failed to get ip from ironic_dnsmasq container
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla |
Expired
|
Undecided
|
Unassigned |
Bug Description
Hi Guys,
I found a ironic node failed to get ip from ironic_dnsmasq container when pxe booting.
but If I run dnsmasq service in host instead of docker container, the issue didn't appear.
my host named "kode4" is a kvm vm, info is as following:
[root@kode4 ironic-dnsmasq]# docker ps | grep dnsmasq
279b394f3bab 192.168.
[root@kode4 ironic-dnsmasq]# cat dnsmasq.conf
port=0
interface=provision
dhcp-range=
dhcp-sequential-ip
dhcp-match=ipxe,175
# Client is running iPXE; move to next stage of chainloading
dhcp-boot=tag:ipxe,http://
I capture traffic on host "kode4", and found it didn't appear any response packets from dhcp server.
[root@kode4 ~]# tcpdump -i any port 67 or port 68 -enn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
07:36:09.808533 B 52:54:00:19:3e:49 ethertype IPv4 (0x0800), length 440: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:19:3e:49, length 396
07:36:09.808804 B 52:54:00:19:3e:49 ethertype IPv4 (0x0800), length 440: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:19:3e:49, length 396
07:36:13.716886 B 52:54:00:19:3e:49 ethertype IPv4 (0x0800), length 440: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:19:3e:49, length 396
07:36:13.716886 B 52:54:00:19:3e:49 ethertype IPv4 (0x0800), length 440: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:19:3e:49, length 396
07:36:21.626177 B 52:54:00:19:3e:49 ethertype IPv4 (0x0800), length 440: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:19:3e:49, length 396
07:36:21.626177 B 52:54:00:19:3e:49 ethertype IPv4 (0x0800), length 440: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:19:3e:49, length 396
07:36:37.444903 B 52:54:00:19:3e:49 ethertype IPv4 (0x0800), length 440: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:19:3e:49, length 396
07:36:37.445257 B 52:54:00:19:3e:49 ethertype IPv4 (0x0800), length 440: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:19:3e:49, length 396
but container's log show it has been send out dhcp response packet.
[root@kode4 ironic-dnsmasq]# docker logs -f ironic_dnsmasq
INFO:__
INFO:__
INFO:__main__:Kolla config strategy set to: COPY_ALWAYS
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
INFO:__
Running command: 'dnsmasq --no-daemon --conf-
dnsmasq: started, version 2.66 DNS disabled
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth
dnsmasq-dhcp: DHCP, IP range 192.168.103.110 -- 192.168.103.200, lease time 12h
dnsmasq-dhcp: DHCPDISCOVER(
dnsmasq-dhcp: DHCPOFFER(
dnsmasq-dhcp: DHCPDISCOVER(
dnsmasq-dhcp: DHCPOFFER(
dnsmasq-dhcp: DHCPDISCOVER(
dnsmasq-dhcp: DHCPOFFER(
dnsmasq-dhcp: DHCPDISCOVER(
dnsmasq-dhcp: DHCPOFFER(
I'm sure ironic_dnsmasq is listening port 67.
[root@kode4 ~]# netstat -anlp | grep :67
udp 0 0 0.0.0.0:67 0.0.0.0:* 11260/dnsmasq
[root@kode4 ~]# docker inspect ironic_dnsmasq | grep -i pid
"Pid": 11248,
[root@kode4 ~]# ps -elf |grep 11248
4 S root 11248 11233 0 80 0 - 48 sigtim 07:34 pts/10 00:00:00 /usr/local/
4 S root 11260 11248 0 80 0 - 3880 poll_s 07:34 ? 00:00:00 dnsmasq --no-daemon --conf-
0 S root 11860 9641 0 80 0 - 28163 pipe_w 07:50 pts/5 00:00:00 grep --color=auto 11248
I suspect it is caused by firewall, so flush all iptable rules but the issue still be existed.
[root@kode4 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 133K packets, 19M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 129K packets, 17M bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (0 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION (0 references)
pkts bytes target prot opt in out source destination
Chain ironic-inspector (0 references)
pkts bytes target prot opt in out source destination
Chain neutron-filter-top (0 references)
pkts bytes target prot opt in out source destination
Chain neutron-
pkts bytes target prot opt in out source destination
Chain neutron-
pkts bytes target prot opt in out source destination
Chain neutron-
pkts bytes target prot opt in out source destination
Chain neutron-
pkts bytes target prot opt in out source destination
Chain neutron-
pkts bytes target prot opt in out source destination
Chain neutron-
pkts bytes target prot opt in out source destination
Chain neutron-
pkts bytes target prot opt in out source destination
Chain neutron-
pkts bytes target prot opt in out source destination
Chain neutron-
pkts bytes target prot opt in out source destination
[root@kode4 ~]#
I suspect it is possible about "provision" bridge, but found no packet dropped by ovs flow rules, because "n_packets" in first flow rule hasn't been increased.
[root@kode4 ironic-dnsmasq]# docker exec -it openvswitch_db bash
(openvswitch-
38f5750e-
Bridge br-ex
Controller "tcp:127.
fail_mode: secure
Port br-ex
Port "eth5"
Port phy-br-ex
Bridge provision
Controller "tcp:127.
fail_mode: secure
Port phy-provision
Port "eth0"
Port provision
Bridge br-tun
Controller "tcp:127.
fail_mode: secure
Port patch-int
Port br-tun
Port "vxlan-c0a86a17"
Bridge br-int
Controller "tcp:127.
fail_mode: secure
Port patch-tun
Port "qvo2940a7ab-60"
tag: 1
Port int-br-ex
Port int-provision
Port br-int
(openvswitch-
(openvswitch-
NXST_FLOW reply (xid=0x4):
cookie=
cookie=
(openvswitch-
(openvswitch-
OFPT_FEATURES_REPLY (xid=0x2): dpid:000002c480
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(eth0): addr:52:
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
2(phy-provision): addr:46:
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
LOCAL(provision): addr:02:
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
Is this still a problem? If yes - please reproduce with kolla queens/rocky and provide logs.