HI Folks,
I have a multinode OpenStack kilo setup with a controller node, network node and 2 compute nodes. I followed all the steps (http://docs.openstack.org/kilo/instal...) given in the OpenStack kilo install guide. I am able to boot a VM and it goes to active state but cannot ping it from Controller or any external network.
The external network interface (eth3) has a gateway of 192.168.56.105 and we can ping it from any external network.
I have assigned a floting ip to the VM, and added the icmp and tcp rules to allow the ping and SSH but we can't ping to the VM.
Moreover, as per the install guide the VM should be able to ping “openstack.org” to verify ext-net connectivity it is not doing that. The VM is able to ping the tenant router gateway of the external network interface “192.168.56.105”.
How should we proceed further to enable the ping and SSH functionality.
The setup details are listed as follows:
**#Controller Node**
# The primary network interface - NAT connection
auto eth0
iface eth0 inet dhcp
# vboxnet0 - OpenStack management network
auto eth1
iface eth1 inet static
address 10.0.0.11
netmask 255.255.255.0
**#Network Node**
# vboxnet0 - OpenStack management network
auto eth1
iface eth1 inet static
address 10.0.0.21
netmask 255.255.255.0
# vboxnet2 - OpenStack data/communication network
auto eth2
iface eth2 inet static
address 10.0.1.21
netmask 255.255.255.0
#vboxnet0 - For exposing external network
auto eth3
iface eth3 inet manual
up ip link set dev $IFACE up
down ip link set dev $IFACE down
**#Compute Node**
# The primary network interface - NAT connection
auto eth0
iface eth0 inet dhcp
# vboxnet0 - OpenStack management network
auto eth1
iface eth1 inet static
address 10.0.0.31
netmask 255.255.255.0
# vboxnet2 - OpenStack VM data/communication network
auto eth2
iface eth2 inet static
address 10.0.1.31
netmask 255.255.255.0
**#Compute1 Node**
# The primary network interface - NAT connection
auto eth0
iface eth0 inet dhcp
# vboxnet0 - OpenStack management network
auto eth1
iface eth1 inet static
address 10.0.0.32
netmask 255.255.255.0
# vboxnet2 - OpenStack VM data/communication network
auto eth2
iface eth2 inet static
address 10.0.1.32
netmask 255.255.255.0
**#neutron net-list**
------------------------------------------+
| id | name | subnets |
+--------------------------------------+-----------+-----------------------------------------------------+
|
| 6c91a7e8-4182-4fb7-8d42-b83ca6775e57 | ext-net | c4dac528-3fa9-47db-a5c4-50590ed8edf5 |
| 314323cd-cbd1-43e9-a5f5-58213a6afdee | demo-net1 | 7412369e-a91f-4228-af55-2792fde85d3d 192.168.1.0/24 |
+--------------------------------------+-----------+-----------------------------------------------------+
**# neutron floatingip-list**
-----------------+--------------------------------------+
| id | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+------------------+---------------------+--------------------------------------+
| 65872868-6318-4eb3-bce4-6bd8922b90e1 | 192.168.1.3 | 192.168.56.109 | 3a2f47f7-cbc4-4558-b91c-2886de545cd7 |
+--------------------------------------+------------------+---------------------+--------------------------------------+
**# nova list**
------+-------------+---------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-------+--------+------------+-------------+---------------------------------------+
| 1ebf21e7-3073-4d68-ae59-ec168c3e51c7 | vm786 | ACTIVE | - | Running | demo-net1=192.168.1.3, 192.168.56.109 |
**Added the rules to the default security group:**
a. Permit ICMP (ping):
$ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
b. Permit secure shell (SSH) access:
$ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
# ovs-vsctl show
ebc068e7-0b6d-45c7-9408-87e2af9af64a
Bridge br-tun
fail_mode: secure
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port "gre-0a00011f"
Interface "gre-0a00011f"
type: gre
options: {df_default="true", in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.31"}
Port "gre-0a000120"
Interface "gre-0a000120"
type: gre
options: {df_default="true", in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.32"}
Port br-tun
Interface br-tun
type: internal
Bridge br-int
fail_mode: secure
Port "qr-b1bbd942-2e"
tag: 3
Interface "qr-b1bbd942-2e"
type: internal
Port "qg-d104c0f4-62"
tag: 2
Interface "qg-d104c0f4-62"
type: internal
Port "qr-f5934280-24"
tag: 1
Interface "qr-f5934280-24"
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port "tap5cc41425-9c"
tag: 1
Interface "tap5cc41425-9c"
type: internal
Port "qr-565908b5-18"
tag: 1
Interface "qr-565908b5-18"
type: internal
Port "qg-1ac2537b-9d"
tag: 2
Interface "qg-1ac2537b-9d"
type: internal
Port "qg-a0ff0263-ca"
tag: 2
Interface "qg-a0ff0263-ca"
type: internal
Port br-int
Interface br-int
type: internal
Port "tap333dbc90-e6"
tag: 3
Interface "tap333dbc90-e6"
type: internal
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Bridge br-ex
Port "eth3"
Interface "eth3"
Port br-ex
Interface br-ex
type: internal
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
ovs_version: "2.3.1"
Kindly check my setup and please provide some inputs how can I proceed further.
Thanks and Regards
Abhishek Talwar
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
