Sunday, April 30, 2017

Switching to newly created project's private network running Fedora 24 && CentOS 7.3 Cloud VMs on RDO Ocata.

This post is immediate followup to previous one "Adding Second VNIC to running Fedora 24 && CentOS 7.3 Cloud VMs on RDO Ocata"
I was forced to use Nova&&Neutron CLI due to python-openstackclient doesn't
seem to be ready replace required CLI commands at the moment. For instance
`nova interface-attach`,`nova interface-list`

Topology been deployed into overcloud originally via Tripleo QuickStart (branch Ocata)

[stack@undercloud ~]$ openstack server list
+-------------------------+-------------------------+--------+------------------------+----------------+
| ID                      | Name                    | Status | Networks               | Image Name     |
+-------------------------+-------------------------+--------+------------------------+----------------+
| febeae5c-c3cb-          | overcloud-controller-0  | ACTIVE | ctlplane=192.168.24.15 | overcloud-full |
| 40e0-b559-263eb767ed23  |                         |        |                        |                |
| bd4ada51-612e-          | overcloud-controller-2  | ACTIVE | ctlplane=192.168.24.16 | overcloud-full |
| 491b-b618-2e4cf0f2ba69  |                         |        |                        |                |
| df2a3e53-3479-4eee-8338 | overcloud-novacompute-0 | ACTIVE | ctlplane=192.168.24.12 | overcloud-full |
| -da42cfcd7422           |                         |        |                        |                |
| c6701636-dada-4c98      | overcloud-controller-1  | ACTIVE | ctlplane=192.168.24.14 | overcloud-full |
| -94fa-fb3f5ee1c950      |                         |        |                        |                |
| bb1b6214-a2e3-4a20      | overcloud-novacompute-1 | ACTIVE | ctlplane=192.168.24.10 | overcloud-full |
| -b60b-bc8ce46b83cd      |                         |        |                        |                |
+-------------------------+-------------------------+--------+------------------------+----------------+

Currently existing networks

[root@overcloud-controller-0 ~]# openstack network list
+-------------------------------+-------------------------------+-------------------------------+
| ID                            | Name                          | Subnets                       |
+-------------------------------+-------------------------------+-------------------------------+
| 5a42a09f-e252-42fb-a68c-      | HA network tenant 2cb6de12249 | e6b1c771-5dfb-4d5f-           |
| 8b72fabab643                  | c4240ad81d62ef0409f54         | 85e6-73d9585cc0a4             |
| 78565ad8-905e-                | ext-net                       | 07cc16e5-7a70-4b83-bd25-ec82a |
| 48ef-9377-7d1a025b7917        |                               | 03b709b                       |
| b2639935-0b5f-                | internal02                    | 21fecdf3-1224-4ca0-8e24-0a05a |
| 4e90-b441-e0f06d66b6c3        |                               | 05035cb                       |
| f83cbbb7-ea0d-4240-bb6d-      | internal01                    | a2a35789-ca8f-49c5-b2df-      |
| 0b166a3d9b03                  |                               | f4c6e150b97c                  |
+-------------------------------+-------------------------------+-------------------------------+
[root@overcloud-controller-0 ~]# openstack subnet list
+---------------------------+---------------------------+----------------------------+------------------+
| ID                        | Name                      | Network                    | Subnet           |
+---------------------------+---------------------------+----------------------------+------------------+
| 07cc16e5-7a70-4b83-bd25-e | ext-subnet                | 78565ad8-905e-             | 192.168.24.0/24  |
| c82a03b709b               |                           | 48ef-9377-7d1a025b7917     |                  |
| 21fecdf3-1224-4ca0-8e24-0 | sub-internal02            | b2639935-0b5f-             | 70.0.0.0/24      |
| a05a05035cb               |                           | 4e90-b441-e0f06d66b6c3     |                  |
| a2a35789-ca8f-49c5-b2df-  | sub-internal01            | f83cbbb7-ea0d-4240-bb6d-   | 50.0.0.0/24      |
| f4c6e150b97c              |                           | 0b166a3d9b03               |                  |
| e6b1c771-5dfb-4d5f-       | HA subnet tenant 2cb6de12 | 5a42a09f-e252-42fb-a68c-   | 169.254.192.0/18 |
| 85e6-73d9585cc0a4         | 249c4240ad81d62ef0409f54  | 8b72fabab643               |                  |
+---------------------------+---------------------------+----------------------------+------------------+ 

