Hello Abhishek. I will answer about two problem - controller can’t ping any external network - vm can’t access internet
First , about the problem controller can’t ping any external network > I am able to boot a VM and it goes to active state but cannot ping it from > Controller or any external network. > If you want to ping vm which connected to external network from controller , you need to create nic belong to segment the same as external network in controller. As described bellow, your controller don’t have the nic belong to external network. > **#Controller Node** > > # The primary network interface - NAT connection > auto eth0 > iface eth0 inet dhcp > > # vboxnet0 - OpenStack management network > auto eth1 > iface eth1 inet static > address 10.0.0.11 > netmask 255.255.255.0 Second, about the problem vm can’t access internet > Moreover, as per the install guide the VM should be able to ping > “openstack.org” to verify ext-net connectivity it is not doing that. The VM > is able to ping the tenant router gateway of the external network interface > “192.168.56.105”. > the reason of this problem is that your network node don’t routing or the next router of network node don’t know external network ( 192.168.56.0/24 ). this problem can be solved by following - Set NAT to NIC belong to segment which can access internet in network node I’m grad if this information help you. Yuki Nishiwaki 2015/07/09 18:38、Abhishek Talwar <abhishek.tal...@tcs.com> のメール: > HI Folks, > > > > I have a multinode OpenStack kilo setup with a controller node, network node > and 2 compute nodes. I followed all the steps > (http://docs.openstack.org/kilo/instal...) given in the OpenStack kilo > install guide. I am able to boot a VM and it goes to active state but cannot > ping it from Controller or any external network. > > The external network interface (eth3) has a gateway of 192.168.56.105 and we > can ping it from any external network. > > I have assigned a floting ip to the VM, and added the icmp and tcp rules to > allow the ping and SSH but we can't ping to the VM. > > Moreover, as per the install guide the VM should be able to ping > “openstack.org” to verify ext-net connectivity it is not doing that. The VM > is able to ping the tenant router gateway of the external network interface > “192.168.56.105”. > > How should we proceed further to enable the ping and SSH functionality. > > The setup details are listed as follows: > > > > > **#Controller Node** > > # The primary network interface - NAT connection > auto eth0 > iface eth0 inet dhcp > > # vboxnet0 - OpenStack management network > auto eth1 > iface eth1 inet static > address 10.0.0.11 > netmask 255.255.255.0 > > **#Network Node** > > # vboxnet0 - OpenStack management network > auto eth1 > iface eth1 inet static > address 10.0.0.21 > netmask 255.255.255.0 > > # vboxnet2 - OpenStack data/communication network > auto eth2 > iface eth2 inet static > address 10.0.1.21 > netmask 255.255.255.0 > > #vboxnet0 - For exposing external network > auto eth3 > iface eth3 inet manual > up ip link set dev $IFACE up > down ip link set dev $IFACE down > > > > **#Compute Node** > > # The primary network interface - NAT connection > auto eth0 > iface eth0 inet dhcp > > # vboxnet0 - OpenStack management network > auto eth1 > iface eth1 inet static > address 10.0.0.31 > netmask 255.255.255.0 > > # vboxnet2 - OpenStack VM data/communication network > auto eth2 > iface eth2 inet static > address 10.0.1.31 > netmask 255.255.255.0 > > > **#Compute1 Node** > > # The primary network interface - NAT connection > auto eth0 > iface eth0 inet dhcp > > # vboxnet0 - OpenStack management network > auto eth1 > iface eth1 inet static > address 10.0.0.32 > netmask 255.255.255.0 > > # vboxnet2 - OpenStack VM data/communication network > auto eth2 > iface eth2 inet static > address 10.0.1.32 > netmask 255.255.255.0 > > **#neutron net-list** > > ------------------------------------------+ > | id | name | subnets > | > +--------------------------------------+-----------+-----------------------------------------------------+ > > | > | 6c91a7e8-4182-4fb7-8d42-b83ca6775e57 | ext-net | > c4dac528-3fa9-47db-a5c4-50590ed8edf5 | > | 314323cd-cbd1-43e9-a5f5-58213a6afdee | demo-net1 | > 7412369e-a91f-4228-af55-2792fde85d3d 192.168.1.0/24 | > +--------------------------------------+-----------+-----------------------------------------------------+ > > > > **# neutron floatingip-list** > -----------------+--------------------------------------+ > | id | fixed_ip_address | > floating_ip_address | port_id | > +--------------------------------------+------------------+---------------------+--------------------------------------+ > > | 65872868-6318-4eb3-bce4-6bd8922b90e1 | 192.168.1.3 | 192.168.56.109 > | 3a2f47f7-cbc4-4558-b91c-2886de545cd7 | > +--------------------------------------+------------------+---------------------+--------------------------------------+ > > > **# nova list** > ------+-------------+---------------------------------------+ > | ID | Name | Status | Task State | Power > State | Networks | > +--------------------------------------+-------+--------+------------+-------------+---------------------------------------+ > > | 1ebf21e7-3073-4d68-ae59-ec168c3e51c7 | vm786 | ACTIVE | - | > Running | demo-net1=192.168.1.3, 192.168.56.109 | > > > > > > > > **Added the rules to the default security group:** > > a. Permit ICMP (ping): > $ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 > +-------------+-----------+---------+-----------+--------------+ > | IP Protocol | From Port | To Port | IP Range | Source Group | > +-------------+-----------+---------+-----------+--------------+ > | icmp | -1 | -1 | 0.0.0.0/0 | | > +-------------+-----------+---------+-----------+--------------+ > > b. Permit secure shell (SSH) access: > $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 > +-------------+-----------+---------+-----------+--------------+ > | IP Protocol | From Port | To Port | IP Range | Source Group | > +-------------+-----------+---------+-----------+--------------+ > | tcp | 22 | 22 | 0.0.0.0/0 | | > +-------------+-----------+---------+-----------+--------------+ > > > # ovs-vsctl show > ebc068e7-0b6d-45c7-9408-87e2af9af64a > Bridge br-tun > fail_mode: secure > Port patch-int > Interface patch-int > type: patch > options: {peer=patch-tun} > Port "gre-0a00011f" > Interface "gre-0a00011f" > type: gre > options: {df_default="true", in_key=flow, > local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.31"} > Port "gre-0a000120" > Interface "gre-0a000120" > type: gre > options: {df_default="true", in_key=flow, > local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.32"} > Port br-tun > Interface br-tun > type: internal > Bridge br-int > fail_mode: secure > Port "qr-b1bbd942-2e" > tag: 3 > Interface "qr-b1bbd942-2e" > type: internal > Port "qg-d104c0f4-62" > tag: 2 > Interface "qg-d104c0f4-62" > type: internal > Port "qr-f5934280-24" > tag: 1 > Interface "qr-f5934280-24" > type: internal > Port patch-tun > Interface patch-tun > type: patch > options: {peer=patch-int} > Port "tap5cc41425-9c" > tag: 1 > Interface "tap5cc41425-9c" > type: internal > Port "qr-565908b5-18" > tag: 1 > Interface "qr-565908b5-18" > type: internal > Port "qg-1ac2537b-9d" > tag: 2 > Interface "qg-1ac2537b-9d" > type: internal > Port "qg-a0ff0263-ca" > tag: 2 > Interface "qg-a0ff0263-ca" > type: internal > Port br-int > Interface br-int > type: internal > Port "tap333dbc90-e6" > tag: 3 > Interface "tap333dbc90-e6" > type: internal > Port int-br-ex > Interface int-br-ex > type: patch > options: {peer=phy-br-ex} > Bridge br-ex > Port "eth3" > Interface "eth3" > Port br-ex > Interface br-ex > type: internal > Port phy-br-ex > Interface phy-br-ex > type: patch > options: {peer=int-br-ex} > ovs_version: "2.3.1" > > > Kindly check my setup and please provide some inputs how can I proceed > further. > > > Thanks and Regards > Abhishek Talwar > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
