>>>>>>>>>>>>>>>>>> also >>>>>>>>>>>>>>>>>>>>>>>>>>>> list the >>>>>>>>>>>>>>>>>>>>>>>>>>>> OVN >>>>>>>>>>>>>>>>>>>>>>>>>>>> networks but >>>>>>>>>>>>>>>>>>>>>>>>>>>> these >>>>>>>>>>>>>>>>>>>>>>>>>>>> can't be statically assigned as they are >>>>>>>>>>>>>>>>>>>>>>>>>>>> added >>>>>>>>>>>>>>>>>>>>>>>>>>>> dynamically when >>>>>>>>>>>>>>>>>>>>>>>>>>>> needed, >>>>>>>>>>>>>>>>>>>>>>>>>>>> which is fine. >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> I believe that I either need to remove >>>>>>>>>>>>>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>>>>>>>>>>> configure >>>>>>>>>>>>>>>>>>>>>>>>>>>> that >>>>>>>>>>>>>>>>>>>>>>>>>>>> it >>>>>>>>>>>>>>>>>>>>>>>>>>>> is provided by the OVN provider, but >>>>>>>>>>>>>>>>>>>>>>>>>>>> neither is >>>>>>>>>>>>>>>>>>>>>>>>>>>> possible. >>>>>>>>>>>>>>>>>>>>>>>>>>>> Preferably it >>>>>>>>>>>>>>>>>>>>>>>>>>>> shouldn't be hardcoded which network is >>>>>>>>>>>>>>>>>>>>>>>>>>>> management and >>>>>>>>>>>>>>>>>>>>>>>>>>>> mandatory but be >>>>>>>>>>>>>>>>>>>>>>>>>>>> possible to configure. >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>>>>>>>>>>>>> Den 2016-12-27 kl. 17:10, skrev Marcin >>>>>>>>>>>>>>>>>>>>>>>>>>>> Mirecki: >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>> ______________________________ >>>>>>>>>>>>>>>>>>>>>>>>> _________________ >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman >>>>>>>>>>>>>>>>>>>>>>>>> /listinfo/users >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> ______________________________ >>>>>>>>>>>>>>>>>>>>>>> _________________ >>>>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Users mailing list >>>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Users mailing list >>>>>>>>>>>> Users@ovirt.org >>>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@ovirt.org >>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users@ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>>> >>> > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >
This is a multi-part message in MIME format. --------------C439E37E95C54C1626CB0DFC Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit I still had the window open where I did that step. This is how it looked like: [root@h2 ovirt-provider-ovn]# git push origin HEAD:refs/drafts/master Counting objects: 9, done. Delta compression using up to 8 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (6/6), 1.79 KiB | 0 bytes/s, done. Total 6 (delta 2), reused 0 (delta 0) remote: Resolving deltas: 100% (2/2) remote: Processing changes: new: 1, refs: 1, done remote: (W) 16d5be4: commit subject >65 characters; use shorter first paragraph remote: remote: New Changes: remote: https://gerrit.ovirt.org/70588 Properly handle to set id when interface already has a virtualport element ... [DRAFT] remote: To gerrit.ovirt.org:ovirt-provider-ovn * [new branch] HEAD -> refs/drafts/master I see the difference is that I pushed to HEAD:refs/drafts/master as instructed at http://www.ovirt.org/develop/dev-process/working-with-gerrit/ Should I push it to HEAD:refs/for/master instead? /Sverker Den 2017-01-17 kl. 12:09, skrev Marcin Mirecki:
Sverker, I can see you as a user in gerrit (sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>), but there are no patches for your name. Please check for any errors after you issue: git push gerrit.ovirt.org:ovirt-provider-ovn HEAD:refs/for/master
Also, please let me know if you need any other help on with gerrit.
On Mon, Jan 16, 2017 at 8:49 PM, Sverker Abrahamsson <sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> wrote:
I've followed the instructions to best effort, so hopefully it's right..
Den 2017-01-13 kl. 10:31, skrev Marcin Mirecki:
Please push the patch into: https://gerrit.ovirt.org/ovirt-provider-ovn <https://gerrit.ovirt.org/ovirt-provider-ovn> (let me know if you need some directions)
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki" <mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users" <users@ovirt.org <mailto:users@ovirt.org>> Sent: Monday, January 9, 2017 1:45:37 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Ok, found it. The issue is right here:
<interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface>
There are two elements for virtualport, the first without id and the second with. On h2 I had fixed this which was the patch I posted earlier although I switched back to use br-int after understanding that was the correct way. When that hook was copied to h1 the port gets attached fine.
Patch with updated testcase attached.
/Sverker
Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:
This is the content of vdsm.log on h1 at this time:
2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC call VM.create succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') VM wrapper has started (vm:1901) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume path: /rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso (clientIF:374) 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') <?xml version='1.0' encoding='UTF-8'?> <domain xmlns:ovirt="http://ovirt.org/vm/tune/1.0 <http://ovirt.org/vm/tune/1.0>" type="kvm"> <name>CentOS7_3</name> <uuid>6dd5291e-6556-4d29-8b4e-ea896e627645</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <maxMemory slots="16">4294967296</maxMemory> <vcpu current="1">16</vcpu> <devices> <channel type="unix"> <target name="com.redhat.rhevm.vdsm" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.com.redhat.rhevm.vdsm" /> </channel> <channel type="unix"> <target name="org.qemu.guest_agent.0" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.org.qemu.guest_agent.0" /> </channel> <input bus="ps2" type="mouse" /> <memballoon model="virtio" /> <controller index="0" model="virtio-scsi" type="scsi" /> <controller index="0" ports="16" type="virtio-serial" /> <video> <model heads="1" ram="65536" type="qxl" vgamem="16384" vram="32768" /> </video> <graphics autoport="yes" defaultMode="secure" passwd="*****" passwdValidTo="1970-01-01T00:00:01" port="-1" tlsPort="-1" type="spice"> <channel mode="secure" name="main" /> <channel mode="secure" name="inputs" /> <channel mode="secure" name="cursor" /> <channel mode="secure" name="playback" /> <channel mode="secure" name="record" /> <channel mode="secure" name="display" /> <channel mode="secure" name="smartcard" /> <channel mode="secure" name="usbredir" /> <listen network="vdsm-ovirtmgmt" type="network" /> </graphics> <interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface> <disk device="cdrom" snapshot="no" type="file"> <source file="/rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso" startupPolicy="optional" /> <target bus="ide" dev="hdc" /> <readonly /> <boot order="1" /> </disk> <channel type="spicevmc"> <target name="com.redhat.spice.0" type="virtio" /> </channel> </devices> <metadata> <ovirt:qos /> </metadata> <os> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0">hvm</type> <smbios mode="sysinfo" /> <bootmenu enable="yes" timeout="10000" /> </os> <sysinfo type="smbios"> <system> <entry name="manufacturer">oVirt</entry> <entry name="product">oVirt Node</entry> <entry name="version">7-3.1611.el7.centos</entry> <entry name="serial">62f1adff-b29e-4a7c-abba-c2c4c73248c6</entry> <entry name="uuid">6dd5291e-6556-4d29-8b4e-ea896e627645</entry> </system> </sysinfo> <clock adjustment="0" offset="variable"> <timer name="rtc" tickpolicy="catchup" /> <timer name="pit" tickpolicy="delay" /> <timer name="hpet" present="no" /> </clock> <features> <acpi /> </features> <cpu match="exact"> <model>SandyBridge</model> <topology cores="1" sockets="16" threads="1" /> <numa> <cell cpus="0" memory="1048576" /> </numa> </cpu> </domain> (vm:1988) 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: onResume (vm:4863) 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') Starting connection (guestagent:245) 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: domain initialization (vm:4863) 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC call Host.getVMFullList succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize(sdUUID=u'2ee54fb8-48f2-4576-8cff-f2346504b08b', spUUID=u'584ebd64-0268-0193-025b-00000000038e', imgUUID=u'5a3aae57-ffe0-4a3b-aa87-8461669db7f9', volUUID=u'b6a88789-fcb1-4d3e-911b-2a4d3b6c69c7', options=None) (logUtils:49) 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize, Return response: {'truesize': '1859723264', 'apparentsize': '21474836480'} (logUtils:52) 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52) 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52) 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC call Host.getStats succeeded in 0.01 seconds (__init__:515)
Vdsm and the OVN driver must have been called as the port IS created, but with the wrong id. I don't find the faulty id in vdsm.log neither, the xml above have the correct id. /Sverker
Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:
The port is set up on the host by the ovirt-provider-ovn-driver. The driver is invoked by the vdsm hook whenever any operation on the port is done. Please ensure that this is installed properly. You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the hook was executed properly.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki" <mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users" <users@ovirt.org <mailto:users@ovirt.org>> Sent: Friday, January 6, 2017 9:00:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I created a new VM in the ui and assigned it to host h1. In /var/log/ovirt-provider-ovn.log I get the following:
2017-01-06 20:54:11,940 Request: GET : /v2.0/ports 2017-01-06 20:54:11,940 Connecting to remote ovn database: tcp:127.0.0.1:6641 <http://127.0.0.1:6641> 2017-01-06 20:54:12,157 Connected (number of retries: 2) 2017-01-06 20:54:12,158 Response code: 200 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:54:12,160 Request: SHOW : /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 2017-01-06 20:54:12,160 Connecting to remote ovn database: tcp:127.0.0.1:6641 <http://127.0.0.1:6641> 2017-01-06 20:54:12,377 Connected (number of retries: 2) 2017-01-06 20:54:12,378 Response code: 200 2017-01-06 20:54:12,378 Response body: {"network": {"id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports 2017-01-06 20:54:12,380 Request body: { "port" : { "name" : "nic1", "binding:host_id" : "h1.limetransit.com <http://h1.limetransit.com>", "admin_state_up" : true, "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", "device_owner" : "oVirt", "mac_address" : "00:1a:4a:16:01:54", "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" } } 2017-01-06 20:54:12,380 Connecting to remote ovn database: tcp:127.0.0.1:6641 <http://127.0.0.1:6641> 2017-01-06 20:54:12,610 Connected (number of retries: 2) 2017-01-06 20:54:12,614 Response code: 200 2017-01-06 20:54:12,614 Response body: {"port": {"name": "912cba79-982e-4a87-868e-241fedccb59a", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:54", "id": "912cba79-982e-4a87-868e-241fedccb59a", "device_id": "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}}
h1:/var/log/messages Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- set Interface vnet1 "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set Interface vnet1 "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set Interface vnet1 external-ids:iface-status=active
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 912cba79-982e-4a87-868e-241fedccb59a addresses: ["00:1a:4a:16:01:54"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com <http://h2.limetransit.com>" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com <http://h1.limetransit.com>" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I.e. same issue /Sverker
Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:
The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following:
2017-01-06 20:19:25,452 Request: GET : /v2.0/ports 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641 <http://127.0.0.1:6641> 2017-01-06 20:19:25,670 Connected (number of retries: 2) 2017-01-06 20:19:25,670 Response code: 200 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 2017-01-06 20:19:25,673 Request body: { "port" : { "binding:host_id" : "h1.limetransit.com <http://h1.limetransit.com>", "security_groups" : null } } 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641 <http://127.0.0.1:6641> 2017-01-06 20:19:25,890 Connected (number of retries: 2) 2017-01-06 20:19:25,891 Response code: 200 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}}
In /var/log/messages on h1 I get the following:
Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems' Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*. Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com <http://h2.limetransit.com>" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com <http://h1.limetransit.com>" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
I.e. the port is set up with the wrong ID and not attached to OVN.
If I correct external-ids:iface-id like this: [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\""
then sb is correct: [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com <http://h2.limetransit.com>" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com <http://h1.limetransit.com>" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages.
If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning. /Sverker
Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:
How did you create this port? From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Tuesday, January 3, 2017 2:06:22 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Found an issue with Ovirt - OVN integration.
Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state:
[root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com <http://h2.limetransit.com>" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com <http://h1.limetransit.com>" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
sb db after correcting the port:
Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com <http://h2.limetransit.com>" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com <http://h1.limetransit.com>" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct:
<interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface>
Where is the ovs-vsctl command line built for this call?
/Sverker
Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:
Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list.
Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view..
Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker
Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson:
1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work
2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached:
First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post.
The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes.
Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's.
/Sverker
Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki:
1. Why not use your physical nic for ovirtmgmt then?
2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider.
Please look at: http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ <http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/> You can get the latest rpms from here: http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov... <http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ovn_fc24_46/rpm/fc24/noarch/>
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Friday, December 30, 2016 4:25:58 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far.
As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels.
2. On https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... <https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/>
there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's.
It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network.
/Sverker
Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:
Hi,
The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it,
attaching the management network to the bridge. This was the reason for
creating the bridge (the recommended setup would be to used a separate
physical nic for the management network). This bridge has nothing to do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install OVN on your hosts. This should create the br-int bridge, which are then used by the OVN provider. This br-int bridge must be configured to connect to other hosts using the geneve tunnels.
In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported).
What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM
I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway?
/Sverker
Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:
Sverker,
br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created).
The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>>, "Numan Siddique" <nusiddiq@redhat.com <mailto:nusiddiq@redhat.com>> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int.
Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants
/Sverker
Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:
When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook
to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp.
/Sverker
Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:
By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now.
It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge??
/Sverker
Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:
The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker
-------- Vidarebefordrat meddelande -------- Ämne:
Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum:
Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från:
Marcin Mirecki<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Till:
Sverker Abrahamsson<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> Kopia:
Ovirt Users<users@ovirt.org <mailto:users@ovirt.org>>, Lance Richardson <lrichard@redhat.com <mailto:lrichard@redhat.com>>, Numan Siddique<nusiddiq@redhat.com <mailto:nusiddiq@redhat.com>>
Let me add the OVN team.
Lance, Numan,
Can you please look at this?
Trying to plug a vNIC results in:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\""
-- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\""
-- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
More details below
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Same problem still.. /Sverker
Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
Hi,
The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior.
Does the problem still occur after setting configuring the OVN-controller?
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi The rpm packages you listed in the other mail are installed but I had not run vdsm-tool ovn-config to create tunnel as the OVN controller is on the same host.
[root@h2 ~]# rpm -q openvswitch-ovn-common openvswitch-ovn-common-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q openvswitch-ovn-host openvswitch-ovn-host-2.6.90-1.el7.centos.x86_64 [root@h2 ~]# rpm -q python-openvswitch python-openvswitch-2.6.90-1.el7.centos.noarch
After removing my manually created br-int and run
vdsm-tool ovn-config 127.0.0.1 172.27.1.1
then I have the br-int but 'ip link show' does not show any link 'genev_sys_' nor does 'ovs-vsctl show' any port for ovn. I assume these are when there is an actual tunnel?
[root@h2 ~]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge br-int fail_mode: secure Port br-int
Interface br-int
type: internal Bridge ovirtbridge Port ovirtbridge
Interface ovirtbridge
type: internal Bridge "ovsbridge0" Port "ovsbridge0"
Interface "ovsbridge0"
type: internal Port "eth0"
Interface "eth0" ovs_version: "2.6.90"
[root@h2 ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 5a:14:cf:28:47:e2 brd ff:ff:ff:ff:ff:ff 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 44:8a:5b:84:7d:b3 brd ff:ff:ff:ff:ff:ff 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 9e:b0:3a:9d:f2:4b brd ff:ff:ff:ff:ff:ff 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether a6:f6:e5:a4:5b:45 brd ff:ff:ff:ff:ff:ff 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 66:e0:1c:c3:a9:d8 brd ff:ff:ff:ff:ff:ff
Firewall settings: [root@h2 ~]# firewall-cmd --list-all-zones work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh
ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks:
rich rules:
drop target: DROP icmp-block-inversion: no interfaces: sources: services:
ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks:
rich rules:
internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh
ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks:
rich rules:
external target: default icmp-block-inversion: no interfaces: sources: services: ssh
ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks:
rich rules:
trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services:
ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks:
rich rules:
home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh
ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks:
rich rules:
dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh
ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks:
rich rules:
public (active) target: default icmp-block-inversion: no interfaces: eth0 ovsbridge0 sources: services: dhcpv6-client ssh
ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks:
rich rules:
block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services:
ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks:
rich rules:
ovirt (active) target: default icmp-block-inversion: no interfaces: ovirtbridge ovirtmgmt sources: services: dhcp ovirt-fence-kdump-listener ovirt-http ovirt-https ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm
ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks:
rich rules: rule family="ipv4" port port="6641" protocol="tcp" accept rule family="ipv4" port port="6642" protocol="tcp" accept
The db dump is attached /Sverker Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki:
Hi,
Can you please do: "sudo ovsdb-client dump" on the host and send me the output?
Have you configured the ovn controller to connect to the OVN north? You can do it using "vdsm-tool ovn-config" or using the OVN tools directly. Please check out:https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ <https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/>
for details.
Also please note that the OVN provider is completely different from the neutron-openvswitch plugin. Please don't mix the two.
Marcin
----- Original Message -----
From: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Thursday, December 29, 2016 9:27:19 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi,
br-int is the OVN integration bridge, it should have been created when installing OVN. I assume you have the following packages installed on the host: openvswitch-ovn-common openvswitch-ovn-host python-openvswitch
Please give me some time to look at the connectivity problem.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Thursday, December 29, 2016 12:47:04 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
From /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook
(installed by ovirt-provider-ovn-driver rpm):
BRIDGE_NAME = 'br-int'
Den 2016-12-28 kl. 23:56, skrev Sverker Abrahamsson:
Googling on the message about br-int suggested adding that bridge to ovs:
ovs-vsctl add-br br-int
Then the VM is able to boot, but it fails to get network connectivity. Output in /var/log/messages:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\""
-- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\""
-- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X J-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-I-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -L libvirt-P-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -E libvirt-P-vnet0 libvirt-O-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -F I-vnet0-arp-mac' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -X I-vnet0-arp-mac' failed:
[root@h2 etc]# ovs-vsctl show ebb6aede-cbbc-4f4f-a88a-a9cd72b2bd23 Bridge ovirtbridge
Port "ovirtport0" Interface "ovirtport0" type: internal
Port ovirtbridge Interface ovirtbridge type: internal Bridge "ovsbridge0"
Port "ovsbridge0" Interface "ovsbridge0" type: internal
Port "eth0" Interface "eth0" Bridge br-int
Port br-int Interface br-int type: internal
Port "vnet0" Interface "vnet0" ovs_version: "2.6.90"
Searching through the code it appears that br-int comes from neutron-openvswitch plugin ??
[root@h2 share]# rpm -qf /usr/share/otopi/plugins/ovirt-host-deploy/openstack/neutron_openvswitch.py
ovirt-host-deploy-1.6.0-0.0.ma <http://ovirt-host-deploy-1.6.0-0.0.ma>ster.20161215101008.gitb76ad50.el7.centos.noarch
/Sverker
Den 2016-12-28 kl. 23:24, skrev Sverker Abrahamsson:
In addition I had to add an alias to modprobe:
[root@h2 modprobe.d]# cat dummy.conf alias dummy0 dummy
Den 2016-12-28 kl. 23:03, skrev Sverker Abrahamsson:
Hi I first tried to set device name to dummy_0, but then ifup did not succeed in creating the device unless I first did 'ip link add dummy_0 type dummy' but then it would not suceed to establish the if on reboot.
Setting fake_nics = dummy0 would not work neither, but this works:
fake_nics = dummy*
The engine is now able to find the if and assign bridge ovirtmgmt to it.
However, I then run into the next issue when starting a VM:
2016-12-28 22:28:23,897 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ForkJoinPool-1-worker-2) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM CentOS7 is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device.
This VM has a nic on ovirtbridge, which comes from the OVN provider.
/Sverker
Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki:
Sverker,
Can you try adding a vnic named veth_* or dummy_*, (or alternatively add the name of the vnic to vdsm.config fake_nics), and setup the management network using this vnic? I suppose adding the vnic you use for connecting to the engine to fake_nics should make it visible to the engine, and you should be able to use it for the setup.
Marcin
----- Original Message -----
From: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> To: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Wednesday, December 28, 2016 12:06:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible.
I just verified and unfortunately the virtual ports are not visible in engine to assign a network to :( I'm afraid that the engine is not ready for such a scenario (even if it works). Please give me some time to look for a solution.
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Wednesday, December 28, 2016 11:48:24 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Marcin Yes, that is my issue. I don't want to let ovirt/vdsm see eth0 nor ovsbridge0 since as soon as it sees them it messes up the network config so that the host will be unreachable.
I have an internal OVS bridge called ovirtbridge which has a port with IP address, but in the host network settings that port is not visible. It doesn't help to name it ovirtmgmt.
The engine is able to communicate with the host on the ip it has been given, it's just that it believes that it HAS to have a ovirtmgmt network which can't be on OVN.
/Sverker
Den 2016-12-28 kl. 10:45, skrev Marcin Mirecki:
Hi Sverker,
The management network is mandatory on each host. It's used by the engine to communicate with the host. Looking at your description and the exception it looks like it is missing. The error is caused by not having any network for the host (network list retrieved in InterfaceDaoImpl.getHostNetworksByCluster - which gets all the networks on nics for a host from vds_interface table in the DB).
Could you maybe create a virtual nic connected to ovsbridge0 (as I understand you have no physical nic available) and use this for the management network?
I then create a bridge for use with ovirt, with a private address.
I'm not quite sure I understand. Is this yet another bridge connected to ovsbridge0? You could also attach the vnic for the management network here if need be.
Please keep in mind that OVN has no use in setting up the management network. The OVN provider can only handle external networks, which can not be used for a management network.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To:users@ovirt.org <mailto:To%3Ausers@ovirt.org> Sent: Wednesday, December 28, 2016 12:39:59 AM Subject: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi For long time I've been looking for proper support in ovirt for Open vSwitch so I'm happy that it is moving in the right direction. However, there seems to still be a dependency on a ovirtmgmt bridge and I'm unable to move that to the OVN provider.
The hosting center where I rent hw instances has a bit special network setup, so I have one physical network port with a /32 netmask and point-to-point config to router. The physical port I connect to a ovs bridge which has the public ip. Since ovirt always messes up the network config when I've tried to let it have access to the network config for the physical port, I've set eht0 and ovsbridge0 as hidden in vdsm.conf.
I then create a bridge for use with ovirt, with a private address. With the OVN provider I am now able to import these into the engine and it looks good. When creating a VM I can select that it will have a vNic on my OVS bridge.
However, I can't start the VM as an exception is thrown in the log:
2016-12-28 00:13:33,350 ERROR [org.ovirt.engine.core.bll.RunVmCommand] (default task-5) [3c882d53] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.validateRequiredNetworksAvailable(NetworkPolicyUnit.java:140)
[bll.jar:] at org.ovirt.engine.core.bll.scheduling.policyunits.NetworkPolicyUnit.filter(NetworkPolicyUnit.java:69)
[bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runInternalFilters(SchedulingManager.java:597)
[bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.runFilters(SchedulingManager.java:564)
[bll.jar:] at org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:494)
[bll.jar:] at org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:133)
[bll.jar:] at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:940)
[bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:886)
[bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:366)
[bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113)
[bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99)
[bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:613)
[bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:583)
[bll.jar:]
Looking at that section of code where the exception is thrown, I see that it iterates over host networks to find required networks, which I assume is ovirtmgmt. In the host network setup dialog I don't see any networks at all but it lists ovirtmgmt as required. It also list the OVN networks but these can't be statically assigned as they are added dynamically when needed, which is fine.
I believe that I either need to remove ovirtmgmt network or configure that it is provided by the OVN provider, but neither is possible. Preferably it shouldn't be hardcoded which network is management and mandatory but be possible to configure.