 
 Double check security group ID

[root@overcloud-controller-0 ~]# nova secgroup-list

+--------------------------------------+---------+------------------------+
| Id                                   | Name    | Description            |
+--------------------------------------+---------+------------------------+
| 24fb34c5-dbfb-4cb1-9d16-ad57d7c631ad | default | Default security group |
+--------------------------------------+---------+------------------------+

Port creation on newly created network should have --security-group specified,
what is a must versus situation described just for attaching this port to VM
on different private network

[root@overcloud-controller-0 ~]# neutron port-create --security-group \
24fb34c5-dbfb-4cb1-9d16-ad57d7c631ad  internal02
 Created a new port:
+-----------------------+-----------------------------------------------------------------------+
| Field                 | Value                                                                 |
+-----------------------+-----------------------------------------------------------------------+
| admin_state_up        | True                                                                  |
| allowed_address_pairs |                                                                       |
| binding:host_id       |                                                                       |
| binding:profile       | {}                                                                    |
| binding:vif_details   | {}                                                                    |
| binding:vif_type      | unbound                                                               |
| binding:vnic_type     | normal                                                                |
| created_at            | 2017-04-30T11:09:02Z                                                  |
| description           |                                                                       |
| device_id             |                                                                       |
| device_owner          |                                                                       |
| extra_dhcp_opts       |                                                                       |
| fixed_ips             | {"subnet_id": "21fecdf3-1224-4ca0-8e24-0a05a05035cb", "ip_address":   |
|                       | "70.0.0.5"}                                                           |
| id                    | 6d44aca2-e0ae-4e55-acff-656673c77d70                                  |
| mac_address           | fa:16:3e:b8:8e:e3                                                     |
| name                  |                                                                       |
| network_id            | b2639935-0b5f-4e90-b441-e0f06d66b6c3                                  |
| port_security_enabled | True                                                                  |
| project_id            | 2cb6de12249c4240ad81d62ef0409f54                                      |
| qos_policy_id         |                                                                       |
| revision_number       | 5                                                                     |
| security_groups       | 24fb34c5-dbfb-4cb1-9d16-ad57d7c631ad                                  |
| status                | DOWN                                                                  |
| tags                  |                                                                       |
| tenant_id             | 2cb6de12249c4240ad81d62ef0409f54                                      |
| updated_at            | 2017-04-30T11:09:02Z                                                  |
+-----------------------+-----------------------------------------------------------------------+

*********************************************************************
Attach port to running VM with no precosions and dissociate FIP
*********************************************************************

[root@overcloud-controller-0 ~]# nova interface-attach --port-id \
6d44aca2-e0ae-4e55-acff-656673c77d70 vf24devs01 
Create /etc/sysconfig/network-scripts/ifcfg-eth1 and restart VM. When VM appears back up :- Detect port-ID of port matching private IP of VM on new network either way suggested bellow ********** Option 1. ********** [root@overcloud-controller-0 ~]# neutron port-list | grep 70.0.0.5 | 6d44aca2-e0ae-4e55-acff-656673c77d70 |                                                 | 2cb6de12249c4240ad81d62ef0409f54 | fa:16:3e:b8:8e:e3 | {"subnet_id": "21fecdf3-1224-4ca0-8e24-0a05a05035cb", "ip_address": "70.0.0.5"}       | ********** Option 2 ********** [root@overcloud-controller-0 ~]# nova interface-list vf24devs01 +------------+--------------------------------------+--------------------------------------+--------------+-------------------+ | Port State | Port ID                              | Net ID                               | IP addresses | MAC Addr          | +------------+--------------------------------------+--------------------------------------+--------------+-------------------+ | ACTIVE     | 6aa496e5-f977-4072-818c-9b5348afaff7 | f83cbbb7-ea0d-4240-bb6d-0b166a3d9b03 | 50.0.0.5     | fa:16:3e:b2:96:2c | | ACTIVE     | 6d44aca2-e0ae-4e55-acff-656673c77d70 | b2639935-0b5f-4e90-b441-e0f06d66b6c3 | 70.0.0.5     | fa:16:3e:b8:8e:e3 | +------------+--------------------------------------+--------------------------------------+--------------+-------------------+ [root@overcloud-controller-0 ~]# openstack floating ip create ext-net +---------------------+--------------------------------------+ | Field               | Value                                | +---------------------+--------------------------------------+ | created_at          | 2017-04-30T11:20:04Z                 | | description         |                                      | | fixed_ip_address    | None                                 | | floating_ip_address | 192.168.24.106                       | | floating_network_id | 78565ad8-905e-48ef-9377-7d1a025b7917 | | id                  | f5a5e4b0-3d6a-4266-95da-aabfa9631617 | | name                | None                                 | | port_id             | None                                 | | project_id          | 2cb6de12249c4240ad81d62ef0409f54     | | revision_number     | 1                                    | | router_id           | None                                 | | status              | DOWN                                 | | updated_at          | 2017-04-30T11:20:04Z                 | +---------------------+--------------------------------------+
***************************************************************************************** Assign allocated FIP ( via ID) to ID of neutron port belongs to new private network ***************************************************************************************** [root@overcloud-controller-0 ~]# neutron floatingip-associate f5a5e4b0-3d6a-4266-95da-aabfa9631617 6d44aca2-e0ae-4e55-acff-656673c77d70 
 Associated floating IP f5a5e4b0-3d6a-4266-95da-aabfa9631617
 
