On 07/10/14 18:43, Mike Spreitzer wrote:
Thanks, Mark. OK, maybe I should say that I am past my first attempt,
and am on to something a little more ambitious. Following recipes like
yours, and also ones from Sergey Kraynev, Salvatore Orlando, and Ian
Choi, I am able to get DevStack to create an OpenStack installation with
Neutron that works --- as long as I do not attempt any communication
between the outside world and the VMs that I can create with that
OpenStack.
What I want is a local.conf or localrc that will cause DevStack to do a
single-node install of OpenStack with Neutron (I am not picky about
plugin or driver) on a host with one NIC, with the following property.
When I use that OpenStack to create a VM, and assign a floating IP to
that VM, IP communication between that VM and machines in the wider
world is possible. By "the wider world" I mean the part of the internet
with which the host can communicate, whatever that may be. For example,
if the host is a machine on the public internet, the wider world would
be everything reachable on the public internet. Another example was in
my original question: the host is a lab machine on a 10... network (it
has more than one subnet, connected by real layer 3 routers), and the
wider world in that case is all the other machines in that lab.
As best I can tell, this requires some correspondence between (a) the
settings of FLOATING_RANGE and PUBLIC_NETWORK_GATEWAY that I put in
localrc and (b) the pre-DevStack IP address, netmask, and gateway of the
host. Perhaps I am confused about something critical here. I do not
understand why nobody talks about this. Is it because everybody is
using the same Vagrant/VBox script and that happens to correspond with
the DevStack defaults?
Sorry, yes makes sense.
I think why this is not documented is the usual use-case for devstack is
development setups where real external ips for the VMs is usually not a
point of interest.
For instance I never need this...I do sometimes want the VMs to be able
to access the internet, and that is pretty easy:
$ sudo sysctl -w net.ipv4.ip_forward=1
$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
For access the other way, yes it's more complex. As others have posted,
you need real ip ranges available in your external network and
(probably) an additional nic in your test box that can be
designated/mapped as br-ex
so that the various routers/gateways in the neutron setup use it.
Cheers
Mark
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