/Sverker Den 2016-12-27 kl. 17:10, skrev Marcin Mirecki:
_______________________________________________
Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
--------------C439E37E95C54C1626CB0DFC Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>I still had the window open where I did that step. This is how it looked like:<br> </p> <p>[root@h2 ovirt-provider-ovn]# git push origin HEAD:refs/drafts/master<br> Counting objects: 9, done.<br> Delta compression using up to 8 threads.<br> Compressing objects: 100% (5/5), done.<br> Writing objects: 100% (6/6), 1.79 KiB | 0 bytes/s, done.<br> Total 6 (delta 2), reused 0 (delta 0)<br> remote: Resolving deltas: 100% (2/2)<br> remote: Processing changes: new: 1, refs: 1, done<br> remote: (W) 16d5be4: commit subject >65 characters; use shorter first paragraph<br> remote:<br> remote: New Changes:<br> remote: <a class="moz-txt-link-freetext" href="https://gerrit.ovirt.org/70588">https://gerrit.ovirt.org/70588</a> Properly handle to set id when interface already has a virtualport element ... [DRAFT]<br> remote:<br> To gerrit.ovirt.org:ovirt-provider-ovn<br> * [new branch] HEAD -> refs/drafts/master<br> </p> <p>I see the difference is that I pushed to HEAD:refs/drafts/master as instructed at <a class="moz-txt-link-freetext" href="http://www.ovirt.org/develop/dev-process/working-with-gerrit/">http://www.ovirt.org/develop/dev-process/working-with-gerrit/</a></p> <p>Should I push it to HEAD:refs/for/master instead?</p> <p>/Sverker<br> </p> <div class="moz-cite-prefix">Den 2017-01-17 kl. 12:09, skrev Marcin Mirecki:<br> </div> <blockquote cite="mid:CAEV6mUqu1g+egQfyp-RtZRFuzNF8cyqGeaCsUSfUOTUQv2SNOQ@mail.gmail.com" type="cite"> <div dir="ltr"> <div> <div> <div>Sverker,<br> </div> I can see you as a user in gerrit (<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com">sverker@abrahamsson.com</a>), but there are no patches for your name.<br> </div> Please check for any errors after you issue:<br> git push gerrit.ovirt.org:ovirt-provider-ovn HEAD:refs/for/master<br> <br> </div> Also, please let me know if you need any other help on with gerrit.</div> <div class="gmail_extra"><br> <div class="gmail_quote">On Mon, Jan 16, 2017 at 8:49 PM, Sverker Abrahamsson <span dir="ltr"><<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsson.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I've followed the instructions to best effort, so hopefully it's right..<br> <br> <br> Den 2017-01-13 kl. 10:31, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Please push the patch into: <a moz-do-not-send="true" href="https://gerrit.ovirt.org/ovirt-provider-ovn" rel="noreferrer" target="_blank">https://gerrit.ovirt.org/ovirt<wbr>-provider-ovn</a><br> (let me know if you need some directions)<br> <br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson" <<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsson.com</a>><br> To: "Marcin Mirecki" <<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users" <<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Monday, January 9, 2017 1:45:37 PM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network<br> <br> Ok, found it. The issue is right here:<br> <br> <interface type="bridge"><br> <mac address="00:1a:4a:16:01:54" /><br> <model type="virtio" /><br> <source bridge="br-int" /><br> <virtualport type="openvswitch" /><br> <link state="up" /><br> <boot order="2" /><br> <bandwidth /><br> <virtualport type="openvswitch"><br> <parameters<br> interfaceid="912cba79-982e-4a8<wbr>7-868e-241fedccb59a" /><br> </virtualport><br> </interface><br> <br> There are two elements for virtualport, the first without id and the<br> second with. On h2 I had fixed this which was the patch I posted earlier<br> although I switched back to use br-int after understanding that was the<br> correct way. When that hook was copied to h1 the port gets attached fine.<br> <br> Patch with updated testcase attached.<br> <br> /Sverker<br> <br> <br> Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> This is the content of vdsm.log on h1 at this time:<br> <br> 2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC<br> call VM.create succeeded in 0.01 seconds (__init__:515)<br> 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm]<br> (vmId='6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645') VM wrapper has started<br> (vm:1901)<br> 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume<br> path:<br> /rhev/data-center/mnt/h2-int.l<wbr>imetransit.com:_var_lib_export<wbr>s_iso/1d49c4bc-0fec-4503-a583-<wbr>d476fa3a370d/images/11111111-<wbr>1111-1111-1111-111111111111/<wbr>CentOS-7-x86_64-NetInstall-<wbr>1611.iso<br> (clientIF:374)<br> 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108)<br> 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108)<br> 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm]<br> (vmId='6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645') <?xml version='1.0'<br> encoding='UTF-8'?><br> <domain xmlns:ovirt="<a moz-do-not-send="true" href="http://ovirt.org/vm/tune/1.0" rel="noreferrer" target="_blank">http://ovirt.org/<wbr>vm/tune/1.0</a>" type="kvm"><br> <name>CentOS7_3</name><br> <uuid>6dd5291e-6556-4d29-<wbr>8b4e-ea896e627645</uuid><br> <memory>1048576</memory><br> <currentMemory>1048576</curre<wbr>ntMemory><br> <maxMemory slots="16">4294967296</maxMemo<wbr>ry><br> <vcpu current="1">16</vcpu><br> <devices><br> <channel type="unix"><br> <target name="com.redhat.rhevm.vdsm" type="virtio" /><br> <source mode="bind"<br> path="/var/lib/libvirt/qemu/ch<wbr>annels/6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645.com.redhat.rhevm<wbr>.vdsm"<br> /><br> </channel><br> <channel type="unix"><br> <target name="org.qemu.guest_agent.0" type="virtio" /><br> <source mode="bind"<br> path="/var/lib/libvirt/qemu/ch<wbr>annels/6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645.org.qemu.guest_<wbr>agent.0"<br> /><br> </channel><br> <input bus="ps2" type="mouse" /><br> <memballoon model="virtio" /><br> <controller index="0" model="virtio-scsi" type="scsi" /><br> <controller index="0" ports="16" type="virtio-serial" /><br> <video><br> <model heads="1" ram="65536" type="qxl" vgamem="16384"<br> vram="32768" /><br> </video><br> <graphics autoport="yes" defaultMode="secure" passwd="*****"<br> passwdValidTo="1970-01-01T00:0<wbr>0:01" port="-1" tlsPort="-1" type="spice"><br> <channel mode="secure" name="main" /><br> <channel mode="secure" name="inputs" /><br> <channel mode="secure" name="cursor" /><br> <channel mode="secure" name="playback" /><br> <channel mode="secure" name="record" /><br> <channel mode="secure" name="display" /><br> <channel mode="secure" name="smartcard" /><br> <channel mode="secure" name="usbredir" /><br> <listen network="vdsm-ovirtmgmt" type="network" /><br> </graphics><br> <interface type="bridge"><br> <mac address="00:1a:4a:16:01:54" /><br> <model type="virtio" /><br> <source bridge="br-int" /><br> <virtualport type="openvswitch" /><br> <link state="up" /><br> <boot order="2" /><br> <bandwidth /><br> <virtualport type="openvswitch"><br> <parameters<br> interfaceid="912cba79-982e-4a8<wbr>7-868e-241fedccb59a" /><br> </virtualport><br> </interface><br> <disk device="cdrom" snapshot="no" type="file"><br> <source<br> file="/rhev/data-center/mnt/h2<wbr>-int.limetransit.com:_var_lib_<wbr>exports_iso/1d49c4bc-0fec-4503<wbr>-a583-d476fa3a370d/images/1111<wbr>1111-1111-1111-1111-1111111111<wbr>11/CentOS-7-x86_64-NetInstall-<wbr>1611.iso"<br> startupPolicy="optional" /><br> <target bus="ide" dev="hdc" /><br> <readonly /><br> <boot order="1" /><br> </disk><br> <channel type="spicevmc"><br> <target name="com.redhat.spice.0" type="virtio" /><br> </channel><br> </devices><br> <metadata><br> <ovirt:qos /><br> </metadata><br> <os><br> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0"><wbr>hvm</type><br> <smbios mode="sysinfo" /><br> <bootmenu enable="yes" timeout="10000" /><br> </os><br> <sysinfo type="smbios"><br> <system><br> <entry name="manufacturer">oVirt</ent<wbr>ry><br> <entry name="product">oVirt Node</entry><br> <entry name="version">7-3.1611.el7.ce<wbr>ntos</entry><br> <entry<br> name="serial">62f1adff-b29e-4a<wbr>7c-abba-c2c4c73248c6</entry><br> <entry<br> name="uuid">6dd5291e-6556-4d29<wbr>-8b4e-ea896e627645</entry><br> </system><br> </sysinfo><br> <clock adjustment="0" offset="variable"><br> <timer name="rtc" tickpolicy="catchup" /><br> <timer name="pit" tickpolicy="delay" /><br> <timer name="hpet" present="no" /><br> </clock><br> <features><br> <acpi /><br> </features><br> <cpu match="exact"><br> <model>SandyBridge</model><br> <topology cores="1" sockets="16" threads="1" /><br> <numa><br> <cell cpus="0" memory="1048576" /><br> </numa><br> </cpu><br> </domain><br> (vm:1988)<br> 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm]<br> (vmId='6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645') CPU running: onResume<br> (vm:4863)<br> 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm]<br> (vmId='6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645') Starting connection<br> (guestagent:245)<br> 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm]<br> (vmId='6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645') CPU running: domain<br> initialization (vm:4863)<br> 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC<br> call Host.getVMFullList succeeded in 0.01 seconds (__init__:515)<br> 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and<br> protect: getVolumeSize(sdUUID=u'2ee54fb<wbr>8-48f2-4576-8cff-f2346504b08b'<wbr>,<br> spUUID=u'584ebd64-0268-0193-02<wbr>5b-00000000038e',<br> imgUUID=u'5a3aae57-ffe0-4a3b-a<wbr>a87-8461669db7f9',<br> volUUID=u'b6a88789-fcb1-4d3e-9<wbr>11b-2a4d3b6c69c7', options=None)<br> (logUtils:49)<br> 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and<br> protect: getVolumeSize, Return response: {'truesize': '1859723264',<br> 'apparentsize': '21474836480'} (logUtils:52)<br> 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and<br> protect: repoStats(options=None) (logUtils:49)<br> 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and<br> protect: repoStats, Return response:<br> {u'2ee54fb8-48f2-4576-8cff-f23<wbr>46504b08b': {'code': 0, 'actual': True,<br> 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck':<br> '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476<wbr>fa3a370d':<br> {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay':<br> '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52)<br> 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC<br> call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515)<br> 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC<br> call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515)<br> 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and<br> protect: repoStats(options=None) (logUtils:49)<br> 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and<br> protect: repoStats, Return response:<br> {u'2ee54fb8-48f2-4576-8cff-f23<wbr>46504b08b': {'code': 0, 'actual': True,<br> 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck':<br> '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476<wbr>fa3a370d':<br> {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay':<br> '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52)<br> 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC<br> call Host.getStats succeeded in 0.01 seconds (__init__:515)<br> <br> Vdsm and the OVN driver must have been called as the port IS created,<br> but with the wrong id. I don't find the faulty id in vdsm.log neither,<br> the xml above have the correct id.<br> /Sverker<br> <br> Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> The port is set up on the host by the ovirt-provider-ovn-driver.<br> The driver is invoked by the vdsm hook whenever any operation on<br> the port is done.<br> Please ensure that this is installed properly.<br> You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the<br> hook was executed properly.<br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson" <<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsson.com</a>><br> To: "Marcin Mirecki" <<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users" <<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Friday, January 6, 2017 9:00:26 PM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory<br> ovirtmgmt network<br> <br> I created a new VM in the ui and assigned it to host h1. In<br> /var/log/ovirt-provider-ovn.lo<wbr>g I get the following:<br> <br> 2017-01-06 20:54:11,940 Request: GET : /v2.0/ports<br> 2017-01-06 20:54:11,940 Connecting to remote ovn database:<br> tcp:<a moz-do-not-send="true" href="http://127.0.0.1:6641" rel="noreferrer" target="_blank">127.0.0.1:6641</a><br> 2017-01-06 20:54:12,157 Connected (number of retries: 2)<br> 2017-01-06 20:54:12,158 Response code: 200<br> 2017-01-06 20:54:12,158 Response body: {"ports": [{"name":<br> "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:51", "id":<br> "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873", "device_id":<br> "40cd7328-d575-4c3d-b656-9ef9b<wbr>acc0078"}, {"name":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:52", "id":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "device_id":<br> "4baefa8c-3822-4de0-9cd0-1d025<wbr>bab7844"}]}<br> 2017-01-06 20:54:12,160 Request: SHOW :<br> /v2.0/networks/e53554cf-e553-4<wbr>0a1-8d22-9c8d95ec0601<br> 2017-01-06 20:54:12,160 Connecting to remote ovn database:<br> tcp:<a moz-do-not-send="true" href="http://127.0.0.1:6641" rel="noreferrer" target="_blank">127.0.0.1:6641</a><br> 2017-01-06 20:54:12,377 Connected (number of retries: 2)<br> 2017-01-06 20:54:12,378 Response code: 200<br> 2017-01-06 20:54:12,378 Response body: {"network": {"id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "name": "ovirtbridge"}}<br> 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports<br> 2017-01-06 20:54:12,380 Request body:<br> {<br> "port" : {<br> "name" : "nic1",<br> "binding:host_id" : "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>",<br> "admin_state_up" : true,<br> "device_id" : "e8553a88-05f0-401d-8b9b-5fff7<wbr>7f7bbbe",<br> "device_owner" : "oVirt",<br> "mac_address" : "00:1a:4a:16:01:54",<br> "network_id" : "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601"<br> }<br> }<br> 2017-01-06 20:54:12,380 Connecting to remote ovn database:<br> tcp:<a moz-do-not-send="true" href="http://127.0.0.1:6641" rel="noreferrer" target="_blank">127.0.0.1:6641</a><br> 2017-01-06 20:54:12,610 Connected (number of retries: 2)<br> 2017-01-06 20:54:12,614 Response code: 200<br> 2017-01-06 20:54:12,614 Response body: {"port": {"name":<br> "912cba79-982e-4a87-868e-241fe<wbr>dccb59a", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:54", "id":<br> "912cba79-982e-4a87-868e-241fe<wbr>dccb59a", "device_id":<br> "e8553a88-05f0-401d-8b9b-5fff7<wbr>7f7bbbe"}}<br> <br> h1:/var/log/messages<br> Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl<br> --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 --<br> set Interface vnet1<br> "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:54\"" --<br> set Interface vnet1<br> "external-ids:iface-id=\"20388<wbr>407-0f76-41d8-97aa-8e2b5978f90<wbr>8\"" -- set<br> Interface vnet1<br> "external-ids:vm-id=\"6dd5291e<wbr>-6556-4d29-8b4e-ea896e627645\"<wbr>" -- set<br> Interface vnet1 external-ids:iface-status=acti<wbr>ve<br> <br> [root@h2 ~]# ovn-nbctl show<br> switch e53554cf-e553-40a1-8d22-9c8d95<wbr>ec0601 (ovirtbridge)<br> port 4981ee5f-6e15-4bd5-a1cf-7ead9b<wbr>dd5873<br> addresses: ["00:1a:4a:16:01:51"]<br> port 912cba79-982e-4a87-868e-241fed<wbr>ccb59a<br> addresses: ["00:1a:4a:16:01:54"]<br> port 92f6d3c8-68b3-4986-9c09-60bee0<wbr>4644b5<br> addresses: ["00:1a:4a:16:01:52"]<br> port ovirtbridge-port2<br> addresses: ["unknown"]<br> port ovirtbridge-port1<br> addresses: ["unknown"]<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c<wbr>6aeefb5"<br> hostname: "<a moz-do-not-send="true" href="http://h2.limetransit.com" rel="noreferrer" target="_blank">h2.limetransit.com</a>"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea644<wbr>4c02cf9"<br> hostname: "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5"<br> <br> I.e. same issue<br> /Sverker<br> <br> Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> The port is created from Ovirt UI, the ovs-vsctl command below is<br> executed when VM is started. In /var/log/ovirt-provider-ovn.lo<wbr>g on h2<br> I get the following:<br> <br> 2017-01-06 20:19:25,452 Request: GET : /v2.0/ports<br> 2017-01-06 20:19:25,452 Connecting to remote ovn database:<br> tcp:<a moz-do-not-send="true" href="http://127.0.0.1:6641" rel="noreferrer" target="_blank">127.0.0.1:6641</a><br> 2017-01-06 20:19:25,670 Connected (number of retries: 2)<br> 2017-01-06 20:19:25,670 Response code: 200<br> 2017-01-06 20:19:25,670 Response body: {"ports": [{"name":<br> "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:51", "id":<br> "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873", "device_id":<br> "40cd7328-d575-4c3d-b656-9ef9b<wbr>acc0078"}, {"name":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:52", "id":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "device_id":<br> "4baefa8c-3822-4de0-9cd0-1d025<wbr>bab7844"}]}<br> 2017-01-06 20:19:25,673 Request: PUT :<br> /v2.0/ports/92f6d3c8-68b3-4986<wbr>-9c09-60bee04644b5<br> 2017-01-06 20:19:25,673 Request body:<br> {<br> "port" : {<br> "binding:host_id" : "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>",<br> "security_groups" : null<br> }<br> }<br> 2017-01-06 20:19:25,673 Connecting to remote ovn database:<br> tcp:<a moz-do-not-send="true" href="http://127.0.0.1:6641" rel="noreferrer" target="_blank">127.0.0.1:6641</a><br> 2017-01-06 20:19:25,890 Connected (number of retries: 2)<br> 2017-01-06 20:19:25,891 Response code: 200<br> 2017-01-06 20:19:25,891 Response body: {"port": {"name":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:52", "id":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "device_id":<br> "4baefa8c-3822-4de0-9cd0-1d025<wbr>bab7844"}}<br> <br> In /var/log/messages on h1 I get the following:<br> <br> Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully<br> activated service 'org.freedesktop.problems'<br> Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl<br> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 --<br> set Interface vnet0 "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:52\""<br> -- set Interface vnet0<br> "external-ids:iface-id=\"72daf<wbr>da5-03c2-4bb6-bcb6-241fa5c0a1f<wbr>3\"" --<br> set Interface vnet0<br> "external-ids:vm-id=\"4d0c134a<wbr>-11a0-40f4-b2fb-c13c17c7251c\"<wbr>" -- set<br> Interface vnet0 external-ids:iface-status=acti<wbr>ve<br> Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode<br> Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record<br> for fe80::fc1a:4aff:fe16:152 on vnet0.*.<br> Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72.<br> Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72.<br> Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.<br> <br> [root@h2 ~]# ovn-nbctl show<br> switch e53554cf-e553-40a1-8d22-9c8d95<wbr>ec0601 (ovirtbridge)<br> port 4981ee5f-6e15-4bd5-a1cf-7ead9b<wbr>dd5873<br> addresses: ["00:1a:4a:16:01:51"]<br> port 92f6d3c8-68b3-4986-9c09-60bee0<wbr>4644b5<br> addresses: ["00:1a:4a:16:01:52"]<br> port ovirtbridge-port2<br> addresses: ["unknown"]<br> port ovirtbridge-port1<br> addresses: ["unknown"]<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c<wbr>6aeefb5"<br> hostname: "<a moz-do-not-send="true" href="http://h2.limetransit.com" rel="noreferrer" target="_blank">h2.limetransit.com</a>"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea644<wbr>4c02cf9"<br> hostname: "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> <br> I.e. the port is set up with the wrong ID and not attached to OVN.<br> <br> If I correct external-ids:iface-id like this:<br> [root@h1 ~]# ovs-vsctl set Interface vnet0<br> "external-ids:iface-id=\"92f6d<wbr>3c8-68b3-4986-9c09-60bee04644b<wbr>5\""<br> <br> then sb is correct:<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c<wbr>6aeefb5"<br> hostname: "<a moz-do-not-send="true" href="http://h2.limetransit.com" rel="noreferrer" target="_blank">h2.limetransit.com</a>"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea644<wbr>4c02cf9"<br> hostname: "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5"<br> <br> I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5<wbr>c0a1f3<br> comes from, doesn't show in any log other than /var/log/messages.<br> <br> If I do the same exercise on the same host as engine is running on<br> then the port for the VM gets the right id and is working from<br> beginning.<br> /Sverker<br> <br> Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> How did you create this port?<br> From the oVirt engine UI?<br> The OVN provider creates the port when you add the port in the<br> engine UI,<br> it is then plugged into the ovs bridge by the VIF driver.<br> Please attach /var/log/ovirt-provider-ovn.lo<wbr>g<br> <br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Tuesday, January 3, 2017 2:06:22 AM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory<br> ovirtmgmt<br> network<br> <br> Found an issue with Ovirt - OVN integration.<br> <br> Engine and OVN central db running on host h2. Created VM to run<br> on host<br> h1, which is started. Ovn db state:<br> <br> [root@h2 env3]# ovn-nbctl show<br> switch e53554cf-e553-40a1-8d22-9c8d95<wbr>ec0601 (ovirtbridge)<br> port 4981ee5f-6e15-4bd5-a1cf-7ead9b<wbr>dd5873<br> addresses: ["00:1a:4a:16:01:51"]<br> port 92f6d3c8-68b3-4986-9c09-60bee0<wbr>4644b5<br> addresses: ["00:1a:4a:16:01:52"]<br> port ovirtbridge-port2<br> addresses: ["unknown"]<br> port ovirtbridge-port1<br> addresses: ["unknown"]<br> [root@h2 env3]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c<wbr>6aeefb5"<br> hostname: "<a moz-do-not-send="true" href="http://h2.limetransit.com" rel="noreferrer" target="_blank">h2.limetransit.com</a>"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea644<wbr>4c02cf9"<br> hostname: "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> <br> Port 92f6d3c8-68b3-4986-9c09-60bee0<wbr>4644b5 is for the new VM which is<br> started on h1, but it is not assigned to that chassis. The reason is<br> that on h1 the port on br-int is created like this:<br> <br> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port<br> br-int<br> vnet0 -- set Interface vnet0<br> "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:52\"" -- set<br> Interface vnet0<br> "external-ids:iface-id=\"35bcb<wbr>e31-2c7e-4d97-add9-ce150eeb2f1<wbr>1\""<br> -- set<br> Interface vnet0<br> "external-ids:vm-id=\"4d0c134a<wbr>-11a0-40f4-b2fb-c13c17c7251c\"<wbr>" -- set<br> Interface vnet0 external-ids:iface-status=acti<wbr>ve<br> <br> I.e. the extrernal id of interface is wrong. When I manually<br> change to<br> the right id like this the port works fine:<br> <br> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port<br> br-int<br> vnet0 -- set Interface vnet0<br> "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:52\"" -- set<br> Interface vnet0<br> "external-ids:iface-id=\"92f6d<wbr>3c8-68b3-4986-9c09-60bee04644b<wbr>5\""<br> -- set<br> Interface vnet0<br> "external-ids:vm-id=\"4d0c134a<wbr>-11a0-40f4-b2fb-c13c17c7251c\"<wbr>" -- set<br> Interface vnet0 external-ids:iface-status=acti<wbr>ve<br> <br> sb db after correcting the port:<br> <br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c<wbr>6aeefb5"<br> hostname: "<a moz-do-not-send="true" href="http://h2.limetransit.com" rel="noreferrer" target="_blank">h2.limetransit.com</a>"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea644<wbr>4c02cf9"<br> hostname: "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5"<br> <br> I don't know from where the faulty id comes from, it's not in any<br> logs.<br> In the domain xml as printed in vdsm.log the id is correct:<br> <br> <interface type="bridge"><br> <mac address="00:1a:4a:16:01:52" /><br> <model type="virtio" /><br> <source bridge="br-int" /><br> <virtualport type="openvswitch" /><br> <link state="up" /><br> <boot order="2" /><br> <bandwidth /><br> <virtualport type="openvswitch"><br> <parameters<br> interfaceid="92f6d3c8-68b3-498<wbr>6-9c09-60bee04644b5" /><br> </virtualport><br> </interface><br> <br> Where is the ovs-vsctl command line built for this call?<br> <br> /Sverker<br> <br> <br> Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Got it to work now by following the env8 example in OVN tutorial,<br> where a port is added with type l2gateway. Not sure how that is<br> different from the localnet variant, but didn't suceed in<br> getting that<br> one working. Now I'm able to ping and telnet over the tunnel,<br> but not<br> ssh even when the port is answering on telnet. Neither does nfs<br> traffic work even though mount did. Suspecting MTU issue. I did<br> notice<br> that ovn-controller starts too early, before network interfaces are<br> established and hence can't reach the db. As these is a purely<br> OVS/OVN<br> issue I'll ask about it on their mailing list.<br> <br> Getting back to the original issue with Ovirt, I've now added the<br> second host h1 to ovirt-engine. Had to do the same as with h2 to<br> create a dummy ovirtmgmt network but configured access via the<br> public<br> IP. My firewall settings was replaced with iptables config and<br> vdsm.conf was overwritten when engine was set up, so those had<br> to be<br> manually restored. It would be preferable if it would be<br> possible to<br> configure ovirt-engine that it does not "own" the host and instead<br> comply with the settings it has instead of enforcing it's own<br> view..<br> <br> Apart from that it seems the second host works, although I need to<br> resolve the traffic issue over the OVS tunnel.<br> /Sverker<br> <br> Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> 1. That is not possible as ovirt (or vdsm) will rewrite the<br> network<br> configuration to a non-working state. That is why I've set that<br> if as<br> hidden to vdsm and is why I'm keen on getting OVS/OVN to work<br> <br> 2. I've been reading the doc for OVN and starting to connect the<br> dots, which is not trivial as it is complex. Some insights<br> reached:<br> <br> First step is the OVN database, installed by<br> openvswitch-ovn-central,<br> which I currently have running on h2 host. The 'ovn-nbctl' and<br> 'ovn-sbctl' commands are only possible to execute on a database<br> node.<br> Two ip's are given to 'vdsm-tool ovn-config <ip to database><br> <tunnel<br> ip>' as arguments, where <ip to database> is how this OVN node<br> reaches the database and <tunnel ip> is the ip to which other OVN<br> nodes sets up a tunnel to this node. I.e. it is not for creating a<br> tunnel to the database which I thought first from the<br> description in<br> blog post.<br> <br> The tunnel between OVN nodes is of type geneve which is a UDP<br> based<br> protocol but I have not been able to find anywhere which port<br> is used<br> so that I can open it in firewalld. I have added OVN on another<br> host,<br> called h1, and connected it to the db. I see there is traffic<br> to the<br> db port, but I don't see any geneve traffic between the nodes.<br> <br> Ovirt is now able to create it's vnet0 interface on the br-int ovs<br> bridge, but then I run into the next issue. How do I create a<br> connection from the logical switch to the physical host? I need<br> that<br> to a) get a connection out to the internet through a<br> masqueraded if<br> or ipv6 and b) be able to run a dhcp server to give ip's to the<br> VM's.<br> <br> /Sverker<br> <br> Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> 1. Why not use your physical nic for ovirtmgmt then?<br> <br> 2. "ovn-nbctl ls-add" does not add a bridge, but a logical<br> switch.<br> br-int is an internal OVN implementation detail, which<br> the user<br> should not care about. What you see in the ovirt UI are<br> logical<br> networks. They are implemented as OVN logical switches<br> in case<br> of the OVN provider.<br> <br> Please look at:<br> <a moz-do-not-send="true" href="http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/" rel="noreferrer" target="_blank">http://www.ovirt.org/blog/2016<wbr>/11/ovirt-provider-ovn/</a><br> You can get the latest rpms from here:<br> <a moz-do-not-send="true" href="http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov..." rel="noreferrer" target="_blank">http://resources.ovirt.org/rep<wbr>os/ovirt/experimental/master/<wbr>ovirt-provider-ovn_fc24_46/<wbr>rpm/fc24/noarch/</a><br> <br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Friday, December 30, 2016 4:25:58 PM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory<br> ovirtmgmt network<br> <br> 1. No, I did not want to put the ovirtmgmt bridge on my physical<br> nic as<br> it always messed up the network config making the host<br> unreachable. I<br> have put a ovs bridge on this nic which I will use to make<br> tunnels<br> when<br> I add other hosts. Maybe br-int will be used for that<br> instead, will<br> see<br> when I get that far.<br> <br> As it is now I have a dummy if for ovirtmgmt bridge but this<br> will<br> probably not work when I add other hosts as that bridge cannot<br> connect<br> to the other hosts. I'm considering keeping this just as a<br> dummy to<br> keep<br> ovirt engine satisfied while the actual communication will<br> happen<br> over<br> OVN/OVS bridges and tunnels.<br> <br> 2. On<br> <a moz-do-not-send="true" href="https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide..." rel="noreferrer" target="_blank">https://www.ovirt.org//develop<wbr>/release-management/features/<wbr>ovirt-ovn-provider/</a><br> <br> <br> there is instructions how to add an OVS bridge to OVN with<br> |ovn-nbctl<br> ls-add <network name>|. If you want to use br-int then it makes<br> sense to<br> make that bridge visible in ovirt webui under networks so<br> that it<br> can be<br> selected for VM's.<br> <br> It quite doesn't make sense to me that I can select other<br> network<br> for my<br> VM but then that setting is not used when setting up the<br> network.<br> <br> /Sverker<br> <br> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi,<br> <br> The OVN provider does not require you to add any bridges<br> manually.<br> As I understand we were dealing with two problems:<br> 1. You only had one physical nic and wanted to put a bridge<br> on it,<br> attaching the management network to the bridge. This<br> was the<br> reason for<br> creating the bridge (the recommended setup would be<br> to used a<br> separate<br> physical nic for the management network). This bridge<br> has<br> nothing to<br> do with the OVN bridge.<br> 2. OVN - you want to use OVN on this system. For this you<br> have to<br> install<br> OVN on your hosts. This should create the br-int bridge,<br> which are<br> then used by the OVN provider. This br-int bridge<br> must be<br> configured<br> to connect to other hosts using the geneve tunnels.<br> <br> In both cases the systems will not be aware of any bridges you<br> create.<br> They need a nic (be it physical or virtual) to connect to other<br> system.<br> Usually this is the physical nic. In your case you decided<br> to put<br> a bridge<br> on the physical nic, and give oVirt a virtual nic attached<br> to this<br> bridge.