Saturday, 2021-04-17

« Friday, 2021-04-16 Index Sunday, 2021-04-18 »
*** deadalnix has joined #openvswitch00:35
*** deadalnix_ has quit IRC00:36
*** deadalnix has quit IRC02:05
*** acidfu has quit IRC03:57
*** acidfu has joined #openvswitch04:03
*** thaller has quit IRC04:07
*** thaller has joined #openvswitch04:07
*** acidfu has quit IRC04:07
*** yamamoto has joined #openvswitch04:56
*** yamamoto has quit IRC05:20
*** yamamoto has joined #openvswitch05:20
*** yamamoto has quit IRC06:25
*** yamamoto has joined #openvswitch07:30
*** fdangelo has quit IRC07:42
*** fdangelo has joined #openvswitch07:42
*** slaweq has joined #openvswitch07:53
*** yamamoto has quit IRC07:56
*** yamamoto has joined #openvswitch08:00
*** yamamoto has quit IRC08:02
*** amorenoz_ has joined #openvswitch08:12
*** amorenoz has quit IRC08:14
*** yamamoto has joined #openvswitch08:23
*** slaweq has quit IRC08:25
*** dobson has quit IRC08:32
*** dobson has joined #openvswitch08:32
*** yamamoto has quit IRC09:01
*** yamamoto has joined #openvswitch09:09
*** yamamoto has quit IRC09:19
*** thaller has quit IRC09:51
*** yamamoto has joined #openvswitch10:00
*** yamamoto_ has joined #openvswitch10:14
*** yamamoto has quit IRC10:14
*** mdgray has joined #openvswitch10:17
*** mdgray has quit IRC11:10
*** amorenoz_ has quit IRC11:19
*** slaweq has joined #openvswitch11:32
*** thaller has joined #openvswitch11:57
tryauuumbdonnahue2: "how to build a kvm vm and connect it to an overlay" — I don't know if you have promlems with connecting a VM to a openvswitch network, but if you do, simply use libvirt12:48
tryauuumif you put "<virtualport type='openvswitch'/>" in a VM's xml, libvirt will create an OVS port when VM is started and delete it when VM is stopped, pretty neat12:50
tryauuumBuy the way, has anyone succeed in running https://github.com/openstack/neutron/tree/master/vagrant/ovn/sparse in vagrant? I have some weird errors with ovn-vtep instance12:51
tryauuumare there maybe some hidden steps? e.g. maybe I shouldn't use master branch?12:52
tryauuummaybe I should use a specific version vagrant? Or run vagrant on a specific OS?13:02
*** oanson has joined #openvswitch13:02
*** oanson_ has quit IRC13:03
*** acidfu has joined #openvswitch13:23
*** yamamoto_ has quit IRC13:44
*** yamamoto has joined #openvswitch13:47
*** yamamoto has quit IRC13:52
bdonnahue2tryauuum, good morning13:54
bdonnahue2new to the spaces... does virt-install use libvirt?13:54
bdonnahue2oops i mean virsh net-define... looks like it does13:55
tryauuumbdonnahue2 yeah, virsh connects to libvirt daemon and is a part of libvirt13:58
tryauuumbut I think virsh net-define doesn't define openvswitch networks..13:59
tryauuumyou have to use "virsh edit" and manually change interface type to libvirt — https://docs.openvswitch.org/en/latest/howto/libvirt/14:00
bdonnahue2tryauuum, thanks, taking a look at that link14:00
tryauuumI think all "net-*" virsh commands are pointless when using openvswitch. Since they are mostly for IP accounting and dhcpd.. and libvirt can't do those things with openvswitch14:03
bdonnahue2good to know, thanks14:05
larsksbdonnahue2: tryauuum: you can absolutely use virsh net-* commands with openvswitch. Create an OVS network using virsh net-create makes it super easy to attach new virtual machines to the associated OVS bridge, although even without the libvirt network it's still pretty easy.14:31
larsksbdonnahue2: I put together a complete walkthough of getting a pair of virtual machines talking over a vxlan overlay network, you can find it here: https://blog.oddbit.com/post/2021-04-17-vm-ovs-vxlan/14:34
larsksIf you have any questions or want more detail in parts, let me know.14:34
bdonnahue2larsks, awesome! taking a look now!!14:36
bdonnahue2larsks, is there any sanity check we can do after setting up the overlay network but before setting up the vm? how would i know the commands worked and a connection was made?14:40
larsksYou could assign an address to the `br0` interface on both systems and verify connectivity that way.14:41
bdonnahue2so the address would be some arbitrary address for the subnet i want to run through the tunnel?14:42
larsksE.g for the configuration in that post,  `ip addr add 10.0.0.20/24 dev br0`  on node0 and `ip addr add 10.0.0.21/24 dev br0` on node1, and then from node0 `ping 10.0.0.21'14:42
