Saturday, June 11, 2016

RDO Mitaka Virtual Deployment having real physical network as External

  Nova-Docker driver is installed on Compute node which is supposed to run several Java EE Servers as light weight Nova-Docker Containers (instances) having floating IPs on external flat network (actually real office network 192.168.1.0/24) . General Setup RDO Mitaka ML2&OVS&VLAN 3 Nodes.  VLAN tenant's segregation for RDO lansdcape was selected to avoid DVR configuration Controller && Compute Cluster.
Details here Setup Docker Hypervisor on Multi Node DVR Cluster RDO Mitaka

Configuration RDO Mitaka :-

  Controller/Network  (VM)  192.169.142.127 (eth0 -mgmt, eth1- vlan 
    vm/data, eth2 external )
  Compute  (VM)  192.169.142.137 (eth0 -mgmt, eth1- valn, vm/data)
  Storage    (VM ) 192.169.142.147 (eth0 -mgmt)


********************************************************************************************
Office LAN 192.168.1.0/24 is supposed to match external network (configured via flat network provider ) for VM's  deployed system . VIRTHOST (F23) is based on linux bridge br0 having original interface enp3s0 as source interface
********************************************************************************************
[root@fedora23wks network-scripts]# cat ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
DNS1=192.168.1.1
DNS2=83.221.202.254
GATEWAY=192.168.1.1
IPADDR=192.168.1.57
NETMASK=255.255.255.0
ONBOOT=yes

[root@fedora23wks network-scripts]# cat ifcfg-enp3s0
DEVICE=enp3s0
HWADDR=78:24:af:43:1b:53
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0

***************************
Then run script
***************************
#!/bin/bash -x
chkconfig network on
systemctl stop NetworkManager
systemctl disable NetworkManager
service network restart

Reboot node
[root@fedora23wks network-scripts]# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.7824af431b53    no                enp3s0
                                                                      vnet2
********************************************************************************************
Creating external network via flat external network provider on Controller
matching CIDR of Office LAN 192.168.1.1 is IP of external physical router
device.
********************************************************************************************
  
  
  

********************************
Controller Configuration
********************************

[root@ip-192-169-142-127 neutron(keystone_admin)]# cat l3_agent.ini | grep -v ^$|grep -v ^#
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
agent_mode = legacy
gateway_external_network_id =
external_network_bridge =
debug = False

[AGENT]
[root@ip-192-169-142-127 neutron(keystone_admin)]# cd plugins/ml2
[root@ip-192-169-142-127 ml2(keystone_admin)]# cat ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = vlan,flat
tenant_network_types = vlan
mechanism_drivers =openvswitch
path_mtu = 0
[ml2_type_flat]
flat_networks = *
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
network_vlan_ranges =physnet1:100:200,physnet2
[ml2_type_vxlan]
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

[root@ip-192-169-142-127 ml2(keystone_admin)]# cat openvswitch_agent.ini
[DEFAULT]
[agent]
l2_population = False
drop_flows_on_start = False
[ovs]
integration_bridge = br-int
bridge_mappings =physnet1:br-eth1,physnet2:br-eth2
enable_tunneling=False
local_ip=192.169.142.127
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


[root@ip-192-169-142-127 ~(keystone_admin)]# ovs-vsctl show
d12e6a7a-f589-42cd-91b3-96156ad9ed59
    Bridge br-int
        fail_mode: secure
        Port "tap4118e71e-a4"
            tag: 2
            Interface "tap4118e71e-a4"
                type: internal
        Port "qr-41a1a0fa-ec"
            tag: 1
            Interface "qr-41a1a0fa-ec"
                type: internal
        Port "tap390b9bc5-b9"
            tag: 1
            Interface "tap390b9bc5-b9"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "int-br-eth1"
            Interface "int-br-eth1"
                type: patch
                options: {peer="phy-br-eth1"}
        Port "qg-65a69bdf-c7"
            tag: 2
            Interface "qg-65a69bdf-c7"
                type: internal
        Port "int-br-eth2"
            Interface "int-br-eth2"
                type: patch
                options: {peer="phy-br-eth2"}
    Bridge "br-eth2"          <=== external bridge for non-bridged networking
        Port "phy-br-eth2"
            Interface "phy-br-eth2"
                type: patch
                options: {peer="int-br-eth2"}
        Port "br-eth2"
            Interface "br-eth2"
                type: internal
        Port "eth2"
            Interface "eth2"
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "eth0"
            Interface "eth0"
    Bridge "br-eth1"    <=== internal VLAN vm/data network bridge
        Port "phy-br-eth1"
            Interface "phy-br-eth1"
                type: patch
                options: {peer="int-br-eth1"}
        Port "eth1"
            Interface "eth1"
        Port "br-eth1"
            Interface "br-eth1"
                type: internal
    ovs_version: "2.4.0"

****************************************************************************************
Dashboard Console ( Controller VM on VIRTHOST 192.168.1.57 )
****************************************************************************************


  Connect to GF 4.1 Server from remote workstation