马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
问题情况5 b) D5 k# `" c. U3 E9 @/ |8 W4 d( u
openstack xina版本创建虚机后,虚机在dashboard上获取到ip地址了,但打开虚机控制台之后,使用ip add 检查网络状态时,虚机内部并未获取到ip地址:* O/ u; ?9 D2 P$ k* V1 c
8 p$ Y6 c! `7 ]8 X8 A2 n[td][tr][/tr]| 正在显示 1 项 | ( N" G+ l1 S/ U- ~1 m5 |
| Instance Name | Image Name | IP Address | Flavor | Key Pair | Status |
# x& e3 B2 V, [1 o | Availability Zone | Task | Power State | Age | Actions | ' \8 e( S, j4 M3 f1 J/ d$ X
| m2 | CentOS-7.9 | 2 N7 F# h7 G4 o$ w
. J. }; W) \$ R; }7 k# G
; b9 ~8 b7 J% I! K0 l7 F/ p) v' ?; V* t
, q) C4 h; }5 k- H8 C9 N, X' r. o
172.168.10.101 | m2 | - | 运行 | | nova | 无 | 运行中 | 12 小时,14 分钟 |
: \9 \8 j# x! U2 g/ z+ E0 T2 o |
2 y9 _; e3 Q* y2 k1 ]9 t# P
2 E5 o7 I6 v; B7 H. d# }( K' R8 |# L* a* N. I( E* U
分析排查思路:
6 n0 R! r6 H, {% `% G5 A- s! v
6 _. l' t/ `$ e6 J4 |$ R8 ^(1)检查neutron服务状态,确保dhcp服务正常运行:
$ _8 Z. ^! Q& W, S. }6 o6 e3 E4 P5 J" M1 @3 y+ g s0 Z
[root@controller ~]# neutron agent-list 1 F0 O6 T D$ M$ F& N* q& W
neutron CLI is deprecated and will be removed in the Z cycle. Use openstack CLI instead.5 }* D. M! G9 z# I/ N
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
& n7 ]; C1 b; @) c' f2 X1 O| id | agent_type | host | availability_zone | alive | admin_state_up | binary |% ?, F4 T5 _+ C9 |1 H
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+/ @9 [8 Y9 }3 X
| 133d6414-7d3c-42f5-8422-90ab1c7f3721 | L3 agent | controller | nova | :-) | True | neutron-l3-agent |
+ J) B( |. G4 d3 L" w7 _| 2bfc7c83-94aa-4fdc-b7e2-055bb8db0f10 | Open vSwitch agent | compute01 | | :-) | True | neutron-openvswitch-agent |" L/ R, M) [% v5 Y5 I7 ]
| 4164d4b2-04f8-4d78-b514-351b1205d3ce | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
, E# n( {$ }+ k7 j5 m1 Q| 53fa495d-8039-4580-b1cc-20414ef1303d | Open vSwitch agent | controller | | :-) | True | neutron-openvswitch-agent |% U, Y' L, z8 B
| ef59abb4-35d0-48c6-876e-983ed713e2d4 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |! r: W8 F( m0 r& ?# w
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+) a. e& }3 P% P; ^
# v2 T4 w) `! b( O! u& e3 o
- X( M, a7 ]- A! h1 g; e& `(2)查看dnsmsp进程:
4 }1 X _( Y" R: _
; {* a" `3 |- h7 L7 s6 _5 x[root@controller ~]# ps -ef |grep dnsmasq- ^' N M4 q# y" R
dnsmasq 3548 1 0 07:52 ? 00:00:00 dnsmasq --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/host --addn-hosts=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/opts --dhcp-leasefile=/var/lib/neutron/dhcp/ef99d400-71e0-468f-a969-e5d63fd79dc3/leases --dhcp-match=set:ipxe,175 --dhcp-userclass=set:ipxe6,iPXE --local-service --bind-dynamic --dhcp-range=set:subnet-ab92c638-b52e-4c32-8675-38b24f608b55,172.168.16.0,static,255.255.252.0,86400s --dhcp-option-force=option:mtu,1500 --dhcp-lease-max=1024 --conf-file=/dev/null --domain=openstacklocal