larsksThe tcpdump output for that should look pretty much the same as what's in the post.14:43
bdonnahue2ahh ok, thanks, still reading14:43
bdonnahue2so one thing that is confusing me, in some other guides I see people connecting their hosts's eth0 to a bridge, but here i dont see that happening... what is the magic that would get the ICMP packats from the br0 to the eth0? is it some kind of lookup based on the routing table and remote ip for the tunnel?14:45
larsksThere is no magic. VXLAN is just a UDP protocol; getting vxlan packets from one host to another is just like getting any other UDP/TCP traffic to connect: look at your routes, send it to the remote system.14:46
*** yamamoto has joined #openvswitch14:47
bdonnahue2larsks, ok makes sense14:49
bdonnahue2im seeing an odd issue getting br0 up: https://pastebin.com/Dw33Y8aD14:49
* larsks looks14:49
larsksThat is odd. If you create a new ovs bridge with a different name, do you see the same issue?  E.g., if you run `ovs-vsctl add-br br1`, does that show up in `ip link`?14:50
bdonnahue2looks like there is an error creating the device (after deleting everything) i think i missed a package install step my bad14:50
bdonnahue2ovs-vsctl: Error detected while setting up 'br0'.  See ovs-vswitchd log for details.14:50
bdonnahue2ovs-vsctl: The default log directory is "/var/log/openvswitch".14:50
bdonnahue2let me rerun the package installs and see if that fixes things... maybe i borked a copy/paste14:51
bdonnahue2my sencos 8 box is saying theres no openvswitch2.15 (im on 2.12, looks like i could go to 2.13)14:53
bdonnahue2is that an issue?14:53
larsksI don't know. openvswitch2.15 is what's in the centos-release-openstack-victoria repository I used in the blog post.14:55
larsksI think this should all work with earlier versions.14:56
bdonnahue2ok, updating the packages etc cleared up the error creating br0... back on track14:58
bdonnahue2still on 2.13 ovs but so far no issue14:58
*** yamamoto has quit IRC14:58
*** deadalnix has joined #openvswitch15:00
bdonnahue2larsks, my test of the br0 was successful. here are the commands incase you think it would be worth adding to the article you wrote: https://pastebin.com/M6K9uvqF15:05
larsksThanks!15:06
larsksbdonnahue2: I have to take off shortly, but I was curious if everything is working out?15:21
bdonnahue2still working, but so far so good15:22
bdonnahue2the vm creation step is what i am on now15:23
bdonnahue2almost got things working15:23
bdonnahue2just man-paging the command, on the last subcommand now for the virt-install15:24
larsks+115:24
bdonnahue2seeing this error: ERROR    Couldn't create storage volume 'test1.qcow2': 'inaccessible backing store volume centos-8-stream.qcow2: No such file or directory'15:27
bdonnahue2test1 is my vm name15:27
bdonnahue2in previous experiences i had always created a storage disk first, and then installed the os15:28
bdonnahue2looking at the man, i inferred it would be created for me15:28
bdonnahue2as part of the storage pool15:28
bdonnahue2ahhh, ok i missed a step, this is a base image that needs to be downloaded15:29
bdonnahue2sorry, new to libvirt15:29
*** deadalnix has quit IRC15:55
bdonnahue2larsks, i am stuck at the section "Configure networking for vm0.0"16:05
bdonnahue2so you say to get the address for the new vm16:05
bdonnahue2(note i did not use a base image but installed a vm from iso)16:06
bdonnahue2and i do not see the vnet2 interface you mentioned (i see no interface)16:06
bdonnahue2on my system i do see vnet devices16:06
bdonnahue2so i am assuming i will need to configure the networking inside the vm and then vnet5 would show up for example?16:06
larsksbdonnahue2: I'm back :). Just so we're clear, when you run "virsh domifaddr vm0.0" you don't see anything in the output?16:09
larsks(you're running that on the host, not in the vm)16:09
larsks*inside* the vm, you'll have "eth0" and "eth1"16:09
bdonnahue2yes running on the host, not the vm, i see nothing16:09
bdonnahue2inside the vm I have two interfaces16:09
larsksI guess you logged in on the vm console?16:10
bdonnahue2looking at the mac, they match vnet5 and 6 on my host16:10
bdonnahue2yes, vm console through cockpit16:10
