| *** jerrygb has quit IRC | 00:18 | |
| *** jerrygb has joined #openstack-neutron-ovn | 00:34 | |
| *** jerrygb has quit IRC | 01:13 | |
| *** salv-orlando has joined #openstack-neutron-ovn | 01:25 | |
| *** mlavalle has quit IRC | 01:26 | |
| *** salv-orlando has quit IRC | 01:46 | |
| *** salv-orlando has joined #openstack-neutron-ovn | 02:13 | |
| *** jerrygb has joined #openstack-neutron-ovn | 02:14 | |
| *** salv-orlando has quit IRC | 02:32 | |
| *** fandi has joined #openstack-neutron-ovn | 02:38 | |
| *** fandi has quit IRC | 02:39 | |
| *** doonhammer has joined #openstack-neutron-ovn | 02:43 | |
| *** fzdarsky_ has joined #openstack-neutron-ovn | 02:48 | |
| *** fzdarsky|afk has quit IRC | 02:51 | |
| *** salv-orlando has joined #openstack-neutron-ovn | 03:00 | |
| *** salv-orlando has quit IRC | 03:05 | |
| *** doonhammer has quit IRC | 03:12 | |
| *** janki has joined #openstack-neutron-ovn | 03:40 | |
| *** salv-orlando has joined #openstack-neutron-ovn | 05:01 | |
| *** salv-orlando has quit IRC | 05:06 | |
| *** jerrygb has quit IRC | 05:08 | |
| *** Baqar has joined #openstack-neutron-ovn | 05:55 | |
| Baqar | Hey everyone. I am trying to setup ovn on devstack. I am getting the following error when neutron-server is started: ImportError: Plugin 'networking_ovn.l3.l3_ovn.OVNL3RouterPlugin' not found. | 05:57 |
|---|---|---|
| *** salv-orlando has joined #openstack-neutron-ovn | 06:02 | |
| *** salv-orlando has quit IRC | 06:07 | |
| *** markmcclain has quit IRC | 06:26 | |
| *** zefferno has joined #openstack-neutron-ovn | 06:30 | |
| *** salv-orlando has joined #openstack-neutron-ovn | 07:40 | |
| *** salv-orlando has quit IRC | 08:09 | |
| *** yamamoto has quit IRC | 08:21 | |
| *** zefferno has quit IRC | 08:27 | |
| *** zefferno has joined #openstack-neutron-ovn | 08:38 | |
| *** yamamoto has joined #openstack-neutron-ovn | 09:00 | |
| *** fzdarsky_ is now known as fzdarsky | 09:04 | |
| *** yamamoto has quit IRC | 09:07 | |
| *** Baqar has quit IRC | 09:21 | |
| *** Baqar has joined #openstack-neutron-ovn | 09:21 | |
| *** yamamoto has joined #openstack-neutron-ovn | 09:45 | |
| *** yamamoto has quit IRC | 09:49 | |
| openstackgerrit | Merged openstack/networking-ovn: Need not add ext gw router ip to peer nat_addresses options https://review.openstack.org/419781 | 09:58 |
| *** salv-orlando has joined #openstack-neutron-ovn | 10:10 | |
| *** salv-orlando has quit IRC | 10:14 | |
| *** zefferno has quit IRC | 10:15 | |
| *** zefferno has joined #openstack-neutron-ovn | 10:16 | |
| *** mickeys has quit IRC | 10:21 | |
| *** yamamoto has joined #openstack-neutron-ovn | 10:28 | |
| *** yamamoto has quit IRC | 10:29 | |
| *** yamamoto has joined #openstack-neutron-ovn | 10:38 | |
| openstackgerrit | Merged openstack/networking-ovn: Updated from global requirements https://review.openstack.org/420935 | 10:41 |
| *** yamamoto has quit IRC | 10:56 | |
| *** mickeys has joined #openstack-neutron-ovn | 11:22 | |
| *** rtheis has joined #openstack-neutron-ovn | 11:24 | |
| *** mickeys has quit IRC | 11:26 | |
| *** yamamoto has joined #openstack-neutron-ovn | 11:30 | |
| *** yamamoto has quit IRC | 11:34 | |
| *** rtheis has quit IRC | 11:41 | |
| *** numans_ has joined #openstack-neutron-ovn | 11:42 | |
| *** numans has quit IRC | 11:45 | |
| *** fzdarsky is now known as fzdarsky|lunch | 11:49 | |
| *** mickeys has joined #openstack-neutron-ovn | 12:23 | |
| *** mickeys has quit IRC | 12:27 | |
| *** Baqar has quit IRC | 12:33 | |
| *** Baqar has joined #openstack-neutron-ovn | 12:34 | |
| *** Baqar has quit IRC | 12:43 | |
| *** Baqar has joined #openstack-neutron-ovn | 12:56 | |
| russellb | Baqar: odd ... how did you set it up? devstack still appears to be working in CI | 13:10 |
| russellb | http://docs.openstack.org/developer/networking-ovn/testing.html | 13:10 |
| russellb | those instructions should still work | 13:11 |
| *** fzdarsky|lunch is now known as fzdarsky | 13:19 | |
| *** mickeys has joined #openstack-neutron-ovn | 13:24 | |