5 q4 a1 L1 H, M: a9 M: V$ Gdnsmasq 3553 1 0 07:52 ? 00:00:00 dnsmasq --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/host --addn-hosts=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/opts --dhcp-leasefile=/var/lib/neutron/dhcp/b3fdf316-0089-4ef3-9674-bd8fd8d6edaa/leases --dhcp-match=set:ipxe,175 --dhcp-userclass=set:ipxe6,iPXE --local-service --bind-dynamic --dhcp-range=set:subnet-e7722a92-a4ab-439c-b7af-129133c310b2,172.168.8.0,static,255.255.248.0,86400s --dhcp-option-force=option:mtu,1500 --dhcp-lease-max=2048 --conf-file=/dev/null --domain=openstacklocal+ n* n+ ?! X) u- z8 r' { T
root 5024 2518 0 08:15 pts/0 00:00:00 grep --color=auto dnsmasq
* o Q5 C0 }2 {7 [- D) M4 }, R# F; G! T# ? k# B5 O8 P) k: n2 N
(3)检查ovs网桥中的 br-int 集成网桥是否有 tap口设备 连接到了dchp-agent 的 namesapce上 ! _# C& K. Z) _5 q
# j$ Z a# ~* w$ u
# h+ M; t k: U( v6 B[root@controller ~]# ovs-vsctl show ) g% ^& ]5 ]. Z: W: T$ {$ W$ w
04659b20-7658-4782-abe5-84ee5f33282f N! R6 }3 J7 _! i! D. e
Manager "ptcp:6640:0.0.0.0"$ ^/ r* @* X, q' [3 t- c
is_connected: true# S9 d% i: V4 j
Manager "ptcp:6640:127.0.0.1"
( g( R' _7 r8 v+ @ Bridge br-tun( |" A: u$ d. ~3 w1 u( ~% i+ L- i( V
Controller "tcp:127.0.0.1:6633"
6 r7 R7 B- U# ~! U7 P2 ?) ? is_connected: true
k% O) P: I: d% y9 N, x2 l8 r fail_mode: secure
* a( U! A1 ^9 W) x, h8 \! S" o datapath_type: system: K/ h; C; Q: c
Port br-tun; [* f1 R+ u# F4 `
Interface br-tun
4 b1 `: a: u5 G' ^1 S type: internal
- q0 S6 D4 T6 y( _2 v! p2 A Port patch-int- N) ~3 J! W/ s5 C( s/ B
Interface patch-int% S v/ j; A5 n! k/ g
type: patch
: c" o" T. u# Q n) Y+ E+ C' H5 F options: {peer=patch-tun}
' f8 P5 `( `, ~4 f, w' N Bridge br-int
, L- u' `3 z" r8 Q" o Controller "tcp:127.0.0.1:6633"2 D7 b: M9 ^& u- r: S
is_connected: true
$ a) i1 U& Y% D# u fail_mode: secure
9 u7 I" }/ f1 P0 Y" `1 r) \- z6 N datapath_type: system
5 z2 a2 ^" d! c1 v$ k Port patch-tun% L- x; K* [7 ~5 C6 D, G8 u: N
Interface patch-tun
4 Y# c/ @8 ]( h# N- X+ H type: patch
, p! I/ T; I1 N( [ options: {peer=patch-int}
- V. u/ d1 q7 f: w3 f Port tapd2a5f73d-5b0 |" b( y- W7 s. v
tag: 2/ H. b/ W- |0 j K$ h
Interface tapd2a5f73d-5b2 q' P" I$ x$ V R/ }; g! t
type: internal3 @0 F2 D1 i/ A: j0 [- l- i
Port tapcee79ebe-a5! e7 I: F4 U% f# t
tag: 1/ T) e1 f, l! r' v/ j& B& ? d
Interface tapcee79ebe-a5- r: N2 A$ i0 Y4 D0 C: L
type: internal- [+ m g* e! K& s1 K' R
Port br-int6 n1 g9 K3 R2 L" c# K; @9 D
Interface br-int
. [8 d+ Q8 j4 y/ l& a4 A type: internal
( x* j; T7 ?8 ]9 X% J, g Port int-br-ex9 S2 k; H# ?4 w4 F. v. L# q1 M5 z
Interface int-br-ex
, Y6 j0 {( c- m6 u9 K7 G( u type: patch
$ t5 |6 }8 q; U* {/ V options: {peer=phy-br-ex}6 m% M& X9 T3 Y! \( L* L* a
Bridge br-ex
) F& I# P7 e% p9 B- c5 t+ P4 w Controller "tcp:127.0.0.1:6633" ]5 Q4 H7 U: r; N. Y |# z ]0 s
is_connected: true
3 R( ~% A J( m" `8 i fail_mode: secure
3 s- L6 q7 c: O( h: g% u7 n" } datapath_type: system
# v( Q" b4 m8 ]/ t& w, N Port phy-br-ex5 D9 W& B! L8 j) g1 ~; ~! g
Interface phy-br-ex
; o8 A3 I) J! ~; N type: patch
+ f3 C: U' l, h. {/ l$ s% \7 V# x options: {peer=int-br-ex}
/ n/ T, u4 P, ~ M' a9 S Port enp7s0f0
6 K/ i- r" Y2 r0 `: @# n Interface enp7s0f0$ s- }2 o' E/ _- ^; S# ?- E( B
Port br-ex
n! P! T. b9 ]' z Interface br-ex
) J7 z t3 M2 d) f: U6 K type: internal
1 u, o3 ^! u/ J( [0 c7 j ovs_version: "2.15.4"4 M4 X( o. _7 b# z7 X: b
' x8 X. u1 w; s* D9 d) u( ?
$ ~$ g$ N( C; [) a; d3 \在dhcp命名空间中找到对应网络的 namespace 中找到 br-int 网桥上对应的 tap 设备,然后查看 ip 配置: - @& F" `4 k: n5 K+ e
! e9 \8 @; x" c
2 a7 d3 v, I6 n( [! y p5 U
[root@controller ~]# ip netns show
' q5 M# i5 ]# x7 L6 ~8 kqdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 (id: 1)1 f v) ^5 t7 r6 D" S7 S
qdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa (id: 0)4 l/ I( K) V8 e/ \
/ t% T* d# U- }( [8 w2 I
[root@controller ~]# ip netns exec qdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa ip a z# s& m X8 ~/ K& A4 Q1 C
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 10000 L" T9 h+ v& ?2 v
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
: Z5 C, D! i0 m2 A inet 127.0.0.1/8 scope host lo$ ]$ z$ z! b* A1 s1 `$ `' S: W$ c
valid_lft forever preferred_lft forever
% n4 K2 s% i, P! D6 w; O inet6 ::1/128 scope host
- R Q' q* C/ C9 r$ Q4 R T valid_lft forever preferred_lft forever
) x! P. k1 \9 r* c/ E/ e: c3 m" E& r14: tapcee79ebe-a5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000& q% A0 |/ e5 V W" \: ~
link/ether fa:16:3e:0e:1b:80 brd ff:ff:ff:ff:ff:ff2 s- _: y7 D( A; S {+ |
inet 172.168.9.2/21 brd 172.168.15.255 scope global tapcee79ebe-a53 ]7 H6 A+ L, G8 x
valid_lft forever preferred_lft forever; J; p6 W1 h& R# l W
inet 169.254.169.254/32 brd 169.254.169.254 scope global tapcee79ebe-a5
( A' d5 c% a( x* t x; | valid_lft forever preferred_lft forever
/ c; C/ L2 U. i O4 o inet6 fe80::a9fe:a9fe/64 scope link
