From 451fb1c45f5a52e0f196aafc3acbd619289ef47b Mon Sep 17 00:00:00 2001 From: Jean-Philippe Evrard Date: Wed, 18 May 2016 18:53:17 +0100 Subject: [PATCH] fixing the network issues of nova testing Currently we use the network attached to lxcbr0 for mgmt network However we define lxcbr0 - eth1 as mgmt later, which makes two NICs in the containers (eth0 and eth1) having the same network. This causes network issues if not properly configured. To make things simple, this commit creates a br-mgmt network and leaves the lxcbr0 alone. On top of this, iptables were not properly applied. Change-Id: I4e83c2cb90455d5bc82b24dd9f2f0c7e89d7f842 --- tests/group_vars/all_containers.yml | 2 +- tests/inventory | 4 ++-- tests/test-install-glance.yml | 8 ++++---- tests/test-install-keystone.yml | 8 ++++---- tests/test-install-neutron.yml | 8 ++++---- tests/test-install-nova.yml | 8 ++++---- tests/test-prepare-host.yml | 7 +++++++ tests/test-vars.yml | 20 ++++++++++---------- 8 files changed, 36 insertions(+), 29 deletions(-) diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml index a9f80f0b..91e703ec 100644 --- a/tests/group_vars/all_containers.yml +++ b/tests/group_vars/all_containers.yml @@ -18,7 +18,7 @@ container_name: "{{ inventory_hostname }}" container_networks: management_address: address: "{{ ansible_host }}" - bridge: "lxcbr0" + bridge: "br-mgmt" interface: "eth1" netmask: "255.255.255.0" type: "veth" diff --git a/tests/inventory b/tests/inventory index f0822f45..97625ee9 100644 --- a/tests/inventory +++ b/tests/inventory @@ -1,7 +1,7 @@ [all] localhost ansible_connection=local ansible_become=True neutron_local_ip=10.100.101.1 -infra1 ansible_host=10.100.100.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101 -openstack1 ansible_host=10.100.100.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102 +infra1 ansible_host=10.100.102.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101 +openstack1 ansible_host=10.100.102.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102 [all_containers] infra1 diff --git a/tests/test-install-glance.yml b/tests/test-install-glance.yml index 2e87797e..ac8899a3 100644 --- a/tests/test-install-glance.yml +++ b/tests/test-install-glance.yml @@ -22,7 +22,7 @@ rabbitmq_vhost: name: "{{ glance_rabbitmq_vhost }}" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['glance_all'][0] - name: Ensure rabbitmq user rabbitmq_user: @@ -33,7 +33,7 @@ read_priv: ".*" write_priv: ".*" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['glance_all'][0] - name: Create DB for service mysql_db: @@ -42,7 +42,7 @@ login_host: "localhost" name: "{{ glance_galera_database }}" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['glance_all'][0] - name: Grant access to the DB for the service mysql_user: @@ -57,7 +57,7 @@ with_items: - "localhost" - "%" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['glance_all'][0] roles: - role: "os_glance" diff --git a/tests/test-install-keystone.yml b/tests/test-install-keystone.yml index a5f3d1ad..5bbe34f3 100644 --- a/tests/test-install-keystone.yml +++ b/tests/test-install-keystone.yml @@ -22,7 +22,7 @@ rabbitmq_vhost: name: "{{ keystone_rabbitmq_vhost }}" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['keystone_all'][0] tags: - aodh-rabbitmq @@ -36,7 +36,7 @@ read_priv: ".*" write_priv: ".*" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['keystone_all'][0] tags: - aodh-rabbitmq @@ -48,7 +48,7 @@ login_host: "localhost" name: "{{ keystone_galera_database }}" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['keystone_all'][0] tags: - mysql-db-setup @@ -65,7 +65,7 @@ with_items: - "localhost" - "%" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['keystone_all'][0] tags: - mysql-db-setup diff --git a/tests/test-install-neutron.yml b/tests/test-install-neutron.yml index 3cb76d18..18cba9f2 100644 --- a/tests/test-install-neutron.yml +++ b/tests/test-install-neutron.yml @@ -60,7 +60,7 @@ rabbitmq_vhost: name: "{{ neutron_rabbitmq_vhost }}" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['neutron_all'][0] tags: - neutron-rabbitmq @@ -74,7 +74,7 @@ read_priv: ".*" write_priv: ".*" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['neutron_all'][0] tags: - neutron-rabbitmq @@ -86,7 +86,7 @@ login_host: "localhost" name: "{{ neutron_galera_database }}" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['neutron_all'][0] tags: - mysql-db-setup @@ -103,7 +103,7 @@ with_items: - "localhost" - "%" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['neutron_all'][0] tags: - mysql-db-setup diff --git a/tests/test-install-nova.yml b/tests/test-install-nova.yml index 5e47ee14..4c55e06e 100644 --- a/tests/test-install-nova.yml +++ b/tests/test-install-nova.yml @@ -34,7 +34,7 @@ rabbitmq_vhost: name: "{{ nova_rabbitmq_vhost }}" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['nova_all'][0] tags: - aodh-rabbitmq @@ -48,7 +48,7 @@ read_priv: ".