问题情况5 [+ r& I$ @+ U& |: p& ?
openstack xina版本创建虚机后,虚机在dashboard上获取到ip地址了,但打开虚机控制台之后,使用ip add 检查网络状态时,虚机内部并未获取到ip地址:
, t1 @0 M7 Y; y C
/ d4 U' S+ l6 O+ r" e \[td][tr][/tr]| 正在显示 1 项 | 9 J: y# t6 }% I0 f" X
| Instance Name | Image Name | IP Address | Flavor | Key Pair | Status |
3 b4 B2 x5 }+ o Y( Y3 @ | Availability Zone | Task | Power State | Age | Actions | $ R( _5 R7 \! Q
| m2 | CentOS-7.9 |
2 D. X i' z* A( I- @0 w% f# L. G" O5 n6 e5 G0 |4 d$ M
5 J5 N: K% J3 t* m$ T$ }0 h' O0 ?
$ l: V# N# S9 y: a; W) ]' Z4 d0 |2 ~0 O
172.168.10.101
| m2 | - | 运行 | | nova | 无 | 运行中 | 12 小时,14 分钟 | $ T$ n% J: y& E/ A6 _" b
|
2 n q( L9 }) ^
0 F, k" v5 E4 M# h( G. t$ e+ v
9 a; ?5 |7 K. \: B/ Y) {9 e分析排查思路:% m; Y# P1 j- I' e
' \) [6 p% c( q: @(1)检查neutron服务状态,确保dhcp服务正常运行:
' O0 p( `8 _& _7 i- X) H+ F4 j0 W4 [9 Z- q3 O
[root@controller ~]# neutron agent-list
7 I" a2 ~" b8 E2 O0 z1 aneutron CLI is deprecated and will be removed in the Z cycle. Use openstack CLI instead.3 [3 u% R+ }" y: \
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+0 r4 D1 G$ G2 I+ w. E8 W- C
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |/ }$ R, Q( p& [& i) ~ A4 V* Y
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+( S$ w- h- `$ d! S9 a. C
| 133d6414-7d3c-42f5-8422-90ab1c7f3721 | L3 agent | controller | nova | :-) | True | neutron-l3-agent |
2 Y& K% i) m8 c1 N- }: J| 2bfc7c83-94aa-4fdc-b7e2-055bb8db0f10 | Open vSwitch agent | compute01 | | :-) | True | neutron-openvswitch-agent |
# j7 y: e! I5 Z3 n& [( X& J3 {3 g| 4164d4b2-04f8-4d78-b514-351b1205d3ce | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
& k+ e# x d( V& r8 Z B) J| 53fa495d-8039-4580-b1cc-20414ef1303d | Open vSwitch agent | controller | | :-) | True | neutron-openvswitch-agent |, a. h0 a' `1 A% ?
| ef59abb4-35d0-48c6-876e-983ed713e2d4 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |$ C" G3 W) D2 I
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
2 ^' u* t X6 Y( ]. S/ x# a% c: l N# U( R- }
% d# i* K0 N! v! z: w* p
(2)查看dnsmsp进程:
! [" `' F& t' P1 ]/ n9 H9 G5 [* d
/ H M K; W# h& `( F1 U[root@controller ~]# ps -ef |grep dnsmasq l7 K: `/ c7 h
dnsmasq 3548 1 0 07:52 ? 00:00:00 dnsmasq --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/host --addn-hosts=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/opts --dhcp-leasefile=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/leases --dhcp-match=set:ipxe,175 --dhcp-userclass=set:ipxe6,iPXE --local-service --bind-dynamic --dhcp-range=set:subnet-ab92c638-b52e-4c32-8675-38b24f608b55,172.168.16.0,static,255.255.252.0,86400s --dhcp-option-force=option:mtu,1500 --dhcp-lease-max=1024 --conf-file=/dev/null --domain=openstacklocal
5 G, [9 i2 @9 b* h/ [: _dnsmasq 3553 1 0 07:52 ? 00:00:00 dnsmasq --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/host --addn-hosts=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/opts --dhcp-leasefile=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/leases --dhcp-match=set:ipxe,175 --dhcp-userclass=set:ipxe6,iPXE --local-service --bind-dynamic --dhcp-range=set:subnet-e7722a92-a4ab-439c-b7af-129133c310b2,172.168.8.0,static,255.255.248.0,86400s --dhcp-option-force=option:mtu,1500 --dhcp-lease-max=2048 --conf-file=/dev/null --domain=openstacklocal
! I9 o9 n* q2 proot 5024 2518 0 08:15 pts/0 00:00:00 grep --color=auto dnsmasq5 ^) s( o7 ] j, \/ ]5 p% t; w' L
$ Q% A2 l' l" I* k! G/ b2 ]
(3)检查ovs网桥中的 br-int 集成网桥是否有 tap口设备 连接到了dchp-agent 的 namesapce上
, N+ F) Z' c( @6 M/ j+ T0 s7 n$ R0 r* e
, ^+ F- s8 E% w9 e: x3 h% k[root@controller ~]# ovs-vsctl show
( F9 ~# ^6 L4 h4 k04659b20-7658-4782-abe5-84ee5f33282f$ H: @. w2 R3 \* E
Manager "ptcp:6640:0.0.0.0"1 `7 T [6 l) G! g9 I: o3 a [5 [
is_connected: true
/ J0 l7 h9 I, q& y0 T: h Manager "ptcp:6640:127.0.0.1"
; R$ Y* k* w' G- B/ c Bridge br-tun8 y! [) E; [, N# p6 x$ ^5 \* n
Controller "tcp:127.0.0.1:6633"! I3 b7 A: g; v, j/ L
is_connected: true
( P, v: O! d0 u! B7 k d7 T fail_mode: secure
/ t8 P: [- S0 H$ y# H1 G datapath_type: system/ K% [: k0 i6 j: }
Port br-tun
: t3 v. Q8 L0 C, F* ~ Interface br-tun
z, C! I5 s! O- ?6 p. J3 l9 C$ [' b type: internal% B: P6 L v* P S) l8 r C
Port patch-int7 }& |& @' p& x1 w& F7 @. c
Interface patch-int6 F5 j2 |7 A+ b) e4 v0 @
type: patch$ I% k6 P! L: U( ~
options: {peer=patch-tun}+ {1 n9 i7 s2 S" u' K) w& \
Bridge br-int
# [3 C( r* ^4 y; X. k Controller "tcp:127.0.0.1:6633"$ f- i. {$ @, f- h3 J
is_connected: true
& ]0 H/ j2 q" U* f; I( |) w, M fail_mode: secure
5 M+ F; Z8 {2 n2 r. s' Q datapath_type: system
' t; U( H% |6 ^4 r Port patch-tun% ^" u C h: i
Interface patch-tun
( s$ ]" y( @3 P: W7 N type: patch6 c$ H+ @1 r' P. s3 ^& Z9 Z Z
options: {peer=patch-int}& {! R2 x7 y9 e5 U) `
Port tapd2a5f73d-5b3 d+ E) W% E a# |1 ]* O! O
tag: 2
3 y# l7 ]2 w* X- o! x2 r Interface tapd2a5f73d-5b B9 H' n+ X2 |6 h6 j
type: internal3 {* c8 D9 Y0 f% V7 q. S
Port tapcee79ebe-a5
k8 i U4 {5 \% X tag: 1
# V0 V. q& x% H Interface tapcee79ebe-a5' h+ K. ]) A/ w
type: internal6 F* F, f% v! F- D f2 d- f3 ^" w" p
Port br-int, y; p9 o- e" t- F
Interface br-int6 V5 g9 ^8 G- a
type: internal5 P) B* e+ W& o) W
Port int-br-ex
, K: R# }+ g3 ] Interface int-br-ex" ?' E- q7 E! v) @
type: patch+ _1 K3 Y. J2 j! P0 s
options: {peer=phy-br-ex}5 M# M1 G- _8 t9 w; I( r
Bridge br-ex
6 I! N9 s0 _& s Controller "tcp:127.0.0.1:6633"
' @& ?" [. V0 p: j is_connected: true
' z+ z! f O8 n5 L; i# l3 A9 E# m fail_mode: secure! Q: B! w" a# V7 R/ m# [
datapath_type: system
9 u8 Z3 w9 @/ q7 g6 `+ m. T- x Port phy-br-ex7 t4 T# D/ d; m
Interface phy-br-ex
, f( I# M! o4 X, `0 R+ [ type: patch% r( c/ N' J& J* E7 d# T+ n
options: {peer=int-br-ex}# W9 e+ _1 |1 B2 M% e
Port enp7s0f08 P7 U/ `, Y2 O- Q: Z; G/ ^/ H
Interface enp7s0f0
& _% \2 n8 \8 E! E x! u2 U Port br-ex
& Q, c; B5 Z5 U, J+ S7 ~ Interface br-ex; | I- a6 S0 V
type: internal
' Y1 j+ J) {" C4 x' a6 j) Q ovs_version: "2.15.4"
: Y" @1 d: v, u3 q$ Y! O! r' l
, s/ M1 m! u6 C) b# s7 |2 `2 g
( D+ ^7 C* p5 E+ }6 E6 v9 N在dhcp命名空间中找到对应网络的 namespace 中找到 br-int 网桥上对应的 tap 设备,然后查看 ip 配置: / |; I3 s& a, q) f, v
5 {6 z& r% z* X8 { ]
) V) t/ U* I- Z( q* f
[root@controller ~]# ip netns show- x: O' D" L/ }# {8 {
qdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 (id: 1)
