马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
问题情况9 h/ f3 b+ c- u$ T b
openstack xina版本创建虚机后,虚机在dashboard上获取到ip地址了,但打开虚机控制台之后,使用ip add 检查网络状态时,虚机内部并未获取到ip地址:' J( k4 l5 x9 A7 W
- ?5 O0 f, \# s[td][tr][/tr]| 正在显示 1 项 | " q. f; R2 a g3 e, M& n
| Instance Name | Image Name | IP Address | Flavor | Key Pair | Status | : {% D1 v& L2 b; E h
| Availability Zone | Task | Power State | Age | Actions | 6 ?6 D, k1 n; G! I; [$ D
| m2 | CentOS-7.9 |
$ k; M: J5 A) Z7 ~5 u8 K
; i/ V2 Y! Q I* C* [7 P# Q; s. x1 d! `6 W# J; `
+ B# C# N, A+ r& n
1 d1 z1 G6 o& B1 W$ M9 P172.168.10.101
| m2 | - | 运行 | | nova | 无 | 运行中 | 12 小时,14 分钟 |
4 s8 j, g! ?4 _' m! H |
) Z: v# M: @1 `1 s4 @
( s9 ^2 ?1 M; _* ]: F0 W6 K
# ~( C" K2 N9 O* N ?分析排查思路:
0 f* _5 z9 P9 P
: N4 }9 \2 a ?(1)检查neutron服务状态,确保dhcp服务正常运行:3 o1 p# ~ \) Q2 v; C1 _
; z. I9 U8 @. {( U
[root@controller ~]# neutron agent-list & M5 {& L% ^& [2 B6 |
neutron CLI is deprecated and will be removed in the Z cycle. Use openstack CLI instead.
1 t1 q0 j$ |; y, t7 b+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+2 }$ Y. \8 a9 y7 _/ q
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
6 g' R7 s O5 q5 |$ d+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
% l0 E/ R) m/ s3 t| 133d6414-7d3c-42f5-8422-90ab1c7f3721 | L3 agent | controller | nova | :-) | True | neutron-l3-agent |8 m- L+ I. X1 d7 \* b" Z
| 2bfc7c83-94aa-4fdc-b7e2-055bb8db0f10 | Open vSwitch agent | compute01 | | :-) | True | neutron-openvswitch-agent |; T7 C8 L; R4 C# B: K8 _9 v
| 4164d4b2-04f8-4d78-b514-351b1205d3ce | Metadata agent | controller | | :-) | True | neutron-metadata-agent |7 c) j5 H0 @1 \( Z6 D
| 53fa495d-8039-4580-b1cc-20414ef1303d | Open vSwitch agent | controller | | :-) | True | neutron-openvswitch-agent |- N/ g3 ]+ [; {( m& F) d: n
| ef59abb4-35d0-48c6-876e-983ed713e2d4 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
+ k; T# u: P, y: c+ R$ \ n7 V+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
( K7 f) l% y) ]# |6 P
! @8 _0 ?3 M- d! \7 g4 q
2 i; O* t. Q( J8 P' w4 q% s(2)查看dnsmsp进程:$ G6 |) {# y3 M7 `7 E
0 j: X) F9 d+ h. y, q+ u[root@controller ~]# ps -ef |grep dnsmasq
1 c- T6 _/ V# v+ z0 ~ Jdnsmasq 3548 1 0 07:52 ? 00:00:00 dnsmasq --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/host --addn-hosts=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/opts --dhcp-leasefile=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/leases --dhcp-match=set:ipxe,175 --dhcp-userclass=set:ipxe6,iPXE --local-service --bind-dynamic --dhcp-range=set:subnet-ab92c638-b52e-4c32-8675-38b24f608b55,172.168.16.0,static,255.255.252.0,86400s --dhcp-option-force=option:mtu,1500 --dhcp-lease-max=1024 --conf-file=/dev/null --domain=openstacklocal/ Z' R7 X' Y. e' Y; \
dnsmasq 3553 1 0 07:52 ? 00:00:00 dnsmasq --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/host --addn-hosts=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/opts --dhcp-leasefile=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/leases --dhcp-match=set:ipxe,175 --dhcp-userclass=set:ipxe6,iPXE --local-service --bind-dynamic --dhcp-range=set:subnet-e7722a92-a4ab-439c-b7af-129133c310b2,172.168.8.0,static,255.255.248.0,86400s --dhcp-option-force=option:mtu,1500 --dhcp-lease-max=2048 --conf-file=/dev/null --domain=openstacklocal