| *** mickeys has quit IRC | 13:28 | |
| *** janki has quit IRC | 14:00 | |
| *** salv-orlando has joined #openstack-neutron-ovn | 14:10 | |
| *** jerrygb has joined #openstack-neutron-ovn | 14:14 | |
| mjblack | hi, I'm trying to setup ovn, on the computes it's not adding the patch ports for the external network to the br-int bridge, is there something additional I need to setup? | 14:17 |
| russellb | mjblack: this may be out of date documentation, i'm sorry | 14:18 |
| russellb | mjblack: what doc are you following? | 14:18 |
| russellb | the patch port will not be created until it's needed -- when something on the compute node needs to connect to the network | 14:18 |
| russellb | it used to be created ahead of time / always, but that changed | 14:19 |
| mjblack | documentation I was using was partially devstack but it doesnt fully apply to my situation since I am doing a multinode deployment | 14:19 |
| mjblack | the only node that has the patch port is the ovn node that is the north/south server | 14:20 |
| mjblack | I see the floating ip and router added to only the ovn server | 14:20 |
| russellb | yes, that sounds right | 14:21 |
| *** mlavalle has joined #openstack-neutron-ovn | 14:22 | |
| mjblack | the instance on the compute node has no snat connectivity, it is only able to get a dhcp response | 14:23 |
| russellb | it should be getting snat connectivity through the node where the gateway was scheduled | 14:25 |
| russellb | that's how it's supposed to work anyway! | 14:26 |
| mjblack | heh, thats what I want, just not sure where the issue is | 14:27 |
| *** yamamoto has joined #openstack-neutron-ovn | 14:31 | |
| *** yamamoto has quit IRC | 14:35 | |
| russellb | mjblack: do floating IPs work? | 14:38 |
| russellb | and just snat without a floating ip does not work? | 14:38 |
| russellb | or? | 14:38 |
| mjblack | russellb: nothing works other than dhcp | 14:48 |
| russellb | tested tunnels in any other capacity? sounds like tunnels could be not working | 14:49 |
| russellb | 2 common things that cause that: 1) firewall rules blocking geneve tunnel traffic | 14:49 |
| russellb | or 2) MTU for VMs not accounting for the geneve tunnel overhead | 14:49 |
| *** salv-orlando has quit IRC | 14:50 | |
| mjblack | I was thinking mtu could be an issue but the only thing that gave me that impression was the tap network interface on teh compute host still being 1500 | 14:50 |
| mjblack | dhcp had the mtu set to 1450 though | 14:51 |
| russellb | 1450 should be OK | 14:51 |
| russellb | what distro are you using on the hypervisor hosts | 14:52 |
| russellb | centos 7 default firewall rules will block geneve | 14:52 |
| mjblack | ubuntu xenial | 14:52 |
| mjblack | for both ovn and compute | 14:52 |
| russellb | ok, i'd still check, i don't know what they do by default | 14:52 |
| russellb | mjblack: another thing you can try, if you want to bypass the gateway and get direct access to the network the VM is on so you can SSH into it to take a closer look ... https://review.openstack.org/#/c/401411/3/doc/source/testing.rst | 14:54 |
| russellb | use the "Self-service (private) network connectivity" portion of that doc that was removed | 14:54 |
| russellb | i removed it because a floating IP should be fine for most people | 14:54 |
| russellb | i need to re-document that trick for debugging purposes, although i'll probably re-do it using a network namespace | 14:54 |
| russellb | anyway, what's there should work | 14:54 |
| * russellb about to start several hours of meetings | 14:55 | |
| mjblack | russellb: I'll give that a try, thank you | 14:56 |
| *** janki has joined #openstack-neutron-ovn | 15:14 | |
| *** pcaruana has quit IRC | 15:15 | |
| *** mickeys has joined #openstack-neutron-ovn | 15:25 | |
| *** mickeys has quit IRC | 15:29 | |
| *** zefferno has quit IRC | 15:53 | |
| *** doonhammer has joined #openstack-neutron-ovn | 16:12 | |
| *** mickeys has joined #openstack-neutron-ovn | 16:26 | |
| *** mickeys has quit IRC | 16:31 | |