1 a: E1 {* d' e. t$ rqdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa (id: 0)
- B3 Q' `+ j8 b/ v
' L9 q/ d0 y5 N3 U# g[root@controller ~]# ip netns exec qdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa ip a
3 K+ A6 I+ @' E2 S! O1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000$ I, Y5 r0 n7 g
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
9 G% O, P+ T9 [* W) B$ T9 r inet 127.0.0.1/8 scope host lo2 K* B* U! @# o0 S
valid_lft forever preferred_lft forever$ Y' G2 n+ w9 ~5 d
inet6 ::1/128 scope host
5 C& N& q( Z* m valid_lft forever preferred_lft forever5 n; z4 J" e. [0 |7 x4 f
14: tapcee79ebe-a5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 10003 ?+ {, h, E( c/ T
link/ether fa:16:3e:0e:1b:80 brd ff:ff:ff:ff:ff:ff% D6 d+ f) {: d/ o; |% U. V
inet 172.168.9.2/21 brd 172.168.15.255 scope global tapcee79ebe-a5
& S6 p9 f! O7 }6 p0 ?6 P! R9 r valid_lft forever preferred_lft forever3 A& Z, f8 n# i2 { w `& I" a8 ^
inet 169.254.169.254/32 brd 169.254.169.254 scope global tapcee79ebe-a5
6 e" ^4 U6 M5 W% I& N" y b valid_lft forever preferred_lft forever5 L* c7 d! b6 V5 \4 k! K
inet6 fe80::a9fe:a9fe/64 scope link
% i) y+ E v" E) X7 Q+ G# R valid_lft forever preferred_lft forever# z7 e) T4 L& }* q {
inet6 fe80::f816:3eff:fe0e:1b80/64 scope link 4 }9 y/ X# K* i, I
valid_lft forever preferred_lft forever
) `* `7 c7 i, g* B4 ~
+ i! @$ X$ o3 [9 w ]- H# H6 N* j
3 z3 O+ J9 J& E" t3 B0 O& s( e定位问题:
* i/ e% m8 C% E6 I" S8 B通过上面排查,发现br-int 上是有tap口设备的,也已经连接到dhcp-namespace中,暂时没有找到问题的原因# K+ A% t' h& B3 ~/ A, J/ X4 E$ a
9 c# J0 [" e0 X! R
2 y3 P a k. M9 v( ^
! n6 ~$ e! r6 M7 g& G- t[root@controller ~]# ip netns exec qdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 ip a
/ y3 W+ ~4 A7 S/ A9 }- h' Z, j1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 X+ a% q& r8 q
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00' U$ y6 }$ t. V$ B7 [% W
inet 127.0.0.1/8 scope host lo. p! s1 U" O6 M5 y; E
valid_lft forever preferred_lft forever( j N' j" }) R
inet6 ::1/128 scope host
" N- u( w$ E$ u3 j, A$ | valid_lft forever preferred_lft forever2 l% g5 P9 I: {: }- S+ h, ^
15: tapd2a5f73d-5b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 10001 U. o% z: t# E( D" n- Q
link/ether fa:16:3e:22:dc:dd brd ff:ff:ff:ff:ff:ff
4 F" b \+ M& Q# i \8 \+ h7 C inet 172.168.16.1/22 brd 172.168.19.255 scope global tapd2a5f73d-5b5 r. K% u- V% g5 Q" Q9 Z
valid_lft forever preferred_lft forever( b+ t' O- D1 d
inet 169.254.169.254/32 brd 169.254.169.254 scope global tapd2a5f73d-5b
7 Y2 B) m3 b& Z" }2 P valid_lft forever preferred_lft forever2 }: B" R/ p$ o# i3 a/ {& r5 u
inet6 fe80::a9fe:a9fe/64 scope link
# Y# y3 l# j* K% H valid_lft forever preferred_lft forever8 r5 b% u6 e( q* q z# O
inet6 fe80::f816:3eff:fe22:dcdd/64 scope link
6 o. K" f7 Q/ E& ]& ~, F2 k3 z valid_lft forever preferred_lft forever
: q+ L I1 Y- s[root@controller ~]# ip netns exec qdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 ip a) G7 V* N, N: q6 b5 {7 W# ]" p
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 10008 l( z& \. q3 g# t X6 u9 e7 _
