DockerHttpdSite and DockerNginxSite are not accessible after deployment

Bug #1626999 reported by Dmytro Dovbii on 2016-09-23
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
k8s-docker-suite-app-murano
High
Dmytro Dovbii

Bug Description

After switching to calico network, there is no connection with the Internet from containers inside Pods. As a result example docker apps, which require Internet connection like HTTPdSite and NginxSite do not work, despite the fact that there are no errors in murano deployment logs.

Dmytro Dovbii (ddovbii) wrote :

the commit https://review.openstack.org/#/c/375369/ resolves the issue only partly. After enabling Internet connection, containers still can not accees github

Changed in k8s-docker-suite-app-murano:
importance: Undecided → High

Change abandoned by Sergey Kraynev (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/375549

Reviewed: https://review.openstack.org/375369
Committed: https://git.openstack.org/cgit/openstack/k8s-docker-suite-app-murano/commit/?id=3927be4a5964222db97d2eef755709541e514ccc
Submitter: Jenkins
Branch: master

commit 3927be4a5964222db97d2eef755709541e514ccc
Author: Dmytro Dovbii <email address hidden>
Date: Fri Sep 23 13:06:55 2016 +0300

    Enable access to the Internet in case if Calico is used

    Partial-Bug: #1626999
    Change-Id: I360feec9cbb2b135866279b526b87349534d48fa

Reviewed: https://review.openstack.org/375549
Committed: https://git.openstack.org/cgit/openstack/k8s-docker-suite-app-murano/commit/?id=e82f8cdad8d6ac1d19e04a9269963c83fe9d91eb
Submitter: Jenkins
Branch: stable/mitaka

commit e82f8cdad8d6ac1d19e04a9269963c83fe9d91eb
Author: Dmytro Dovbii <email address hidden>
Date: Fri Sep 23 13:06:55 2016 +0300

    Enable access to the Internet in case if Calico is used

    Partial-Bug: #1626999
    Change-Id: I360feec9cbb2b135866279b526b87349534d48fa
    (cherry picked from commit 3927be4a5964222db97d2eef755709541e514ccc)

tags: added: in-stable-mitaka
Dmytro Dovbii (ddovbii) wrote :

We need to use newer version of Calico to have ability to configure mtu in config

Changed in k8s-docker-suite-app-murano:
assignee: nobody → Dmytro Dovbii (ddovbii)
Artem Silenkov (asilenkov) wrote :

Yes, Murano spawns VM with MTU lower then calico uses by default.
It could lead to unpredictable network issues. Eg: github is hardly accessible.

Version of calico-cni that MCP uses (1.3) is unable to configure MTU for calico nodes. It is hardcoded to 1500.

We should use calico-cni version greater or equal to 1.4

https://github.com/projectcalico/calico-cni/blob/v1.4.0/utils/types.go#L55

Artem Silenkov (asilenkov) wrote :

root@murano-olebkitk3uzf58-kube-2-jrkh7w7scevu:~# ip a | grep cali
5: cali714288cb44c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1360 qdisc noqueue state UP group default

---

root@murano-olebkitk3uzf58-kube-2-jrkh7w7scevu:~# cat /etc/cni/net.d/10-calico.conf
{
    "name": "calico-k8s-net",
    "type": "calico",
    "mtu": 1360,
    "etcd_authority": "10.0.21.12:2379",
    "kubernetes": {
        "k8s_api_root": "http://10.0.21.10:8080"
    },
    "ipam": {
        "type": "calico-ipam"
    }
}
---
root@murano-olebkitk3uzf58-kube-2-jrkh7w7scevu:~# ip a | grep mtu
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc pfifo_fast state UP group default qlen 1000
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
5: cali714288cb44c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1360 qdisc noqueue state UP group default

---
root@murano-olebkitk3uzf58-kube-2-jrkh7w7scevu:~# git clone https://github.com/sn00p/artifactory.git
Cloning into 'artifactory'...
remote: Counting objects: 45, done.
Unpacking objects: 100% (45/45), done.
remote: Total 45 (delta 0), reused 0 (delta 0), pack-reused 45
Checking connectivity... done.

calico v1.4 + calico-cni v1.4 + calico-node v0.22.0 fixed all isues with github and MTU

Changed in k8s-docker-suite-app-murano:
status: New → Fix Committed

Reviewed: https://review.openstack.org/377042
Committed: https://git.openstack.org/cgit/openstack/k8s-docker-suite-app-murano/commit/?id=d52a7d28c79c0ce1524710f7925c9aa09cbac6cc
Submitter: Jenkins
Branch: master

commit d52a7d28c79c0ce1524710f7925c9aa09cbac6cc
Author: Artem Silenkov <email address hidden>
Date: Mon Sep 26 22:02:11 2016 +0300

    [kubernetes][app] Modify calico.conf for new version

      - MTU added as param
      - Config refactored for calico ge 1.4
      - MASTER_IP added

    Murano spawns VM with MTU set for 1400. We should use use lower setting
    for calico mesh network.

    Closes-Bug: #1626999

    Change-Id: I77efb3ae2abaf7c2705524b6e8b78e83c30f34e3

Changed in k8s-docker-suite-app-murano:
status: Fix Committed → Fix Released

Reviewed: https://review.openstack.org/377375
Committed: https://git.openstack.org/cgit/openstack/k8s-docker-suite-app-murano/commit/?id=69fe10a2daa2dc0dc05d9f9fa94f5b0b4889c16b
Submitter: Jenkins
Branch: stable/mitaka

commit 69fe10a2daa2dc0dc05d9f9fa94f5b0b4889c16b
Author: Artem Silenkov <email address hidden>
Date: Mon Sep 26 22:02:11 2016 +0300

    [kubernetes][app] Modify calico.conf for new version

      - MTU added as param
      - Config refactored for calico ge 1.4
      - MASTER_IP added

    Murano spawns VM with MTU set for 1400. We should use use lower setting
    for calico mesh network.

    Closes-Bug: #1626999

    Change-Id: I77efb3ae2abaf7c2705524b6e8b78e83c30f34e3
    (cherry picked from commit d52a7d28c79c0ce1524710f7925c9aa09cbac6cc)

Changed in k8s-docker-suite-app-murano:
milestone: none → 1.0.0
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers