[openstack-ansible] Cannot connect to proxy server from infra1-repo-container

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[openstack-ansible] Cannot connect to proxy server from infra1-repo-container

Goutham Pratapa
Hi,

We are trying test environment deployment with OpenStack-ansible pike release. After executing setup-hosts.yaml, the lxc-containers were created. We have an issue while doing
apt-get update in infra-repo-container as it couldn't connect to the proxy server.
The strange thing is that the infra-repo-container is not showing ip on any interface when checked with ip r.

Could you please help us with this issue. Below are some logs on the container and on the host.

E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/main/binary-amd64/Packages  Something wicked happened resolving 'xx.xx.xx.xx:8080' (-9 - Address family for hostname not supported)

root@infra1-repo-container-a7a137c4:/# ping xx.xx.xx.xx (proxy server)
connect: Network is unreachable


On Container:

root@infra1-repo-container-a7a137c4:/# cat /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# LXC interface, this is ALWAYS assumed to be DHCP.
auto eth0
iface eth0 inet dhcp
# Load any additional configs
source /etc/network/interfaces.d/*.
cfg

root@infra1-repo-container-
a7a137c4:/# cat /etc/network/interfaces.d/eth1.cfg
# Ansible managed

### start generated network for [ eth1 ] ###
auto eth1
iface eth1 inet static
    address 192.168.124.126
    netmask 255.255.255.0
    mtu 1500
    post-up sysctl -w net.ipv4.conf.$IFACE.arp_
notify=1
    post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address)
### end generated network for [ eth1 ] ###
root@infra1-repo-container-
a7a137c4:/# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

On host:

root@ubuntu:/home/ansible# ifconfig lxcbr0
lxcbr0    Link encap:Ethernet  HWaddr fe:02:f2:ff:bd:86
          inet addr:10.0.3.1  Bcast:10.0.3.255  Mask:255.255.255.0
          inet6 addr: fe80::a085:76ff:febb:401d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:691 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:181224 (181.2 KB)  TX bytes:828 (828.0 B)
root@ubuntu:/home/ansible# ip r
default via 192.168.124.1 dev eno1
10.0.3.0/24 dev lxcbr0  proto kernel  scope link  src 10.0.3.1
192.168.124.0/24 dev eno1  proto kernel  scope link  src 192.168.124.28
192.168.124.0/24 dev br-mgmt  proto kernel  scope link  src 192.168.124.28


Thanks in advance...

--
Thanks !!!
Goutham Pratapa

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [hidden email]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Reply | Threaded
Open this post in threaded view
|

Re: [E] [openstack-ansible] Cannot connect to proxy server from infra1-repo-container

Gordon, Kent S
On Thu, Dec 7, 2017 at 3:24 AM, Goutham Pratapa
<[hidden email]> wrote:

> Hi,
>
> We are trying test environment deployment with OpenStack-ansible pike
> release. After executing setup-hosts.yaml, the lxc-containers were created.
> We have an issue while doing
> apt-get update in infra-repo-container as it couldn't connect to the proxy
> server.
> The strange thing is that the infra-repo-container is not showing ip on any
> interface when checked with ip r.
>
> Could you please help us with this issue. Below are some logs on the
> container and on the host.
>
> E: Failed to fetch
> http://security.ubuntu.com/ubuntu/dists/xenial-security/main/binary-amd64/Packages
> Something wicked happened resolving 'xx.xx.xx.xx:8080' (-9 - Address family
> for hostname not supported)
>
> root@infra1-repo-container-a7a137c4:/# ping xx.xx.xx.xx (proxy server)
> connect: Network is unreachable
>
> On Container:
>
> root@infra1-repo-container-a7a137c4:/# cat /etc/network/interfaces
> # The loopback network interface
> auto lo
> iface lo inet loopback
> # LXC interface, this is ALWAYS assumed to be DHCP.
> auto eth0
> iface eth0 inet dhcp
> # Load any additional configs
> source /etc/network/interfaces.d/*.cfg
>
> root@infra1-repo-container-a7a137c4:/# cat
> /etc/network/interfaces.d/eth1.cfg
> # Ansible managed
>
> ### start generated network for [ eth1 ] ###
> auto eth1
> iface eth1 inet static
>     address 192.168.124.126
>     netmask 255.255.255.0
>     mtu 1500
>     post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1
>     post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address)
> ### end generated network for [ eth1 ] ###
> root@infra1-repo-container-a7a137c4:/# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
>
> On host:
>
> root@ubuntu:/home/ansible# ifconfig lxcbr0
> lxcbr0    Link encap:Ethernet  HWaddr fe:02:f2:ff:bd:86
>           inet addr:10.0.3.1  Bcast:10.0.3.255  Mask:255.255.255.0
>           inet6 addr: fe80::a085:76ff:febb:401d/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:691 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:181224 (181.2 KB)  TX bytes:828 (828.0 B)
> root@ubuntu:/home/ansible# ip r
> default via 192.168.124.1 dev eno1
> 10.0.3.0/24 dev lxcbr0  proto kernel  scope link  src 10.0.3.1
> 192.168.124.0/24 dev eno1  proto kernel  scope link  src 192.168.124.28
> 192.168.124.0/24 dev br-mgmt  proto kernel  scope link  src 192.168.124.28
>
>
> Thanks in advance...
>
> --
> Thanks !!!
> Goutham Pratapa
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: [hidden email]?subject:unsubscribe
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openstack.org_cgi-2Dbin_mailman_listinfo_openstack-2Ddev&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=Xkn6r0Olgrmyl97VKakpX0o-JiB_old4u22bFbcLdRo&m=WEmA5tlLT-4nxWR8GoeTS7dM7n6BX52-5ELlKu5-o4c&s=RjnZBhACZLdykt8ETppf88EEKeePLRoCWZYV060iJw8&e=
>

Is a AIO or multi host setup?

