fixing the network issues of nova testing

Currently we use the network attached to lxcbr0 for mgmt network
However we define lxcbr0 - eth1 as mgmt later, which makes two
NICs in the containers (eth0 and eth1) having the same network.
This causes network issues if not properly configured.

To make things simple, this commit creates a br-mgmt network
and leaves the lxcbr0 alone.

On top of this, iptables were not properly applied.

Change-Id: I4e83c2cb90455d5bc82b24dd9f2f0c7e89d7f842
This commit is contained in:
Jean-Philippe Evrard 2016-05-18 18:53:17 +01:00 committed by Matt Thompson
parent b6371a2009
commit 451fb1c45f
8 changed files with 36 additions and 29 deletions

View File

@ -18,7 +18,7 @@ container_name: "{{ inventory_hostname }}"
container_networks:
management_address:
address: "{{ ansible_host }}"
bridge: "lxcbr0"
bridge: "br-mgmt"
interface: "eth1"
netmask: "255.255.255.0"
type: "veth"

View File

@ -1,7 +1,7 @@
[all]
localhost ansible_connection=local ansible_become=True neutron_local_ip=10.100.101.1
infra1 ansible_host=10.100.100.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101
openstack1 ansible_host=10.100.100.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102
infra1 ansible_host=10.100.102.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101
openstack1 ansible_host=10.100.102.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102
[all_containers]
infra1

View File

@ -22,7 +22,7 @@
rabbitmq_vhost:
name: "{{ glance_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['glance_all'][0]
- name: Ensure rabbitmq user
rabbitmq_user:
@ -33,7 +33,7 @@
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['glance_all'][0]
- name: Create DB for service
mysql_db:
@ -42,7 +42,7 @@
login_host: "localhost"
name: "{{ glance_galera_database }}"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['glance_all'][0]
- name: Grant access to the DB for the service
mysql_user:
@ -57,7 +57,7 @@
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['glance_all'][0]
roles:
- role: "os_glance"

View File

@ -22,7 +22,7 @@
rabbitmq_vhost:
name: "{{ keystone_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- aodh-rabbitmq
@ -36,7 +36,7 @@
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- aodh-rabbitmq
@ -48,7 +48,7 @@
login_host: "localhost"
name: "{{ keystone_galera_database }}"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- mysql-db-setup
@ -65,7 +65,7 @@
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- mysql-db-setup

View File

@ -60,7 +60,7 @@
rabbitmq_vhost:
name: "{{ neutron_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
tags:
- neutron-rabbitmq
@ -74,7 +74,7 @@
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
tags:
- neutron-rabbitmq
@ -86,7 +86,7 @@
login_host: "localhost"
name: "{{ neutron_galera_database }}"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
tags:
- mysql-db-setup
@ -103,7 +103,7 @@
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
tags:
- mysql-db-setup

View File

@ -34,7 +34,7 @@
rabbitmq_vhost:
name: "{{ nova_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['nova_all'][0]
tags:
- aodh-rabbitmq
@ -48,7 +48,7 @@
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['nova_all'][0]
tags:
- aodh-rabbitmq
@ -60,7 +60,7 @@
login_host: "localhost"
name: "{{ nova_galera_database }}"
state: "present"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['nova_all'][0]
tags:
- mysql-db-setup
@ -77,7 +77,7 @@
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.101"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['nova_all'][0]
tags:
- mysql-db-setup

View File

@ -49,6 +49,11 @@
lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
post_tasks:
# The elegant solution: change the bridge everywhere to replicate the standard behaviour
- name: Create br-mgmt bridge
command: /sbin/brctl addbr br-mgmt
- name: IP br-mgmt
command: /sbin/ifconfig br-mgmt 10.100.102.1 netmask 255.255.255.0
- name: Create br-vxlan bridge
command: /sbin/brctl addbr br-vxlan
- name: IP br-vxlan
@ -59,6 +64,8 @@
command: /sbin/ifconfig br-vlan 10.1.13.1 netmask 255.255.255.0
- name: Add iptables rule to ensure ssh checksum is correct
command: /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
- name: Add iptables rules for lxc natting
command: /usr/local/bin/lxc-system-manage iptables-create
roles:
- role: "lxc_hosts"
lxc_net_address: 10.100.100.1

View File

@ -16,12 +16,12 @@
cinder_backends_rbd_inuse: false
cinder_ceph_client: cinder
debug: true
external_lb_vip_address: 10.100.100.102
external_lb_vip_address: 10.100.102.102
galera_client_drop_config_file: false
galera_root_password: secrete
glance_container_mysql_password: "SuperSecrete"
glance_developer_mode: true
glance_galera_address: 10.100.100.101
glance_galera_address: 10.100.102.101
glance_galera_database: glance
glance_git_install_branch: master
glance_host: "{{ internal_lb_vip_address }}"
@ -33,18 +33,18 @@ glance_requirements_git_install_branch: master
glance_service_password: "secrete"
glance_service_port: 9292
glance_venv_tag: "testing"
internal_lb_vip_address: 10.100.100.102
internal_lb_vip_address: 10.100.102.102
keystone_admin_tenant_name: admin
keystone_admin_user_name: admin
keystone_auth_admin_password: SuperSecretePassword
keystone_container_mysql_password: "SuperSecrete"
keystone_developer_mode: true
keystone_galera_address: 10.100.100.101
keystone_galera_address: 10.100.102.101
keystone_galera_database: keystone
keystone_git_install_branch: master
keystone_rabbitmq_password: "secrete"
keystone_rabbitmq_port: 5671
keystone_rabbitmq_servers: 10.100.100.101
keystone_rabbitmq_servers: 10.100.102.101
keystone_rabbitmq_use_ssl: false
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
@ -62,7 +62,7 @@ memcached_encryption_key: "secrete"
memcached_servers: 127.0.0.1
neutron_container_mysql_password: SuperSecrete
neutron_developer_mode: true
neutron_galera_address: 10.100.100.101
neutron_galera_address: 10.100.102.101
neutron_galera_database: neutron
neutron_git_install_branch: master
neutron_ha_vrrp_auth_password: secrete
@ -78,14 +78,14 @@ neutron_service_region: RegionOne
neutron_service_user_name: neutron
neutron_venv_tag: testing
nova_api_container_mysql_password: "SuperSecrete"
nova_api_galera_address: 10.100.100.101
nova_api_galera_address: 10.100.102.101
nova_container_mysql_password: "SuperSecrete"
nova_developer_mode: true
nova_galera_address: 10.100.100.101
nova_galera_address: 10.100.102.101
nova_galera_database: nova
nova_git_install_branch: master
nova_keystone_auth_plugin: password
nova_management_address: "10.100.100.1"
nova_management_address: "10.100.102.1"
nova_metadata_port: 8775
nova_metadata_proxy_secret: "secrete"
nova_novncproxy_vncserver_listen: localhost
@ -108,7 +108,7 @@ openrc_os_auth_url: "http://127.0.0.1:5000/v3"
openrc_os_domain_name: "Default"
openrc_os_password: "{{ keystone_auth_admin_password }}"
rabbitmq_port: 5671
rabbitmq_servers: 10.100.100.101
rabbitmq_servers: 10.100.102.101
rabbitmq_use_ssl: true
tempest_developer_mode: True
tempest_git_install_branch: master