8 |! l+ ^; v; J8 ^9 X valid_lft forever preferred_lft forever
$ p1 g# ^* w: k6 m* { inet6 fe80::f816:3eff:fe0e:1b80/64 scope link
7 _' f3 T5 ~$ A0 G valid_lft forever preferred_lft forever
" ]6 D7 d8 W0 Z7 I; s \! g
+ _8 y& w9 c+ L2 E7 V" P% x9 E
: w5 v1 p$ Y O- V- t定位问题:
b) Q) V( f& @8 E) @: x通过上面排查,发现br-int 上是有tap口设备的,也已经连接到dhcp-namespace中,暂时没有找到问题的原因! B( h, b9 U" I! S. t
4 \1 G9 R' O% Z
& R, F) z% \, C K
& g! Y. S' |0 a/ L[root@controller ~]# ip netns exec qdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 ip a! a0 W0 ]& d/ N) ^9 w% S
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
7 u7 ]. N* f3 y link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002 p3 Y) Q9 J8 u/ {6 f! E7 Q6 u
inet 127.0.0.1/8 scope host lo
4 p: ^ M+ c% }' m H1 p; X valid_lft forever preferred_lft forever: s9 {" C2 O1 U7 I- ]2 X7 e
inet6 ::1/128 scope host
# S% A3 U! G# ?- _6 z+ w valid_lft forever preferred_lft forever
1 P7 ]- o) c1 w2 Q" r, w15: tapd2a5f73d-5b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000# P! Z" L" `& I) ^0 ?" ]' Z' B
link/ether fa:16:3e:22:dc:dd brd ff:ff:ff:ff:ff:ff+ D- o' x3 G. N1 ]/ a" u B
inet 172.168.16.1/22 brd 172.168.19.255 scope global tapd2a5f73d-5b2 a# Y2 O& v+ Q/ u: E% a
valid_lft forever preferred_lft forever
/ P" _. N6 w3 z5 h' I inet 169.254.169.254/32 brd 169.254.169.254 scope global tapd2a5f73d-5b. H7 P/ M, R/ @
valid_lft forever preferred_lft forever7 ]3 {8 s5 [6 n, E: H! G( c, ~
inet6 fe80::a9fe:a9fe/64 scope link & _" u2 A' n' x- D& |& ^9 B% G
valid_lft forever preferred_lft forever2 [; x. r8 N9 [8 p- y; {
inet6 fe80::f816:3eff:fe22:dcdd/64 scope link
, ^0 t5 s0 L& z' m& P0 A/ Q+ k; T valid_lft forever preferred_lft forever5 y: Z" {! `* X& g- W
[root@controller ~]# ip netns exec qdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 ip a! {1 O% u! C/ c7 N" ]$ v8 Q* a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000- C- m1 o8 r9 @% G
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:007 M" A* I/ v0 y4 G: f Z
inet 127.0.0.1/8 scope host lo4 S: a, W0 a3 m% d
valid_lft forever preferred_lft forever6 t7 \1 C2 @2 Y% g" c0 V
inet6 ::1/128 scope host 1 ^' k" x. S( t1 {, ^6 o; @
valid_lft forever preferred_lft forever2 L6 o1 T+ B9 L2 Q: P" n
15: tapd2a5f73d-5b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 10004 R* z/ C( `4 F3 Y
link/ether fa:16:3e:22:dc:dd brd ff:ff:ff:ff:ff:ff
- @ t9 L, d: ]5 x2 q2 @% \! e! q inet 172.168.16.1/22 brd 172.168.19.255 scope global tapd2a5f73d-5b
. z& m/ u+ g! z% z, \ N T. ? valid_lft forever preferred_lft forever