In meantime I have to notice that TripleO QuickStart dashboard fails to assign FIP
for new prvate IP 70.0.0.5 belongs to new network and associeted with neutron port
been created just in same session.What actually was done via Neutron CLI or might
be done via python-openstackclient ( case F24 Cloud Guest). For CentOS 7.3 Tripleo
QuickStart dashboard does work :-


 
Due to limited hardware setup for CentOS 7.3 Gloud Guest is a bit different
http://dbaxps.blogspot.com/2017/05/switching-to-newly-created-projects.html
Verify success (F24 Cloud Guest):-
[root@overcloud-controller-0 ~]# openstack server list
+---------------------------+------------+--------+---------------------------+-----------------+
| ID                        | Name       | Status | Networks                  | Image Name      |
+---------------------------+------------+--------+---------------------------+-----------------+
| 2be10d3f-f982-4362-8d19-f | vf24devs01 | ACTIVE | internal01=50.0.0.5;      | VF24Cloud-image |
| f744f23e45f               |            |        | internal02=70.0.0.5,      |                 |
|                           |            |        | 192.168.24.106            |                 |
+---------------------------+------------+--------+---------------------------+-----------------+

******************************************************************************************************************
Check connection from WKS via the same RSA private key of SSH Keypair been used during original VM's launching
******************************************************************************************************************
[boris@fedora24wks ~]$ ssh -i oskey043017.pem fedora@192.168.24.106
Last login: Sun Apr 30 11:23:19 2017 from 192.168.24.1
[fedora@vf24devs01 ~]$ sudo su -
[root@vf24devs01 ~]# ip route
default via 70.0.0.1 dev eth1 
50.0.0.0/24 dev eth0  proto kernel  scope link  src 50.0.0.5 
70.0.0.0/24 dev eth1  proto kernel  scope link  src 70.0.0.5 
169.254.169.254 via 70.0.0.1 dev eth1  proto static

[root@vf24devs01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:b2:96:2c brd ff:ff:ff:ff:ff:ff
    inet 50.0.0.5/24 brd 50.0.0.255 scope global dynamic eth0
       valid_lft 85643sec preferred_lft 85643sec
    inet6 fe80::f816:3eff:feb2:962c/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:b8:8e:e3 brd ff:ff:ff:ff:ff:ff
    inet 70.0.0.5/24 brd 70.0.0.255 scope global dynamic eth1
       valid_lft 85645sec preferred_lft 85645sec
    inet6 fe80::f816:3eff:feb8:8ee3/64 scope link 
       valid_lft forever preferred_lft forever


 
 VM vf24devs01 originally launched via internal01 private network switched to internal02 network due to changing default gateway device from eth0 to eth1.
Having RH's /etc/sysconfig/network configuration file - vice versa operation won't be a problem.
  
 

1 comment:

  1. Your blog has given me that thing which I never expect to get from all over the websites. Nice post guys!

    App Developer

    ReplyDelete