( r4 q% A1 V' c5 y, b+ Uroot 5024 2518 0 08:15 pts/0 00:00:00 grep --color=auto dnsmasq& `) m/ A; x1 }! ^! ~
2 K: z1 G( W8 I5 t b( w
(3)检查ovs网桥中的 br-int 集成网桥是否有 tap口设备 连接到了dchp-agent 的 namesapce上 & m, L! t. T& Z. Q0 r# l
- R- Y6 e. s0 F
- e3 H# e7 H8 R3 h0 S[root@controller ~]# ovs-vsctl show ! u1 x0 l( A0 _8 l ]' f' r8 G
04659b20-7658-4782-abe5-84ee5f33282f# p, l* m0 L6 m7 K8 f
Manager "ptcp:6640:0.0.0.0"+ ^# r) D4 x+ r5 C9 i
is_connected: true
0 [( o8 `) f- I; g8 `7 ?% u Manager "ptcp:6640:127.0.0.1"
8 m' t* e. ^" z Bridge br-tun
6 L- D3 T1 Q4 {4 j( h Controller "tcp:127.0.0.1:6633"
" V5 h0 \. M! m) t# D is_connected: true
# e7 e4 A; Z1 h fail_mode: secure. d+ J. \( w3 n7 J5 Q6 I
datapath_type: system
6 X4 B6 F- J* V+ c# B0 r Port br-tun
9 ?: ]' D/ h6 g9 u) B$ d2 x Interface br-tun
! u) R( R/ w, z3 P) d Q! a& E" }" B type: internal$ C0 i5 k. `- W* I1 o ~% \, u
Port patch-int
* v2 `( U$ f( u: n% d Interface patch-int1 b, p* f" F" J% Z [
type: patch9 d$ Z9 J3 O9 m7 Z) R1 w
options: {peer=patch-tun}* V! {$ P( K4 o) b& {2 S
Bridge br-int# n9 m) e$ X- e
Controller "tcp:127.0.0.1:6633"
' Q9 A. k, M/ {+ s is_connected: true+ ^+ ]2 Z o3 }& M
fail_mode: secure i/ P. F4 |7 u' q) P
datapath_type: system
; S' r( `1 R+ U Port patch-tun
" b* w1 M2 O# b* ~9 _% z& m5 u* I Interface patch-tun0 K# H0 L+ k- F( _5 C$ q
type: patch0 h& Y$ V0 \( n. }, N
options: {peer=patch-int}
5 ]( H1 T7 ]5 X$ H, k% D' L Port tapd2a5f73d-5b1 G5 x( O/ n9 I) p5 f
tag: 2( J/ A+ s1 G" {& l& A7 U
Interface tapd2a5f73d-5b( f! C! `( ]( T3 w* v
type: internal
M7 }0 ~, n) f7 \ Port tapcee79ebe-a50 ^ B( R v4 F
tag: 1
& x4 @" i3 |- g9 J6 j Interface tapcee79ebe-a5
" k, w; K% g; `8 ]* I: Y type: internal% x) }7 C6 n U5 @4 }
Port br-int& W# _/ V. A/ m0 H" b1 E
Interface br-int
" o( a4 Y' `2 V1 k; g. u type: internal
$ [4 y" } n8 Z) ?4 P2 E" x Port int-br-ex* X( u" G1 C, x6 @
Interface int-br-ex
) a! d" f/ D/ I0 n- l6 w/ U type: patch
; o3 w# ?# u# x) D ]5 k* d: ] options: {peer=phy-br-ex}3 t6 g3 |" l/ N% l7 Q& d% k. F
Bridge br-ex
- l& Z+ o4 `& k Controller "tcp:127.0.0.1:6633"
! T6 H- I5 ?$ m, L6 k( W% a' ` is_connected: true
6 m/ v4 n8 H" t" y fail_mode: secure% _" X% w. w# }
datapath_type: system
' Q: _1 J" Q- q" g9 V Port phy-br-ex
, D$ s+ s+ z" W) z Interface phy-br-ex
* T( H/ \- z+ ^ type: patch% V' B' I0 x7 O1 ` c* i2 l
options: {peer=int-br-ex}/ [ B4 p3 D+ M: f. o: C0 Q" }. P
Port enp7s0f0% Z2 l) A7 p6 h7 n
Interface enp7s0f0
. t/ o( d, z7 Q1 @( }/ { Port br-ex
% @- c+ T" g" x. W, @" W# J Interface br-ex, l" b1 C0 Q7 P0 U l
type: internal: d3 j* I; j- d* D# i
ovs_version: "2.15.4"! I, Q- x, V, H' E F- t4 k6 C: ~
3 Z/ g7 n: p1 Z1 h a, j
+ m% p+ H7 _" f+ y7 U3 R/ I
在dhcp命名空间中找到对应网络的 namespace 中找到 br-int 网桥上对应的 tap 设备,然后查看 ip 配置:
( ]. f$ d S) B, Q1 \1 U L$ n0 Z2 Z: F$ c8 e2 G2 K4 s
$ Z( W N! t7 w4 N. ?7 L6 h i[root@controller ~]# ip netns show/ R$ y6 D' J) u) K6 l7 ^2 u
qdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 (id: 1)
+ N5 p6 }. M4 q3 x: A2 Yqdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa (id: 0)
3 C, z( l/ q2 e( g1 x$ Q7 V. x0 ]+ V$ @! X1 r+ U; d
[root@controller ~]# ip netns exec qdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa ip a/ Q2 w3 s" ^% z( C
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
7 U. a/ y# P+ i! C: v link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00. k0 k4 N) H+ K2 Q2 ]' L1 }
inet 127.0.0.1/8 scope host lo1 j: m' e$ q& o# c9 T7 T
valid_lft forever preferred_lft forever9 j5 g! o0 S! a
inet6 ::1/128 scope host ! I2 U' \/ ]/ e, c
valid_lft forever preferred_lft forever
& o5 {3 R8 i9 M' E14: tapcee79ebe-a5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
" j+ R( L1 u( ]( d) s* @ link/ether fa:16:3e:0e:1b:80 brd ff:ff:ff:ff:ff:ff, I1 u/ W* c6 H' O8 l! C; L5 {) A
inet 172.168.9.2/21 brd 172.168.15.255 scope global tapcee79ebe-a55 s- X( D# M9 d+ O8 X- {# f8 d
valid_lft forever preferred_lft forever
2 V: [& ^. x( A) v8 H$ v, d inet 169.254.169.254/32 brd 169.254.169.254 scope global tapcee79ebe-a5
6 N9 M. W4 _" C8 L1 h: D valid_lft forever preferred_lft forever @& I9 G( D/ V: M
inet6 fe80::a9fe:a9fe/64 scope link
; ]# `7 o: K# R valid_lft forever preferred_lft forever. s4 R, ]! m1 Z' {0 T
inet6 fe80::f816:3eff:fe0e:1b80/64 scope link
- e( r0 t) V5 [# o/ q v! T8 W valid_lft forever preferred_lft forever
, S8 n1 ]& m c4 q. [, V5 I; ~1 M$ C) a6 u5 r/ t' W) v* F# ?
( R8 J4 C% Q' ]+ H$ A* Z) C/ x定位问题:
* L# @# @+ w. n. o7 l5 b9 ~通过上面排查,发现br-int 上是有tap口设备的,也已经连接到dhcp-namespace中,暂时没有找到问题的原因( N4 T! s' w( `/ S Z
) v$ F/ H- E- F6 W
/ N1 f8 @2 F" ^
, H8 h. O7 R2 W# r: M/ U
[root@controller ~]# ip netns exec qdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 ip a
; z1 W" z# I7 z3 M1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
/ k& o, U5 O. j' M link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# K3 V5 ~# y$ x1 d7 v4 Y- Q( ?( \1 ~( ^ inet 127.0.0.1/8 scope host lo
& r. \( F0 L8 n5 P; Y valid_lft forever preferred_lft forever8 i+ h# \& ]2 n/ {# f1 J3 w3 \
inet6 ::1/128 scope host 5 V# a( J1 ]% x l- E7 C
valid_lft forever preferred_lft forever
o# }' ^! g) S15: tapd2a5f73d-5b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000% ]5 s' j+ F! B. I% u9 t. J
link/ether fa:16:3e:22:dc:dd brd ff:ff:ff:ff:ff:ff
/ E4 {3 T% S$ k* I inet 172.168.16.1/22 brd 172.168.19.255 scope global tapd2a5f73d-5b+ e( o- i, m$ U2 [6 D
valid_lft forever preferred_lft forever
: x1 U" d* `5 F. G- D. K* {: A d inet 169.254.169.254/32 brd 169.254.169.254 scope global tapd2a5f73d-5b
, Y8 l1 X7 _( `/ L valid_lft forever preferred_lft forever
* g* [9 C7 g7 \% s y1 G( x9 N inet6 fe80::a9fe:a9fe/64 scope link $ G& h% C. l( W1 k
valid_lft forever preferred_lft forever* i8 V7 ^ b$ N, O1 X
inet6 fe80::f816:3eff:fe22:dcdd/64 scope link , ?) \+ b) _1 B! I H/ O
valid_lft forever preferred_lft forever1 a! {- {8 n! k& X) v, S6 {
[root@controller ~]# ip netns exec qdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 ip a* @6 W- ?/ A$ V6 i: s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000/ G% T9 i5 d+ ]# R( Z- J6 k
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00" [7 W) N g( [$ ^% B/ j7 w1 p