larsksDoes eth0 in the vm have an address?16:10
bdonnahue2no16:14
bdonnahue2but my host network is also not having a dhcp server right now16:14
bdonnahue2(idk if that factors in)16:14
larsksIt definitely does. Those instructions assume you're using the standard libvirt "default" network, which includes a DHCP server. If you've modified your libvirt config somehow, all bets are off.16:14
larsksFortunately, that interface isn't important if you're happy to log in on the console instead.16:15
larsksYou can still set up eth1 and take advantage of the overlay network.16:15
larsksWithout a dhcp server, eth0 won't get an address so "virsh domifaddr" isn't going to return anything (because there's nothing to return).16:15
bdonnahue2larsks, makes sense16:15
bdonnahue2so i was ale to get the vms to ping each other but not the outside world16:16
bdonnahue2i think that "other" interface is still borked16:16
larsksRight, that's expected. Because of your network config they don't have a route to the outside world.16:16
larsksYou need to provide them with a default route, which normally they would get via the libvirt default network.16:16
larsksWith an appropriate configuration that route could be via the overlay network (give your hosts an address on the overlay network, set your default route to the host ip, configure masquerading on the host, etc)16:17
larsksBut it's much easier just to let libvirt take care of that for you.16:17
bdonnahue2ok, so if I am understanding you correctly, i need to run some command on my host so that is assignes an IP to the vnet device and creates the appropriate route on the host?16:19
bdonnahue2my vm's routing table looks correct16:20
larsksNot exactly, no. The vnet device on the host doesn't get an address.16:20
larsksYour vm routing table *can't* look correct because it won't have a default route.16:20
larsksIdeally, just use the standard libvirt default network config, which will create a virtual bridge and a dhcp server for your virtual machines.16:20
larsksOtherwise, you need to assign an appropriate address to eth0 in the vm, and configure a default route to an appropriate gateway.16:21
bdonnahue2larsks, i modified the vm's ifcfg scripts so that the "eth0" interface is the defroute16:22
bdonnahue2maybe that was a mistake ...16:22
larsksNo, that's correct, as long as your default route points to an appropriate gateway.16:23
larsksI mean, I expect your default route to be out eth0. If you actually configured eth0's address *as the gateway* that would be incorrect.16:23
bdonnahue2hmmm... looking at the vm's routing tables and ip scripts, things look correct16:24
larsksDo you want to post your network config somewhere? At least the outputs of `ip route` and `ip addr` inside the vm, and also the output of `virsh dumpxml vm0.0` on the host.16:25
bdonnahue2sure... trying to figure out how to get it in text format, but since its not networked i cant. would a screenshot be ok?16:27
bdonnahue2https://imagebin.ca/v/5ylZnpzT5TxM16:28
bdonnahue2we see that enp1s0 is configured to have an ip consistent with my lan subnet 15.0.0.0/816:29
larsksIf you could post the output of the specific commands I mentioned that would help somewhat. I'm particularly interested in the output of the `virsh dumpxml` command, because that will show us how the vms are connected on the host (and would give us something to which we can apply tcpdump for diagnostics).16:32
larsksAre you able to ping the gateway address itself (15.1.1.1) from inside the vm?16:33
bdonnahue2ahh im sorry ill send those commands now16:35
bdonnahue2and no, i cannot ping the gateway16:35
bdonnahue2here are the commands from inside the vm: https://imagebin.ca/v/5ylcRRKXSbZV16:37
bdonnahue2larsks, bahahah... patebin is telling me the xml has been detected as "offensive content" ... i guess i really messed up the config hahaha16:39
larsksThat's why nobody uses pastebin.16:39
larsksThat, and all the ads.16:40
bdonnahue2https://paste.centos.org/view/35a2ba8316:40
bdonnahue2thats the dumpxml^^16:40
larsksYup, looking.16:40
larsksOn your host, can you run 'ip addr show virbr0' and  'brctl show' (or 'bridge link' if 'brctl' isn't available)16:41
larsks?\16:41
bdonnahue2https://paste.centos.org/view/c2cb5d5016:43