<br> This works, but keep in mind that the bridge you have<br> introduced<br> is outside<br> of oVirt's (and OVN) control (and as such is not supported).<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> What is the purpose of<br> adding my bridges to Ovirt through the external provider and<br> configure<br> them on my VM<br> </blockquote> I am not quite sure I understand.<br> The external provider (OVN provider to be specific), does<br> not add<br> any<br> bridges<br> to the system. It is using the br-int bridge created by OVN.<br> The<br> networks<br> created by the OVN provider are purely logical entities,<br> implemented using<br> the OVN br-int bridge.<br> <br> Marcin<br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Friday, December 30, 2016 12:15:43 PM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory<br> ovirtmgmt<br> network<br> <br> Hi<br> That is the logic I quite don't understand. What is the<br> purpose of<br> adding my bridges to Ovirt through the external provider and<br> configure<br> them on my VM if you are disregarding that and using br-int<br> anyway?<br> <br> /Sverker<br> <br> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Sverker,<br> <br> br-int is the integration bridge created by default in<br> OVN. This<br> is the<br> bridge we use for the OVN provider. As OVN is required to be<br> installed,<br> we assume that this bridge is present.<br> Using any other ovs bridge is not supported, and will require<br> custom code<br> changes (such as the ones you created).<br> <br> The proper setup in your case would probably be to create<br> br-int<br> and<br> connect<br> this to your ovirtbridge, although I don't know the<br> details of<br> your env,<br> so<br> this is just my best guess.<br> <br> Marcin<br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>>, "Numan Siddique"<br> <<a moz-do-not-send="true" href="mailto:nusiddiq@redhat.com" target="_blank">nusiddiq@redhat.com</a>><br> Sent: Friday, December 30, 2016 1:14:50 AM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory<br> ovirtmgmt<br> network<br> <br> Even better, if the value is not hardcoded then the<br> configured<br> value is<br> used. Might be that I'm missunderstanding something but<br> this is<br> the<br> behaviour I expected instead of that it is using br-int.<br> <br> Attached is a patch which properly sets up the xml, in case<br> there is<br> already a virtual port there + testcode of some variants<br> <br> /Sverker<br> <br> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> When I change<br> /usr/libexec/vdsm/hooks/before<wbr>_device_create/ovirt_provider_<wbr>ovn_hook<br> <br> <br> to instead of hardcoded to br-int use BRIDGE_NAME =<br> 'ovirtbridge' then<br> I get the expected behaviour and I get a working network<br> connectivity<br> in my VM with IP provided by dhcp.<br> <br> /Sverker<br> <br> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> By default the vNic profile of my OVN bridge<br> ovirtbridge gets a<br> Network filter named vdsm-no-mac-spoofing. If I instead<br> set<br> No filter<br> then I don't get those ebtables / iptables messages. It<br> seems<br> that<br> there is some issue between ovirt/vdsm and firewalld,<br> which<br> we can<br> put to the side for now.<br> <br> It is not clear for me why the port is added on br-int<br> instead of the<br> bridge I've assigned to the VM, which is ovirtbridge??<br> <br> /Sverker<br> <br> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> The specific command most likely fails because there<br> is no<br> chain<br> named libvirt-J-vnet0, but when should that have been<br> created?<br> /Sverker<br> <br> -------- Vidarebefordrat meddelande --------<br> Ämne: Re: [ovirt-users] Issue with OVN/OVS and<br> mandatory<br> ovirtmgmt<br> network<br> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST)<br> Från: Marcin Mirecki<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Till: Sverker Abrahamsson<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsso<wbr>n.com</a>><br> Kopia: Ovirt Users<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>>, Lance Richardson<br> <<a moz-do-not-send="true" href="mailto:lrichard@redhat.com" target="_blank">lrichard@redhat.com</a>>, Numan<br> Siddique<<a moz-do-not-send="true" href="mailto:nusiddiq@redhat.com" target="_blank">nusiddiq@redhat.com</a>><br> <br> <br> <br> Let me add the OVN team.<br> <br> Lance, Numan,<br> <br> Can you please look at this?<br> <br> Trying to plug a vNIC results in:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Dec 28 23:31:35 h2 ovs-vsctl:<br> ovs|00001|vsctl|INFO|Called as<br> ovs-vsctl<br> --timeout=5 -- --if-exists del-port vnet0 --<br> add-port<br> br-int<br> vnet0 --<br> set Interface vnet0<br> "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:51\""<br> -- set Interface vnet0<br> "external-ids:iface-id=\"e8853<wbr>aac-8a75-41b0-8010-e630017dcdd<wbr>8\""<br> <br> <br> --<br> set Interface vnet0<br> "external-ids:vm-id=\"b9440d60<wbr>-ef5a-4e2b-83cf-081df7c09e6f\"<wbr>"<br> <br> <br> --<br> set<br> Interface vnet0 external-ids:iface-status=acti<wbr>ve<br> Dec 28 23:31:35 h2 kernel: device vnet0 entered<br> promiscuous<br> mode<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -D<br> PREROUTING<br> -i vnet0<br> -j<br> libvirt-J-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> More details below<br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Thursday, December 29, 2016 1:42:11 PM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and<br> mandatory<br> ovirtmgmt<br> network<br> <br> Hi<br> Same problem still..<br> /Sverker<br> <br> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi,<br> <br> The tunnels are created to connect multiple OVN<br> controllers.<br> If there is only one, there is no need for the<br> tunnels, so<br> none<br> will be created, this is the correct behavior.<br> <br> Does the problem still occur after setting<br> configuring the<br> OVN-controller?<br> <br> Marcin<br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Thursday, December 29, 2016 11:44:32 AM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and<br> mandatory<br> ovirtmgmt<br> network<br> <br> Hi<br> The rpm packages you listed in the other mail are<br> installed but I<br> had<br> not run vdsm-tool ovn-config to create tunnel as<br> the OVN<br> controller<br> is<br> on the same host.<br> <br> [root@h2 ~]# rpm -q openvswitch-ovn-common<br> openvswitch-ovn-common-2.6.90-<wbr>1.el7.centos.x86_64<br> [root@h2 ~]# rpm -q openvswitch-ovn-host<br> openvswitch-ovn-host-2.6.90-1.<wbr>el7.centos.x86_64<br> [root@h2 ~]# rpm -q python-openvswitch<br> python-openvswitch-2.6.90-1.el<wbr>7.centos.noarch<br> <br> After removing my manually created br-int and run<br> <br> vdsm-tool ovn-config 127.0.0.1 172.27.1.1<br> <br> then I have the br-int but 'ip link show' does not<br> show<br> any link<br> 'genev_sys_' nor does 'ovs-vsctl show' any port for<br> ovn.<br> I assume<br> these<br> are when there is an actual tunnel?<br> <br> [root@h2 ~]# ovs-vsctl show<br> ebb6aede-cbbc-4f4f-a88a-a9cd72<wbr>b2bd23<br> Bridge br-int<br> fail_mode: secure<br> Port br-int<br> Interface br-int<br> type: internal<br> Bridge ovirtbridge<br> Port ovirtbridge<br> Interface ovirtbridge<br> type: internal<br> Bridge "ovsbridge0"<br> Port "ovsbridge0"<br> Interface "ovsbridge0"<br> type: internal<br> Port "eth0"<br> Interface "eth0"<br> ovs_version: "2.6.90"<br> <br> [root@h2 ~]# ip link show<br> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc<br> noqueue state<br> UNKNOWN<br> mode<br> DEFAULT qlen 1<br> link/loopback 00:00:00:00:00:00 brd<br> 00:00:00:00:00:00<br> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu 1500<br> qdisc<br> pfifo_fast<br> master ovs-system state UP mode DEFAULT qlen 1000<br> link/ether 44:8a:5b:84:7d:b3 brd<br> ff:ff:ff:ff:ff:ff<br> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc<br> noop<br> state<br> DOWN<br> mode<br> DEFAULT qlen 1000<br> link/ether 5a:14:cf:28:47:e2 brd<br> ff:ff:ff:ff:ff:ff<br> 4: ovsbridge0: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP><br> mtu 1500<br> qdisc<br> noqueue<br> state UNKNOWN mode DEFAULT qlen 1000<br> link/ether 44:8a:5b:84:7d:b3 brd<br> ff:ff:ff:ff:ff:ff<br> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop<br> state DOWN<br> mode<br> DEFAULT qlen 1000<br> link/ether 9e:b0:3a:9d:f2:4b brd<br> ff:ff:ff:ff:ff:ff<br> 6: ovirtbridge: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu<br> 1500 qdisc<br> noqueue<br> state UNKNOWN mode DEFAULT qlen 1000<br> link/ether a6:f6:e5:a4:5b:45 brd<br> ff:ff:ff:ff:ff:ff<br> 7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500<br> qdisc<br> noqueue<br> master<br> ovirtmgmt state UNKNOWN mode DEFAULT qlen 1000<br> link/ether 66:e0:1c:c3:a9:d8 brd<br> ff:ff:ff:ff:ff:ff<br> 8: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_<wbr>UP> mtu<br> 1500<br> qdisc<br> noqueue<br> state UP mode DEFAULT qlen 1000<br> link/ether 66:e0:1c:c3:a9:d8 brd<br> ff:ff:ff:ff:ff:ff<br> <br> Firewall settings:<br> [root@h2 ~]# firewall-cmd --list-all-zones<br> work<br> target: default<br> icmp-block-inversion: no<br> interfaces:<br> sources:<br> services: dhcpv6-client ssh<br> ports:<br> protocols:<br> masquerade: no<br> forward-ports:<br> sourceports:<br> icmp-blocks:<br> rich rules:<br> <br> <br> drop<br> target: DROP<br> icmp-block-inversion: no<br> interfaces:<br> sources:<br> services:<br> ports:<br> protocols:<br> masquerade: no<br> forward-ports:<br> sourceports:<br> icmp-blocks:<br> rich rules:<br> <br> <br> internal<br> target: default<br> icmp-block-inversion: no<br> interfaces:<br> sources:<br> services: dhcpv6-client mdns samba-client ssh<br> ports:<br> protocols:<br> masquerade: no<br> forward-ports:<br> sourceports:<br> icmp-blocks:<br> rich rules:<br> <br> <br> external<br> target: default<br> icmp-block-inversion: no<br> interfaces:<br> sources:<br> services: ssh<br> ports:<br> protocols:<br> masquerade: yes<br> forward-ports:<br> sourceports:<br> icmp-blocks:<br> rich rules:<br> <br> <br> trusted<br> target: ACCEPT<br> icmp-block-inversion: no<br> interfaces:<br> sources:<br> services:<br> ports:<br> protocols:<br> masquerade: no<br> forward-ports:<br> sourceports:<br> icmp-blocks:<br> rich rules:<br> <br> <br> home<br> target: default<br> icmp-block-inversion: no<br> interfaces:<br> sources:<br> services: dhcpv6-client mdns samba-client ssh<br> ports:<br> protocols:<br> masquerade: no<br> forward-ports:<br> sourceports:<br> icmp-blocks:<br> rich rules:<br> <br> <br> dmz<br> target: default<br> icmp-block-inversion: no<br> interfaces:<br> sources:<br> services: ssh<br> ports:<br> protocols:<br> masquerade: no<br> forward-ports:<br> sourceports:<br> icmp-blocks:<br> rich rules:<br> <br> <br> public (active)<br> target: default<br> icmp-block-inversion: no<br> interfaces: eth0 ovsbridge0<br> sources:<br> services: dhcpv6-client ssh<br> ports:<br> protocols:<br> masquerade: no<br> forward-ports:<br> sourceports:<br> icmp-blocks:<br> rich rules:<br> <br> <br> block<br> target: %%REJECT%%<br> icmp-block-inversion: no<br> interfaces:<br> sources:<br> services:<br> ports:<br> protocols:<br> masquerade: no<br> forward-ports:<br> sourceports:<br> icmp-blocks:<br> rich rules:<br> <br> <br> ovirt (active)<br> target: default<br> icmp-block-inversion: no<br> interfaces: ovirtbridge ovirtmgmt<br> sources:<br> services: dhcp ovirt-fence-kdump-listener<br> ovirt-http<br> ovirt-https<br> ovirt-imageio-proxy ovirt-postgres ovirt-provider-ovn<br> ovirt-vmconsole-proxy ovirt-websocket-proxy ssh vdsm<br> ports:<br> protocols:<br> masquerade: yes<br> forward-ports:<br> sourceports:<br> icmp-blocks:<br> rich rules:<br> rule family="ipv4" port port="6641"<br> protocol="tcp"<br> accept<br> rule family="ipv4" port port="6642"<br> protocol="tcp"<br> accept<br> <br> The db dump is attached<br> /Sverker<br> Den 2016-12-29 kl. 09:50, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi,<br> <br> Can you please do: "sudo ovsdb-client dump"<br> on the host and send me the output?<br> <br> Have you configured the ovn controller to connect<br> to the<br> OVN north? You can do it using "vdsm-tool<br> ovn-config" or<br> using the OVN tools directly.<br> Please check<br> out:<a moz-do-not-send="true" href="https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/" rel="noreferrer" target="_blank">https://www.ovirt.org/blog<wbr>/2016/11/ovirt-provider-ovn/</a><br> <br> for details.<br> <br> Also please note that the OVN provider is completely<br> different<br> from the neutron-openvswitch plugin. Please don't mix<br> the two.<br> <br> Marcin<br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> To: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Thursday, December 29, 2016 9:27:19 AM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and<br> mandatory<br> ovirtmgmt<br> network<br> <br> Hi,<br> <br> br-int is the OVN integration bridge, it should<br> have been<br> created<br> when installing OVN. I assume you have the following<br> packages<br> installed<br> on the host:<br> openvswitch-ovn-common<br> openvswitch-ovn-host<br> python-openvswitch<br> <br> Please give me some time to look at the connectivity<br> problem.<br> <br> Marcin<br> <br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker<br> Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Thursday, December 29, 2016 12:47:04 AM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and<br> mandatory<br> ovirtmgmt<br> network<br> <br> From<br> /usr/libexec/vdsm/hooks/before<wbr>_device_create/ovirt_provider_<wbr>ovn_hook<br> <br> <br> (installed by ovirt-provider-ovn-driver rpm):<br> <br> BRIDGE_NAME = 'br-int'<br> <br> <br> Den 2016-12-28 kl. 23:56, skrev Sverker<br> Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Googling on the message about br-int suggested<br> adding<br> that<br> bridge to<br> ovs:<br> <br> ovs-vsctl add-br br-int<br> <br> Then the VM is able to boot, but it fails to get<br> network<br> connectivity.<br> Output in /var/log/messages:<br> <br> Dec 28 23:31:35 h2 ovs-vsctl:<br> ovs|00001|vsctl|INFO|Called as<br> ovs-vsctl<br> --timeout=5 -- --if-exists del-port vnet0 --<br> add-port<br> br-int<br> vnet0 --<br> set Interface vnet0<br> "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:51\""<br> -- set Interface vnet0<br> "external-ids:iface-id=\"e8853<wbr>aac-8a75-41b0-8010-e630017dcdd<wbr>8\""<br> <br> <br> --<br> set Interface vnet0<br> "external-ids:vm-id=\"b9440d60<wbr>-ef5a-4e2b-83cf-081df7c09e6f\"<wbr>"<br> <br> <br> --<br> set<br> Interface vnet0 external-ids:iface-status=acti<wbr>ve<br> Dec 28 23:31:35 h2 kernel: device vnet0 entered<br> promiscuous<br> mode<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -D<br> PREROUTING<br> -i vnet0<br> -j<br> libvirt-J-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -D<br> POSTROUTING -o<br> vnet0<br> -j<br> libvirt-P-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -L<br> libvirt-J-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -L<br> libvirt-P-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -F<br> libvirt-J-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -X<br> libvirt-J-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -F<br> libvirt-P-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -X<br> libvirt-P-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -F<br> J-vnet0-mac'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -X<br> J-vnet0-mac'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -F<br> J-vnet0-arp-mac'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -X<br> J-vnet0-arp-mac'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -D libvirt-out -m<br> physdev<br> --physdev-is-bridged --physdev-out vnet0 -g<br> FO-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -D libvirt-out -m<br> physdev<br> --physdev-out<br> vnet0 -g FO-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -D libvirt-in -m<br> physdev<br> --physdev-in<br> vnet0<br> -g FI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m<br> physdev<br> --physdev-in<br> vnet0 -g HI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -F FO-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -X FO-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -F FI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -X FI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -F HI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -X HI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -E FP-vnet0 FO-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -E FJ-vnet0 FI-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/iptables -w2 -w -E HJ-vnet0 HI-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m<br> physdev<br> --physdev-is-bridged --physdev-out vnet0 -g<br> FO-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -D libvirt-out -m<br> physdev<br> --physdev-out<br> vnet0 -g FO-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -D libvirt-in -m<br> physdev<br> --physdev-in<br> vnet0 -g FI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -D libvirt-host-in -m<br> physdev<br> --physdev-in<br> vnet0 -g HI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -F FO-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -X FO-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -F FI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -X FI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -F HI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -X HI-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -E FP-vnet0 FO-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -E FJ-vnet0 FI-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ip6tables -w2 -w -E HJ-vnet0 HI-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -D<br> PREROUTING<br> -i vnet0<br> -j<br> libvirt-I-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -D<br> POSTROUTING -o<br> vnet0<br> -j<br> libvirt-O-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -L<br> libvirt-I-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -L<br> libvirt-O-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -F<br> libvirt-I-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -X<br> libvirt-I-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -F<br> libvirt-O-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -X<br> libvirt-O-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -L<br> libvirt-P-vnet0'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -E<br> libvirt-P-vnet0<br> libvirt-O-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -F<br> I-vnet0-mac'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -X<br> I-vnet0-mac'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -F<br> I-vnet0-arp-mac'<br> failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -X<br> I-vnet0-arp-mac'<br> failed:<br> <br> <br> [root@h2 etc]# ovs-vsctl show<br> ebb6aede-cbbc-4f4f-a88a-a9cd72<wbr>b2bd23<br> Bridge ovirtbridge<br> Port "ovirtport0"<br> Interface "ovirtport0"<br> type: internal<br> Port ovirtbridge<br> Interface ovirtbridge<br> type: internal<br> Bridge "ovsbridge0"<br> Port "ovsbridge0"<br> Interface "ovsbridge0"<br> type: internal<br> Port "eth0"<br> Interface "eth0"<br> Bridge br-int<br> Port br-int<br> Interface br-int<br> type: internal<br> Port "vnet0"<br> Interface "vnet0"<br> ovs_version: "2.6.90"<br> <br> Searching through the code it appears that br-int<br> comes from<br> neutron-openvswitch plugin ??<br> <br> [root@h2 share]# rpm -qf<br> /usr/share/otopi/plugins/ovirt<wbr>-host-deploy/openstack/neutron<wbr>_openvswitch.py<br> <br> <br> <a moz-do-not-send="true" href="http://ovirt-host-deploy-1.6.0-0.0.ma">ovirt-host-deploy-1.6.0-0.0.ma</a><wbr>ster.20161215101008.gitb76ad50<wbr>.el7.centos.noarch<br> <br> <br> <br> <br> /Sverker<br> <br> Den 2016-12-28 kl. 23:24, skrev Sverker<br> Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> In addition I had to add an alias to modprobe:<br> <br> [root@h2 modprobe.d]# cat dummy.conf<br> alias dummy0 dummy<br> <br> <br> Den 2016-12-28 kl. 23:03, skrev Sverker<br> Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi<br> I first tried to set device name to dummy_0, but<br> then ifup<br> did<br> not<br> succeed in creating the device unless I first<br> did<br> 'ip link<br> add<br> dummy_0 type dummy' but then it would not<br> suceed to<br> establish<br> the if<br> on reboot.<br> <br> Setting fake_nics = dummy0 would not work<br> neither,<br> but this<br> works:<br> <br> fake_nics = dummy*<br> <br> The engine is now able to find the if and assign<br> bridge<br> ovirtmgmt to<br> it.<br> <br> However, I then run into the next issue when<br> starting a VM:<br> <br> 2016-12-28 22:28:23,897 ERROR<br> [org.ovirt.engine.core.dal.dbb<wbr>roker.auditloghandling.AuditLo<wbr>gDirector]<br> <br> <br> (ForkJoinPool-1-worker-2) [] Correlation ID:<br> null,<br> Call<br> Stack:<br> null,<br> Custom Event ID: -1, Message: VM CentOS7 is down<br> with error.<br> Exit<br> message: Cannot get interface MTU on<br> 'br-int': No<br> such<br> device.<br> <br> This VM has a nic on ovirtbridge, which comes<br> from<br> the OVN<br> provider.<br> <br> /Sverker<br> <br> Den 2016-12-28 kl. 14:38, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Sverker,<br> <br> Can you try adding a vnic named veth_* or<br> dummy_*,<br> (or alternatively add the name of the vnic to<br> vdsm.config fake_nics), and setup the<br> management<br> network using this vnic?<br> I suppose adding the vnic you use for<br> connecting<br> to the engine to fake_nics should make it<br> visible<br> to the engine, and you should be able to use<br> it for<br> the setup.<br> <br> Marcin<br> <br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> To: "Sverker<br> Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Wednesday, December 28, 2016 12:06:26 PM<br> Subject: Re: [ovirt-users] Issue with<br> OVN/OVS and<br> mandatory<br> ovirtmgmt network<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> I have an internal OVS bridge called<br> ovirtbridge<br> which<br> has<br> a port<br> with<br> IP address, but in the host network settings<br> that port is<br> not<br> visible.<br> </blockquote> I just verified and unfortunately the virtual<br> ports are<br> not<br> visible in engine<br> to assign a network to :(<br> I'm afraid that the engine is not ready for<br> such a<br> scenario<br> (even<br> if it<br> works).<br> Please give me some time to look for a<br> solution.<br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker<br> Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Wednesday, December 28, 2016<br> 11:48:24 AM<br> Subject: Re: [ovirt-users] Issue with<br> OVN/OVS and<br> mandatory<br> ovirtmgmt<br> network<br> <br> Hi Marcin<br> Yes, that is my issue. I don't want to let<br> ovirt/vdsm see<br> eth0<br> nor<br> ovsbridge0 since as soon as it sees them it<br> messes up the<br> network<br> config<br> so that the host will be unreachable.<br> <br> I have an internal OVS bridge called<br> ovirtbridge<br> which<br> has<br> a port<br> with<br> IP address, but in the host network settings<br> that port is<br> not<br> visible.<br> It doesn't help to name it ovirtmgmt.<br> <br> The engine is able to communicate with the<br> host<br> on the ip<br> it has<br> been<br> given, it's just that it believes that it<br> HAS to<br> have a<br> ovirtmgmt<br> network which can't be on OVN.<br> <br> /Sverker<br> <br> <br> Den 2016-12-28 kl. 10:45, skrev Marcin<br> Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi Sverker,<br> <br> The management network is mandatory on each<br> host. It's<br> used by<br> the<br> engine to communicate with the host.<br> Looking at your description and the<br> exception<br> it looks<br> like it<br> is<br> missing.<br> The error is caused by not having any<br> network<br> for the<br> host<br> (network list retrieved in<br> InterfaceDaoImpl.getHostNetwor<wbr>ksByCluster -<br> which<br> gets all the networks on nics for a host<br> from<br> vds_interface<br> table in the<br> DB).<br> <br> Could you maybe create a virtual nic<br> connected to<br> ovsbridge0 (as<br> I<br> understand you<br> have no physical nic available) and use this<br> for the<br> management<br> network?<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> I then create a bridge for use with<br> ovirt, with<br> a<br> private<br> address.<br> </blockquote> I'm not quite sure I understand. Is this yet<br> another<br> bridge<br> connected to<br> ovsbridge0?<br> You could also attach the vnic for the<br> management<br> network<br> here<br> if need<br> be.<br> <br> Please keep in mind that OVN has no use in<br> setting up<br> the<br> management<br> network.<br> The OVN provider can only handle external<br> networks,<br> which<br> can<br> not be used<br> for a<br> management network.<br> <br> Marcin<br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker<br> Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> <a moz-do-not-send="true" href="mailto:To%3Ausers@ovirt.org" target="_blank">To:users@ovirt.org</a><br> Sent: Wednesday, December 28, 2016<br> 12:39:59 AM<br> Subject: [ovirt-users] Issue with<br> OVN/OVS and<br> mandatory<br> ovirtmgmt<br> network<br> <br> <br> <br> Hi<br> For long time I've been looking for proper<br> support in<br> ovirt for<br> Open<br> vSwitch<br> so I'm happy that it is moving in the right<br> direction.<br> However,<br> there<br> seems<br> to still be a dependency on a ovirtmgmt<br> bridge<br> and I'm<br> unable<br> to move<br> that<br> to the OVN provider.<br> <br> The hosting center where I rent hw<br> instances<br> has a bit<br> special<br> network<br> setup,<br> so I have one physical network port with<br> a /32<br> netmask<br> and<br> point-to-point<br> config to router. The physical port I<br> connect<br> to a ovs<br> bridge<br> which has<br> the<br> public ip. Since ovirt always messes up the<br> network<br> config when<br> I've<br> tried<br> to let it have access to the network config<br> for the<br> physical<br> port, I've<br> set<br> eht0 and ovsbridge0 as hidden in vdsm.conf.<br> <br> <br> I then create a bridge for use with<br> ovirt, with<br> a<br> private<br> address. With<br> the<br> OVN provider I am now able to import these<br> into the<br> engine and<br> it looks<br> good. When creating a VM I can select<br> that it<br> will have<br> a<br> vNic<br> on my OVS<br> bridge.<br> <br> However, I can't start the VM as an<br> exception<br> is thrown<br> in the<br> log:<br> <br> 2016-12-28 00:13:33,350 ERROR<br> [org.ovirt.engine.core.bll.Run<wbr>VmCommand]<br> (default task-5) [3c882d53] Error during<br> ValidateFailure.:<br> java.lang.NullPointerException<br> at<br> org.ovirt.engine.core.bll.sche<wbr>duling.policyunits.NetworkPoli<wbr>cyUnit.validateRequiredNetwork<wbr>sAvailable(NetworkPolicyUnit.<wbr>java:140)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.sche<wbr>duling.policyunits.NetworkPoli<wbr>cyUnit.filter(NetworkPolicyUni<wbr>t.java:69)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.sche<wbr>duling.SchedulingManager.runIn<wbr>ternalFilters(SchedulingManage<wbr>r.java:597)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.sche<wbr>duling.SchedulingManager.runFi<wbr>lters(SchedulingManager.java:<wbr>564)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.sche<wbr>duling.SchedulingManager.canSc<wbr>hedule(SchedulingManager.java:<wbr>494)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.vali<wbr>dator.RunVmValidator.canRunVm(<wbr>RunVmValidator.java:133)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.RunV<wbr>mCommand.validate(RunVmCommand<wbr>.java:940)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.Comm<wbr>andBase.internalValidate(Comma<wbr>ndBase.java:886)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.Comm<wbr>andBase.validateOnly(CommandBa<wbr>se.java:366)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.Prev<wbr>alidatingMultipleActionsRunner<wbr>.canRunActions(PrevalidatingMu<wbr>ltipleActionsRunner.java:113)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.Prev<wbr>alidatingMultipleActionsRunner<wbr>.invokeCommands(PrevalidatingM<wbr>ultipleActionsRunner.java:99)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.Prev<wbr>alidatingMultipleActionsRunner<wbr>.execute(PrevalidatingMultiple<wbr>ActionsRunner.java:76)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.Back<wbr>end.runMultipleActionsImpl(Bac<wbr>kend.java:613)<br> <br> <br> <br> [bll.jar:]<br> at<br> org.ovirt.engine.core.bll.Back<wbr>end.runMultipleActions(Backend<wbr>.java:583)<br> <br> <br> <br> [bll.jar:]<br> <br> <br> Looking at that section of code where the<br> exception is<br> thrown,<br> I see<br> that<br> it<br> iterates over host networks to find<br> required<br> networks,<br> which I<br> assume is<br> ovirtmgmt. In the host network setup<br> dialog I<br> don't see<br> any<br> networks at<br> all<br> but it lists ovirtmgmt as required. It also<br> list the<br> OVN<br> networks but<br> these<br> can't be statically assigned as they are<br> added<br> dynamically when<br> needed,<br> which is fine.<br> <br> I believe that I either need to remove<br> ovirtmgmt<br> network<br> or<br> configure<br> that<br> it<br> is provided by the OVN provider, but<br> neither is<br> possible.<br> Preferably it<br> shouldn't be hardcoded which network is<br> management and<br> mandatory but be<br> possible to configure.<br> <br> /Sverker<br> Den 2016-12-27 kl. 17:10, skrev Marcin<br> Mirecki:<br> <br> <br> </blockquote> </blockquote> </blockquote> ______________________________<wbr>_________________<br> <br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> <br> </blockquote> </blockquote> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> </blockquote> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> </blockquote> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> </blockquote> </blockquote> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> <br> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> </blockquote> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> </blockquote> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> </blockquote> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> </blockquote> </blockquote> </blockquote> <br> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </div> <br> </div> </blockquote> <br> </body> </html> --------------C439E37E95C54C1626CB0DFC--
Go to https://gerrit.ovirt.org/70588 and click on the publish button. Drafts are not visible to everybody. Or you can push to master directly. On Tue, Jan 17, 2017 at 7:39 PM, Sverker Abrahamsson < sverker@abrahamsson.com> wrote:
I still had the window open where I did that step. This is how it looked like:
[root@h2 ovirt-provider-ovn]# git push origin HEAD:refs/drafts/master Counting objects: 9, done. Delta compression using up to 8 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (6/6), 1.79 KiB | 0 bytes/s, done. Total 6 (delta 2), reused 0 (delta 0) remote: Resolving deltas: 100% (2/2) remote: Processing changes: new: 1, refs: 1, done remote: (W) 16d5be4: commit subject >65 characters; use shorter first paragraph remote: remote: New Changes: remote: https://gerrit.ovirt.org/70588 Properly handle to set id when interface already has a virtualport element ... [DRAFT] remote: To gerrit.ovirt.org:ovirt-provider-ovn * [new branch] HEAD -> refs/drafts/master
I see the difference is that I pushed to HEAD:refs/drafts/master as instructed at http://www.ovirt.org/develop/dev-process/working-with- gerrit/
Should I push it to HEAD:refs/for/master instead?
