This post is supposed to demonstrate that Neuton DHCP,MetaData,L3 agents (services) && OVS plugin properly configured in RDO IceHouse provide outbound connectivity for cloud instance upon creation without assigning this instance a floating IP.
Namespaces (View also Identifying and Troubleshooting Neutron Namespaces )
For each network you create, the Network node (or Controller node, if combined) will have a unique network namespace (netns) created by the DHCP and Metadata agents. The netns hosts an interface and IP addresses for dnsmasq and the neutron-ns-metadata-proxy. You can view the namespaces with the `ip netns list` command, and can interact with the namespaces with the `ip netns exec
As mentioned in Direct access to Nova metadata
in an environment running Neutron, a request from your instance must traverse a number of steps:
1. From the instance to a router,
2. Through a NAT rule in the router namespace,
3. To an instance of the neutron-ns-metadata-proxy,
4. To the actual Nova metadata service
And all this steps happen independently of presence or absence of floating IP for particular instance
[root@icehouse ~(keystone_admin)]# neutron agent-list
+--------------------------------------+--------------------+----------------------+-------+----------------+
| id | agent_type | host | alive | admin_state_up |
+--------------------------------------+--------------------+----------------------+-------+----------------+
| 54149ed1-52a1-4e93-81f4-fdaad0c5ded7 | DHCP agent | icehouse.localdomain | :-) | True |
| 581d5ef0-a6d3-4d0b-b4a8-4a5fc7ab5e6b | Metadata agent | icehouse.localdomain | :-) | True |
| 80980b97-6343-42cb-a5d8-ebc2298b5c32 | L3 agent | icehouse.localdomain | :-) | True |
| a5b6fe1e-f144-4cb4-882e-09a5660556e4 | Open vSwitch agent | icehouse.localdomain | :-) | True |
+--------------------------------------+--------------------+----------------------+-------+----------------+
Following snapshots demonstrate MetaData requests returning instance-id, local-ipv4, kernel-id and empty value for public-ipv4 on CirrOS and Ubuntu Trusty cloud instances been launched , obtained private IP and successfully
performed cloud-init procedure. However, no one of this instances was assigned floating IP
The easiest sample with CirrOS
Ubuntu VM was launched with password authentication enabled via post-creation script with no ssh keypair upon creation . Like this:-
root@dfw02 ~(keystone_admin)]$ nova boot --flavor 2 --user-data=./myfile.txt
--image <image-id> UbuntuRS0506
where
[root@dfw02 ~(keystone_admin)]$ cat ./myfile.txt
#cloud-config
password: mysecret
chpasswd: { expire: False }
ssh_pwauth: True
Access via corresponding qdhcp-xxxxxxxxx namespace to Ubuntu VM been created.
[root@icehouse ~(keystone_admin)]# neutron net-list
+--------------------------------------+-----------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+-----------+-------------------------------------------------------+
| f7d860e0-06d2-42c1-b889-a3a5a7d3345c | public | f90fb4dd-d7f7-4efb-9aba-36eb478b38b8 192.168.122.0/24 |
| 3183558a-c3ac-4a00-ab9d-4d13297630fe | private | cddf1adc-1e17-4ca1-8ebe-79280fdec160 10.0.0.0/24 |
| a688053e-1619-4722-8075-1ab5dcf90bb5 | private01 | 6c3051d6-e6b9-42e4-97dc-57951b52c809 40.0.0.0/24 |
+--------------------------------------+-----------+-------------------------------------------------------+
[root@icehouse ~(keystone_admin)]# ip netns | grep a688053e-1619-4722-8075-1ab5dcf90bb5
qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5
[root@icehouse ~(keystone_admin)]# ip netns exec qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5 ifconfig
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap868e0cdd-29: flags=67 mtu 1500
inet 40.0.0.11 netmask 255.255.255.0 broadcast 40.0.0.255
inet6 fe80::f816:3eff:fecd:f976 prefixlen 64 scopeid 0x20
ether fa:16:3e:cd:f9:76 txqueuelen 0 (Ethernet)
RX packets 23 bytes 1846 (1.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1156 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@icehouse ~(keystone_admin)]# ip netns exec qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5 ping -c5 40.0.0.23
PING 40.0.0.23 (40.0.0.23) 56(84) bytes of data.
64 bytes from 40.0.0.23: icmp_seq=1 ttl=64 time=9.30 ms
64 bytes from 40.0.0.23: icmp_seq=2 ttl=64 time=0.568 ms
64 bytes from 40.0.0.23: icmp_seq=3 ttl=64 time=0.708 ms
64 bytes from 40.0.0.23: icmp_seq=4 ttl=64 time=0.578 ms
64 bytes from 40.0.0.23: icmp_seq=5 ttl=64 time=0.608 ms
--- 40.0.0.23 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.568/2.354/9.308/3.477 ms
[root@icehouse ~(keystone_admin)]# ip netns exec qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5 ssh ubuntu@40.0.0.23
The authenticity of host '40.0.0.23 (40.0.0.23)' can't be established.
ECDSA key fingerprint is 33:57:5c:32:10:45:fb:dd:6a:68:4b:e1:8f:c9:08:ba.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '40.0.0.23' (ECDSA) to the list of known hosts.
ubuntu@40.0.0.23's password:
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information disabled due to load higher than 1.0
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
1 package can be updated.
1 update is a security update.