*" write_priv: ".*" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['nova_all'][0] tags: - aodh-rabbitmq @@ -60,7 +60,7 @@ login_host: "localhost" name: "{{ nova_galera_database }}" state: "present" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['nova_all'][0] tags: - mysql-db-setup @@ -77,7 +77,7 @@ with_items: - "localhost" - "%" - delegate_to: "10.100.100.101" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['nova_all'][0] tags: - mysql-db-setup diff --git a/tests/test-prepare-host.yml b/tests/test-prepare-host.yml index 406c7ad9..c660347d 100644 --- a/tests/test-prepare-host.yml +++ b/tests/test-prepare-host.yml @@ -49,6 +49,11 @@ lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}" lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}" post_tasks: +# The elegant solution: change the bridge everywhere to replicate the standard behaviour + - name: Create br-mgmt bridge + command: /sbin/brctl addbr br-mgmt + - name: IP br-mgmt + command: /sbin/ifconfig br-mgmt 10.100.102.1 netmask 255.255.255.0 - name: Create br-vxlan bridge command: /sbin/brctl addbr br-vxlan - name: IP br-vxlan @@ -59,6 +64,8 @@ command: /sbin/ifconfig br-vlan 10.1.13.1 netmask 255.255.255.0 - name: Add iptables rule to ensure ssh checksum is correct command: /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill + - name: Add iptables rules for lxc natting + command: /usr/local/bin/lxc-system-manage iptables-create roles: - role: "lxc_hosts" lxc_net_address: 10.100.100.1 diff --git a/tests/test-vars.yml b/tests/test-vars.yml index 20500c0e..26a38604 100644 --- a/tests/test-vars.yml +++ b/tests/test-vars.yml @@ -16,12 +16,12 @@ cinder_backends_rbd_inuse: false cinder_ceph_client: cinder debug: true -external_lb_vip_address: 10.100.100.102 +external_lb_vip_address: 10.100.102.102 galera_client_drop_config_file: false galera_root_password: secrete glance_container_mysql_password: "SuperSecrete" glance_developer_mode: true -glance_galera_address: 10.100.100.101 +glance_galera_address: 10.100.102.101 glance_galera_database: glance glance_git_install_branch: master glance_host: "{{ internal_lb_vip_address }}" @@ -33,18 +33,18 @@ glance_requirements_git_install_branch: master glance_service_password: "secrete" glance_service_port: 9292 glance_venv_tag: "testing" -internal_lb_vip_address: 10.100.100.102 +internal_lb_vip_address: 10.100.102.102 keystone_admin_tenant_name: admin keystone_admin_user_name: admin keystone_auth_admin_password: SuperSecretePassword keystone_container_mysql_password: "SuperSecrete" keystone_developer_mode: true -keystone_galera_address: 10.100.100.101 +keystone_galera_address: 10.100.102.101 keystone_galera_database: keystone keystone_git_install_branch: master keystone_rabbitmq_password: "secrete" keystone_rabbitmq_port: 5671 -keystone_rabbitmq_servers: 10.100.100.101 +keystone_rabbitmq_servers: 10.100.102.101 keystone_rabbitmq_use_ssl: false keystone_rabbitmq_userid: keystone keystone_rabbitmq_vhost: /keystone @@ -62,7 +62,7 @@ memcached_encryption_key: "secrete" memcached_servers: 127.0.0.1 neutron_container_mysql_password: SuperSecrete neutron_developer_mode: true -neutron_galera_address: 10.100.100.101 +neutron_galera_address: 10.100.102.101 neutron_galera_database: neutron neutron_git_install_branch: master neutron_ha_vrrp_auth_password: secrete @@ -78,14 +78,14 @@ neutron_service_region: RegionOne neutron_service_user_name: neutron neutron_venv_tag: testing nova_api_container_mysql_password: "SuperSecrete" -nova_api_galera_address: 10.100.100.101 +nova_api_galera_address: 10.100.102.101 nova_container_mysql_password: "SuperSecrete" nova_developer_mode: true -nova_galera_address: 10.100.100.101 +nova_galera_address: 10.100.102.101 nova_galera_database: nova nova_git_install_branch: master nova_keystone_auth_plugin: password -nova_management_address: "10.100.100.1" +nova_management_address: "10.100.102.1" nova_metadata_port: 8775 nova_metadata_proxy_secret: "secrete" nova_novncproxy_vncserver_listen: localhost @@ -108,7 +108,7 @@ openrc_os_auth_url: "http://127.0.0.1:5000/v3" openrc_os_domain_name: "Default" openrc_os_password: "{{ keystone_auth_admin_password }}" rabbitmq_port: 5671 -rabbitmq_servers: 10.100.100.101 +rabbitmq_servers: 10.100.102.101 rabbitmq_use_ssl: true tempest_developer_mode: True tempest_git_install_branch: master