/Sverker Den 2017-01-17 kl. 12:09, skrev Marcin Mirecki:
Sverker, I can see you as a user in gerrit (sverker@abrahamsson.com), but there are no patches for your name. Please check for any errors after you issue: git push gerrit.ovirt.org:ovirt-provider-ovn HEAD:refs/for/master
Also, please let me know if you need any other help on with gerrit.
On Mon, Jan 16, 2017 at 8:49 PM, Sverker Abrahamsson < sverker@abrahamsson.com> wrote:
I've followed the instructions to best effort, so hopefully it's right..
Den 2017-01-13 kl. 10:31, skrev Marcin Mirecki:
Please push the patch into: https://gerrit.ovirt.org/ovirt-provider-ovn (let me know if you need some directions)
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Monday, January 9, 2017 1:45:37 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Ok, found it. The issue is right here:
<interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface>
There are two elements for virtualport, the first without id and the second with. On h2 I had fixed this which was the patch I posted earlier although I switched back to use br-int after understanding that was the correct way. When that hook was copied to h1 the port gets attached fine.
Patch with updated testcase attached.
/Sverker
Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:
This is the content of vdsm.log on h1 at this time:
2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC call VM.create succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') VM wrapper has started (vm:1901) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume path: /rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_export s_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1 111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso (clientIF:374) 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') <?xml version='1.0' encoding='UTF-8'?> <domain xmlns:ovirt="http://ovirt.org/vm/tune/1.0" type="kvm"> <name>CentOS7_3</name> <uuid>6dd5291e-6556-4d29-8b4e-ea896e627645</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <maxMemory slots="16">4294967296</maxMemory> <vcpu current="1">16</vcpu> <devices> <channel type="unix"> <target name="com.redhat.rhevm.vdsm" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e -ea896e627645.com.redhat.rhevm.vdsm" /> </channel> <channel type="unix"> <target name="org.qemu.guest_agent.0" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e -ea896e627645.org.qemu.guest_agent.0" /> </channel> <input bus="ps2" type="mouse" /> <memballoon model="virtio" /> <controller index="0" model="virtio-scsi" type="scsi" /> <controller index="0" ports="16" type="virtio-serial" /> <video> <model heads="1" ram="65536" type="qxl" vgamem="16384" vram="32768" /> </video> <graphics autoport="yes" defaultMode="secure" passwd="*****" passwdValidTo="1970-01-01T00:00:01" port="-1" tlsPort="-1" type="spice"> <channel mode="secure" name="main" /> <channel mode="secure" name="inputs" /> <channel mode="secure" name="cursor" /> <channel mode="secure" name="playback" /> <channel mode="secure" name="record" /> <channel mode="secure" name="display" /> <channel mode="secure" name="smartcard" /> <channel mode="secure" name="usbredir" /> <listen network="vdsm-ovirtmgmt" type="network" /> </graphics> <interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface> <disk device="cdrom" snapshot="no" type="file"> <source file="/rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_ exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/1111 1111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso" startupPolicy="optional" /> <target bus="ide" dev="hdc" /> <readonly /> <boot order="1" /> </disk> <channel type="spicevmc"> <target name="com.redhat.spice.0" type="virtio" /> </channel> </devices> <metadata> <ovirt:qos /> </metadata> <os> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0">hvm</type> <smbios mode="sysinfo" /> <bootmenu enable="yes" timeout="10000" /> </os> <sysinfo type="smbios"> <system> <entry name="manufacturer">oVirt</entry> <entry name="product">oVirt Node</entry> <entry name="version">7-3.1611.el7.centos</entry> <entry name="serial">62f1adff-b29e-4a7c-abba-c2c4c73248c6</entry> <entry name="uuid">6dd5291e-6556-4d29-8b4e-ea896e627645</entry> </system> </sysinfo> <clock adjustment="0" offset="variable"> <timer name="rtc" tickpolicy="catchup" /> <timer name="pit" tickpolicy="delay" /> <timer name="hpet" present="no" /> </clock> <features> <acpi /> </features> <cpu match="exact"> <model>SandyBridge</model> <topology cores="1" sockets="16" threads="1" /> <numa> <cell cpus="0" memory="1048576" /> </numa> </cpu> </domain> (vm:1988) 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: onResume (vm:4863) 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') Starting connection (guestagent:245) 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: domain initialization (vm:4863) 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC call Host.getVMFullList succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize(sdUUID=u'2ee54fb8-48f2-4576-8cff-f2346504b08b', spUUID=u'584ebd64-0268-0193-025b-00000000038e', imgUUID=u'5a3aae57-ffe0-4a3b-aa87-8461669db7f9', volUUID=u'b6a88789-fcb1-4d3e-911b-2a4d3b6c69c7', options=None) (logUtils:49) 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize, Return response: {'truesize': '1859723264', 'apparentsize': '21474836480'} (logUtils:52) 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52) 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52) 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC call Host.getStats succeeded in 0.01 seconds (__init__:515)
Vdsm and the OVN driver must have been called as the port IS created, but with the wrong id. I don't find the faulty id in vdsm.log neither, the xml above have the correct id. /Sverker
Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:
The port is set up on the host by the ovirt-provider-ovn-driver. The driver is invoked by the vdsm hook whenever any operation on the port is done. Please ensure that this is installed properly. You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the hook was executed properly.
----- Original Message -----
> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> > To: "Marcin Mirecki" <mmirecki@redhat.com> > Cc: "Ovirt Users" <users@ovirt.org> > Sent: Friday, January 6, 2017 9:00:26 PM > Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory > ovirtmgmt network > > I created a new VM in the ui and assigned it to host h1. In > /var/log/ovirt-provider-ovn.log I get the following: > > 2017-01-06 20:54:11,940 Request: GET : /v2.0/ports > 2017-01-06 20:54:11,940 Connecting to remote ovn database: > tcp:127.0.0.1:6641 > 2017-01-06 20:54:12,157 Connected (number of retries: 2) > 2017-01-06 20:54:12,158 Response code: 200 > 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": > "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": > "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", > "mac_address": "00:1a:4a:16:01:51", "id": > "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": > "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": > "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": > "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", > "mac_address": "00:1a:4a:16:01:52", "id": > "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": > "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} > 2017-01-06 20:54:12,160 Request: SHOW : > /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 > 2017-01-06 20:54:12,160 Connecting to remote ovn database: > tcp:127.0.0.1:6641 > 2017-01-06 20:54:12,377 Connected (number of retries: 2) > 2017-01-06 20:54:12,378 Response code: 200 > 2017-01-06 20:54:12,378 Response body: {"network": {"id": > "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} > 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports > 2017-01-06 20:54:12,380 Request body: > { > "port" : { > "name" : "nic1", > "binding:host_id" : "h1.limetransit.com", > "admin_state_up" : true, > "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", > "device_owner" : "oVirt", > "mac_address" : "00:1a:4a:16:01:54", > "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" > } > } > 2017-01-06 20:54:12,380 Connecting to remote ovn database: > tcp:127.0.0.1:6641 > 2017-01-06 20:54:12,610 Connected (number of retries: 2) > 2017-01-06 20:54:12,614 Response code: 200 > 2017-01-06 20:54:12,614 Response body: {"port": {"name": > "912cba79-982e-4a87-868e-241fedccb59a", "network_id": > "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", > "mac_address": "00:1a:4a:16:01:54", "id": > "912cba79-982e-4a87-868e-241fedccb59a", "device_id": > "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}} > > h1:/var/log/messages > Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as > ovs-vsctl > --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- > set Interface vnet1 > "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- > set Interface vnet1 > "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- > set > Interface vnet1 > "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set > Interface vnet1 external-ids:iface-status=active > > [root@h2 ~]# ovn-nbctl show > switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) > port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 > addresses: ["00:1a:4a:16:01:51"] > port 912cba79-982e-4a87-868e-241fedccb59a > addresses: ["00:1a:4a:16:01:54"] > port 92f6d3c8-68b3-4986-9c09-60bee04644b5 > addresses: ["00:1a:4a:16:01:52"] > port ovirtbridge-port2 > addresses: ["unknown"] > port ovirtbridge-port1 > addresses: ["unknown"] > [root@h2 ~]# ovn-sbctl show > Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" > hostname: "h2.limetransit.com" > Encap geneve > ip: "148.251.126.50" > options: {csum="true"} > Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" > Port_Binding "ovirtbridge-port1" > Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" > hostname: "h1.limetransit.com" > Encap geneve > ip: "144.76.84.73" > options: {csum="true"} > Port_Binding "ovirtbridge-port2" > Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" > > I.e. same issue > /Sverker > > Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson: > >> The port is created from Ovirt UI, the ovs-vsctl command below is >> executed when VM is started. In /var/log/ovirt-provider-ovn.log on >> h2 >> I get the following: >> >> 2017-01-06 20:19:25,452 Request: GET : /v2.0/ports >> 2017-01-06 20:19:25,452 Connecting to remote ovn database: >> tcp:127.0.0.1:6641 >> 2017-01-06 20:19:25,670 Connected (number of retries: 2) >> 2017-01-06 20:19:25,670 Response code: 200 >> 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": >> "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": >> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", >> "mac_address": "00:1a:4a:16:01:51", "id": >> "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": >> "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": >> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": >> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", >> "mac_address": "00:1a:4a:16:01:52", "id": >> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": >> "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} >> 2017-01-06 20:19:25,673 Request: PUT : >> /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 >> 2017-01-06 20:19:25,673 Request body: >> { >> "port" : { >> "binding:host_id" : "h1.limetransit.com", >> "security_groups" : null >> } >> } >> 2017-01-06 20:19:25,673 Connecting to remote ovn database: >> tcp:127.0.0.1:6641 >> 2017-01-06 20:19:25,890 Connected (number of retries: 2) >> 2017-01-06 20:19:25,891 Response code: 200 >> 2017-01-06 20:19:25,891 Response body: {"port": {"name": >> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": >> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", >> "mac_address": "00:1a:4a:16:01:52", "id": >> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": >> "4baefa8c-3822-4de0-9cd0-1d025bab7844"}} >> >> In /var/log/messages on h1 I get the following: >> >> Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully >> activated service 'org.freedesktop.problems' >> Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >> ovs-vsctl >> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 >> -- >> set Interface vnet0 "external-ids:attached-mac=\"0 >> 0:1a:4a:16:01:52\"" >> -- set Interface vnet0 >> "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- >> set Interface vnet0 >> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- >> set >> Interface vnet0 external-ids:iface-status=active >> Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode >> Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address >> record >> for fe80::fc1a:4aff:fe16:152 on vnet0.*. >> Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. >> Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. >> Jan 6 20:19:26 h1 systemd: Starting Virtual Machine >> qemu-4-CentOS72. >> >> [root@h2 ~]# ovn-nbctl show >> switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) >> port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 >> addresses: ["00:1a:4a:16:01:51"] >> port 92f6d3c8-68b3-4986-9c09-60bee04644b5 >> addresses: ["00:1a:4a:16:01:52"] >> port ovirtbridge-port2 >> addresses: ["unknown"] >> port ovirtbridge-port1 >> addresses: ["unknown"] >> [root@h2 ~]# ovn-sbctl show >> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >> hostname: "h2.limetransit.com" >> Encap geneve >> ip: "148.251.126.50" >> options: {csum="true"} >> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >> Port_Binding "ovirtbridge-port1" >> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >> hostname: "h1.limetransit.com" >> Encap geneve >> ip: "144.76.84.73" >> options: {csum="true"} >> Port_Binding "ovirtbridge-port2" >> >> I.e. the port is set up with the wrong ID and not attached to OVN. >> >> If I correct external-ids:iface-id like this: >> [root@h1 ~]# ovs-vsctl set Interface vnet0 >> "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" >> >> then sb is correct: >> [root@h2 ~]# ovn-sbctl show >> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >> hostname: "h2.limetransit.com" >> Encap geneve >> ip: "148.251.126.50" >> options: {csum="true"} >> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >> Port_Binding "ovirtbridge-port1" >> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >> hostname: "h1.limetransit.com" >> Encap geneve >> ip: "144.76.84.73" >> options: {csum="true"} >> Port_Binding "ovirtbridge-port2" >> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" >> >> I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 >> comes from, doesn't show in any log other than /var/log/messages. >> >> If I do the same exercise on the same host as engine is running on >> then the port for the VM gets the right id and is working from >> beginning. >> /Sverker >> >> Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki: >> >>> How did you create this port? >>> From the oVirt engine UI? >>> The OVN provider creates the port when you add the port in the >>> engine UI, >>> it is then plugged into the ovs bridge by the VIF driver. >>> Please attach /var/log/ovirt-provider-ovn.log >>> >>> >>> >>> ----- Original Message ----- >>> >>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>> Cc: "Ovirt Users"<users@ovirt.org> >>>> Sent: Tuesday, January 3, 2017 2:06:22 AM >>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>> ovirtmgmt >>>> network >>>> >>>> Found an issue with Ovirt - OVN integration. >>>> >>>> Engine and OVN central db running on host h2. Created VM to run >>>> on host >>>> h1, which is started. Ovn db state: >>>> >>>> [root@h2 env3]# ovn-nbctl show >>>> switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) >>>> port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 >>>> addresses: ["00:1a:4a:16:01:51"] >>>> port 92f6d3c8-68b3-4986-9c09-60bee04644b5 >>>> addresses: ["00:1a:4a:16:01:52"] >>>> port ovirtbridge-port2 >>>> addresses: ["unknown"] >>>> port ovirtbridge-port1 >>>> addresses: ["unknown"] >>>> [root@h2 env3]# ovn-sbctl show >>>> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >>>> hostname: "h2.limetransit.com" >>>> Encap geneve >>>> ip: "148.251.126.50" >>>> options: {csum="true"} >>>> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >>>> Port_Binding "ovirtbridge-port1" >>>> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >>>> hostname: "h1.limetransit.com" >>>> Encap geneve >>>> ip: "144.76.84.73" >>>> options: {csum="true"} >>>> Port_Binding "ovirtbridge-port2" >>>> >>>> Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM >>>> which is >>>> started on h1, but it is not assigned to that chassis. The reason >>>> is >>>> that on h1 the port on br-int is created like this: >>>> >>>> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>> br-int >>>> vnet0 -- set Interface vnet0 >>>> "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set >>>> Interface vnet0 >>>> "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" >>>> -- set >>>> Interface vnet0 >>>> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- >>>> set >>>> Interface vnet0 external-ids:iface-status=active >>>> >>>> I.e. the extrernal id of interface is wrong. When I manually >>>> change to >>>> the right id like this the port works fine: >>>> >>>> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>> br-int >>>> vnet0 -- set Interface vnet0 >>>> "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set >>>> Interface vnet0 >>>> "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" >>>> -- set >>>> Interface vnet0 >>>> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- >>>> set >>>> Interface vnet0 external-ids:iface-status=active >>>> >>>> sb db after correcting the port: >>>> >>>> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >>>> hostname: "h2.limetransit.com" >>>> Encap geneve >>>> ip: "148.251.126.50" >>>> options: {csum="true"} >>>> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >>>> Port_Binding "ovirtbridge-port1" >>>> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >>>> hostname: "h1.limetransit.com" >>>> Encap geneve >>>> ip: "144.76.84.73" >>>> options: {csum="true"} >>>> Port_Binding "ovirtbridge-port2" >>>> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" >>>> >>>> I don't know from where the faulty id comes from, it's not in any >>>> logs. >>>> In the domain xml as printed in vdsm.log the id is correct: >>>> >>>> <interface type="bridge"> >>>> <mac address="00:1a:4a:16:01:52" /> >>>> <model type="virtio" /> >>>> <source bridge="br-int" /> >>>> <virtualport type="openvswitch" /> >>>> <link state="up" /> >>>> <boot order="2" /> >>>> <bandwidth /> >>>> <virtualport type="openvswitch"> >>>> <parameters >>>> interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> >>>> </virtualport> >>>> </interface> >>>> >>>> Where is the ovs-vsctl command line built for this call? >>>> >>>> /Sverker >>>> >>>> >>>> Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson: >>>> >>>>> Got it to work now by following the env8 example in OVN tutorial, >>>>> where a port is added with type l2gateway. Not sure how that is >>>>> different from the localnet variant, but didn't suceed in >>>>> getting that >>>>> one working. Now I'm able to ping and telnet over the tunnel, >>>>> but not >>>>> ssh even when the port is answering on telnet. Neither does nfs >>>>> traffic work even though mount did. Suspecting MTU issue. I did >>>>> notice >>>>> that ovn-controller starts too early, before network interfaces >>>>> are >>>>> established and hence can't reach the db. As these is a purely >>>>> OVS/OVN >>>>> issue I'll ask about it on their mailing list. >>>>> >>>>> Getting back to the original issue with Ovirt, I've now added the >>>>> second host h1 to ovirt-engine. Had to do the same as with h2 to >>>>> create a dummy ovirtmgmt network but configured access via the >>>>> public >>>>> IP. My firewall settings was replaced with iptables config and >>>>> vdsm.conf was overwritten when engine was set up, so those had >>>>> to be >>>>> manually restored. It would be preferable if it would be >>>>> possible to >>>>> configure ovirt-engine that it does not "own" the host and >>>>> instead >>>>> comply with the settings it has instead of enforcing it's own >>>>> view.. >>>>> >>>>> Apart from that it seems the second host works, although I need >>>>> to >>>>> resolve the traffic issue over the OVS tunnel. >>>>> /Sverker >>>>> >>>>> Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson: >>>>> >>>>>> 1. That is not possible as ovirt (or vdsm) will rewrite the >>>>>> network >>>>>> configuration to a non-working state. That is why I've set that >>>>>> if as >>>>>> hidden to vdsm and is why I'm keen on getting OVS/OVN to work >>>>>> >>>>>> 2. I've been reading the doc for OVN and starting to connect the >>>>>> dots, which is not trivial as it is complex. Some insights >>>>>> reached: >>>>>> >>>>>> First step is the OVN database, installed by >>>>>> openvswitch-ovn-central, >>>>>> which I currently have running on h2 host. The 'ovn-nbctl' and >>>>>> 'ovn-sbctl' commands are only possible to execute on a database >>>>>> node. >>>>>> Two ip's are given to 'vdsm-tool ovn-config <ip to database> >>>>>> <tunnel >>>>>> ip>' as arguments, where <ip to database> is how this OVN node >>>>>> reaches the database and <tunnel ip> is the ip to which other >>>>>> OVN >>>>>> nodes sets up a tunnel to this node. I.e. it is not for >>>>>> creating a >>>>>> tunnel to the database which I thought first from the >>>>>> description in >>>>>> blog post. >>>>>> >>>>>> The tunnel between OVN nodes is of type geneve which is a UDP >>>>>> based >>>>>> protocol but I have not been able to find anywhere which port >>>>>> is used >>>>>> so that I can open it in firewalld. I have added OVN on another >>>>>> host, >>>>>> called h1, and connected it to the db. I see there is traffic >>>>>> to the >>>>>> db port, but I don't see any geneve traffic between the nodes. >>>>>> >>>>>> Ovirt is now able to create it's vnet0 interface on the br-int >>>>>> ovs >>>>>> bridge, but then I run into the next issue. How do I create a >>>>>> connection from the logical switch to the physical host? I need >>>>>> that >>>>>> to a) get a connection out to the internet through a >>>>>> masqueraded if >>>>>> or ipv6 and b) be able to run a dhcp server to give ip's to the >>>>>> VM's. >>>>>> >>>>>> /Sverker >>>>>> >>>>>> Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki: >>>>>> >>>>>>> 1. Why not use your physical nic for ovirtmgmt then? >>>>>>> >>>>>>> 2. "ovn-nbctl ls-add" does not add a bridge, but a logical >>>>>>> switch. >>>>>>> br-int is an internal OVN implementation detail, which >>>>>>> the user >>>>>>> should not care about. What you see in the ovirt UI are >>>>>>> logical >>>>>>> networks. They are implemented as OVN logical switches >>>>>>> in case >>>>>>> of the OVN provider. >>>>>>> >>>>>>> Please look at: >>>>>>> http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>> You can get the latest rpms from here: >>>>>>> http://resources.ovirt.org/repos/ovirt/experimental/master/o >>>>>>> virt-provider-ovn_fc24_46/rpm/fc24/noarch/ >>>>>>> >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>> >>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>> Sent: Friday, December 30, 2016 4:25:58 PM >>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>> ovirtmgmt network >>>>>>>> >>>>>>>> 1. No, I did not want to put the ovirtmgmt bridge on my >>>>>>>> physical >>>>>>>> nic as >>>>>>>> it always messed up the network config making the host >>>>>>>> unreachable. I >>>>>>>> have put a ovs bridge on this nic which I will use to make >>>>>>>> tunnels >>>>>>>> when >>>>>>>> I add other hosts. Maybe br-int will be used for that >>>>>>>> instead, will >>>>>>>> see >>>>>>>> when I get that far. >>>>>>>> >>>>>>>> As it is now I have a dummy if for ovirtmgmt bridge but this >>>>>>>> will >>>>>>>> probably not work when I add other hosts as that bridge cannot >>>>>>>> connect >>>>>>>> to the other hosts. I'm considering keeping this just as a >>>>>>>> dummy to >>>>>>>> keep >>>>>>>> ovirt engine satisfied while the actual communication will >>>>>>>> happen >>>>>>>> over >>>>>>>> OVN/OVS bridges and tunnels. >>>>>>>> >>>>>>>> 2. On >>>>>>>> https://www.ovirt.org//develop/release-management/features/o >>>>>>>> virt-ovn-provider/ >>>>>>>> >>>>>>>> >>>>>>>> there is instructions how to add an OVS bridge to OVN with >>>>>>>> |ovn-nbctl >>>>>>>> ls-add <network name>|. If you want to use br-int then it >>>>>>>> makes >>>>>>>> sense to >>>>>>>> make that bridge visible in ovirt webui under networks so >>>>>>>> that it >>>>>>>> can be >>>>>>>> selected for VM's. >>>>>>>> >>>>>>>> It quite doesn't make sense to me that I can select other >>>>>>>> network >>>>>>>> for my >>>>>>>> VM but then that setting is not used when setting up the >>>>>>>> network. >>>>>>>> >>>>>>>> /Sverker >>>>>>>> >>>>>>>> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> The OVN provider does not require you to add any bridges >>>>>>>>> manually. >>>>>>>>> As I understand we were dealing with two problems: >>>>>>>>> 1. You only had one physical nic and wanted to put a bridge >>>>>>>>> on it, >>>>>>>>> attaching the management network to the bridge. This >>>>>>>>> was the >>>>>>>>> reason for >>>>>>>>> creating the bridge (the recommended setup would be >>>>>>>>> to used a >>>>>>>>> separate >>>>>>>>> physical nic for the management network). This bridge >>>>>>>>> has >>>>>>>>> nothing to >>>>>>>>> do with the OVN bridge. >>>>>>>>> 2. OVN - you want to use OVN on this system. For this you >>>>>>>>> have to >>>>>>>>> install >>>>>>>>> OVN on your hosts. This should create the br-int >>>>>>>>> bridge, >>>>>>>>> which are >>>>>>>>> then used by the OVN provider. This br-int bridge >>>>>>>>> must be >>>>>>>>> configured >>>>>>>>> to connect to other hosts using the geneve tunnels. >>>>>>>>> >>>>>>>>> In both cases the systems will not be aware of any bridges >>>>>>>>> you >>>>>>>>> create. >>>>>>>>> They need a nic (be it physical or virtual) to connect to >>>>>>>>> other >>>>>>>>> system. >>>>>>>>> Usually this is the physical nic. In your case you decided >>>>>>>>> to put >>>>>>>>> a bridge >>>>>>>>> on the physical nic, and give oVirt a virtual nic attached >>>>>>>>> to this >>>>>>>>> bridge. >>>>>>>>> This works, but keep in mind that the bridge you have >>>>>>>>> introduced >>>>>>>>> is outside >>>>>>>>> of oVirt's (and OVN) control (and as such is not supported). >>>>>>>>> >>>>>>>>> What is the purpose of >>>>>>>>>> adding my bridges to Ovirt through the external provider and >>>>>>>>>> configure >>>>>>>>>> them on my VM >>>>>>>>>> >>>>>>>>> I am not quite sure I understand. >>>>>>>>> The external provider (OVN provider to be specific), does >>>>>>>>> not add >>>>>>>>> any >>>>>>>>> bridges >>>>>>>>> to the system. It is using the br-int bridge created by OVN. >>>>>>>>> The >>>>>>>>> networks >>>>>>>>> created by the OVN provider are purely logical entities, >>>>>>>>> implemented using >>>>>>>>> the OVN br-int bridge. >>>>>>>>> >>>>>>>>> Marcin >>>>>>>>> >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>> >>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>> Sent: Friday, December 30, 2016 12:15:43 PM >>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>> ovirtmgmt >>>>>>>>>> network >>>>>>>>>> >>>>>>>>>> Hi >>>>>>>>>> That is the logic I quite don't understand. What is the >>>>>>>>>> purpose of >>>>>>>>>> adding my bridges to Ovirt through the external provider and >>>>>>>>>> configure >>>>>>>>>> them on my VM if you are disregarding that and using br-int >>>>>>>>>> anyway? >>>>>>>>>> >>>>>>>>>> /Sverker >>>>>>>>>> >>>>>>>>>> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >>>>>>>>>> >>>>>>>>>>> Sverker, >>>>>>>>>>> >>>>>>>>>>> br-int is the integration bridge created by default in >>>>>>>>>>> OVN. This >>>>>>>>>>> is the >>>>>>>>>>> bridge we use for the OVN provider. As OVN is required to >>>>>>>>>>> be >>>>>>>>>>> installed, >>>>>>>>>>> we assume that this bridge is present. >>>>>>>>>>> Using any other ovs bridge is not supported, and will >>>>>>>>>>> require >>>>>>>>>>> custom code >>>>>>>>>>> changes (such as the ones you created). >>>>>>>>>>> >>>>>>>>>>> The proper setup in your case would probably be to create >>>>>>>>>>> br-int >>>>>>>>>>> and >>>>>>>>>>> connect >>>>>>>>>>> this to your ovirtbridge, although I don't know the >>>>>>>>>>> details of >>>>>>>>>>> your env, >>>>>>>>>>> so >>>>>>>>>>> this is just my best guess. >>>>>>>>>>> >>>>>>>>>>> Marcin >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> >>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org>, "Numan Siddique" >>>>>>>>>>>> <nusiddiq@redhat.com> >>>>>>>>>>>> Sent: Friday, December 30, 2016 1:14:50 AM >>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>> mandatory >>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>> network >>>>>>>>>>>> >>>>>>>>>>>> Even better, if the value is not hardcoded then the >>>>>>>>>>>> configured >>>>>>>>>>>> value is >>>>>>>>>>>> used. Might be that I'm missunderstanding something but >>>>>>>>>>>> this is >>>>>>>>>>>> the >>>>>>>>>>>> behaviour I expected instead of that it is using br-int. >>>>>>>>>>>> >>>>>>>>>>>> Attached is a patch which properly sets up the xml, in >>>>>>>>>>>> case >>>>>>>>>>>> there is >>>>>>>>>>>> already a virtual port there + testcode of some variants >>>>>>>>>>>> >>>>>>>>>>>> /Sverker >>>>>>>>>>>> >>>>>>>>>>>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>>>>>>>>>> >>>>>>>>>>>>> When I change >>>>>>>>>>>>> /usr/libexec/vdsm/hooks/before >>>>>>>>>>>>> _device_create/ovirt_provider_ovn_hook >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>>>>>>>>>>> 'ovirtbridge' then >>>>>>>>>>>>> I get the expected behaviour and I get a working network >>>>>>>>>>>>> connectivity >>>>>>>>>>>>> in my VM with IP provided by dhcp. >>>>>>>>>>>>> >>>>>>>>>>>>> /Sverker >>>>>>>>>>>>> >>>>>>>>>>>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>>>>>>>>>> >>>>>>>>>>>>>> By default the vNic profile of my OVN bridge >>>>>>>>>>>>>> ovirtbridge gets a >>>>>>>>>>>>>> Network filter named vdsm-no-mac-spoofing. If I instead >>>>>>>>>>>>>> set >>>>>>>>>>>>>> No filter >>>>>>>>>>>>>> then I don't get those ebtables / iptables messages. It >>>>>>>>>>>>>> seems >>>>>>>>>>>>>> that >>>>>>>>>>>>>> there is some issue between ovirt/vdsm and firewalld, >>>>>>>>>>>>>> which >>>>>>>>>>>>>> we can >>>>>>>>>>>>>> put to the side for now. >>>>>>>>>>>>>> >>>>>>>>>>>>>> It is not clear for me why the port is added on br-int >>>>>>>>>>>>>> instead of the >>>>>>>>>>>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>>>>>>>>>>> >>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>> >>>>>>>>>>>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> The specific command most likely fails because there >>>>>>>>>>>>>>> is no >>>>>>>>>>>>>>> chain >>>>>>>>>>>>>>> named libvirt-J-vnet0, but when should that have been >>>>>>>>>>>>>>> created? >>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -------- Vidarebefordrat meddelande -------- >>>>>>>>>>>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>> network >>>>>>>>>>>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>>>>>>>>>>> Från: Marcin Mirecki<mmirecki@redhat.com> >>>>>>>>>>>>>>> Till: Sverker Abrahamsson<sverker@abrahamsson.com> >>>>>>>>>>>>>>> Kopia: Ovirt Users<users@ovirt.org>, Lance >>>>>>>>>>>>>>> Richardson >>>>>>>>>>>>>>> <lrichard@redhat.com>, Numan >>>>>>>>>>>>>>> Siddique<nusiddiq@redhat.com> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Let me add the OVN team. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Lance, Numan, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can you please look at this? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- >>>>>>>>>>>>>>>>>>>>>> add-port >>>>>>>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"0 >>>>>>>>>>>>>>>>>>>>>> 0:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853 >>>>>>>>>>>>>>>>>>>>>> aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60 >>>>>>>>>>>>>>>>>>>>>> -ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=acti >>>>>>>>>>>>>>>>>>>>>> ve >>>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> More details below >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>> Same problem still.. >>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> The tunnels are created to connect multiple OVN >>>>>>>>>>>>>>>>> controllers. >>>>>>>>>>>>>>>>> If there is only one, there is no need for the >>>>>>>>>>>>>>>>> tunnels, so >>>>>>>>>>>>>>>>> none >>>>>>>>>>>>>>>>> will be created, this is the correct behavior. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Does the problem still occur after setting >>>>>>>>>>>>>>>>> configuring the >>>>>>>>>>>>>>>>> OVN-controller? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Iss >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> ...