Last login: Tue May 6 11:02:16 2014
ubuntu@ubunturs0506:~$ sudo su -
root@ubunturs0506:~# curl http://169.254.169.254/latest/meta-data/instance-id
i-0000000e
root@ubunturs0506:~# curl http://169.254.169.254/latest/meta-data/local-ipv4
40.0.0.23
root@ubunturs0506:~# curl http://169.254.169.254/latest/meta-data/public-ipv4
root@ubunturs0506:~#
Namespaces (View also Identifying and Troubleshooting Neutron Namespaces )
For each network you create, the Network node (or Controller node, if combined) will have a unique network namespace (netns) created by the DHCP and Metadata agents. The netns hosts an interface and IP addresses for dnsmasq and the neutron-ns-metadata-proxy. You can view the namespaces with the `ip netns list` command, and can interact with the namespaces with the `ip netns exec
namespace command` command.As mentioned in Direct access to Nova metadata
in an environment running Neutron, a request from your instance must traverse a number of steps:
1. From the instance to a router,
2. Through a NAT rule in the router namespace,
3. To an instance of the neutron-ns-metadata-proxy,
4. To the actual Nova metadata service
And all this steps happen independently of presence or absence of floating IP for particular instance
[root@icehouse ~(keystone_admin)]# neutron agent-list
+--------------------------------------+--------------------+----------------------+-------+----------------+
| id | agent_type | host | alive | admin_state_up |
+--------------------------------------+--------------------+----------------------+-------+----------------+
| 54149ed1-52a1-4e93-81f4-fdaad0c5ded7 | DHCP agent | icehouse.localdomain | :-) | True |
| 581d5ef0-a6d3-4d0b-b4a8-4a5fc7ab5e6b | Metadata agent | icehouse.localdomain | :-) | True |
| 80980b97-6343-42cb-a5d8-ebc2298b5c32 | L3 agent | icehouse.localdomain | :-) | True |
| a5b6fe1e-f144-4cb4-882e-09a5660556e4 | Open vSwitch agent | icehouse.localdomain | :-) | True |
+--------------------------------------+--------------------+----------------------+-------+----------------+
Following snapshots demonstrate MetaData requests returning instance-id, local-ipv4, kernel-id and empty value for public-ipv4 on CirrOS and Ubuntu Trusty cloud instances been launched , obtained private IP and successfully
performed cloud-init procedure. However, no one of this instances was assigned floating IP
The easiest sample with CirrOS
Ubuntu VM was launched with password authentication enabled via post-creation script with no ssh keypair upon creation . Like this:-
root@dfw02 ~(keystone_admin)]$ nova boot --flavor 2 --user-data=./myfile.txt
--image <image-id> UbuntuRS0506
where
[root@dfw02 ~(keystone_admin)]$ cat ./myfile.txt
#cloud-config
password: mysecret
chpasswd: { expire: False }
ssh_pwauth: True
Access via corresponding qdhcp-xxxxxxxxx namespace to Ubuntu VM been created.
[root@icehouse ~(keystone_admin)]# neutron net-list
+--------------------------------------+-----------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+-----------+-------------------------------------------------------+
| f7d860e0-06d2-42c1-b889-a3a5a7d3345c | public | f90fb4dd-d7f7-4efb-9aba-36eb478b38b8 192.168.122.0/24 |
| 3183558a-c3ac-4a00-ab9d-4d13297630fe | private | cddf1adc-1e17-4ca1-8ebe-79280fdec160 10.0.0.0/24 |
| a688053e-1619-4722-8075-1ab5dcf90bb5 | private01 | 6c3051d6-e6b9-42e4-97dc-57951b52c809 40.0.0.0/24 |
+--------------------------------------+-----------+-------------------------------------------------------+
[root@icehouse ~(keystone_admin)]# ip netns | grep a688053e-1619-4722-8075-1ab5dcf90bb5
qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5
[root@icehouse ~(keystone_admin)]# ip netns exec qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5 ifconfig
lo: flags=73
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap868e0cdd-29: flags=67
inet 40.0.0.11 netmask 255.255.255.0 broadcast 40.0.0.255
inet6 fe80::f816:3eff:fecd:f976 prefixlen 64 scopeid 0x20
ether fa:16:3e:cd:f9:76 txqueuelen 0 (Ethernet)
RX packets 23 bytes 1846 (1.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1156 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@icehouse ~(keystone_admin)]# ip netns exec qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5 ping -c5 40.0.0.23
PING 40.0.0.23 (40.0.0.23) 56(84) bytes of data.
64 bytes from 40.0.0.23: icmp_seq=1 ttl=64 time=9.30 ms
64 bytes from 40.0.0.23: icmp_seq=2 ttl=64 time=0.568 ms
64 bytes from 40.0.0.23: icmp_seq=3 ttl=64 time=0.708 ms
64 bytes from 40.0.0.23: icmp_seq=4 ttl=64 time=0.578 ms
64 bytes from 40.0.0.23: icmp_seq=5 ttl=64 time=0.608 ms
--- 40.0.0.23 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.568/2.354/9.308/3.477 ms
[root@icehouse ~(keystone_admin)]# ip netns exec qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5 ssh ubuntu@40.0.0.23
The authenticity of host '40.0.0.23 (40.0.0.23)' can't be established.
ECDSA key fingerprint is 33:57:5c:32:10:45:fb:dd:6a:68:4b:e1:8f:c9:08:ba.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '40.0.0.23' (ECDSA) to the list of known hosts.
ubuntu@40.0.0.23's password:
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information disabled due to load higher than 1.0
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
1 package can be updated.
1 update is a security update.
Last login: Tue May 6 11:02:16 2014
ubuntu@ubunturs0506:~$ sudo su -
root@ubunturs0506:~# curl http://169.254.169.254/latest/meta-data/instance-id
i-0000000e
root@ubunturs0506:~# curl http://169.254.169.254/latest/meta-data/local-ipv4
40.0.0.23
root@ubunturs0506:~# curl http://169.254.169.254/latest/meta-data/public-ipv4
root@ubunturs0506:~#
