fixing the network issues of nova testing

Currently we use the network attached to lxcbr0 for mgmt network
However we define lxcbr0 - eth1 as mgmt later, which makes two
NICs in the containers (eth0 and eth1) having the same network.
This causes network issues if not properly configured.

To make things simple, this commit creates a br-mgmt network
and leaves the lxcbr0 alone.

On top of this, iptables were not properly applied.

Change-Id: I4e83c2cb90455d5bc82b24dd9f2f0c7e89d7f842

tests/group_vars/all_containers.yml

@@ -18,7 +18,7 @@ container_name: "{{ inventory_hostname }}"
 container_networks:
   management_address:
     address: "{{ ansible_host }}"
-    bridge: "lxcbr0"
+    bridge: "br-mgmt"
     interface: "eth1"
     netmask: "255.255.255.0"
     type: "veth"

tests/inventory

@@ -1,7 +1,7 @@
 [all]
 localhost ansible_connection=local ansible_become=True neutron_local_ip=10.100.101.1
-infra1 ansible_host=10.100.100.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101
-openstack1 ansible_host=10.100.100.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102
+infra1 ansible_host=10.100.102.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101
+openstack1 ansible_host=10.100.102.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102
 
 [all_containers]
 infra1

tests/test-install-glance.yml

@@ -22,7 +22,7 @@
       rabbitmq_vhost:
         name: "{{ glance_rabbitmq_vhost }}"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['glance_all'][0]
     - name: Ensure rabbitmq user
       rabbitmq_user:
@@ -33,7 +33,7 @@
         read_priv: ".*"
         write_priv: ".*"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['glance_all'][0]
     - name: Create DB for service
       mysql_db:
@@ -42,7 +42,7 @@
         login_host: "localhost"
         name: "{{ glance_galera_database }}"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['glance_all'][0]
     - name: Grant access to the DB for the service
       mysql_user:
@@ -57,7 +57,7 @@
       with_items:
         - "localhost"
         - "%"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['glance_all'][0]
   roles:
     - role: "os_glance"

tests/test-install-keystone.yml

@@ -22,7 +22,7 @@
       rabbitmq_vhost:
         name: "{{ keystone_rabbitmq_vhost }}"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['keystone_all'][0]
       tags:
         - aodh-rabbitmq
@@ -36,7 +36,7 @@
         read_priv: ".*"
         write_priv: ".*"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['keystone_all'][0]
       tags:
         - aodh-rabbitmq
@@ -48,7 +48,7 @@
         login_host: "localhost"
         name: "{{ keystone_galera_database }}"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['keystone_all'][0]
       tags:
         - mysql-db-setup
@@ -65,7 +65,7 @@
       with_items:
         - "localhost"
         - "%"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['keystone_all'][0]
       tags:
         - mysql-db-setup

tests/test-install-neutron.yml

@@ -60,7 +60,7 @@
       rabbitmq_vhost:
         name: "{{ neutron_rabbitmq_vhost }}"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['neutron_all'][0]
       tags:
         - neutron-rabbitmq
@@ -74,7 +74,7 @@
         read_priv: ".*"
         write_priv: ".*"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['neutron_all'][0]
       tags:
         - neutron-rabbitmq
@@ -86,7 +86,7 @@
         login_host: "localhost"
         name: "{{ neutron_galera_database }}"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['neutron_all'][0]
       tags:
         - mysql-db-setup
@@ -103,7 +103,7 @@
       with_items:
         - "localhost"
         - "%"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['neutron_all'][0]
       tags:
         - mysql-db-setup

tests/test-install-nova.yml

@@ -34,7 +34,7 @@
       rabbitmq_vhost:
         name: "{{ nova_rabbitmq_vhost }}"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['nova_all'][0]
       tags:
         - aodh-rabbitmq
@@ -48,7 +48,7 @@
         read_priv: ".*"
         write_priv: ".*"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['nova_all'][0]
       tags:
         - aodh-rabbitmq
@@ -60,7 +60,7 @@
         login_host: "localhost"
         name: "{{ nova_galera_database }}"
         state: "present"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['nova_all'][0]
       tags:
         - mysql-db-setup
@@ -77,7 +77,7 @@
       with_items:
         - "localhost"
         - "%"
-      delegate_to: "10.100.100.101"
+      delegate_to: "10.100.102.101"
       when: inventory_hostname == groups['nova_all'][0]
       tags:
         - mysql-db-setup