I have found places in openstack ansible that bypass the proxy server variables.
My memory was is that it was using systemd to fetch files in certain
cases and that systemd did not honor proxy variables.
I have ended up using a secondary proxy on the deployment host along
with a NAT setup
on the deployment host that made sure to send external requests to the proxy.



--
Kent S. Gordon
[hidden email] Work:682-831-3601 Mobile: 817-905-6518

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [hidden email]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Reply | Threaded
Open this post in threaded view
|

Re: [E] [openstack-ansible] Cannot connect to proxy server from infra1-repo-container

Jean-philippe Evrard
On 7 December 2017 at 14:02, Gordon, Kent S
<[hidden email]> wrote:

> On Thu, Dec 7, 2017 at 3:24 AM, Goutham Pratapa
> <[hidden email]> wrote:
>> Hi,
>>
>> We are trying test environment deployment with OpenStack-ansible pike
>> release. After executing setup-hosts.yaml, the lxc-containers were created.
>> We have an issue while doing
>> apt-get update in infra-repo-container as it couldn't connect to the proxy
>> server.
>> The strange thing is that the infra-repo-container is not showing ip on any
>> interface when checked with ip r.
>>
>> Could you please help us with this issue. Below are some logs on the
>> container and on the host.
>>
>> E: Failed to fetch
>> http://security.ubuntu.com/ubuntu/dists/xenial-security/main/binary-amd64/Packages
>> Something wicked happened resolving 'xx.xx.xx.xx:8080' (-9 - Address family
>> for hostname not supported)
>>
>> root@infra1-repo-container-a7a137c4:/# ping xx.xx.xx.xx (proxy server)
>> connect: Network is unreachable
>>
>> On Container:
>>
>> root@infra1-repo-container-a7a137c4:/# cat /etc/network/interfaces
>> # The loopback network interface
>> auto lo
>> iface lo inet loopback
>> # LXC interface, this is ALWAYS assumed to be DHCP.
>> auto eth0
>> iface eth0 inet dhcp
>> # Load any additional configs
>> source /etc/network/interfaces.d/*.cfg
>>
>> root@infra1-repo-container-a7a137c4:/# cat
>> /etc/network/interfaces.d/eth1.cfg
>> # Ansible managed
>>
>> ### start generated network for [ eth1 ] ###
>> auto eth1
>> iface eth1 inet static
>>     address 192.168.124.126
>>     netmask 255.255.255.0
>>     mtu 1500
>>     post-up sysctl -w net.ipv4.conf.$IFACE.arp_notify=1
>>     post-up ip link set $IFACE address $(cat /sys/class/net/$IFACE/address)
>> ### end generated network for [ eth1 ] ###
>> root@infra1-repo-container-a7a137c4:/# route -n
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags Metric Ref    Use
>> Iface
>>
>> On host:
>>
>> root@ubuntu:/home/ansible# ifconfig lxcbr0
>> lxcbr0    Link encap:Ethernet  HWaddr fe:02:f2:ff:bd:86
>>           inet addr:10.0.3.1  Bcast:10.0.3.255  Mask:255.255.255.0
>>           inet6 addr: fe80::a085:76ff:febb:401d/64 Scope:Link
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>           RX packets:691 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:1000
>>           RX bytes:181224 (181.2 KB)  TX bytes:828 (828.0 B)
>> root@ubuntu:/home/ansible# ip r
>> default via 192.168.124.1 dev eno1
>> 10.0.3.0/24 dev lxcbr0  proto kernel  scope link  src 10.0.3.1
>> 192.168.124.0/24 dev eno1  proto kernel  scope link  src 192.168.124.28
>> 192.168.124.0/24 dev br-mgmt  proto kernel  scope link  src 192.168.124.28
>>
>>
>> Thanks in advance...
>>
>> --
>> Thanks !!!
>> Goutham Pratapa
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: [hidden email]?subject:unsubscribe
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openstack.org_cgi-2Dbin_mailman_listinfo_openstack-2Ddev&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=Xkn6r0Olgrmyl97VKakpX0o-JiB_old4u22bFbcLdRo&m=WEmA5tlLT-4nxWR8GoeTS7dM7n6BX52-5ELlKu5-o4c&s=RjnZBhACZLdykt8ETppf88EEKeePLRoCWZYV060iJw8&e=
>>
>
> Is a AIO or multi host setup?
>
> I have found places in openstack ansible that bypass the proxy server variables.
> My memory was is that it was using systemd to fetch files in certain
> cases and that systemd did not honor proxy variables.
> I have ended up using a secondary proxy on the deployment host along
> with a NAT setup
> on the deployment host that made sure to send external requests to the proxy.
>
>
>
> --
> Kent S. Gordon
> [hidden email] Work:682-831-3601 Mobile: 817-905-6518
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: [hidden email]?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Could you show your bridges on the host too? And your openstack_user_config.yml?
When the repo-server gets installed, it installs a reverse proxy. All
the nodes are then configured to use the repo server(s).
So all the nodes need to reach it, on the management network.

Here you are a little early in the steps, you can't install the repo
server because you don't have connectivity in your containers. That
shouldn't happen. You have maybe a misconfiguration, or something
happened to your containers that ended up with no IP assigned on the
containers.
Maybe try to restart your repo container, see if it works better. Else
I'd advise to debug this problem a little more in depth.

You could join us on our irc channel #openstack-ansible for help.

Best regards,
Jean-Philippe Evrard (evrardjp)

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [hidden email]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev