Monday, May 05, 2014

UbuntuTrusty&&Cirros Cloud Instances (RDO IceHouse) without floating IP working on the Net

This post is supposed to demonstrate that Neuton DHCP,MetaData,L3 agents (services) && OVS plugin properly configured in RDO IceHouse provide outbound connectivity for  cloud instance upon creation without assigning this instance a floating IP. 

Namespaces (View also Identifying and Troubleshooting Neutron Namespaces )

For each network you create, the Network node (or Controller node, if combined) will have a unique network namespace (netns) created by the DHCP and Metadata agents. The netns hosts an interface and IP addresses for dnsmasq and the neutron-ns-metadata-proxy. You can view the namespaces with the `ip netns list`  command, and can interact with the namespaces with the `ip netns exec namespace command`   command.

As mentioned in  Direct access  to Nova metadata
in an environment running Neutron, a request from your instance must traverse a number of steps:

    1. From the instance to a router,
    2. Through a NAT rule in the router namespace,
    3. To an instance of the neutron-ns-metadata-proxy,
    4. To the actual Nova metadata service  

And all this steps happen independently of presence or absence of floating IP for particular instance


 [root@icehouse ~(keystone_admin)]# neutron agent-list
+--------------------------------------+--------------------+----------------------+-------+----------------+
| id                                   | agent_type         | host                 | alive | admin_state_up |
+--------------------------------------+--------------------+----------------------+-------+----------------+
| 54149ed1-52a1-4e93-81f4-fdaad0c5ded7 | DHCP agent         | icehouse.localdomain | :-)   | True           |
| 581d5ef0-a6d3-4d0b-b4a8-4a5fc7ab5e6b | Metadata agent     | icehouse.localdomain | :-)   | True           |
| 80980b97-6343-42cb-a5d8-ebc2298b5c32 | L3 agent           | icehouse.localdomain | :-)   | True           |
| a5b6fe1e-f144-4cb4-882e-09a5660556e4 | Open vSwitch agent | icehouse.localdomain | :-)   | True           |
+--------------------------------------+--------------------+----------------------+-------+----------------+

Following snapshots demonstrate MetaData requests returning instance-id, local-ipv4, kernel-id and empty value for public-ipv4 on CirrOS and Ubuntu Trusty cloud instances been launched , obtained private IP and successfully 
performed cloud-init procedure. However, no one of this instances was assigned floating IP

  The easiest sample with CirrOS


Ubuntu VM was launched with password authentication enabled via post-creation script with no  ssh keypair upon creation . Like this:-
 
root@dfw02 ~(keystone_admin)]$  nova boot --flavor 2 --user-data=./myfile.txt  
--image  <image-id>  UbuntuRS0506

 
where

[root@dfw02 ~(keystone_admin)]$  cat ./myfile.txt
#cloud-config
password: mysecret
chpasswd: { expire: False }
ssh_pwauth: True




 


  

  

Access via corresponding qdhcp-xxxxxxxxx namespace to Ubuntu VM been created.


[root@icehouse ~(keystone_admin)]# neutron net-list
+--------------------------------------+-----------+-------------------------------------------------------+
| id                                   | name      | subnets                                               |
+--------------------------------------+-----------+-------------------------------------------------------+
| f7d860e0-06d2-42c1-b889-a3a5a7d3345c | public    | f90fb4dd-d7f7-4efb-9aba-36eb478b38b8 192.168.122.0/24 |
| 3183558a-c3ac-4a00-ab9d-4d13297630fe | private   | cddf1adc-1e17-4ca1-8ebe-79280fdec160 10.0.0.0/24      |
| a688053e-1619-4722-8075-1ab5dcf90bb5 | private01 | 6c3051d6-e6b9-42e4-97dc-57951b52c809 40.0.0.0/24      |
+--------------------------------------+-----------+-------------------------------------------------------+

[root@icehouse ~(keystone_admin)]# ip netns | grep a688053e-1619-4722-8075-1ab5dcf90bb5
qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5

[root@icehouse ~(keystone_admin)]# ip netns exec qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5 ifconfig
lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap868e0cdd-29: flags=67  mtu 1500
        inet 40.0.0.11  netmask 255.255.255.0  broadcast 40.0.0.255
        inet6 fe80::f816:3eff:fecd:f976  prefixlen 64  scopeid 0x20
        ether fa:16:3e:cd:f9:76  txqueuelen 0  (Ethernet)
        RX packets 23  bytes 1846 (1.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14  bytes 1156 (1.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@icehouse ~(keystone_admin)]# ip netns exec qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5 ping -c5 40.0.0.23
PING 40.0.0.23 (40.0.0.23) 56(84) bytes of data.
64 bytes from 40.0.0.23: icmp_seq=1 ttl=64 time=9.30 ms
64 bytes from 40.0.0.23: icmp_seq=2 ttl=64 time=0.568 ms
64 bytes from 40.0.0.23: icmp_seq=3 ttl=64 time=0.708 ms
64 bytes from 40.0.0.23: icmp_seq=4 ttl=64 time=0.578 ms
64 bytes from 40.0.0.23: icmp_seq=5 ttl=64 time=0.608 ms

--- 40.0.0.23 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.568/2.354/9.308/3.477 ms


[root@icehouse ~(keystone_admin)]# ip netns exec qdhcp-a688053e-1619-4722-8075-1ab5dcf90bb5 ssh ubuntu@40.0.0.23
The authenticity of host '40.0.0.23 (40.0.0.23)' can't be established.
ECDSA key fingerprint is 33:57:5c:32:10:45:fb:dd:6a:68:4b:e1:8f:c9:08:ba.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '40.0.0.23' (ECDSA) to the list of known hosts.
ubuntu@40.0.0.23's password: 

 
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

 System information disabled due to load higher than 1.0

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

1 package can be updated.
1 update is a security update.


Last login: Tue May  6 11:02:16 2014
ubuntu@ubunturs0506:~$ sudo su -
 

root@ubunturs0506:~# curl http://169.254.169.254/latest/meta-data/instance-id
i-0000000e

root@ubunturs0506:~# curl http://169.254.169.254/latest/meta-data/local-ipv4
40.0.0.23


root@ubunturs0506:~# curl http://169.254.169.254/latest/meta-data/public-ipv4
root@ubunturs0506:~#