[Message clipped] _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------C953300A9FB23B4FF27414D7 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Ok, thank you. Done that now /Sverker Den 2017-01-18 kl. 10:14, skrev Fred Rolland:
Go to https://gerrit.ovirt.org/70588 and click on the publish button. Drafts are not visible to everybody. Or you can push to master directly.
On Tue, Jan 17, 2017 at 7:39 PM, Sverker Abrahamsson <sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> wrote:
I still had the window open where I did that step. This is how it looked like:
[root@h2 ovirt-provider-ovn]# git push origin HEAD:refs/drafts/master Counting objects: 9, done. Delta compression using up to 8 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (6/6), 1.79 KiB | 0 bytes/s, done. Total 6 (delta 2), reused 0 (delta 0) remote: Resolving deltas: 100% (2/2) remote: Processing changes: new: 1, refs: 1, done remote: (W) 16d5be4: commit subject >65 characters; use shorter first paragraph remote: remote: New Changes: remote: https://gerrit.ovirt.org/70588 Properly handle to set id when interface already has a virtualport element ... [DRAFT] remote: To gerrit.ovirt.org:ovirt-provider-ovn * [new branch] HEAD -> refs/drafts/master
I see the difference is that I pushed to HEAD:refs/drafts/master as instructed at http://www.ovirt.org/develop/dev-process/working-with-gerrit/ <http://www.ovirt.org/develop/dev-process/working-with-gerrit/>
Should I push it to HEAD:refs/for/master instead?
/Sverker
Den 2017-01-17 kl. 12:09, skrev Marcin Mirecki:
Sverker, I can see you as a user in gerrit (sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>), but there are no patches for your name. Please check for any errors after you issue: git push gerrit.ovirt.org:ovirt-provider-ovn HEAD:refs/for/master
Also, please let me know if you need any other help on with gerrit.
On Mon, Jan 16, 2017 at 8:49 PM, Sverker Abrahamsson <sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> wrote:
I've followed the instructions to best effort, so hopefully it's right..
Den 2017-01-13 kl. 10:31, skrev Marcin Mirecki:
Please push the patch into: https://gerrit.ovirt.org/ovirt-provider-ovn <https://gerrit.ovirt.org/ovirt-provider-ovn> (let me know if you need some directions)
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki" <mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users" <users@ovirt.org <mailto:users@ovirt.org>> Sent: Monday, January 9, 2017 1:45:37 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Ok, found it. The issue is right here:
<interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface>
There are two elements for virtualport, the first without id and the second with. On h2 I had fixed this which was the patch I posted earlier although I switched back to use br-int after understanding that was the correct way. When that hook was copied to h1 the port gets attached fine.
Patch with updated testcase attached.
/Sverker
Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:
This is the content of vdsm.log on h1 at this time:
2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC call VM.create succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') VM wrapper has started (vm:1901) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume path: /rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso (clientIF:374) 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') <?xml version='1.0' encoding='UTF-8'?> <domain xmlns:ovirt="http://ovirt.org/vm/tune/1.0 <http://ovirt.org/vm/tune/1.0>" type="kvm"> <name>CentOS7_3</name>
<uuid>6dd5291e-6556-4d29-8b4e-ea896e627645</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <maxMemory slots="16">4294967296</maxMemory> <vcpu current="1">16</vcpu> <devices> <channel type="unix"> <target name="com.redhat.rhevm.vdsm" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.com.redhat.rhevm.vdsm" /> </channel> <channel type="unix"> <target name="org.qemu.guest_agent.0" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e-ea896e627645.org.qemu.guest_agent.0" /> </channel> <input bus="ps2" type="mouse" /> <memballoon model="virtio" /> <controller index="0" model="virtio-scsi" type="scsi" /> <controller index="0" ports="16" type="virtio-serial" /> <video> <model heads="1" ram="65536" type="qxl" vgamem="16384" vram="32768" /> </video> <graphics autoport="yes" defaultMode="secure" passwd="*****" passwdValidTo="1970-01-01T00:00:01" port="-1" tlsPort="-1" type="spice"> <channel mode="secure" name="main" /> <channel mode="secure" name="inputs" /> <channel mode="secure" name="cursor" /> <channel mode="secure" name="playback" /> <channel mode="secure" name="record" /> <channel mode="secure" name="display" /> <channel mode="secure" name="smartcard" /> <channel mode="secure" name="usbredir" /> <listen network="vdsm-ovirtmgmt" type="network" /> </graphics> <interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface> <disk device="cdrom" snapshot="no" type="file"> <source file="/rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso" startupPolicy="optional" /> <target bus="ide" dev="hdc" /> <readonly /> <boot order="1" /> </disk> <channel type="spicevmc"> <target name="com.redhat.spice.0" type="virtio" /> </channel> </devices> <metadata> <ovirt:qos /> </metadata> <os> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0">hvm</type> <smbios mode="sysinfo" /> <bootmenu enable="yes" timeout="10000" /> </os> <sysinfo type="smbios"> <system> <entry name="manufacturer">oVirt</entry> <entry name="product">oVirt Node</entry> <entry name="version">7-3.1611.el7.centos</entry> <entry name="serial">62f1adff-b29e-4a7c-abba-c2c4c73248c6</entry> <entry name="uuid">6dd5291e-6556-4d29-8b4e-ea896e627645</entry> </system> </sysinfo> <clock adjustment="0" offset="variable"> <timer name="rtc" tickpolicy="catchup" /> <timer name="pit" tickpolicy="delay" /> <timer name="hpet" present="no" /> </clock> <features> <acpi /> </features> <cpu match="exact"> <model>SandyBridge</model> <topology cores="1" sockets="16" threads="1" /> <numa> <cell cpus="0" memory="1048576" /> </numa> </cpu> </domain> (vm:1988) 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: onResume (vm:4863) 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') Starting connection (guestagent:245) 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: domain initialization (vm:4863) 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC call Host.getVMFullList succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize(sdUUID=u'2ee54fb8-48f2-4576-8cff-f2346504b08b', spUUID=u'584ebd64-0268-0193-025b-00000000038e', imgUUID=u'5a3aae57-ffe0-4a3b-aa87-8461669db7f9', volUUID=u'b6a88789-fcb1-4d3e-911b-2a4d3b6c69c7', options=None) (logUtils:49) 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize, Return response: {'truesize': '1859723264', 'apparentsize': '21474836480'} (logUtils:52) 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52) 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52) 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC call Host.getStats succeeded in 0.01 seconds (__init__:515)
Vdsm and the OVN driver must have been called as the port IS created, but with the wrong id. I don't find the faulty id in vdsm.log neither, the xml above have the correct id. /Sverker
Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:
The port is set up on the host by the ovirt-provider-ovn-driver. The driver is invoked by the vdsm hook whenever any operation on the port is done. Please ensure that this is installed properly. You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the hook was executed properly.
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki" <mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users" <users@ovirt.org <mailto:users@ovirt.org>> Sent: Friday, January 6, 2017 9:00:26 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
I created a new VM in the ui and assigned it to host h1. In /var/log/ovirt-provider-ovn.log I get the following:
2017-01-06 20:54:11,940 Request: GET : /v2.0/ports 2017-01-06 20:54:11,940 Connecting to remote ovn database: tcp:127.0.0.1:6641 <http://127.0.0.1:6641> 2017-01-06 20:54:12,157 Connected (number of retries: 2) 2017-01-06 20:54:12,158 Response code: 200 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:54:12,160 Request: SHOW : /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 2017-01-06 20:54:12,160 Connecting to remote ovn database: tcp:127.0.0.1:6641 <http://127.0.0.1:6641> 2017-01-06 20:54:12,377 Connected (number of retries: 2) 2017-01-06 20:54:12,378 Response code: 200 2017-01-06 20:54:12,378 Response body: {"network": {"id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports 2017-01-06 20:54:12,380 Request body: { "port" : { "name" : "nic1", "binding:host_id" : "h1.limetransit.com <http://h1.limetransit.com>", "admin_state_up" : true, "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", "device_owner" : "oVirt", "mac_address" : "00:1a:4a:16:01:54", "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" } } 2017-01-06 20:54:12,380 Connecting to remote ovn database: tcp:127.0.0.1:6641 <http://127.0.0.1:6641> 2017-01-06 20:54:12,610 Connected (number of retries: 2) 2017-01-06 20:54:12,614 Response code: 200 2017-01-06 20:54:12,614 Response body: {"port": {"name": "912cba79-982e-4a87-868e-241fedccb59a", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:54", "id": "912cba79-982e-4a87-868e-241fedccb59a", "device_id": "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}}
h1:/var/log/messages Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 -- set Interface vnet1 "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- set Interface vnet1 "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" -- set Interface vnet1 "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- set Interface vnet1 external-ids:iface-status=active
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 912cba79-982e-4a87-868e-241fedccb59a addresses: ["00:1a:4a:16:01:54"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com <http://h2.limetransit.com>" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com <http://h1.limetransit.com>" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I.e. same issue /Sverker
Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:
The port is created from Ovirt UI, the ovs-vsctl command below is executed when VM is started. In /var/log/ovirt-provider-ovn.log on h2 I get the following:
2017-01-06 20:19:25,452 Request: GET : /v2.0/ports 2017-01-06 20:19:25,452 Connecting to remote ovn database: tcp:127.0.0.1:6641 <http://127.0.0.1:6641> 2017-01-06 20:19:25,670 Connected (number of retries: 2) 2017-01-06 20:19:25,670 Response code: 200 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:51", "id": "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} 2017-01-06 20:19:25,673 Request: PUT : /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 2017-01-06 20:19:25,673 Request body: { "port" : { "binding:host_id" : "h1.limetransit.com <http://h1.limetransit.com>", "security_groups" : null } } 2017-01-06 20:19:25,673 Connecting to remote ovn database: tcp:127.0.0.1:6641 <http://127.0.0.1:6641> 2017-01-06 20:19:25,890 Connected (number of retries: 2) 2017-01-06 20:19:25,891 Response code: 200 2017-01-06 20:19:25,891 Response body: {"port": {"name": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", "mac_address": "00:1a:4a:16:01:52", "id": "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": "4baefa8c-3822-4de0-9cd0-1d025bab7844"}}
In /var/log/messages on h1 I get the following:
Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully activated service 'org.freedesktop.problems' Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record for fe80::fc1a:4aff:fe16:152 on vnet0.*. Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72. Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.
[root@h2 ~]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com <http://h2.limetransit.com>" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com <http://h1.limetransit.com>" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
I.e. the port is set up with the wrong ID and not attached to OVN.
If I correct external-ids:iface-id like this: [root@h1 ~]# ovs-vsctl set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\""
then sb is correct: [root@h2 ~]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com <http://h2.limetransit.com>" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com <http://h1.limetransit.com>" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3 comes from, doesn't show in any log other than /var/log/messages.
If I do the same exercise on the same host as engine is running on then the port for the VM gets the right id and is working from beginning. /Sverker
Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:
How did you create this port? From the oVirt engine UI? The OVN provider creates the port when you add the port in the engine UI, it is then plugged into the ovs bridge by the VIF driver. Please attach /var/log/ovirt-provider-ovn.log
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Tuesday, January 3, 2017 2:06:22 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Found an issue with Ovirt - OVN integration.
Engine and OVN central db running on host h2. Created VM to run on host h1, which is started. Ovn db state:
[root@h2 env3]# ovn-nbctl show switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 addresses: ["00:1a:4a:16:01:51"] port 92f6d3c8-68b3-4986-9c09-60bee04644b5 addresses: ["00:1a:4a:16:01:52"] port ovirtbridge-port2 addresses: ["unknown"] port ovirtbridge-port1 addresses: ["unknown"] [root@h2 env3]# ovn-sbctl show Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com <http://h2.limetransit.com>" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com <http://h1.limetransit.com>" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2"
Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM which is started on h1, but it is not assigned to that chassis. The reason is that on h1 the port on br-int is created like this:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
I.e. the extrernal id of interface is wrong. When I manually change to the right id like this the port works fine:
ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set Interface vnet0 "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" -- set Interface vnet0 "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- set Interface vnet0 external-ids:iface-status=active
sb db after correcting the port:
Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" hostname: "h2.limetransit.com <http://h2.limetransit.com>" Encap geneve ip: "148.251.126.50" options: {csum="true"} Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" Port_Binding "ovirtbridge-port1" Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" hostname: "h1.limetransit.com <http://h1.limetransit.com>" Encap geneve ip: "144.76.84.73" options: {csum="true"} Port_Binding "ovirtbridge-port2" Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5"
I don't know from where the faulty id comes from, it's not in any logs. In the domain xml as printed in vdsm.log the id is correct:
<interface type="bridge"> <mac address="00:1a:4a:16:01:52" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> </virtualport> </interface>
Where is the ovs-vsctl command line built for this call?
/Sverker
Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:
Got it to work now by following the env8 example in OVN tutorial, where a port is added with type l2gateway. Not sure how that is different from the localnet variant, but didn't suceed in getting that one working. Now I'm able to ping and telnet over the tunnel, but not ssh even when the port is answering on telnet. Neither does nfs traffic work even though mount did. Suspecting MTU issue. I did notice that ovn-controller starts too early, before network interfaces are established and hence can't reach the db. As these is a purely OVS/OVN issue I'll ask about it on their mailing list.
Getting back to the original issue with Ovirt, I've now added the second host h1 to ovirt-engine. Had to do the same as with h2 to create a dummy ovirtmgmt network but configured access via the public IP. My firewall settings was replaced with iptables config and vdsm.conf was overwritten when engine was set up, so those had to be manually restored. It would be preferable if it would be possible to configure ovirt-engine that it does not "own" the host and instead comply with the settings it has instead of enforcing it's own view..
Apart from that it seems the second host works, although I need to resolve the traffic issue over the OVS tunnel. /Sverker
Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson:
1. That is not possible as ovirt (or vdsm) will rewrite the network configuration to a non-working state. That is why I've set that if as hidden to vdsm and is why I'm keen on getting OVS/OVN to work
2. I've been reading the doc for OVN and starting to connect the dots, which is not trivial as it is complex. Some insights reached:
First step is the OVN database, installed by openvswitch-ovn-central, which I currently have running on h2 host. The 'ovn-nbctl' and 'ovn-sbctl' commands are only possible to execute on a database node. Two ip's are given to 'vdsm-tool ovn-config <ip to database> <tunnel ip>' as arguments, where <ip to database> is how this OVN node reaches the database and <tunnel ip> is the ip to which other OVN nodes sets up a tunnel to this node. I.e. it is not for creating a tunnel to the database which I thought first from the description in blog post.
The tunnel between OVN nodes is of type geneve which is a UDP based protocol but I have not been able to find anywhere which port is used so that I can open it in firewalld. I have added OVN on another host, called h1, and connected it to the db. I see there is traffic to the db port, but I don't see any geneve traffic between the nodes.
Ovirt is now able to create it's vnet0 interface on the br-int ovs bridge, but then I run into the next issue. How do I create a connection from the logical switch to the physical host? I need that to a) get a connection out to the internet through a masqueraded if or ipv6 and b) be able to run a dhcp server to give ip's to the VM's.
/Sverker
Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki:
1. Why not use your physical nic for ovirtmgmt then?
2. "ovn-nbctl ls-add" does not add a bridge, but a logical switch. br-int is an internal OVN implementation detail, which the user should not care about. What you see in the ovirt UI are logical networks. They are implemented as OVN logical switches in case of the OVN provider.
Please look at: http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ <http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/> You can get the latest rpms from here: http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov... <http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ovn_fc24_46/rpm/fc24/noarch/>
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Friday, December 30, 2016 4:25:58 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
1. No, I did not want to put the ovirtmgmt bridge on my physical nic as it always messed up the network config making the host unreachable. I have put a ovs bridge on this nic which I will use to make tunnels when I add other hosts. Maybe br-int will be used for that instead, will see when I get that far.
As it is now I have a dummy if for ovirtmgmt bridge but this will probably not work when I add other hosts as that bridge cannot connect to the other hosts. I'm considering keeping this just as a dummy to keep ovirt engine satisfied while the actual communication will happen over OVN/OVS bridges and tunnels.
2. On https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide... <https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provider/>
there is instructions how to add an OVS bridge to OVN with |ovn-nbctl ls-add <network name>|. If you want to use br-int then it makes sense to make that bridge visible in ovirt webui under networks so that it can be selected for VM's.
It quite doesn't make sense to me that I can select other network for my VM but then that setting is not used when setting up the network.
/Sverker
Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:
Hi,
The OVN provider does not require you to add any bridges manually. As I understand we were dealing with two problems: 1. You only had one physical nic and wanted to put a bridge on it,
attaching the management network to the bridge. This was the reason for
creating the bridge (the recommended setup would be to used a separate
physical nic for the management network). This bridge has nothing to
do with the OVN bridge. 2. OVN - you want to use OVN on this system. For this you have to install
OVN on your hosts. This should create the br-int bridge, which are
then used by the OVN provider. This br-int bridge must be configured
to connect to other hosts using the geneve tunnels.
In both cases the systems will not be aware of any bridges you create. They need a nic (be it physical or virtual) to connect to other system. Usually this is the physical nic. In your case you decided to put a bridge on the physical nic, and give oVirt a virtual nic attached to this bridge. This works, but keep in mind that the bridge you have introduced is outside of oVirt's (and OVN) control (and as such is not supported).
What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM
I am not quite sure I understand. The external provider (OVN provider to be specific), does not add any bridges to the system. It is using the br-int bridge created by OVN. The networks created by the OVN provider are purely logical entities, implemented using the OVN br-int bridge.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Friday, December 30, 2016 12:15:43 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi That is the logic I quite don't understand. What is the purpose of adding my bridges to Ovirt through the external provider and configure them on my VM if you are disregarding that and using br-int anyway?
/Sverker
Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:
Sverker,
br-int is the integration bridge created by default in OVN. This is the bridge we use for the OVN provider. As OVN is required to be installed, we assume that this bridge is present. Using any other ovs bridge is not supported, and will require custom code changes (such as the ones you created).
The proper setup in your case would probably be to create br-int and connect this to your ovirtbridge, although I don't know the details of your env, so this is just my best guess.
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>>, "Numan Siddique" <nusiddiq@redhat.com <mailto:nusiddiq@redhat.com>> Sent: Friday, December 30, 2016 1:14:50 AM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Even better, if the value is not hardcoded then the configured value is used. Might be that I'm missunderstanding something but this is the behaviour I expected instead of that it is using br-int.
Attached is a patch which properly sets up the xml, in case there is already a virtual port there + testcode of some variants
/Sverker
Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:
When I change /usr/libexec/vdsm/hooks/before_device_create/ovirt_provider_ovn_hook
to instead of hardcoded to br-int use BRIDGE_NAME = 'ovirtbridge' then I get the expected behaviour and I get a working network connectivity in my VM with IP provided by dhcp.
/Sverker
Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:
By default the vNic profile of my OVN bridge ovirtbridge gets a Network filter named vdsm-no-mac-spoofing. If I instead set No filter then I don't get those ebtables / iptables messages. It seems that there is some issue between ovirt/vdsm and firewalld, which we can put to the side for now.
It is not clear for me why the port is added on br-int instead of the bridge I've assigned to the VM, which is ovirtbridge??
/Sverker
Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:
The specific command most likely fails because there is no chain named libvirt-J-vnet0, but when should that have been created? /Sverker
-------- Vidarebefordrat meddelande -------- Ämne:
Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) Från: Marcin Mirecki<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Till: Sverker Abrahamsson<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> Kopia: Ovirt Users<users@ovirt.org <mailto:users@ovirt.org>>, Lance Richardson <lrichard@redhat.com <mailto:lrichard@redhat.com>>, Numan Siddique<nusiddiq@redhat.com <mailto:nusiddiq@redhat.com>>
Let me add the OVN team.
Lance, Numan,
Can you please look at this?
Trying to plug a vNIC results in:
Dec 28 23:31:35 h2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 -- set Interface vnet0 "external-ids:attached-mac=\"00:1a:4a:16:01:51\"" -- set Interface vnet0 "external-ids:iface-id=\"e8853aac-8a75-41b0-8010-e630017dcdd8\""
-- set Interface vnet0 "external-ids:vm-id=\"b9440d60-ef5a-4e2b-83cf-081df7c09e6f\""
-- set Interface vnet0 external-ids:iface-status=active Dec 28 23:31:35 h2 kernel: device vnet0 entered promiscuous mode Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0' failed: Dec 28 23:31:35 h2 firewalld: WARNING: COMMAND_FAILED:
More details below
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Thursday, December 29, 2016 1:42:11 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Hi Same problem still.. /Sverker
Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:
Hi,
The tunnels are created to connect multiple OVN controllers. If there is only one, there is no need for the tunnels, so none will be created, this is the correct behavior.
Does the problem still occur after setting configuring the OVN-controller?
Marcin
----- Original Message -----
From: "Sverker Abrahamsson"<sverker@abrahamsson.com <mailto:sverker@abrahamsson.com>> To: "Marcin Mirecki"<mmirecki@redhat.com <mailto:mmirecki@redhat.com>> Cc: "Ovirt Users"<users@ovirt.org <mailto:users@ovirt.org>> Sent: Thursday, December 29, 2016 11:44:32 AM Subject: Re: [ovirt-users] Iss
...