| *** salv-orlando has joined #openstack-neutron-ovn | 16:51 | |
| *** salv-orlando has quit IRC | 16:54 | |
| *** salv-orlando has joined #openstack-neutron-ovn | 16:55 | |
| *** janki has quit IRC | 16:55 | |
| *** mickeys has joined #openstack-neutron-ovn | 17:28 | |
| *** mickeys has quit IRC | 17:32 | |
| *** mickeys_ has joined #openstack-neutron-ovn | 17:49 | |
| *** doonhammer has quit IRC | 18:01 | |
| *** fzdarsky is now known as fzdarsky|afk | 18:02 | |
| *** doonhammer has joined #openstack-neutron-ovn | 18:03 | |
| *** doonhammer has quit IRC | 18:55 | |
| *** doonhammer has joined #openstack-neutron-ovn | 18:59 | |
| *** salv-orlando has quit IRC | 20:11 | |
| mjblack | russellb: finished testing, ovn is creating the routers on the ovn server instead of the computes. I created the test port on ovn, compute1, and compute 2. Ping from ovn to instances failed, ping from either compute to instance works. As for iptables, there is no rules on the three servers | 20:26 |
| russellb | if the router is a gateway router, it's expected to only be on one host | 20:27 |
| russellb | a compute host should be forwarding packets over to that host via a tunnel | 20:27 |
| *** mickeys_ has quit IRC | 20:28 | |
| russellb | it sounds like tunnels are working if you're able to ping from one compute host to an instance that resides on another one | 20:29 |
| russellb | do you intend to use the host called "ovn" as a network node that can be a gateway? | 20:29 |
| mjblack | ideally I'd want it to be a compute | 20:30 |
| russellb | OK. it sounds like you're running ovn-controller on the "ovn" host | 20:30 |
| russellb | but maybe you don't really want to be running it there? | 20:30 |
| russellb | if you run "ovs-vsctl show" on a compute, you should see that it has created a geneve tunnel to both the other compute and "ovn" | 20:31 |
| mjblack | yeah, I do | 20:31 |
| russellb | ok | 20:32 |
| mjblack | I am seeing traffic going back and forth on geneve with tcpdump | 20:34 |
| russellb | that's a good sign. | 20:44 |
| russellb | when the packets get to the "ovn" host, where do you expect them to go? that is, what is the network it is configured to route to and how is it set up? | 20:44 |
| mjblack | the network is a floating ip pool on neutron | 20:55 |
| russellb | OK | 21:08 |
| russellb | so it's a provider network, meaning there's a bridge that ovn is creating patch ports to (i think we discussed that earlier) | 21:09 |
| mjblack | yes | 21:09 |
| russellb | is there a physical device attached to that bridge? or a route on the "ovn" host that specifies when to use that network? | 21:09 |
| mjblack | I shutdown the ovn controller on the ovn host and it immediately created teh patch port on one of the computes | 21:09 |
| mjblack | yes there is a physical device added to the bridge | 21:10 |
| russellb | ah, cool | 21:10 |
| mjblack | and an external id setup for it | 21:10 |
| russellb | not sure what to look at, i'd probably have to log in myself at this point | 21:12 |
| mjblack | me neither, why I'm here :D | 21:16 |
| russellb | ha | 21:16 |
| russellb | oh | 21:16 |
| russellb | security groups? | 21:16 |
| russellb | if you're trying to ping the floating IP, you have to allow ingress ICMP via security groups | 21:17 |
| russellb | when you test the other way directly on the private network, the default security group rules will allow it | 21:17 |
| mjblack | yup, first thing I added to the default secgroup is allow all icmp and all ssh ingress | 21:18 |
| mjblack | just checked on nb and the acl is there for icmp | 21:21 |
| *** mickeys_ has joined #openstack-neutron-ovn | 21:29 | |
| *** mickeys_ has quit IRC | 21:29 | |
| *** mickeys_ has joined #openstack-neutron-ovn | 21:29 | |
| *** s3wong has joined #openstack-neutron-ovn | 22:00 | |
| *** yamamoto has joined #openstack-neutron-ovn | 22:11 | |
| *** salv-orlando has joined #openstack-neutron-ovn | 22:28 | |
| *** salv-orlando has quit IRC | 23:21 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!