bdonnahue2i see an odd subnet there on virtbr0... must have been created by default or something?16:44
larsksThat's the default libvirt network.16:44
larsksYou've misconfigured your vm networking. Your virtual machines are attached to the 15.0.0.0/8 network.16:44
larsksThey're attached to the libvirt 192.168.122.0/24 network.16:45
larsksThey need addresses on that network, and they should be setting 192.168.122.1 as their default gateway.16:45
larsksIf you want them connected to your 15.0.0.0/8 network, you would need to create a different bridge (one that includes a physical interface on that network) and attach them to that instead of the default network.16:45
larsksSorry, typo above: "Your virtual machines are attached to the 15.0.0.0/8 network." --> "Your virtual machines are **NOT** attached to the 15.0.0.0/8 network."16:46
bdonnahue2larsks, what is a "libvirt network" is that some type of internal network?16:47
bdonnahue2like a docker network? something NAT'ed from the LAN?16:47
larsksYour virtual machines are attached to a bridge named "virbr0", which has address 192.168.122.1. There is no physical device attached to that bridge.16:51
larsksWhen libvirt creates the default network, it creates (a) the bridge, and (b) sets up NAT rules so that your virtual machines have outbound connectivity.16:51
larsksSee e.g. https://wiki.libvirt.org/page/Networking#NAT_forwarding_.28aka_.22virtual_networks.22.2916:51
bdonnahue2ahh, so if I wanted them connected to the lan, I would create a br1, add the host's NIC to the br1, and then create a vnet off br1?16:53
larskspretty much, yes. You wouldn't create the vnet yourself; that would get created automatically if you started a vm with --network bridge=br1, for example.16:55
larsksI have to run off again, but I'll poke my head in later today to see how things are going.16:55
bdonnahue2ok sounds good. thanks so much larsks16:58
*** moldorcoder7 has quit IRC17:15
*** deadalnix has joined #openvswitch17:17
*** moldorcoder7 has joined #openvswitch17:28
*** deadalnix has quit IRC17:34
*** slaweq has quit IRC19:32
*** yamamoto has joined #openvswitch19:52
*** yamamoto has quit IRC19:58
*** deadalnix has joined #openvswitch21:23
larsksbdonnahue2: hey, how did things work out?21:29
bdonnahue2larsks, i got things working thanks!21:29
bdonnahue2very happy21:29
larsksAwesome!21:29
bdonnahue2i am now looking at this project: https://plvision.eu/rd-lab/open-vmonitor21:30
bdonnahue2i was originally considering openstack,... but it's so hard to setup compared to other solutions21:30
larsksI guess it depends what you want to do: if you're just looking for a simple virtual machine management solution, openstack isn't it. But for a multi-tenant, API-based cloud resource scheduler, it's a reasonable (if complex to configure) solution.21:31
larsksAnd you always need to ask yourself if you even really need virtual machines, or if a container-based solution will suit you as well or better.21:31
*** deadalnix has quit IRC21:33
*** fdangelo_ has joined #openvswitch22:04
*** fdangelo has quit IRC22:06
*** fdangelo__ has joined #openvswitch22:33
*** fdangelo_ has quit IRC22:35
bdonnahue2larsks, true. looking into k8 as well22:55
bdonnahue2one thing i wanted to ask you about the vxlan: so i need a port for each host? eg. a tunnel spanning three hosts, each host neets two connections22:56
bdonnahue2options:remote_ip= maybe accepts multiple ips?22:56
larsksSort of. You'll have more reliable connectivity that way. Given three hosts, you could have A<->B and C<->B, but then if B goes down A and C no longer have connectivity with each other.22:57
larsksremote_ip does not accept multiple ips, you will need to create a new vxlan interface for each connection.22:58
bdonnahue2larsks, ok thanks!22:58
larsksI think you don't actually need two connections -- in the config we created today, I think you could just have A->B and things would work fine. Worth trying out!22:58
larsksI might try that later and maybe update the post. Time to eat dinner now :)22:59
*** moldorcoder7 has quit IRC22:59
bdonnahue2bon apetite23:05
*** moldorcoder7 has joined #openvswitch23:58
« Friday, 2021-04-16 Index Sunday, 2021-04-18 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!