[Message clipped] _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
--------------C953300A9FB23B4FF27414D7 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>Ok, thank you. Done that now<br> /Sverker<br> </p> <div class="moz-cite-prefix">Den 2017-01-18 kl. 10:14, skrev Fred Rolland:<br> </div> <blockquote cite="mid:CAF_B0vFzyvz-NRX4cs1xNDvzNqHF2z34DqfvRFzR4ciwRgJCOg@mail.gmail.com" type="cite"> <div dir="ltr"> <div> <div>Go to <a moz-do-not-send="true" class="gmail-m_-7668051331360668793moz-txt-link-freetext" href="https://gerrit.ovirt.org/70588" target="_blank">https://gerrit.ovirt.org/70588</a> and click on the publish button.<br> </div> Drafts are not visible to everybody.<br> </div> Or you can push to master directly.<br> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Tue, Jan 17, 2017 at 7:39 PM, Sverker Abrahamsson <span dir="ltr"><<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsson.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> <p>I still had the window open where I did that step. This is how it looked like:<br> </p> <p>[root@h2 ovirt-provider-ovn]# git push origin HEAD:refs/drafts/master<br> Counting objects: 9, done.<br> Delta compression using up to 8 threads.<br> Compressing objects: 100% (5/5), done.<br> Writing objects: 100% (6/6), 1.79 KiB | 0 bytes/s, done.<br> Total 6 (delta 2), reused 0 (delta 0)<br> remote: Resolving deltas: 100% (2/2)<br> remote: Processing changes: new: 1, refs: 1, done<br> remote: (W) 16d5be4: commit subject >65 characters; use shorter first paragraph<br> remote:<br> remote: New Changes:<br> remote: <a moz-do-not-send="true" class="m_-7668051331360668793moz-txt-link-freetext" href="https://gerrit.ovirt.org/70588" target="_blank">https://gerrit.ovirt.org/70588</a> Properly handle to set id when interface already has a virtualport element ... [DRAFT]<br> remote:<br> To gerrit.ovirt.org:ovirt-<wbr>provider-ovn<br> * [new branch] HEAD -> refs/drafts/master<br> </p> <p>I see the difference is that I pushed to HEAD:refs/drafts/master as instructed at <a moz-do-not-send="true" class="m_-7668051331360668793moz-txt-link-freetext" href="http://www.ovirt.org/develop/dev-process/working-with-gerrit/" target="_blank">http://www.ovirt.org/develop/<wbr>dev-process/working-with-<wbr>gerrit/</a></p> <p>Should I push it to HEAD:refs/for/master instead?</p> <span class="HOEnZb"><font color="#888888"> <p>/Sverker<br> </p> </font></span> <div> <div class="h5"> <div class="m_-7668051331360668793moz-cite-prefix">Den 2017-01-17 kl. 12:09, skrev Marcin Mirecki:<br> </div> <blockquote type="cite"> <div dir="ltr"> <div> <div> <div>Sverker,<br> </div> I can see you as a user in gerrit (<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsson.com</a>), but there are no patches for your name.<br> </div> Please check for any errors after you issue:<br> git push gerrit.ovirt.org:ovirt-<wbr>provider-ovn HEAD:refs/for/master<br> <br> </div> Also, please let me know if you need any other help on with gerrit.</div> <div class="gmail_extra"><br> <div class="gmail_quote">On Mon, Jan 16, 2017 at 8:49 PM, Sverker Abrahamsson <span dir="ltr"><<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsson.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I've followed the instructions to best effort, so hopefully it's right..<br> <br> <br> Den 2017-01-13 kl. 10:31, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Please push the patch into: <a moz-do-not-send="true" href="https://gerrit.ovirt.org/ovirt-provider-ovn" rel="noreferrer" target="_blank">https://gerrit.ovirt.org/ovirt<wbr>-provider-ovn</a><br> (let me know if you need some directions)<br> <br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson" <<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsson.com</a>><br> To: "Marcin Mirecki" <<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users" <<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Monday, January 9, 2017 1:45:37 PM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network<br> <br> Ok, found it. The issue is right here:<br> <br> <interface type="bridge"><br> <mac address="00:1a:4a:16:01:54" /><br> <model type="virtio" /><br> <source bridge="br-int" /><br> <virtualport type="openvswitch" /><br> <link state="up" /><br> <boot order="2" /><br> <bandwidth /><br> <virtualport type="openvswitch"><br> <parameters<br> interfaceid="912cba79-982e-4a8<wbr>7-868e-241fedccb59a" /><br> </virtualport><br> </interface><br> <br> There are two elements for virtualport, the first without id and the<br> second with. On h2 I had fixed this which was the patch I posted earlier<br> although I switched back to use br-int after understanding that was the<br> correct way. When that hook was copied to h1 the port gets attached fine.<br> <br> Patch with updated testcase attached.<br> <br> /Sverker<br> <br> <br> Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> This is the content of vdsm.log on h1 at this time:<br> <br> 2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC<br> call VM.create succeeded in 0.01 seconds (__init__:515)<br> 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm]<br> (vmId='6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645') VM wrapper has started<br> (vm:1901)<br> 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume<br> path:<br> /rhev/data-center/mnt/h2-int.l<wbr>imetransit.com:_var_lib_export<wbr>s_iso/1d49c4bc-0fec-4503-a583-<wbr>d476fa3a370d/images/11111111-1<wbr>111-1111-1111-111111111111/Cen<wbr>tOS-7-x86_64-NetInstall-1611.<wbr>iso<br> (clientIF:374)<br> 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108)<br> 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108)<br> 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm]<br> (vmId='6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645') <?xml version='1.0'<br> encoding='UTF-8'?><br> <domain xmlns:ovirt="<a moz-do-not-send="true" href="http://ovirt.org/vm/tune/1.0" rel="noreferrer" target="_blank">http://ovirt.org/<wbr>vm/tune/1.0</a>" type="kvm"><br> <name>CentOS7_3</name><br> <uuid>6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645</uuid><br> <memory>1048576</memory><br> <currentMemory>1048576</curre<wbr>ntMemory><br> <maxMemory slots="16">4294967296</maxMemo<wbr>ry><br> <vcpu current="1">16</vcpu><br> <devices><br> <channel type="unix"><br> <target name="com.redhat.rhevm.vdsm" type="virtio" /><br> <source mode="bind"<br> path="/var/lib/libvirt/qemu/ch<wbr>annels/6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645.com.redhat.rhevm<wbr>.vdsm"<br> /><br> </channel><br> <channel type="unix"><br> <target name="org.qemu.guest_agent.0" type="virtio" /><br> <source mode="bind"<br> path="/var/lib/libvirt/qemu/ch<wbr>annels/6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645.org.qemu.guest_a<wbr>gent.0"<br> /><br> </channel><br> <input bus="ps2" type="mouse" /><br> <memballoon model="virtio" /><br> <controller index="0" model="virtio-scsi" type="scsi" /><br> <controller index="0" ports="16" type="virtio-serial" /><br> <video><br> <model heads="1" ram="65536" type="qxl" vgamem="16384"<br> vram="32768" /><br> </video><br> <graphics autoport="yes" defaultMode="secure" passwd="*****"<br> passwdValidTo="1970-01-01T00:0<wbr>0:01" port="-1" tlsPort="-1" type="spice"><br> <channel mode="secure" name="main" /><br> <channel mode="secure" name="inputs" /><br> <channel mode="secure" name="cursor" /><br> <channel mode="secure" name="playback" /><br> <channel mode="secure" name="record" /><br> <channel mode="secure" name="display" /><br> <channel mode="secure" name="smartcard" /><br> <channel mode="secure" name="usbredir" /><br> <listen network="vdsm-ovirtmgmt" type="network" /><br> </graphics><br> <interface type="bridge"><br> <mac address="00:1a:4a:16:01:54" /><br> <model type="virtio" /><br> <source bridge="br-int" /><br> <virtualport type="openvswitch" /><br> <link state="up" /><br> <boot order="2" /><br> <bandwidth /><br> <virtualport type="openvswitch"><br> <parameters<br> interfaceid="912cba79-982e-4a8<wbr>7-868e-241fedccb59a" /><br> </virtualport><br> </interface><br> <disk device="cdrom" snapshot="no" type="file"><br> <source<br> file="/rhev/data-center/mnt/h2<wbr>-int.limetransit.com:_var_lib_<wbr>exports_iso/1d49c4bc-0fec-4503<wbr>-a583-d476fa3a370d/images/1111<wbr>1111-1111-1111-1111-1111111111<wbr>11/CentOS-7-x86_64-NetInstall-<wbr>1611.iso"<br> startupPolicy="optional" /><br> <target bus="ide" dev="hdc" /><br> <readonly /><br> <boot order="1" /><br> </disk><br> <channel type="spicevmc"><br> <target name="com.redhat.spice.0" type="virtio" /><br> </channel><br> </devices><br> <metadata><br> <ovirt:qos /><br> </metadata><br> <os><br> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0"><wbr>hvm</type><br> <smbios mode="sysinfo" /><br> <bootmenu enable="yes" timeout="10000" /><br> </os><br> <sysinfo type="smbios"><br> <system><br> <entry name="manufacturer">oVirt</ent<wbr>ry><br> <entry name="product">oVirt Node</entry><br> <entry name="version">7-3.1611.el7.ce<wbr>ntos</entry><br> <entry<br> name="serial">62f1adff-b29e-4a<wbr>7c-abba-c2c4c73248c6</entry><br> <entry<br> name="uuid">6dd5291e-6556-4d29<wbr>-8b4e-ea896e627645</entry><br> </system><br> </sysinfo><br> <clock adjustment="0" offset="variable"><br> <timer name="rtc" tickpolicy="catchup" /><br> <timer name="pit" tickpolicy="delay" /><br> <timer name="hpet" present="no" /><br> </clock><br> <features><br> <acpi /><br> </features><br> <cpu match="exact"><br> <model>SandyBridge</model><br> <topology cores="1" sockets="16" threads="1" /><br> <numa><br> <cell cpus="0" memory="1048576" /><br> </numa><br> </cpu><br> </domain><br> (vm:1988)<br> 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm]<br> (vmId='6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645') CPU running: onResume<br> (vm:4863)<br> 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm]<br> (vmId='6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645') Starting connection<br> (guestagent:245)<br> 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm]<br> (vmId='6dd5291e-6556-4d29-8b4e<wbr>-ea896e627645') CPU running: domain<br> initialization (vm:4863)<br> 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC<br> call Host.getVMFullList succeeded in 0.01 seconds (__init__:515)<br> 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and<br> protect: getVolumeSize(sdUUID=u'2ee54fb<wbr>8-48f2-4576-8cff-f2346504b08b'<wbr>,<br> spUUID=u'584ebd64-0268-0193-02<wbr>5b-00000000038e',<br> imgUUID=u'5a3aae57-ffe0-4a3b-a<wbr>a87-8461669db7f9',<br> volUUID=u'b6a88789-fcb1-4d3e-9<wbr>11b-2a4d3b6c69c7', options=None)<br> (logUtils:49)<br> 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and<br> protect: getVolumeSize, Return response: {'truesize': '1859723264',<br> 'apparentsize': '21474836480'} (logUtils:52)<br> 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and<br> protect: repoStats(options=None) (logUtils:49)<br> 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and<br> protect: repoStats, Return response:<br> {u'2ee54fb8-48f2-4576-8cff-f23<wbr>46504b08b': {'code': 0, 'actual': True,<br> 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck':<br> '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476<wbr>fa3a370d':<br> {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay':<br> '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52)<br> 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC<br> call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515)<br> 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC<br> call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515)<br> 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and<br> protect: repoStats(options=None) (logUtils:49)<br> 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and<br> protect: repoStats, Return response:<br> {u'2ee54fb8-48f2-4576-8cff-f23<wbr>46504b08b': {'code': 0, 'actual': True,<br> 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck':<br> '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476<wbr>fa3a370d':<br> {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay':<br> '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52)<br> 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC<br> call Host.getStats succeeded in 0.01 seconds (__init__:515)<br> <br> Vdsm and the OVN driver must have been called as the port IS created,<br> but with the wrong id. I don't find the faulty id in vdsm.log neither,<br> the xml above have the correct id.<br> /Sverker<br> <br> Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> The port is set up on the host by the ovirt-provider-ovn-driver.<br> The driver is invoked by the vdsm hook whenever any operation on<br> the port is done.<br> Please ensure that this is installed properly.<br> You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the<br> hook was executed properly.<br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson" <<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsson.com</a>><br> To: "Marcin Mirecki" <<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users" <<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Friday, January 6, 2017 9:00:26 PM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory<br> ovirtmgmt network<br> <br> I created a new VM in the ui and assigned it to host h1. In<br> /var/log/ovirt-provider-ovn.lo<wbr>g I get the following:<br> <br> 2017-01-06 20:54:11,940 Request: GET : /v2.0/ports<br> 2017-01-06 20:54:11,940 Connecting to remote ovn database:<br> tcp:<a moz-do-not-send="true" href="http://127.0.0.1:6641" rel="noreferrer" target="_blank">127.0.0.1:6641</a><br> 2017-01-06 20:54:12,157 Connected (number of retries: 2)<br> 2017-01-06 20:54:12,158 Response code: 200<br> 2017-01-06 20:54:12,158 Response body: {"ports": [{"name":<br> "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:51", "id":<br> "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873", "device_id":<br> "40cd7328-d575-4c3d-b656-9ef9b<wbr>acc0078"}, {"name":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:52", "id":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "device_id":<br> "4baefa8c-3822-4de0-9cd0-1d025<wbr>bab7844"}]}<br> 2017-01-06 20:54:12,160 Request: SHOW :<br> /v2.0/networks/e53554cf-e553-4<wbr>0a1-8d22-9c8d95ec0601<br> 2017-01-06 20:54:12,160 Connecting to remote ovn database:<br> tcp:<a moz-do-not-send="true" href="http://127.0.0.1:6641" rel="noreferrer" target="_blank">127.0.0.1:6641</a><br> 2017-01-06 20:54:12,377 Connected (number of retries: 2)<br> 2017-01-06 20:54:12,378 Response code: 200<br> 2017-01-06 20:54:12,378 Response body: {"network": {"id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "name": "ovirtbridge"}}<br> 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports<br> 2017-01-06 20:54:12,380 Request body:<br> {<br> "port" : {<br> "name" : "nic1",<br> "binding:host_id" : "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>",<br> "admin_state_up" : true,<br> "device_id" : "e8553a88-05f0-401d-8b9b-5fff7<wbr>7f7bbbe",<br> "device_owner" : "oVirt",<br> "mac_address" : "00:1a:4a:16:01:54",<br> "network_id" : "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601"<br> }<br> }<br> 2017-01-06 20:54:12,380 Connecting to remote ovn database:<br> tcp:<a moz-do-not-send="true" href="http://127.0.0.1:6641" rel="noreferrer" target="_blank">127.0.0.1:6641</a><br> 2017-01-06 20:54:12,610 Connected (number of retries: 2)<br> 2017-01-06 20:54:12,614 Response code: 200<br> 2017-01-06 20:54:12,614 Response body: {"port": {"name":<br> "912cba79-982e-4a87-868e-241fe<wbr>dccb59a", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:54", "id":<br> "912cba79-982e-4a87-868e-241fe<wbr>dccb59a", "device_id":<br> "e8553a88-05f0-401d-8b9b-5fff7<wbr>7f7bbbe"}}<br> <br> h1:/var/log/messages<br> Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl<br> --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 --<br> set Interface vnet1<br> "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:54\"" --<br> set Interface vnet1<br> "external-ids:iface-id=\"20388<wbr>407-0f76-41d8-97aa-8e2b5978f90<wbr>8\"" -- set<br> Interface vnet1<br> "external-ids:vm-id=\"6dd5291e<wbr>-6556-4d29-8b4e-ea896e627645\"<wbr>" -- set<br> Interface vnet1 external-ids:iface-status=acti<wbr>ve<br> <br> [root@h2 ~]# ovn-nbctl show<br> switch e53554cf-e553-40a1-8d22-9c8d95<wbr>ec0601 (ovirtbridge)<br> port 4981ee5f-6e15-4bd5-a1cf-7ead9b<wbr>dd5873<br> addresses: ["00:1a:4a:16:01:51"]<br> port 912cba79-982e-4a87-868e-241fed<wbr>ccb59a<br> addresses: ["00:1a:4a:16:01:54"]<br> port 92f6d3c8-68b3-4986-9c09-60bee0<wbr>4644b5<br> addresses: ["00:1a:4a:16:01:52"]<br> port ovirtbridge-port2<br> addresses: ["unknown"]<br> port ovirtbridge-port1<br> addresses: ["unknown"]<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c<wbr>6aeefb5"<br> hostname: "<a moz-do-not-send="true" href="http://h2.limetransit.com" rel="noreferrer" target="_blank">h2.limetransit.com</a>"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea644<wbr>4c02cf9"<br> hostname: "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5"<br> <br> I.e. same issue<br> /Sverker<br> <br> Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> The port is created from Ovirt UI, the ovs-vsctl command below is<br> executed when VM is started. In /var/log/ovirt-provider-ovn.lo<wbr>g on h2<br> I get the following:<br> <br> 2017-01-06 20:19:25,452 Request: GET : /v2.0/ports<br> 2017-01-06 20:19:25,452 Connecting to remote ovn database:<br> tcp:<a moz-do-not-send="true" href="http://127.0.0.1:6641" rel="noreferrer" target="_blank">127.0.0.1:6641</a><br> 2017-01-06 20:19:25,670 Connected (number of retries: 2)<br> 2017-01-06 20:19:25,670 Response code: 200<br> 2017-01-06 20:19:25,670 Response body: {"ports": [{"name":<br> "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:51", "id":<br> "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873", "device_id":<br> "40cd7328-d575-4c3d-b656-9ef9b<wbr>acc0078"}, {"name":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:52", "id":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "device_id":<br> "4baefa8c-3822-4de0-9cd0-1d025<wbr>bab7844"}]}<br> 2017-01-06 20:19:25,673 Request: PUT :<br> /v2.0/ports/92f6d3c8-68b3-4986<wbr>-9c09-60bee04644b5<br> 2017-01-06 20:19:25,673 Request body:<br> {<br> "port" : {<br> "binding:host_id" : "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>",<br> "security_groups" : null<br> }<br> }<br> 2017-01-06 20:19:25,673 Connecting to remote ovn database:<br> tcp:<a moz-do-not-send="true" href="http://127.0.0.1:6641" rel="noreferrer" target="_blank">127.0.0.1:6641</a><br> 2017-01-06 20:19:25,890 Connected (number of retries: 2)<br> 2017-01-06 20:19:25,891 Response code: 200<br> 2017-01-06 20:19:25,891 Response body: {"port": {"name":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "network_id":<br> "e53554cf-e553-40a1-8d22-9c8d9<wbr>5ec0601", "device_owner": "oVirt",<br> "mac_address": "00:1a:4a:16:01:52", "id":<br> "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5", "device_id":<br> "4baefa8c-3822-4de0-9cd0-1d025<wbr>bab7844"}}<br> <br> In /var/log/messages on h1 I get the following:<br> <br> Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully<br> activated service 'org.freedesktop.problems'<br> Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl<br> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 --<br> set Interface vnet0 "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:52\""<br> -- set Interface vnet0<br> "external-ids:iface-id=\"72daf<wbr>da5-03c2-4bb6-bcb6-241fa5c0a1f<wbr>3\"" --<br> set Interface vnet0<br> "external-ids:vm-id=\"4d0c134a<wbr>-11a0-40f4-b2fb-c13c17c7251c\"<wbr>" -- set<br> Interface vnet0 external-ids:iface-status=acti<wbr>ve<br> Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode<br> Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address record<br> for fe80::fc1a:4aff:fe16:152 on vnet0.*.<br> Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72.<br> Jan 6 20:19:26 h1 systemd: Started Virtual Machine qemu-4-CentOS72.<br> Jan 6 20:19:26 h1 systemd: Starting Virtual Machine qemu-4-CentOS72.<br> <br> [root@h2 ~]# ovn-nbctl show<br> switch e53554cf-e553-40a1-8d22-9c8d95<wbr>ec0601 (ovirtbridge)<br> port 4981ee5f-6e15-4bd5-a1cf-7ead9b<wbr>dd5873<br> addresses: ["00:1a:4a:16:01:51"]<br> port 92f6d3c8-68b3-4986-9c09-60bee0<wbr>4644b5<br> addresses: ["00:1a:4a:16:01:52"]<br> port ovirtbridge-port2<br> addresses: ["unknown"]<br> port ovirtbridge-port1<br> addresses: ["unknown"]<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c<wbr>6aeefb5"<br> hostname: "<a moz-do-not-send="true" href="http://h2.limetransit.com" rel="noreferrer" target="_blank">h2.limetransit.com</a>"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea644<wbr>4c02cf9"<br> hostname: "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> <br> I.e. the port is set up with the wrong ID and not attached to OVN.<br> <br> If I correct external-ids:iface-id like this:<br> [root@h1 ~]# ovs-vsctl set Interface vnet0<br> "external-ids:iface-id=\"92f6d<wbr>3c8-68b3-4986-9c09-60bee04644b<wbr>5\""<br> <br> then sb is correct:<br> [root@h2 ~]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c<wbr>6aeefb5"<br> hostname: "<a moz-do-not-send="true" href="http://h2.limetransit.com" rel="noreferrer" target="_blank">h2.limetransit.com</a>"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea644<wbr>4c02cf9"<br> hostname: "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5"<br> <br> I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5<wbr>c0a1f3<br> comes from, doesn't show in any log other than /var/log/messages.<br> <br> If I do the same exercise on the same host as engine is running on<br> then the port for the VM gets the right id and is working from<br> beginning.<br> /Sverker<br> <br> Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> How did you create this port?<br> From the oVirt engine UI?<br> The OVN provider creates the port when you add the port in the<br> engine UI,<br> it is then plugged into the ovs bridge by the VIF driver.<br> Please attach /var/log/ovirt-provider-ovn.lo<wbr>g<br> <br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Tuesday, January 3, 2017 2:06:22 AM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory<br> ovirtmgmt<br> network<br> <br> Found an issue with Ovirt - OVN integration.<br> <br> Engine and OVN central db running on host h2. Created VM to run<br> on host<br> h1, which is started. Ovn db state:<br> <br> [root@h2 env3]# ovn-nbctl show<br> switch e53554cf-e553-40a1-8d22-9c8d95<wbr>ec0601 (ovirtbridge)<br> port 4981ee5f-6e15-4bd5-a1cf-7ead9b<wbr>dd5873<br> addresses: ["00:1a:4a:16:01:51"]<br> port 92f6d3c8-68b3-4986-9c09-60bee0<wbr>4644b5<br> addresses: ["00:1a:4a:16:01:52"]<br> port ovirtbridge-port2<br> addresses: ["unknown"]<br> port ovirtbridge-port1<br> addresses: ["unknown"]<br> [root@h2 env3]# ovn-sbctl show<br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c<wbr>6aeefb5"<br> hostname: "<a moz-do-not-send="true" href="http://h2.limetransit.com" rel="noreferrer" target="_blank">h2.limetransit.com</a>"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea644<wbr>4c02cf9"<br> hostname: "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> <br> Port 92f6d3c8-68b3-4986-9c09-60bee0<wbr>4644b5 is for the new VM which is<br> started on h1, but it is not assigned to that chassis. The reason is<br> that on h1 the port on br-int is created like this:<br> <br> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port<br> br-int<br> vnet0 -- set Interface vnet0<br> "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:52\"" -- set<br> Interface vnet0<br> "external-ids:iface-id=\"35bcb<wbr>e31-2c7e-4d97-add9-ce150eeb2f1<wbr>1\""<br> -- set<br> Interface vnet0<br> "external-ids:vm-id=\"4d0c134a<wbr>-11a0-40f4-b2fb-c13c17c7251c\"<wbr>" -- set<br> Interface vnet0 external-ids:iface-status=acti<wbr>ve<br> <br> I.e. the extrernal id of interface is wrong. When I manually<br> change to<br> the right id like this the port works fine:<br> <br> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port<br> br-int<br> vnet0 -- set Interface vnet0<br> "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:52\"" -- set<br> Interface vnet0<br> "external-ids:iface-id=\"92f6d<wbr>3c8-68b3-4986-9c09-60bee04644b<wbr>5\""<br> -- set<br> Interface vnet0<br> "external-ids:vm-id=\"4d0c134a<wbr>-11a0-40f4-b2fb-c13c17c7251c\"<wbr>" -- set<br> Interface vnet0 external-ids:iface-status=acti<wbr>ve<br> <br> sb db after correcting the port:<br> <br> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c<wbr>6aeefb5"<br> hostname: "<a moz-do-not-send="true" href="http://h2.limetransit.com" rel="noreferrer" target="_blank">h2.limetransit.com</a>"<br> Encap geneve<br> ip: "148.251.126.50"<br> options: {csum="true"}<br> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9<wbr>bdd5873"<br> Port_Binding "ovirtbridge-port1"<br> Chassis "4f10fb04-8fb2-48d7-8a3f-ea644<wbr>4c02cf9"<br> hostname: "<a moz-do-not-send="true" href="http://h1.limetransit.com" rel="noreferrer" target="_blank">h1.limetransit.com</a>"<br> Encap geneve<br> ip: "144.76.84.73"<br> options: {csum="true"}<br> Port_Binding "ovirtbridge-port2"<br> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee<wbr>04644b5"<br> <br> I don't know from where the faulty id comes from, it's not in any<br> logs.<br> In the domain xml as printed in vdsm.log the id is correct:<br> <br> <interface type="bridge"><br> <mac address="00:1a:4a:16:01:52" /><br> <model type="virtio" /><br> <source bridge="br-int" /><br> <virtualport type="openvswitch" /><br> <link state="up" /><br> <boot order="2" /><br> <bandwidth /><br> <virtualport type="openvswitch"><br> <parameters<br> interfaceid="92f6d3c8-68b3-498<wbr>6-9c09-60bee04644b5" /><br> </virtualport><br> </interface><br> <br> Where is the ovs-vsctl command line built for this call?<br> <br> /Sverker<br> <br> <br> Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Got it to work now by following the env8 example in OVN tutorial,<br> where a port is added with type l2gateway. Not sure how that is<br> different from the localnet variant, but didn't suceed in<br> getting that<br> one working. Now I'm able to ping and telnet over the tunnel,<br> but not<br> ssh even when the port is answering on telnet. Neither does nfs<br> traffic work even though mount did. Suspecting MTU issue. I did<br> notice<br> that ovn-controller starts too early, before network interfaces are<br> established and hence can't reach the db. As these is a purely<br> OVS/OVN<br> issue I'll ask about it on their mailing list.