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002 w) L7 l& U' |+ e+ m, Z
inet 127.0.0.1/8 scope host lo; w; E) s3 v. R3 D* n
valid_lft forever preferred_lft forever
8 w ]5 J5 g. t1 ~ inet6 ::1/128 scope host
- `. ^9 ^7 p2 |1 {( m, ~* M8 L valid_lft forever preferred_lft forever) I/ {' U! ~4 S4 X7 m( }
15: tapd2a5f73d-5b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
7 e% W# a2 s U link/ether fa:16:3e:22:dc:dd brd ff:ff:ff:ff:ff:ff
# t/ @' `. u4 X% x1 q7 m9 x8 Y$ F inet 172.168.16.1/22 brd 172.168.19.255 scope global tapd2a5f73d-5b2 F4 {. J2 n6 J7 x" k- O7 \
valid_lft forever preferred_lft forever
; k1 `. v% L7 E5 Q" V! k inet 169.254.169.254/32 brd 169.254.169.254 scope global tapd2a5f73d-5b T7 B+ D; N1 w" g
valid_lft forever preferred_lft forever- G# F5 x) A9 z2 K" l) X& `; f+ C( f
inet6 fe80::a9fe:a9fe/64 scope link
+ C! b7 m( F( a$ ~3 n1 i valid_lft forever preferred_lft forever5 D4 h/ A1 f" C: b# L
inet6 fe80::f816:3eff:fe22:dcdd/64 scope link
' y3 T. J. X' F# J, U$ P3 S& ~3 [ valid_lft forever preferred_lft forever0 G; d0 |3 @" N5 D
[root@controller ~]# ip netns show' H2 [% z$ ^% `4 l. o c
qdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa (id: 0)
' C/ ]3 `' Z& F# pqdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 (id: 1)
. `- J1 X, D" ]9 |9 K! z[root@controller ~]# ip netns exec qdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa ip a5 _% t( e1 Z5 B$ M
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 10007 ^4 ^9 P5 i6 L* M" W3 d
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:003 v* r6 R+ e$ e- L/ Z
inet 127.0.0.1/8 scope host lo
8 H$ U& i) s0 _+ s+ W valid_lft forever preferred_lft forever$ d! M4 n t* j/ V3 d- j
inet6 ::1/128 scope host 6 i' c7 ^+ T. P- n
valid_lft forever preferred_lft forever
# g+ T$ R- T7 W& k, z* P# x M16: tapca61a844-c4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
! y# a0 z6 p: H- U2 X link/ether fa:16:3e:3f:e4:a4 brd ff:ff:ff:ff:ff:ff
- ^% Z+ B) e% z6 M inet 169.254.169.254/32 brd 169.254.169.254 scope global tapca61a844-c4
2 { ]' V N. n6 d4 r7 { n valid_lft forever preferred_lft forever
6 C( Y, g' Y& a- E- n inet 172.168.8.1/21 brd 172.168.15.255 scope global tapca61a844-c4
5 h3 G' p, o! _. ~. j valid_lft forever preferred_lft forever
3 P/ p$ G4 a3 V: ]3 K: r" n inet6 fe80::a9fe:a9fe/64 scope link
$ b3 R7 f; N. u8 S valid_lft forever preferred_lft forever
* F+ T0 t! V/ A8 A8 h inet6 fe80::f816:3eff:fe3f:e4a4/64 scope link
0 J' L& f) `, K valid_lft forever preferred_lft forever
' S, R* M5 V" V* ~) U0 H! }8 |) x4 ?0 S8 b! \7 {4 L: b
5 M7 J! _2 I$ ^+ h
, B7 S3 ] K% m% N" Q/ e, e
3 [/ I8 b* A/ x r4 O4 X
重启虚机,之后依然没有办法获取到IP地址。
8 K' e1 y4 c) y: u % E+ @" ?3 F; B* w- A; B# W* D
2 G0 L( D3 E+ m, w, O Q+ B- M
! J( h. w H' }1 i在创建虚拟机下发请求后,dnsmasq进程会给虚拟机分配好mac地址和ip地址,并写入到/var/lib/neutron/dhcp/network-id 目录下的host文件中。虚拟机在内网中发送广播来获取ip的过程中,dnsmasq 会监听到然后将host文件中的对应ip通过dchp-namespace分配给虚拟机。 所以,在虚拟机获取ip过程中,必须虚拟机发出的包可以到达dhcp-namespace 经过的虚拟网络设备都存在且正常工作。 如果没有在subnet中开启上述的dhcp功能,那就少了一个对应网络的name-sapce dhcp服务了,所以虚拟机获取不到 ip。 p, p( I$ {4 E0 ?
7 n5 n! A* K9 f( D
|
发表于 2022-5-23 08:10:18