/ T* w# o1 U. C inet 169.254.169.254/32 brd 169.254.169.254 scope global tapd2a5f73d-5b! m$ Y: ^! L- M6 e/ H7 w
valid_lft forever preferred_lft forever
/ M- Z* @ U% |1 t inet6 fe80::a9fe:a9fe/64 scope link 9 b4 y1 v1 h# X0 i2 R
valid_lft forever preferred_lft forever2 ^# g6 W" k& O3 S; b7 `* K# U
inet6 fe80::f816:3eff:fe22:dcdd/64 scope link 3 T+ D" Z1 a( G& p3 Z4 o1 P) E% l
valid_lft forever preferred_lft forever; t. ~, \6 J7 G- `6 \
[root@controller ~]# ip netns show$ r+ i2 S' |8 P* j
qdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa (id: 0)
. v1 E% ?2 }: `, Q$ c3 N% f, hqdhcp-ef99d400-71e0-468f-a969-e5d63fd79dc3 (id: 1)0 [- J+ g5 q$ F' o: {7 o
[root@controller ~]# ip netns exec qdhcp-b3fdf316-0089-4ef3-9674-bd8fd8d6edaa ip a
% |: z* L( X% E2 U. \+ g1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 10007 F) {9 C) q! U
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
. U A- T. K7 Z- U _% [ inet 127.0.0.1/8 scope host lo @: v3 l7 m8 ~7 B
valid_lft forever preferred_lft forever, E. t, R& Q0 W- G. \3 j* h
inet6 ::1/128 scope host
, |: [/ Y- h0 q+ H l% ? valid_lft forever preferred_lft forever
& P; w* P6 R A% `" }16: tapca61a844-c4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
! R, P& }, l' Y% _ link/ether fa:16:3e:3f:e4:a4 brd ff:ff:ff:ff:ff:ff8 F/ Q" c3 Q, Q; K- ?1 G. K3 m
inet 169.254.169.254/32 brd 169.254.169.254 scope global tapca61a844-c4$ w! u1 J% ^( X2 U, q
valid_lft forever preferred_lft forever0 _" P! V( C7 m, E2 V
inet 172.168.8.1/21 brd 172.168.15.255 scope global tapca61a844-c4
+ H( [2 i" K- S" W/ S( ? valid_lft forever preferred_lft forever- w& w. G4 p9 }# _" V
inet6 fe80::a9fe:a9fe/64 scope link
; l3 v% w7 G3 C valid_lft forever preferred_lft forever
; ?4 `/ {' j% N inet6 fe80::f816:3eff:fe3f:e4a4/64 scope link
w! l1 V2 J5 z9 h1 N l5 _. I valid_lft forever preferred_lft forever" h1 ]( h8 m7 p8 @9 n
0 f0 R1 m" l0 K& |) G
( X! s9 H" v$ j+ A$ u2 j7 E; \7 v' ]. T) z% z) o
& d& x- g' |- ~* T' P: f+ e3 R' \重启虚机,之后依然没有办法获取到IP地址。
) V$ X4 _# ^' Y7 Q# d: D- e5 h; s/ s. S7 c& h$ a
! W4 G0 Q+ P, e3 ~2 o. l
- [9 V: P, H! K a在创建虚拟机下发请求后,dnsmasq进程会给虚拟机分配好mac地址和ip地址,并写入到/var/lib/neutron/dhcp/network-id 目录下的host文件中。虚拟机在内网中发送广播来获取ip的过程中,dnsmasq 会监听到然后将host文件中的对应ip通过dchp-namespace分配给虚拟机。 所以,在虚拟机获取ip过程中,必须虚拟机发出的包可以到达dhcp-namespace 经过的虚拟网络设备都存在且正常工作。 如果没有在subnet中开启上述的dhcp功能,那就少了一个对应网络的name-sapce dhcp服务了,所以虚拟机获取不到 ip。
1 E( d) P- ~ _# I/ E, f$ T0 Q" G9 U2 i4 p# x$ G) R" T
|
/4 
窥视卡
雷达卡
发表于 2022-5-23 08:10:18
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主
