neutron

OpenStack Debug VPN connection

PROJECT_ID=9eaecf3b-0972-4166-806a-295f4e69fd3c
 
ROUTER_ID=$(openstack vpn service list --long -f json | jq -r ".[] | select(.Project == \"${PROJECT_ID}\").Router")
echo ${ROUTER_ID}
 
openstack port list --router ${ROUTER_ID} --device-owner network:ha_router_replicated_interface -c binding_host_id  -f value | sort -u
 
CONTROL_NODE=ewos1-ctl1-prod
ssh -t ${CONTROL_NODE} docker exec -u root -ti neutron_l3_agent bash
 
apt update
apt install -y vim
vi /var/lib/neutron/ipsec/${ROUTER_ID}/etc/strongswan.d/charon-logging.conf
 
charon {
    ...
    filelog {
        /var/log/vpn-debug-${ROUTER_ID}.log {
            append = no
            default = 2
            ike_name = yes
            time_add_ms = yes
            time_format = %b %e %T
        }
    }
    ...
}
 
 
ip netns exec qrouter-${ROUTER_ID} neutron-vpn-netns-wrapper \

Check OpenvSwitch

#!/bin/bash
 
export OS_ENV="@globals.environment@"
 
 
if [ "${OS_ENV}" == "dev" ]; then
    export PYENV_ROOT="$HOME/.pyenv"
    export PATH="$PYENV_ROOT/bin:$PATH"
    eval "$(pyenv init -)"
fi
 
source /etc/kolla/admin-openrc.sh
 
EXIT_CODE=0
 
# search for broken ovs entry in DB
for NODE in $(openstack compute service list -c Host -f value | sort -u); do
    OUTPUT=$(ssh ${NODE} docker exec openvswitch_vswitchd ovsdb-client dump | grep qvo | egrep -v "tag|mac" | cut -d "\"" -f2)
    for PORT in ${OUTPUT}; do
        printf "%-20s %s\n" "${NODE}" "${PORT}"
 
        EXIT_CODE=1

Create neutron probe

Install crudini

docker exec -ti -u root neutron_l3_agent apt update
docker exec -ti -u root neutron_l3_agent apt install -y crudini

Create configuration

docker exec -ti neutron_l3_agent bash
umask 077
cat /etc/neutron/neutron.conf > /etc/neutron/debug.ini
crudini --merge /etc/neutron/debug.ini < /etc/neutron/l3_agent.ini

Export credentials

unset HISTFILE
# cat /etc/kolla/admin-openrc.sh
# paste export OS_XXX

Get network ID

SERVER_ID=074e2a72-9bd7-488f-af3d-f45f3bc0b6e7
 
PORT_ID=$(openstack port list --server ${SERVER_ID} -c id -f value)
openstack port show ${PORT_ID} -c network_id -f value

Create probe

neutron-debug --config-file /etc/neutron/debug.ini probe-create ${NETWORK_ID}

Get probe port ID

OpenStack: port

Identify port by MAC

MAC=00:11:22:33:44:55
openstack port list --mac-address ${MAC}
 
SUBNET_ID=b07b6b7a-dfb2-4b58-82cb-1568da8990b3
openstack subnet show ${SUBNET_ID}
 
PROJECT_ID=701e329e-997d-4dfa-b0d0-27a51670ed2d
openstack project show ${PROJECT_ID}

Add security group to port

SERVER_ID=$(openstack server list --all-projects --name vm1-dev -c ID -f value)
openstack port list --server ${SERVER_ID}
PORT_ID=97006537-07b1-4d37-9e2e-3bb71ad23087
openstack port set --security-group 2060fc87-a1bf-4cf5-a497-f6c4b45cffcd ${PORT_ID}