yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2041861] Re: [ovn] instance in a shared network owned by another project is unreachable via floating IP

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rodolfo Alonso <2041861@xxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Jan 2024 16:13:13 -0000
Reply-to: Bug 2041861 <2041861@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Hello:

About the bug description. I can't reproduce the issue reported. I've
deployed master branch and I can use VLAN, VXLAN or Geneve as tenant
network without any issue. The metadata agent creates the corresponding
namespaces and provides the metadata to the cloud-init requests without
any issue. IMO, but this is just a surmise, the problem could be in the
OVN metadata agent you have deployed. Please check the logs and report
them here if there is any issue.

As Bence commented, if the issue is in the OS cloud-init, then you need
further investigation on the OS itself but not related to Neutron.

About c#3 comment, I can't neither reproduce that. I've used Geneve and VXLAN networks, shared from a project to another. The VMs created from the project owner and the other one, are both working when connected to a floating IP. The only missing step in c#3 I would comment is the SG rule needed to accept ping packets from an external device (I'm pinging from the host, that is an IP that doesn't belong to the SG remote group):
# openstack security group rule create --ethertype IPv4 --protocol icmp --ingress $sg

Once added the SG rule, I can ping to the floating IP of the VMs from
both projects (owner of the network, project using the shared network).

I'll keep this bug as "status=invalid" unless new
logs/evidences/reproducers are reported.

Regards.

** Changed in: neutron
Status: Triaged => Invalid

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2041861

Title:
[ovn] instance in a shared network owned by another project is
unreachable via floating IP

Status in neutron:
Invalid

Bug description:
In my openstack environment, whenever I create an instance in a shared network owned by another project, the instance becomes unreachable even via floating IP. I'm using the latest kolla ansible with ovn network. I cannot even ssh into the server because it does not run the cloud-inti to set the password
(and also because public network unreachable). Spice brings the login prompt but cannot login due to lack of credentials.

Any suggestion on how to solve the issue?

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2041861/+subscriptions

References

[Bug 2041861] [NEW] In my openstack environment, whenever I create an instance in a shared network owned by another project, the instances becomes unreachable even via floating IP. Any suggestion?
From: Debasis, 2023-10-30