On 11/05/12 17:24, Kieran David Evans wrote: > Hi all, > > I'm having a few issues with my install here. My instances can't > access anything outside the cloud, and adding the correct rules to the > security group and assigning a public IP, the instance isn't > accessible from the outside world. I've had openstack running on this > hardware before using the Stackops Distro, but I've intalled Ubuntu > 12.04 and Essex to test it out as Stackops aren't on essex yet. > > I've included the relevant (I think) info below. I'm not sure > where/what to check next, I'm not so good with network debugging > unfortunately. > > Could someone help, advise, or just generally point me in the right > direction? > > Thanks! > > /Kieran > > I have it set to use FlatDHCP: > # network specific settings > --network_manager=nova.network.manager.FlatDHCPManager > --public_interface=bond0 > --flat_interface=eth2 > --flat_network_bridge=br100 > --fixed_range=10.0.0.0/8 > --floating_range=131.251.172.0/24 > --network_size=256 > --flat_network_dhcp_start=10.0.0.2 > --flat_injected=False > --force_dhcp_release > --iscsi_helper=tgtadm > --connection_type=libvirt > --root_helper=sudo nova-rootwrap > --verbose > > bond0 is a bonded interface on a public network. I can access the > Internet through that interface. eth2 is on a network connected to the > other hosts, each of which has eth2 connected to this network. > > brctl shows eth2 is part of br100. > > nova-network: > brctl show > bridge name bridge id STP enabled interfaces > br100 8000.001b21cda0d1 no eth2 > > > nova-compute-1 (with the instance on it): > brctl show > bridge name bridge id STP enabled interfaces > br100 8000.001b21add0a1 no eth2 > vnet0 > virbr0 8000.000000000000 yes > > > I checked through this ( > http://docs.openstack.org/trunk/openstack-compute/admin/content/associating-public-ip.html) > and everything looks correct (I think). > > nova secgroup-list-rules default > +-------------+-----------+---------+-----------+--------------+ > | IP Protocol | From Port | To Port | IP Range | Source Group | > +-------------+-----------+---------+-----------+--------------+ > | icmp | -1 | -1 | 0.0.0.0/0 | | > | tcp | 22 | 22 | 0.0.0.0/0 | | > +-------------+-----------+---------+-----------+--------------+ > > > The instance IP is 10.0.0.2, so (public IPs hidded): > > sudo iptables -L -nv -t nat | grep 10.0.0.2 > 0 0 DNAT all -- * * 0.0.0.0/0 > x.y.172.22 to:10.0.0.2 > 20 1656 DNAT all -- * * 0.0.0.0/0 > x.y.172.22 to:10.0.0.2 > 0 0 SNAT all -- * * 10.0.0.2 > 0.0.0.0/0 to:x.y.172.22 > > > from ip add: > > .... > 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master > br100 state UP qlen 1000 > link/ether 00:1b:21:cd:a0:d1 brd ff:ff:ff:ff:ff:ff > inet6 fe80::21b:21ff:fecd:a0d1/64 scope link > valid_lft forever preferred_lft forever > .... > .... > 16: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc > noqueue state UP > link/ether 00:1b:21:6d:ef:00 brd ff:ff:ff:ff:ff:ff > inet x.y.172.2/24 brd 131.251.172.255 scope global bond0 > inet x.y.172.22/32 scope global bond0 > inet6 fe80::21b:21ff:fe6d:ef00/64 scope link > valid_lft forever preferred_lft forever > 17: br100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > state UP > link/ether 00:1b:21:cd:a0:d1 brd ff:ff:ff:ff:ff:ff > inet 10.0.0.1/24 brd 10.0.0.255 scope global br100 > inet6 fe80::1c2b:8bff:fe38:2003/64 scope link > valid_lft forever preferred_lft forever > Seems I failed at both spelling, and hiding out public ip addresses there. D'oh!
/Kieran
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