inet 127.0.0.1/8 scope host lo( T$ [2 M( P& ^4 l- m
valid_lft forever preferred_lft forever& z2 ~0 n' J# J8 d: D8 H. h$ b
inet6 ::1/128 scope host
# ~. c2 n# K% w* V valid_lft forever preferred_lft forever5 s6 q% b% f0 R, j s
15: tapd2a5f73d-5b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 10002 r+ X( _1 O! J
link/ether fa:16:3e:22:dc:dd brd ff:ff:ff:ff:ff:ff6 {2 W& t5 V0 A9 v& k- V+ {" R
inet 172.168.16.1/22 brd 172.168.19.255 scope global tapd2a5f73d-5b) i, x4 K2 x8 E/ ^
valid_lft forever preferred_lft forever! ^4 N8 P7 @ {% c6 l% u
inet 169.254.169.254/32 brd 169.254.169.254 scope global tapd2a5f73d-5b
8 x8 e" r. O0 L- ^" x* P' l! O valid_lft forever preferred_lft forever( u4 c& J7 H0 e6 Q: c6 `4 V
inet6 fe80::a9fe:a9fe/64 scope link ' k& g5 \* Y; ?6 ]7 O) B( ^2 ]
valid_lft forever preferred_lft forever) K# w0 [/ Z7 _4 J+ D" {, [. S
inet6 fe80::f816:3eff:fe22:dcdd/64 scope link
% }7 h G8 R/ Y2 \: P2 r' c+ I valid_lft forever preferred_lft forever
" Z0 i' o7 \5 }; T[root@controller ~]# ip netns show( V' u1 k9 ^. P
qdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa (id: 0)
$ E2 X4 c: s! w" N aqdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 (id: 1)' e8 G( p6 J. }! k9 r3 L) W( d" U
[root@controller ~]# ip netns exec qdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa ip a" Z1 b0 J; M4 t u" P
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000; [: M3 x/ X/ H( A, W5 ?4 V
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00, @: q; P: e& ~% ]! X( g$ \
inet 127.0.0.1/8 scope host lo4 U C5 ~' a/ q
valid_lft forever preferred_lft forever' ]; ~9 n, f4 [$ t
inet6 ::1/128 scope host 7 G" x3 d+ I. a0 m. M. B
valid_lft forever preferred_lft forever" d( k& _4 {4 T; ^) n! S. ]2 R
16: tapca61a844-c4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 10007 X# _! j0 d T* _
link/ether fa:16:3e:3f:e4:a4 brd ff:ff:ff:ff:ff:ff7 m3 a( p; O; J# x- m
inet 169.254.169.254/32 brd 169.254.169.254 scope global tapca61a844-c4
" v; R5 m2 {5 _3 R: s2 k valid_lft forever preferred_lft forever
9 G. y7 K h# S4 Z0 T' n- E3 i& L inet 172.168.8.1/21 brd 172.168.15.255 scope global tapca61a844-c4" F8 m$ y8 S* }" E7 D; b! X5 h7 T1 ?
valid_lft forever preferred_lft forever
9 W* s1 I" q' W B0 U/ V% E3 P* a: v inet6 fe80::a9fe:a9fe/64 scope link
0 h, l7 m; |6 {( g) U4 l' b valid_lft forever preferred_lft forever
8 V1 B: D, G6 L0 {0 {! `' _9 [ inet6 fe80::f816:3eff:fe3f:e4a4/64 scope link 5 e+ ~3 W2 i* a. I% W$ Q
valid_lft forever preferred_lft forever8 k* l! Q6 L& O& i% q
& j: |% e& g* {% f
/ b5 O$ e0 S: Z, W
% i! e$ W' ^: e/ a, }6 |5 n
. A c* P+ S3 ~8 t1 T
重启虚机,之后依然没有办法获取到IP地址。! E( p) i/ }1 a: g
7 `; j6 f; D4 ?( a! l# S- G! a, k7 f6 [& x6 ^
% ^; A" M* e( L9 e4 E7 ] V在创建虚拟机下发请求后,dnsmasq进程会给虚拟机分配好mac地址和ip地址,并写入到/var/lib/neutron/dhcp/network-id 目录下的host文件中。虚拟机在内网中发送广播来获取ip的过程中,dnsmasq 会监听到然后将host文件中的对应ip通过dchp-namespace分配给虚拟机。 所以,在虚拟机获取ip过程中,必须虚拟机发出的包可以到达dhcp-namespace 经过的虚拟网络设备都存在且正常工作。 如果没有在subnet中开启上述的dhcp功能,那就少了一个对应网络的name-sapce dhcp服务了,所以虚拟机获取不到 ip。
% s8 [2 W9 }- B1 v
9 L) g3 q! P) i9 z; k" c2 p P. J9 p& j |
/4 
窥视卡
雷达卡
发表于 2022-5-23 08:10:18
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主