tests/test-prepare-host.yml

@@ -49,6 +49,11 @@
         lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
         lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
   post_tasks:
+# The elegant solution: change the bridge everywhere to replicate the standard behaviour
+    - name: Create br-mgmt bridge
+      command: /sbin/brctl addbr br-mgmt
+    - name: IP br-mgmt
+      command: /sbin/ifconfig br-mgmt 10.100.102.1 netmask 255.255.255.0
     - name: Create br-vxlan bridge
       command: /sbin/brctl addbr br-vxlan
     - name: IP br-vxlan
@@ -59,6 +64,8 @@
       command: /sbin/ifconfig br-vlan 10.1.13.1 netmask 255.255.255.0
     - name: Add iptables rule to ensure ssh checksum is correct
       command: /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
+    - name: Add iptables rules for lxc natting
+      command: /usr/local/bin/lxc-system-manage iptables-create
   roles:
     - role: "lxc_hosts"
       lxc_net_address: 10.100.100.1

tests/test-vars.yml

@@ -16,12 +16,12 @@
 cinder_backends_rbd_inuse: false
 cinder_ceph_client: cinder
 debug: true
-external_lb_vip_address: 10.100.100.102
+external_lb_vip_address: 10.100.102.102
 galera_client_drop_config_file: false
 galera_root_password: secrete
 glance_container_mysql_password: "SuperSecrete"
 glance_developer_mode: true
-glance_galera_address: 10.100.100.101
+glance_galera_address: 10.100.102.101
 glance_galera_database: glance
 glance_git_install_branch: master
 glance_host: "{{ internal_lb_vip_address }}"
@@ -33,18 +33,18 @@ glance_requirements_git_install_branch: master
 glance_service_password: "secrete"
 glance_service_port: 9292
 glance_venv_tag: "testing"
-internal_lb_vip_address: 10.100.100.102
+internal_lb_vip_address: 10.100.102.102
 keystone_admin_tenant_name: admin
 keystone_admin_user_name: admin
 keystone_auth_admin_password: SuperSecretePassword
 keystone_container_mysql_password: "SuperSecrete"
 keystone_developer_mode: true
-keystone_galera_address: 10.100.100.101
+keystone_galera_address: 10.100.102.101
 keystone_galera_database: keystone
 keystone_git_install_branch: master
 keystone_rabbitmq_password: "secrete"
 keystone_rabbitmq_port: 5671
-keystone_rabbitmq_servers: 10.100.100.101
+keystone_rabbitmq_servers: 10.100.102.101
 keystone_rabbitmq_use_ssl: false
 keystone_rabbitmq_userid: keystone
 keystone_rabbitmq_vhost: /keystone
@@ -62,7 +62,7 @@ memcached_encryption_key: "secrete"
 memcached_servers: 127.0.0.1
 neutron_container_mysql_password: SuperSecrete
 neutron_developer_mode: true
-neutron_galera_address: 10.100.100.101
+neutron_galera_address: 10.100.102.101
 neutron_galera_database: neutron
 neutron_git_install_branch: master
 neutron_ha_vrrp_auth_password: secrete
@@ -78,14 +78,14 @@ neutron_service_region: RegionOne
 neutron_service_user_name: neutron
 neutron_venv_tag: testing
 nova_api_container_mysql_password: "SuperSecrete"
-nova_api_galera_address: 10.100.100.101
+nova_api_galera_address: 10.100.102.101
 nova_container_mysql_password: "SuperSecrete"
 nova_developer_mode: true
-nova_galera_address: 10.100.100.101
+nova_galera_address: 10.100.102.101
 nova_galera_database: nova
 nova_git_install_branch: master
 nova_keystone_auth_plugin: password
-nova_management_address: "10.100.100.1"
+nova_management_address: "10.100.102.1"
 nova_metadata_port: 8775
 nova_metadata_proxy_secret: "secrete"
 nova_novncproxy_vncserver_listen: localhost
@@ -108,7 +108,7 @@ openrc_os_auth_url: "http://127.0.0.1:5000/v3"
 openrc_os_domain_name: "Default"
 openrc_os_password: "{{ keystone_auth_admin_password }}"
 rabbitmq_port: 5671
-rabbitmq_servers: 10.100.100.101
+rabbitmq_servers: 10.100.102.101
 rabbitmq_use_ssl: true
 tempest_developer_mode: True
 tempest_git_install_branch: master