yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #30825
[Bug 1293693] Re: libvirt OVS VLAN tag not set
auto expired on neutron, closing out of nova for now.
** Changed in: nova
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1293693
Title:
libvirt OVS VLAN tag not set
Status in OpenStack Neutron (virtual network service):
Expired
Status in OpenStack Compute (Nova):
Invalid
Bug description:
Trying to use icehouse, libvirt 1.1.3, Xen 4.3.0, OpenVswitch 1.11.0,
with VLAN tagging.
Problem is that networking is non-functional on instance launch. 'ovs-
vsctl show' output shows that the tap interface for the instance does
not have the appropriate (internal) VLAN tag (no tag is set).
Consequently, the instance is unable to obtain an IP address from
DHCP, etc. Setting the tag manually with 'ovs-vsctl set port tapXXX
tag=1' is a workaround (but not a very good one).
Exploring this, I find that the neutron OVS agent scans the OVS ports
and examines the 'external-ids' to see which ones are of interest.
When it sees a new port that is of interest, it sets the VLAN tag as
required. In my case, the VIF port that's added when an instance is
launched has empty 'external-ids', and so the agent ignores it. The
port is getting added to the OVS integration bridge by the Xen
scripts, but the 'external-ids' are not getting set (Xen knows nothing
about this part).
Looking further; when nova.conf has
'firewall_driver=nova.virt.firewall.NoopFirewallDriver', the
LibvirtBaseVIFDriver (nova/virt/libvirt/vif.py) uses function
plug_ovs_bridge(), which is a no-op. When
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver, a
different function, plug_ovs_hybrid(), is used. When OVS is older than
version 0.9.11, a function called plug_ovs_ethernet() is used. Both
plug_ovs_hybrid() and plug_ovs_ethernet() call
linux_net.create_ovs_vif_port(), and that's where the 'external-ids'
get set.
I tried modifying plug_ovs_bridge() to call
linux_net.create_ovs_vif_port(), but that causes the Xen hotplug
scripts to fail ("ovs-vsctl: cannot create a port named tap3ccfe10f-c4
because a port named tap3ccfe10f-c4 already exists on bridge br-int")
When the Noop firewall_driver is used in conjunction with newer OVS,
something needs to set the 'external-ids' on the VIF port so that the
neutron agent will see it and set the VLAN tag.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1293693/+subscriptions
References