<br> <br> Getting back to the original issue with Ovirt, I've now added the<br> second host h1 to ovirt-engine. Had to do the same as with h2 to<br> create a dummy ovirtmgmt network but configured access via the<br> public<br> IP. My firewall settings was replaced with iptables config and<br> vdsm.conf was overwritten when engine was set up, so those had<br> to be<br> manually restored. It would be preferable if it would be<br> possible to<br> configure ovirt-engine that it does not "own" the host and instead<br> comply with the settings it has instead of enforcing it's own<br> view..<br> <br> Apart from that it seems the second host works, although I need to<br> resolve the traffic issue over the OVS tunnel.<br> /Sverker<br> <br> Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> 1. That is not possible as ovirt (or vdsm) will rewrite the<br> network<br> configuration to a non-working state. That is why I've set that<br> if as<br> hidden to vdsm and is why I'm keen on getting OVS/OVN to work<br> <br> 2. I've been reading the doc for OVN and starting to connect the<br> dots, which is not trivial as it is complex. Some insights<br> reached:<br> <br> First step is the OVN database, installed by<br> openvswitch-ovn-central,<br> which I currently have running on h2 host. The 'ovn-nbctl' and<br> 'ovn-sbctl' commands are only possible to execute on a database<br> node.<br> Two ip's are given to 'vdsm-tool ovn-config <ip to database><br> <tunnel<br> ip>' as arguments, where <ip to database> is how this OVN node<br> reaches the database and <tunnel ip> is the ip to which other OVN<br> nodes sets up a tunnel to this node. I.e. it is not for creating a<br> tunnel to the database which I thought first from the<br> description in<br> blog post.<br> <br> The tunnel between OVN nodes is of type geneve which is a UDP<br> based<br> protocol but I have not been able to find anywhere which port<br> is used<br> so that I can open it in firewalld. I have added OVN on another<br> host,<br> called h1, and connected it to the db. I see there is traffic<br> to the<br> db port, but I don't see any geneve traffic between the nodes.<br> <br> Ovirt is now able to create it's vnet0 interface on the br-int ovs<br> bridge, but then I run into the next issue. How do I create a<br> connection from the logical switch to the physical host? I need<br> that<br> to a) get a connection out to the internet through a<br> masqueraded if<br> or ipv6 and b) be able to run a dhcp server to give ip's to the<br> VM's.<br> <br> /Sverker<br> <br> Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> 1. Why not use your physical nic for ovirtmgmt then?<br> <br> 2. "ovn-nbctl ls-add" does not add a bridge, but a logical<br> switch.<br> br-int is an internal OVN implementation detail, which<br> the user<br> should not care about. What you see in the ovirt UI are<br> logical<br> networks. They are implemented as OVN logical switches<br> in case<br> of the OVN provider.<br> <br> Please look at:<br> <a moz-do-not-send="true" href="http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/" rel="noreferrer" target="_blank">http://www.ovirt.org/blog/2016<wbr>/11/ovirt-provider-ovn/</a><br> You can get the latest rpms from here:<br> <a moz-do-not-send="true" href="http://resources.ovirt.org/repos/ovirt/experimental/master/ovirt-provider-ov..." rel="noreferrer" target="_blank">http://resources.ovirt.org/rep<wbr>os/ovirt/experimental/master/o<wbr>virt-provider-ovn_fc24_46/rpm/<wbr>fc24/noarch/</a><br> <br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Friday, December 30, 2016 4:25:58 PM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory<br> ovirtmgmt network<br> <br> 1. No, I did not want to put the ovirtmgmt bridge on my physical<br> nic as<br> it always messed up the network config making the host<br> unreachable. I<br> have put a ovs bridge on this nic which I will use to make<br> tunnels<br> when<br> I add other hosts. Maybe br-int will be used for that<br> instead, will<br> see<br> when I get that far.<br> <br> As it is now I have a dummy if for ovirtmgmt bridge but this<br> will<br> probably not work when I add other hosts as that bridge cannot<br> connect<br> to the other hosts. I'm considering keeping this just as a<br> dummy to<br> keep<br> ovirt engine satisfied while the actual communication will<br> happen<br> over<br> OVN/OVS bridges and tunnels.<br> <br> 2. On<br> <a moz-do-not-send="true" href="https://www.ovirt.org//develop/release-management/features/ovirt-ovn-provide..." rel="noreferrer" target="_blank">https://www.ovirt.org//develop<wbr>/release-management/features/o<wbr>virt-ovn-provider/</a><br> <br> <br> there is instructions how to add an OVS bridge to OVN with<br> |ovn-nbctl<br> ls-add <network name>|. If you want to use br-int then it makes<br> sense to<br> make that bridge visible in ovirt webui under networks so<br> that it<br> can be<br> selected for VM's.<br> <br> It quite doesn't make sense to me that I can select other<br> network<br> for my<br> VM but then that setting is not used when setting up the<br> network.<br> <br> /Sverker<br> <br> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi,<br> <br> The OVN provider does not require you to add any bridges<br> manually.<br> As I understand we were dealing with two problems:<br> 1. You only had one physical nic and wanted to put a bridge<br> on it,<br> attaching the management network to the bridge. This<br> was the<br> reason for<br> creating the bridge (the recommended setup would be<br> to used a<br> separate<br> physical nic for the management network). This bridge<br> has<br> nothing to<br> do with the OVN bridge.<br> 2. OVN - you want to use OVN on this system. For this you<br> have to<br> install<br> OVN on your hosts. This should create the br-int bridge,<br> which are<br> then used by the OVN provider. This br-int bridge<br> must be<br> configured<br> to connect to other hosts using the geneve tunnels.<br> <br> In both cases the systems will not be aware of any bridges you<br> create.<br> They need a nic (be it physical or virtual) to connect to other<br> system.<br> Usually this is the physical nic. In your case you decided<br> to put<br> a bridge<br> on the physical nic, and give oVirt a virtual nic attached<br> to this<br> bridge.<br> This works, but keep in mind that the bridge you have<br> introduced<br> is outside<br> of oVirt's (and OVN) control (and as such is not supported).<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> What is the purpose of<br> adding my bridges to Ovirt through the external provider and<br> configure<br> them on my VM<br> </blockquote> I am not quite sure I understand.<br> The external provider (OVN provider to be specific), does<br> not add<br> any<br> bridges<br> to the system. It is using the br-int bridge created by OVN.<br> The<br> networks<br> created by the OVN provider are purely logical entities,<br> implemented using<br> the OVN br-int bridge.<br> <br> Marcin<br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Friday, December 30, 2016 12:15:43 PM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory<br> ovirtmgmt<br> network<br> <br> Hi<br> That is the logic I quite don't understand. What is the<br> purpose of<br> adding my bridges to Ovirt through the external provider and<br> configure<br> them on my VM if you are disregarding that and using br-int<br> anyway?<br> <br> /Sverker<br> <br> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Sverker,<br> <br> br-int is the integration bridge created by default in<br> OVN. This<br> is the<br> bridge we use for the OVN provider. As OVN is required to be<br> installed,<br> we assume that this bridge is present.<br> Using any other ovs bridge is not supported, and will require<br> custom code<br> changes (such as the ones you created).<br> <br> The proper setup in your case would probably be to create<br> br-int<br> and<br> connect<br> this to your ovirtbridge, although I don't know the<br> details of<br> your env,<br> so<br> this is just my best guess.<br> <br> Marcin<br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>>, "Numan Siddique"<br> <<a moz-do-not-send="true" href="mailto:nusiddiq@redhat.com" target="_blank">nusiddiq@redhat.com</a>><br> Sent: Friday, December 30, 2016 1:14:50 AM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory<br> ovirtmgmt<br> network<br> <br> Even better, if the value is not hardcoded then the<br> configured<br> value is<br> used. Might be that I'm missunderstanding something but<br> this is<br> the<br> behaviour I expected instead of that it is using br-int.<br> <br> Attached is a patch which properly sets up the xml, in case<br> there is<br> already a virtual port there + testcode of some variants<br> <br> /Sverker<br> <br> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> When I change<br> /usr/libexec/vdsm/hooks/before<wbr>_device_create/ovirt_provider_<wbr>ovn_hook<br> <br> <br> to instead of hardcoded to br-int use BRIDGE_NAME =<br> 'ovirtbridge' then<br> I get the expected behaviour and I get a working network<br> connectivity<br> in my VM with IP provided by dhcp.<br> <br> /Sverker<br> <br> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> By default the vNic profile of my OVN bridge<br> ovirtbridge gets a<br> Network filter named vdsm-no-mac-spoofing. If I instead<br> set<br> No filter<br> then I don't get those ebtables / iptables messages. It<br> seems<br> that<br> there is some issue between ovirt/vdsm and firewalld,<br> which<br> we can<br> put to the side for now.<br> <br> It is not clear for me why the port is added on br-int<br> instead of the<br> bridge I've assigned to the VM, which is ovirtbridge??<br> <br> /Sverker<br> <br> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> The specific command most likely fails because there<br> is no<br> chain<br> named libvirt-J-vnet0, but when should that have been<br> created?<br> /Sverker<br> <br> -------- Vidarebefordrat meddelande --------<br> Ämne: Re: [ovirt-users] Issue with OVN/OVS and<br> mandatory<br> ovirtmgmt<br> network<br> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST)<br> Från: Marcin Mirecki<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Till: Sverker Abrahamsson<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamsso<wbr>n.com</a>><br> Kopia: Ovirt Users<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>>, Lance Richardson<br> <<a moz-do-not-send="true" href="mailto:lrichard@redhat.com" target="_blank">lrichard@redhat.com</a>>, Numan<br> Siddique<<a moz-do-not-send="true" href="mailto:nusiddiq@redhat.com" target="_blank">nusiddiq@redhat.com</a>><br> <br> <br> <br> Let me add the OVN team.<br> <br> Lance, Numan,<br> <br> Can you please look at this?<br> <br> Trying to plug a vNIC results in:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Dec 28 23:31:35 h2 ovs-vsctl:<br> ovs|00001|vsctl|INFO|Called as<br> ovs-vsctl<br> --timeout=5 -- --if-exists del-port vnet0 --<br> add-port<br> br-int<br> vnet0 --<br> set Interface vnet0<br> "external-ids:attached-mac=\"0<wbr>0:1a:4a:16:01:51\""<br> -- set Interface vnet0<br> "external-ids:iface-id=\"e8853<wbr>aac-8a75-41b0-8010-e630017dcdd<wbr>8\""<br> <br> <br> --<br> set Interface vnet0<br> "external-ids:vm-id=\"b9440d60<wbr>-ef5a-4e2b-83cf-081df7c09e6f\"<wbr>"<br> <br> <br> --<br> set<br> Interface vnet0 external-ids:iface-status=acti<wbr>ve<br> Dec 28 23:31:35 h2 kernel: device vnet0 entered<br> promiscuous<br> mode<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> '/usr/sbin/ebtables --concurrent -t nat -D<br> PREROUTING<br> -i vnet0<br> -j<br> libvirt-J-vnet0' failed:<br> Dec 28 23:31:35 h2 firewalld: WARNING:<br> COMMAND_FAILED:<br> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> More details below<br> <br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Thursday, December 29, 2016 1:42:11 PM<br> Subject: Re: [ovirt-users] Issue with OVN/OVS and<br> mandatory<br> ovirtmgmt<br> network<br> <br> Hi<br> Same problem still..<br> /Sverker<br> <br> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi,<br> <br> The tunnels are created to connect multiple OVN<br> controllers.<br> If there is only one, there is no need for the<br> tunnels, so<br> none<br> will be created, this is the correct behavior.<br> <br> Does the problem still occur after setting<br> configuring the<br> OVN-controller?<br> <br> Marcin<br> <br> ----- Original Message -----<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Sverker Abrahamsson"<<a moz-do-not-send="true" href="mailto:sverker@abrahamsson.com" target="_blank">sverker@abrahamss<wbr>on.com</a>><br> To: "Marcin Mirecki"<<a moz-do-not-send="true" href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>><br> Cc: "Ovirt Users"<<a moz-do-not-send="true" href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>><br> Sent: Thursday, December 29, 2016 11:44:32 AM<br> Subject: Re: [ovirt-users] Iss</blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> </div> </div> </blockquote> </div> </div> </div> ...<br> <br> [Message clipped] <br> ______________________________<wbr>_________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br> <br> </blockquote> </div> <br> </div> </blockquote> <br> </body> </html> --------------C953300A9FB23B4FF27414D7--
It's visible now. I'll try to review it asap. On Wed, Jan 18, 2017 at 11:07 AM, Sverker Abrahamsson < sverker@abrahamsson.com> wrote:
Ok, thank you. Done that now /Sverker Den 2017-01-18 kl. 10:14, skrev Fred Rolland:
Go to https://gerrit.ovirt.org/70588 and click on the publish button. Drafts are not visible to everybody. Or you can push to master directly.
On Tue, Jan 17, 2017 at 7:39 PM, Sverker Abrahamsson < sverker@abrahamsson.com> wrote:
I still had the window open where I did that step. This is how it looked like:
[root@h2 ovirt-provider-ovn]# git push origin HEAD:refs/drafts/master Counting objects: 9, done. Delta compression using up to 8 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (6/6), 1.79 KiB | 0 bytes/s, done. Total 6 (delta 2), reused 0 (delta 0) remote: Resolving deltas: 100% (2/2) remote: Processing changes: new: 1, refs: 1, done remote: (W) 16d5be4: commit subject >65 characters; use shorter first paragraph remote: remote: New Changes: remote: https://gerrit.ovirt.org/70588 Properly handle to set id when interface already has a virtualport element ... [DRAFT] remote: To gerrit.ovirt.org:ovirt-provider-ovn * [new branch] HEAD -> refs/drafts/master
I see the difference is that I pushed to HEAD:refs/drafts/master as instructed at http://www.ovirt.org/develop/d ev-process/working-with-gerrit/
Should I push it to HEAD:refs/for/master instead?
/Sverker Den 2017-01-17 kl. 12:09, skrev Marcin Mirecki:
Sverker, I can see you as a user in gerrit (sverker@abrahamsson.com), but there are no patches for your name. Please check for any errors after you issue: git push gerrit.ovirt.org:ovirt-provider-ovn HEAD:refs/for/master
Also, please let me know if you need any other help on with gerrit.
On Mon, Jan 16, 2017 at 8:49 PM, Sverker Abrahamsson < sverker@abrahamsson.com> wrote:
I've followed the instructions to best effort, so hopefully it's right..
Den 2017-01-13 kl. 10:31, skrev Marcin Mirecki:
Please push the patch into: https://gerrit.ovirt.org/ovirt-provider-ovn (let me know if you need some directions)
----- Original Message -----
From: "Sverker Abrahamsson" <sverker@abrahamsson.com> To: "Marcin Mirecki" <mmirecki@redhat.com> Cc: "Ovirt Users" <users@ovirt.org> Sent: Monday, January 9, 2017 1:45:37 PM Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory ovirtmgmt network
Ok, found it. The issue is right here:
<interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface>
There are two elements for virtualport, the first without id and the second with. On h2 I had fixed this which was the patch I posted earlier although I switched back to use br-int after understanding that was the correct way. When that hook was copied to h1 the port gets attached fine.
Patch with updated testcase attached.
/Sverker
Den 2017-01-09 kl. 10:41, skrev Sverker Abrahamsson:
This is the content of vdsm.log on h1 at this time:
2017-01-06 20:54:12,636 INFO (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC call VM.create succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') VM wrapper has started (vm:1901) 2017-01-06 20:54:12,636 INFO (vm/6dd5291e) [vds] prepared volume path: /rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_export s_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/11111111-1 111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso (clientIF:374) 2017-01-06 20:54:12,743 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,847 INFO (vm/6dd5291e) [root] (hooks:108) 2017-01-06 20:54:12,863 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') <?xml version='1.0' encoding='UTF-8'?> <domain xmlns:ovirt="http://ovirt.org/vm/tune/1.0" type="kvm"> <name>CentOS7_3</name> <uuid>6dd5291e-6556-4d29-8b4e-ea896e627645</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <maxMemory slots="16">4294967296</maxMemory> <vcpu current="1">16</vcpu> <devices> <channel type="unix"> <target name="com.redhat.rhevm.vdsm" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e -ea896e627645.com.redhat.rhevm.vdsm" /> </channel> <channel type="unix"> <target name="org.qemu.guest_agent.0" type="virtio" /> <source mode="bind" path="/var/lib/libvirt/qemu/channels/6dd5291e-6556-4d29-8b4e -ea896e627645.org.qemu.guest_agent.0" /> </channel> <input bus="ps2" type="mouse" /> <memballoon model="virtio" /> <controller index="0" model="virtio-scsi" type="scsi" /> <controller index="0" ports="16" type="virtio-serial" /> <video> <model heads="1" ram="65536" type="qxl" vgamem="16384" vram="32768" /> </video> <graphics autoport="yes" defaultMode="secure" passwd="*****" passwdValidTo="1970-01-01T00:00:01" port="-1" tlsPort="-1" type="spice"> <channel mode="secure" name="main" /> <channel mode="secure" name="inputs" /> <channel mode="secure" name="cursor" /> <channel mode="secure" name="playback" /> <channel mode="secure" name="record" /> <channel mode="secure" name="display" /> <channel mode="secure" name="smartcard" /> <channel mode="secure" name="usbredir" /> <listen network="vdsm-ovirtmgmt" type="network" /> </graphics> <interface type="bridge"> <mac address="00:1a:4a:16:01:54" /> <model type="virtio" /> <source bridge="br-int" /> <virtualport type="openvswitch" /> <link state="up" /> <boot order="2" /> <bandwidth /> <virtualport type="openvswitch"> <parameters interfaceid="912cba79-982e-4a87-868e-241fedccb59a" /> </virtualport> </interface> <disk device="cdrom" snapshot="no" type="file"> <source file="/rhev/data-center/mnt/h2-int.limetransit.com:_var_lib_ exports_iso/1d49c4bc-0fec-4503-a583-d476fa3a370d/images/1111 1111-1111-1111-1111-111111111111/CentOS-7-x86_64-NetInstall-1611.iso" startupPolicy="optional" /> <target bus="ide" dev="hdc" /> <readonly /> <boot order="1" /> </disk> <channel type="spicevmc"> <target name="com.redhat.spice.0" type="virtio" /> </channel> </devices> <metadata> <ovirt:qos /> </metadata> <os> <type arch="x86_64" machine="pc-i440fx-rhel7.2.0">hvm</type> <smbios mode="sysinfo" /> <bootmenu enable="yes" timeout="10000" /> </os> <sysinfo type="smbios"> <system> <entry name="manufacturer">oVirt</entry> <entry name="product">oVirt Node</entry> <entry name="version">7-3.1611.el7.centos</entry> <entry name="serial">62f1adff-b29e-4a7c-abba-c2c4c73248c6</entry> <entry name="uuid">6dd5291e-6556-4d29-8b4e-ea896e627645</entry> </system> </sysinfo> <clock adjustment="0" offset="variable"> <timer name="rtc" tickpolicy="catchup" /> <timer name="pit" tickpolicy="delay" /> <timer name="hpet" present="no" /> </clock> <features> <acpi /> </features> <cpu match="exact"> <model>SandyBridge</model> <topology cores="1" sockets="16" threads="1" /> <numa> <cell cpus="0" memory="1048576" /> </numa> </cpu> </domain> (vm:1988) 2017-01-06 20:54:13,046 INFO (libvirt/events) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: onResume (vm:4863) 2017-01-06 20:54:13,058 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') Starting connection (guestagent:245) 2017-01-06 20:54:13,060 INFO (vm/6dd5291e) [virt.vm] (vmId='6dd5291e-6556-4d29-8b4e-ea896e627645') CPU running: domain initialization (vm:4863) 2017-01-06 20:54:15,154 INFO (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC call Host.getVMFullList succeeded in 0.01 seconds (__init__:515) 2017-01-06 20:54:17,571 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize(sdUUID=u'2ee54fb8-48f2-4576-8cff-f2346504b08b' , spUUID=u'584ebd64-0268-0193-025b-00000000038e', imgUUID=u'5a3aae57-ffe0-4a3b-aa87-8461669db7f9', volUUID=u'b6a88789-fcb1-4d3e-911b-2a4d3b6c69c7', options=None) (logUtils:49) 2017-01-06 20:54:17,573 INFO (periodic/2) [dispatcher] Run and protect: getVolumeSize, Return response: {'truesize': '1859723264', 'apparentsize': '21474836480'} (logUtils:52) 2017-01-06 20:54:21,211 INFO (periodic/2) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:21,212 INFO (periodic/2) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '1.4', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '1.4', 'valid': True}} (logUtils:52) 2017-01-06 20:54:23,543 INFO (jsonrpc/2) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmStats succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:23,641 INFO (jsonrpc/1) [jsonrpc.JsonRpcServer] RPC call Host.getAllVmIoTunePolicies succeeded in 0.00 seconds (__init__:515) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats(options=None) (logUtils:49) 2017-01-06 20:54:24,918 INFO (jsonrpc/0) [dispatcher] Run and protect: repoStats, Return response: {u'2ee54fb8-48f2-4576-8cff-f2346504b08b': {'code': 0, 'actual': True, 'version': 3, 'acquired': True, 'delay': '0.000936552', 'lastCheck': '5.1', 'valid': True}, u'1d49c4bc-0fec-4503-a583-d476fa3a370d': {'code': 0, 'actual': True, 'version': 0, 'acquired': True, 'delay': '0.000960248', 'lastCheck': '2.1', 'valid': True}} (logUtils:52) 2017-01-06 20:54:24,924 INFO (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC call Host.getStats succeeded in 0.01 seconds (__init__:515)
Vdsm and the OVN driver must have been called as the port IS created, but with the wrong id. I don't find the faulty id in vdsm.log neither, the xml above have the correct id. /Sverker
Den 2017-01-09 kl. 10:06, skrev Marcin Mirecki:
> The port is set up on the host by the ovirt-provider-ovn-driver. > The driver is invoked by the vdsm hook whenever any operation on > the port is done. > Please ensure that this is installed properly. > You can check the vdsm log (/var/log/vdsm/vdsm.log) to see if the > hook was executed properly. > > > ----- Original Message ----- > >> From: "Sverker Abrahamsson" <sverker@abrahamsson.com> >> To: "Marcin Mirecki" <mmirecki@redhat.com> >> Cc: "Ovirt Users" <users@ovirt.org> >> Sent: Friday, January 6, 2017 9:00:26 PM >> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >> ovirtmgmt network >> >> I created a new VM in the ui and assigned it to host h1. In >> /var/log/ovirt-provider-ovn.log I get the following: >> >> 2017-01-06 20:54:11,940 Request: GET : /v2.0/ports >> 2017-01-06 20:54:11,940 Connecting to remote ovn database: >> tcp:127.0.0.1:6641 >> 2017-01-06 20:54:12,157 Connected (number of retries: 2) >> 2017-01-06 20:54:12,158 Response code: 200 >> 2017-01-06 20:54:12,158 Response body: {"ports": [{"name": >> "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": >> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", >> "mac_address": "00:1a:4a:16:01:51", "id": >> "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": >> "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": >> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": >> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", >> "mac_address": "00:1a:4a:16:01:52", "id": >> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": >> "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} >> 2017-01-06 20:54:12,160 Request: SHOW : >> /v2.0/networks/e53554cf-e553-40a1-8d22-9c8d95ec0601 >> 2017-01-06 20:54:12,160 Connecting to remote ovn database: >> tcp:127.0.0.1:6641 >> 2017-01-06 20:54:12,377 Connected (number of retries: 2) >> 2017-01-06 20:54:12,378 Response code: 200 >> 2017-01-06 20:54:12,378 Response body: {"network": {"id": >> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "name": "ovirtbridge"}} >> 2017-01-06 20:54:12,380 Request: POST : /v2.0/ports >> 2017-01-06 20:54:12,380 Request body: >> { >> "port" : { >> "name" : "nic1", >> "binding:host_id" : "h1.limetransit.com", >> "admin_state_up" : true, >> "device_id" : "e8553a88-05f0-401d-8b9b-5fff77f7bbbe", >> "device_owner" : "oVirt", >> "mac_address" : "00:1a:4a:16:01:54", >> "network_id" : "e53554cf-e553-40a1-8d22-9c8d95ec0601" >> } >> } >> 2017-01-06 20:54:12,380 Connecting to remote ovn database: >> tcp:127.0.0.1:6641 >> 2017-01-06 20:54:12,610 Connected (number of retries: 2) >> 2017-01-06 20:54:12,614 Response code: 200 >> 2017-01-06 20:54:12,614 Response body: {"port": {"name": >> "912cba79-982e-4a87-868e-241fedccb59a", "network_id": >> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", >> "mac_address": "00:1a:4a:16:01:54", "id": >> "912cba79-982e-4a87-868e-241fedccb59a", "device_id": >> "e8553a88-05f0-401d-8b9b-5fff77f7bbbe"}} >> >> h1:/var/log/messages >> Jan 6 20:54:12 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >> ovs-vsctl >> --timeout=5 -- --if-exists del-port vnet1 -- add-port br-int vnet1 >> -- >> set Interface vnet1 >> "external-ids:attached-mac=\"00:1a:4a:16:01:54\"" -- >> set Interface vnet1 >> "external-ids:iface-id=\"20388407-0f76-41d8-97aa-8e2b5978f908\"" >> -- set >> Interface vnet1 >> "external-ids:vm-id=\"6dd5291e-6556-4d29-8b4e-ea896e627645\"" -- >> set >> Interface vnet1 external-ids:iface-status=active >> >> [root@h2 ~]# ovn-nbctl show >> switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) >> port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 >> addresses: ["00:1a:4a:16:01:51"] >> port 912cba79-982e-4a87-868e-241fedccb59a >> addresses: ["00:1a:4a:16:01:54"] >> port 92f6d3c8-68b3-4986-9c09-60bee04644b5 >> addresses: ["00:1a:4a:16:01:52"] >> port ovirtbridge-port2 >> addresses: ["unknown"] >> port ovirtbridge-port1 >> addresses: ["unknown"] >> [root@h2 ~]# ovn-sbctl show >> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >> hostname: "h2.limetransit.com" >> Encap geneve >> ip: "148.251.126.50" >> options: {csum="true"} >> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >> Port_Binding "ovirtbridge-port1" >> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >> hostname: "h1.limetransit.com" >> Encap geneve >> ip: "144.76.84.73" >> options: {csum="true"} >> Port_Binding "ovirtbridge-port2" >> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" >> >> I.e. same issue >> /Sverker >> >> Den 2017-01-06 kl. 20:49, skrev Sverker Abrahamsson: >> >>> The port is created from Ovirt UI, the ovs-vsctl command below is >>> executed when VM is started. In /var/log/ovirt-provider-ovn.log >>> on h2 >>> I get the following: >>> >>> 2017-01-06 20:19:25,452 Request: GET : /v2.0/ports >>> 2017-01-06 20:19:25,452 Connecting to remote ovn database: >>> tcp:127.0.0.1:6641 >>> 2017-01-06 20:19:25,670 Connected (number of retries: 2) >>> 2017-01-06 20:19:25,670 Response code: 200 >>> 2017-01-06 20:19:25,670 Response body: {"ports": [{"name": >>> "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "network_id": >>> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", >>> "mac_address": "00:1a:4a:16:01:51", "id": >>> "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873", "device_id": >>> "40cd7328-d575-4c3d-b656-9ef9bacc0078"}, {"name": >>> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": >>> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", >>> "mac_address": "00:1a:4a:16:01:52", "id": >>> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": >>> "4baefa8c-3822-4de0-9cd0-1d025bab7844"}]} >>> 2017-01-06 20:19:25,673 Request: PUT : >>> /v2.0/ports/92f6d3c8-68b3-4986-9c09-60bee04644b5 >>> 2017-01-06 20:19:25,673 Request body: >>> { >>> "port" : { >>> "binding:host_id" : "h1.limetransit.com", >>> "security_groups" : null >>> } >>> } >>> 2017-01-06 20:19:25,673 Connecting to remote ovn database: >>> tcp:127.0.0.1:6641 >>> 2017-01-06 20:19:25,890 Connected (number of retries: 2) >>> 2017-01-06 20:19:25,891 Response code: 200 >>> 2017-01-06 20:19:25,891 Response body: {"port": {"name": >>> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "network_id": >>> "e53554cf-e553-40a1-8d22-9c8d95ec0601", "device_owner": "oVirt", >>> "mac_address": "00:1a:4a:16:01:52", "id": >>> "92f6d3c8-68b3-4986-9c09-60bee04644b5", "device_id": >>> "4baefa8c-3822-4de0-9cd0-1d025bab7844"}} >>> >>> In /var/log/messages on h1 I get the following: >>> >>> Jan 6 20:18:56 h1 dbus-daemon: dbus[1339]: [system] Successfully >>> activated service 'org.freedesktop.problems' >>> Jan 6 20:19:26 h1 ovs-vsctl: ovs|00001|vsctl|INFO|Called as >>> ovs-vsctl >>> --timeout=5 -- --if-exists del-port vnet0 -- add-port br-int vnet0 >>> -- >>> set Interface vnet0 "external-ids:attached-mac=\"0 >>> 0:1a:4a:16:01:52\"" >>> -- set Interface vnet0 >>> "external-ids:iface-id=\"72dafda5-03c2-4bb6-bcb6-241fa5c0a1f3\"" >>> -- >>> set Interface vnet0 >>> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" -- >>> set >>> Interface vnet0 external-ids:iface-status=active >>> Jan 6 20:19:26 h1 kernel: device vnet0 entered promiscuous mode >>> Jan 6 20:19:26 h1 avahi-daemon[1391]: Registering new address >>> record >>> for fe80::fc1a:4aff:fe16:152 on vnet0.*. >>> Jan 6 20:19:26 h1 systemd-machined: New machine qemu-4-CentOS72. >>> Jan 6 20:19:26 h1 systemd: Started Virtual Machine >>> qemu-4-CentOS72. >>> Jan 6 20:19:26 h1 systemd: Starting Virtual Machine >>> qemu-4-CentOS72. >>> >>> [root@h2 ~]# ovn-nbctl show >>> switch e53554cf-e553-40a1-8d22-9c8d95ec0601 (ovirtbridge) >>> port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 >>> addresses: ["00:1a:4a:16:01:51"] >>> port 92f6d3c8-68b3-4986-9c09-60bee04644b5 >>> addresses: ["00:1a:4a:16:01:52"] >>> port ovirtbridge-port2 >>> addresses: ["unknown"] >>> port ovirtbridge-port1 >>> addresses: ["unknown"] >>> [root@h2 ~]# ovn-sbctl show >>> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >>> hostname: "h2.limetransit.com" >>> Encap geneve >>> ip: "148.251.126.50" >>> options: {csum="true"} >>> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >>> Port_Binding "ovirtbridge-port1" >>> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >>> hostname: "h1.limetransit.com" >>> Encap geneve >>> ip: "144.76.84.73" >>> options: {csum="true"} >>> Port_Binding "ovirtbridge-port2" >>> >>> I.e. the port is set up with the wrong ID and not attached to OVN. >>> >>> If I correct external-ids:iface-id like this: >>> [root@h1 ~]# ovs-vsctl set Interface vnet0 >>> "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" >>> >>> then sb is correct: >>> [root@h2 ~]# ovn-sbctl show >>> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >>> hostname: "h2.limetransit.com" >>> Encap geneve >>> ip: "148.251.126.50" >>> options: {csum="true"} >>> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >>> Port_Binding "ovirtbridge-port1" >>> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >>> hostname: "h1.limetransit.com" >>> Encap geneve >>> ip: "144.76.84.73" >>> options: {csum="true"} >>> Port_Binding "ovirtbridge-port2" >>> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" >>> >>> I don't know from where the ID 72dafda5-03c2-4bb6-bcb6-241fa5 >>> c0a1f3 >>> comes from, doesn't show in any log other than /var/log/messages. >>> >>> If I do the same exercise on the same host as engine is running on >>> then the port for the VM gets the right id and is working from >>> beginning. >>> /Sverker >>> >>> Den 2017-01-03 kl. 10:23, skrev Marcin Mirecki: >>> >>>> How did you create this port? >>>> From the oVirt engine UI? >>>> The OVN provider creates the port when you add the port in the >>>> engine UI, >>>> it is then plugged into the ovs bridge by the VIF driver. >>>> Please attach /var/log/ovirt-provider-ovn.log >>>> >>>> >>>> >>>> ----- Original Message ----- >>>> >>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>> Sent: Tuesday, January 3, 2017 2:06:22 AM >>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>> ovirtmgmt >>>>> network >>>>> >>>>> Found an issue with Ovirt - OVN integration. >>>>> >>>>> Engine and OVN central db running on host h2. Created VM to run >>>>> on host >>>>> h1, which is started. Ovn db state: >>>>> >>>>> [root@h2 env3]# ovn-nbctl show >>>>> switch e53554cf-e553-40a1-8d22-9c8d95ec0601 >>>>> (ovirtbridge) >>>>> port 4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873 >>>>> addresses: ["00:1a:4a:16:01:51"] >>>>> port 92f6d3c8-68b3-4986-9c09-60bee04644b5 >>>>> addresses: ["00:1a:4a:16:01:52"] >>>>> port ovirtbridge-port2 >>>>> addresses: ["unknown"] >>>>> port ovirtbridge-port1 >>>>> addresses: ["unknown"] >>>>> [root@h2 env3]# ovn-sbctl show >>>>> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >>>>> hostname: "h2.limetransit.com" >>>>> Encap geneve >>>>> ip: "148.251.126.50" >>>>> options: {csum="true"} >>>>> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >>>>> Port_Binding "ovirtbridge-port1" >>>>> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >>>>> hostname: "h1.limetransit.com" >>>>> Encap geneve >>>>> ip: "144.76.84.73" >>>>> options: {csum="true"} >>>>> Port_Binding "ovirtbridge-port2" >>>>> >>>>> Port 92f6d3c8-68b3-4986-9c09-60bee04644b5 is for the new VM >>>>> which is >>>>> started on h1, but it is not assigned to that chassis. The >>>>> reason is >>>>> that on h1 the port on br-int is created like this: >>>>> >>>>> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>> br-int >>>>> vnet0 -- set Interface vnet0 >>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set >>>>> Interface vnet0 >>>>> "external-ids:iface-id=\"35bcbe31-2c7e-4d97-add9-ce150eeb2f11\"" >>>>> -- set >>>>> Interface vnet0 >>>>> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" >>>>> -- set >>>>> Interface vnet0 external-ids:iface-status=active >>>>> >>>>> I.e. the extrernal id of interface is wrong. When I manually >>>>> change to >>>>> the right id like this the port works fine: >>>>> >>>>> ovs-vsctl --timeout=5 -- --if-exists del-port vnet0 -- add-port >>>>> br-int >>>>> vnet0 -- set Interface vnet0 >>>>> "external-ids:attached-mac=\"00:1a:4a:16:01:52\"" -- set >>>>> Interface vnet0 >>>>> "external-ids:iface-id=\"92f6d3c8-68b3-4986-9c09-60bee04644b5\"" >>>>> -- set >>>>> Interface vnet0 >>>>> "external-ids:vm-id=\"4d0c134a-11a0-40f4-b2fb-c13c17c7251c\"" >>>>> -- set >>>>> Interface vnet0 external-ids:iface-status=active >>>>> >>>>> sb db after correcting the port: >>>>> >>>>> Chassis "6e4dd29f-7607-48d7-8e5a-eef4c6aeefb5" >>>>> hostname: "h2.limetransit.com" >>>>> Encap geneve >>>>> ip: "148.251.126.50" >>>>> options: {csum="true"} >>>>> Port_Binding "4981ee5f-6e15-4bd5-a1cf-7ead9bdd5873" >>>>> Port_Binding "ovirtbridge-port1" >>>>> Chassis "4f10fb04-8fb2-48d7-8a3f-ea6444c02cf9" >>>>> hostname: "h1.limetransit.com" >>>>> Encap geneve >>>>> ip: "144.76.84.73" >>>>> options: {csum="true"} >>>>> Port_Binding "ovirtbridge-port2" >>>>> Port_Binding "92f6d3c8-68b3-4986-9c09-60bee04644b5" >>>>> >>>>> I don't know from where the faulty id comes from, it's not in any >>>>> logs. >>>>> In the domain xml as printed in vdsm.log the id is correct: >>>>> >>>>> <interface type="bridge"> >>>>> <mac address="00:1a:4a:16:01:52" /> >>>>> <model type="virtio" /> >>>>> <source bridge="br-int" /> >>>>> <virtualport type="openvswitch" /> >>>>> <link state="up" /> >>>>> <boot order="2" /> >>>>> <bandwidth /> >>>>> <virtualport type="openvswitch"> >>>>> <parameters >>>>> interfaceid="92f6d3c8-68b3-4986-9c09-60bee04644b5" /> >>>>> </virtualport> >>>>> </interface> >>>>> >>>>> Where is the ovs-vsctl command line built for this call? >>>>> >>>>> /Sverker >>>>> >>>>> >>>>> Den 2017-01-02 kl. 13:40, skrev Sverker Abrahamsson: >>>>> >>>>>> Got it to work now by following the env8 example in OVN >>>>>> tutorial, >>>>>> where a port is added with type l2gateway. Not sure how that is >>>>>> different from the localnet variant, but didn't suceed in >>>>>> getting that >>>>>> one working. Now I'm able to ping and telnet over the tunnel, >>>>>> but not >>>>>> ssh even when the port is answering on telnet. Neither does nfs >>>>>> traffic work even though mount did. Suspecting MTU issue. I did >>>>>> notice >>>>>> that ovn-controller starts too early, before network interfaces >>>>>> are >>>>>> established and hence can't reach the db. As these is a purely >>>>>> OVS/OVN >>>>>> issue I'll ask about it on their mailing list. >>>>>> >>>>>> Getting back to the original issue with Ovirt, I've now added >>>>>> the >>>>>> second host h1 to ovirt-engine. Had to do the same as with h2 to >>>>>> create a dummy ovirtmgmt network but configured access via the >>>>>> public >>>>>> IP. My firewall settings was replaced with iptables config and >>>>>> vdsm.conf was overwritten when engine was set up, so those had >>>>>> to be >>>>>> manually restored. It would be preferable if it would be >>>>>> possible to >>>>>> configure ovirt-engine that it does not "own" the host and >>>>>> instead >>>>>> comply with the settings it has instead of enforcing it's own >>>>>> view.. >>>>>> >>>>>> Apart from that it seems the second host works, although I need >>>>>> to >>>>>> resolve the traffic issue over the OVS tunnel. >>>>>> /Sverker >>>>>> >>>>>> Den 2017-01-02 kl. 01:13, skrev Sverker Abrahamsson: >>>>>> >>>>>>> 1. That is not possible as ovirt (or vdsm) will rewrite the >>>>>>> network >>>>>>> configuration to a non-working state. That is why I've set that >>>>>>> if as >>>>>>> hidden to vdsm and is why I'm keen on getting OVS/OVN to work >>>>>>> >>>>>>> 2. I've been reading the doc for OVN and starting to connect >>>>>>> the >>>>>>> dots, which is not trivial as it is complex. Some insights >>>>>>> reached: >>>>>>> >>>>>>> First step is the OVN database, installed by >>>>>>> openvswitch-ovn-central, >>>>>>> which I currently have running on h2 host. The 'ovn-nbctl' and >>>>>>> 'ovn-sbctl' commands are only possible to execute on a database >>>>>>> node. >>>>>>> Two ip's are given to 'vdsm-tool ovn-config <ip to database> >>>>>>> <tunnel >>>>>>> ip>' as arguments, where <ip to database> is how this OVN node >>>>>>> reaches the database and <tunnel ip> is the ip to which other >>>>>>> OVN >>>>>>> nodes sets up a tunnel to this node. I.e. it is not for >>>>>>> creating a >>>>>>> tunnel to the database which I thought first from the >>>>>>> description in >>>>>>> blog post. >>>>>>> >>>>>>> The tunnel between OVN nodes is of type geneve which is a UDP >>>>>>> based >>>>>>> protocol but I have not been able to find anywhere which port >>>>>>> is used >>>>>>> so that I can open it in firewalld. I have added OVN on another >>>>>>> host, >>>>>>> called h1, and connected it to the db. I see there is traffic >>>>>>> to the >>>>>>> db port, but I don't see any geneve traffic between the nodes. >>>>>>> >>>>>>> Ovirt is now able to create it's vnet0 interface on the br-int >>>>>>> ovs >>>>>>> bridge, but then I run into the next issue. How do I create a >>>>>>> connection from the logical switch to the physical host? I need >>>>>>> that >>>>>>> to a) get a connection out to the internet through a >>>>>>> masqueraded if >>>>>>> or ipv6 and b) be able to run a dhcp server to give ip's to the >>>>>>> VM's. >>>>>>> >>>>>>> /Sverker >>>>>>> >>>>>>> Den 2016-12-30 kl. 18:05, skrev Marcin Mirecki: >>>>>>> >>>>>>>> 1. Why not use your physical nic for ovirtmgmt then? >>>>>>>> >>>>>>>> 2. "ovn-nbctl ls-add" does not add a bridge, but a logical >>>>>>>> switch. >>>>>>>> br-int is an internal OVN implementation detail, which >>>>>>>> the user >>>>>>>> should not care about. What you see in the ovirt UI are >>>>>>>> logical >>>>>>>> networks. They are implemented as OVN logical switches >>>>>>>> in case >>>>>>>> of the OVN provider. >>>>>>>> >>>>>>>> Please look at: >>>>>>>> http://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ >>>>>>>> You can get the latest rpms from here: >>>>>>>> http://resources.ovirt.org/repos/ovirt/experimental/master/o >>>>>>>> virt-provider-ovn_fc24_46/rpm/fc24/noarch/ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>> >>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>> Sent: Friday, December 30, 2016 4:25:58 PM >>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>> ovirtmgmt network >>>>>>>>> >>>>>>>>> 1. No, I did not want to put the ovirtmgmt bridge on my >>>>>>>>> physical >>>>>>>>> nic as >>>>>>>>> it always messed up the network config making the host >>>>>>>>> unreachable. I >>>>>>>>> have put a ovs bridge on this nic which I will use to make >>>>>>>>> tunnels >>>>>>>>> when >>>>>>>>> I add other hosts. Maybe br-int will be used for that >>>>>>>>> instead, will >>>>>>>>> see >>>>>>>>> when I get that far. >>>>>>>>> >>>>>>>>> As it is now I have a dummy if for ovirtmgmt bridge but this >>>>>>>>> will >>>>>>>>> probably not work when I add other hosts as that bridge >>>>>>>>> cannot >>>>>>>>> connect >>>>>>>>> to the other hosts. I'm considering keeping this just as a >>>>>>>>> dummy to >>>>>>>>> keep >>>>>>>>> ovirt engine satisfied while the actual communication will >>>>>>>>> happen >>>>>>>>> over >>>>>>>>> OVN/OVS bridges and tunnels. >>>>>>>>> >>>>>>>>> 2. On >>>>>>>>> https://www.ovirt.org//develop/release-management/features/o >>>>>>>>> virt-ovn-provider/ >>>>>>>>> >>>>>>>>> >>>>>>>>> there is instructions how to add an OVS bridge to OVN with >>>>>>>>> |ovn-nbctl >>>>>>>>> ls-add <network name>|. If you want to use br-int then it >>>>>>>>> makes >>>>>>>>> sense to >>>>>>>>> make that bridge visible in ovirt webui under networks so >>>>>>>>> that it >>>>>>>>> can be >>>>>>>>> selected for VM's. >>>>>>>>> >>>>>>>>> It quite doesn't make sense to me that I can select other >>>>>>>>> network >>>>>>>>> for my >>>>>>>>> VM but then that setting is not used when setting up the >>>>>>>>> network. >>>>>>>>> >>>>>>>>> /Sverker >>>>>>>>> >>>>>>>>> Den 2016-12-30 kl. 15:34, skrev Marcin Mirecki: >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> The OVN provider does not require you to add any bridges >>>>>>>>>> manually. >>>>>>>>>> As I understand we were dealing with two problems: >>>>>>>>>> 1. You only had one physical nic and wanted to put a bridge >>>>>>>>>> on it, >>>>>>>>>> attaching the management network to the bridge. This >>>>>>>>>> was the >>>>>>>>>> reason for >>>>>>>>>> creating the bridge (the recommended setup would be >>>>>>>>>> to used a >>>>>>>>>> separate >>>>>>>>>> physical nic for the management network). This >>>>>>>>>> bridge >>>>>>>>>> has >>>>>>>>>> nothing to >>>>>>>>>> do with the OVN bridge. >>>>>>>>>> 2. OVN - you want to use OVN on this system. For this you >>>>>>>>>> have to >>>>>>>>>> install >>>>>>>>>> OVN on your hosts. This should create the br-int >>>>>>>>>> bridge, >>>>>>>>>> which are >>>>>>>>>> then used by the OVN provider. This br-int bridge >>>>>>>>>> must be >>>>>>>>>> configured >>>>>>>>>> to connect to other hosts using the geneve tunnels. >>>>>>>>>> >>>>>>>>>> In both cases the systems will not be aware of any bridges >>>>>>>>>> you >>>>>>>>>> create. >>>>>>>>>> They need a nic (be it physical or virtual) to connect to >>>>>>>>>> other >>>>>>>>>> system. >>>>>>>>>> Usually this is the physical nic. In your case you decided >>>>>>>>>> to put >>>>>>>>>> a bridge >>>>>>>>>> on the physical nic, and give oVirt a virtual nic attached >>>>>>>>>> to this >>>>>>>>>> bridge. >>>>>>>>>> This works, but keep in mind that the bridge you have >>>>>>>>>> introduced >>>>>>>>>> is outside >>>>>>>>>> of oVirt's (and OVN) control (and as such is not supported). >>>>>>>>>> >>>>>>>>>> What is the purpose of >>>>>>>>>>> adding my bridges to Ovirt through the external provider >>>>>>>>>>> and >>>>>>>>>>> configure >>>>>>>>>>> them on my VM >>>>>>>>>>> >>>>>>>>>> I am not quite sure I understand. >>>>>>>>>> The external provider (OVN provider to be specific), does >>>>>>>>>> not add >>>>>>>>>> any >>>>>>>>>> bridges >>>>>>>>>> to the system. It is using the br-int bridge created by OVN. >>>>>>>>>> The >>>>>>>>>> networks >>>>>>>>>> created by the OVN provider are purely logical entities, >>>>>>>>>> implemented using >>>>>>>>>> the OVN br-int bridge. >>>>>>>>>> >>>>>>>>>> Marcin >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>> >>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>> Sent: Friday, December 30, 2016 12:15:43 PM >>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and mandatory >>>>>>>>>>> ovirtmgmt >>>>>>>>>>> network >>>>>>>>>>> >>>>>>>>>>> Hi >>>>>>>>>>> That is the logic I quite don't understand. What is the >>>>>>>>>>> purpose of >>>>>>>>>>> adding my bridges to Ovirt through the external provider >>>>>>>>>>> and >>>>>>>>>>> configure >>>>>>>>>>> them on my VM if you are disregarding that and using br-int >>>>>>>>>>> anyway? >>>>>>>>>>> >>>>>>>>>>> /Sverker >>>>>>>>>>> >>>>>>>>>>> Den 2016-12-30 kl. 10:53, skrev Marcin Mirecki: >>>>>>>>>>> >>>>>>>>>>>> Sverker, >>>>>>>>>>>> >>>>>>>>>>>> br-int is the integration bridge created by default in >>>>>>>>>>>> OVN. This >>>>>>>>>>>> is the >>>>>>>>>>>> bridge we use for the OVN provider. As OVN is required to >>>>>>>>>>>> be >>>>>>>>>>>> installed, >>>>>>>>>>>> we assume that this bridge is present. >>>>>>>>>>>> Using any other ovs bridge is not supported, and will >>>>>>>>>>>> require >>>>>>>>>>>> custom code >>>>>>>>>>>> changes (such as the ones you created). >>>>>>>>>>>> >>>>>>>>>>>> The proper setup in your case would probably be to create >>>>>>>>>>>> br-int >>>>>>>>>>>> and >>>>>>>>>>>> connect >>>>>>>>>>>> this to your ovirtbridge, although I don't know the >>>>>>>>>>>> details of >>>>>>>>>>>> your env, >>>>>>>>>>>> so >>>>>>>>>>>> this is just my best guess. >>>>>>>>>>>> >>>>>>>>>>>> Marcin >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> >>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org>, "Numan Siddique" >>>>>>>>>>>>> <nusiddiq@redhat.com> >>>>>>>>>>>>> Sent: Friday, December 30, 2016 1:14:50 AM >>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>> mandatory >>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>> network >>>>>>>>>>>>> >>>>>>>>>>>>> Even better, if the value is not hardcoded then the >>>>>>>>>>>>> configured >>>>>>>>>>>>> value is >>>>>>>>>>>>> used. Might be that I'm missunderstanding something but >>>>>>>>>>>>> this is >>>>>>>>>>>>> the >>>>>>>>>>>>> behaviour I expected instead of that it is using br-int. >>>>>>>>>>>>> >>>>>>>>>>>>> Attached is a patch which properly sets up the xml, in >>>>>>>>>>>>> case >>>>>>>>>>>>> there is >>>>>>>>>>>>> already a virtual port there + testcode of some variants >>>>>>>>>>>>> >>>>>>>>>>>>> /Sverker >>>>>>>>>>>>> >>>>>>>>>>>>> Den 2016-12-29 kl. 22:55, skrev Sverker Abrahamsson: >>>>>>>>>>>>> >>>>>>>>>>>>>> When I change >>>>>>>>>>>>>> /usr/libexec/vdsm/hooks/before >>>>>>>>>>>>>> _device_create/ovirt_provider_ovn_hook >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> to instead of hardcoded to br-int use BRIDGE_NAME = >>>>>>>>>>>>>> 'ovirtbridge' then >>>>>>>>>>>>>> I get the expected behaviour and I get a working network >>>>>>>>>>>>>> connectivity >>>>>>>>>>>>>> in my VM with IP provided by dhcp. >>>>>>>>>>>>>> >>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>> >>>>>>>>>>>>>> Den 2016-12-29 kl. 22:07, skrev Sverker Abrahamsson: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> By default the vNic profile of my OVN bridge >>>>>>>>>>>>>>> ovirtbridge gets a >>>>>>>>>>>>>>> Network filter named vdsm-no-mac-spoofing. If I instead >>>>>>>>>>>>>>> set >>>>>>>>>>>>>>> No filter >>>>>>>>>>>>>>> then I don't get those ebtables / iptables messages. It >>>>>>>>>>>>>>> seems >>>>>>>>>>>>>>> that >>>>>>>>>>>>>>> there is some issue between ovirt/vdsm and firewalld, >>>>>>>>>>>>>>> which >>>>>>>>>>>>>>> we can >>>>>>>>>>>>>>> put to the side for now. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> It is not clear for me why the port is added on br-int >>>>>>>>>>>>>>> instead of the >>>>>>>>>>>>>>> bridge I've assigned to the VM, which is ovirtbridge?? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Den 2016-12-29 kl. 14:20, skrev Sverker Abrahamsson: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The specific command most likely fails because there >>>>>>>>>>>>>>>> is no >>>>>>>>>>>>>>>> chain >>>>>>>>>>>>>>>> named libvirt-J-vnet0, but when should that have been >>>>>>>>>>>>>>>> created? >>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -------- Vidarebefordrat meddelande -------- >>>>>>>>>>>>>>>> Ämne: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>> Datum: Thu, 29 Dec 2016 08:06:29 -0500 (EST) >>>>>>>>>>>>>>>> Från: Marcin Mirecki<mmirecki@redhat.com> >>>>>>>>>>>>>>>> Till: Sverker Abrahamsson<sverker@abrahamsson.com >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Kopia: Ovirt Users<users@ovirt.org>, Lance >>>>>>>>>>>>>>>> Richardson >>>>>>>>>>>>>>>> <lrichard@redhat.com>, Numan >>>>>>>>>>>>>>>> Siddique<nusiddiq@redhat.com> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Let me add the OVN team. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Lance, Numan, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Can you please look at this? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Trying to plug a vNIC results in: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 ovs-vsctl: >>>>>>>>>>>>>>>>>>>>>>> ovs|00001|vsctl|INFO|Called as >>>>>>>>>>>>>>>>>>>>>>> ovs-vsctl >>>>>>>>>>>>>>>>>>>>>>> --timeout=5 -- --if-exists del-port vnet0 -- >>>>>>>>>>>>>>>>>>>>>>> add-port >>>>>>>>>>>>>>>>>>>>>>> br-int >>>>>>>>>>>>>>>>>>>>>>> vnet0 -- >>>>>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>>>>> "external-ids:attached-mac=\"0 >>>>>>>>>>>>>>>>>>>>>>> 0:1a:4a:16:01:51\"" >>>>>>>>>>>>>>>>>>>>>>> -- set Interface vnet0 >>>>>>>>>>>>>>>>>>>>>>> "external-ids:iface-id=\"e8853 >>>>>>>>>>>>>>>>>>>>>>> aac-8a75-41b0-8010-e630017dcdd8\"" >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>> set Interface vnet0 >>>>>>>>>>>>>>>>>>>>>>> "external-ids:vm-id=\"b9440d60 >>>>>>>>>>>>>>>>>>>>>>> -ef5a-4e2b-83cf-081df7c09e6f\"" >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>> set >>>>>>>>>>>>>>>>>>>>>>> Interface vnet0 external-ids:iface-status=acti >>>>>>>>>>>>>>>>>>>>>>> ve >>>>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 kernel: device vnet0 entered >>>>>>>>>>>>>>>>>>>>>>> promiscuous >>>>>>>>>>>>>>>>>>>>>>> mode >>>>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>>>> '/usr/sbin/ebtables --concurrent -t nat -D >>>>>>>>>>>>>>>>>>>>>>> PREROUTING >>>>>>>>>>>>>>>>>>>>>>> -i vnet0 >>>>>>>>>>>>>>>>>>>>>>> -j >>>>>>>>>>>>>>>>>>>>>>> libvirt-J-vnet0' failed: >>>>>>>>>>>>>>>>>>>>>>> Dec 28 23:31:35 h2 firewalld: WARNING: >>>>>>>>>>>>>>>>>>>>>>> COMMAND_FAILED: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> More details below >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamsson.com> >>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 1:42:11 PM >>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Issue with OVN/OVS and >>>>>>>>>>>>>>>>> mandatory >>>>>>>>>>>>>>>>> ovirtmgmt >>>>>>>>>>>>>>>>> network >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>> Same problem still.. >>>>>>>>>>>>>>>>> /Sverker >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Den 2016-12-29 kl. 13:34, skrev Marcin Mirecki: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> The tunnels are created to connect multiple OVN >>>>>>>>>>>>>>>>>> controllers. >>>>>>>>>>>>>>>>>> If there is only one, there is no need for the >>>>>>>>>>>>>>>>>> tunnels, so >>>>>>>>>>>>>>>>>> none >>>>>>>>>>>>>>>>>> will be created, this is the correct behavior. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Does the problem still occur after setting >>>>>>>>>>>>>>>>>> configuring the >>>>>>>>>>>>>>>>>> OVN-controller? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Marcin >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> From: "Sverker Abrahamsson"<sverker@abrahamss >>>>>>>>>>>>>>>>>>> on.com> >>>>>>>>>>>>>>>>>>> To: "Marcin Mirecki"<mmirecki@redhat.com> >>>>>>>>>>>>>>>>>>> Cc: "Ovirt Users"<users@ovirt.org> >>>>>>>>>>>>>>>>>>> Sent: Thursday, December 29, 2016 11:44:32 AM >>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Iss >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ...
[Message clipped] _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (6)
-
Edward Haas -
Fred Rolland -
Marcin Mirecki -
Sverker Abrahamsson -
TranceWorldLogic . -
Yaniv Dary