sorry for the noise - I've just forgot to define one more sec-rule.
Now it's working.
Cris
On Sun, May 3, 2015 at 9:44 PM, Cristina Aiftimiei <cai...@gmail.com> wrote:
> Hi James,
>
> thank you very much for the answer!
>
> On Sun, May 3, 2015 at 5:54 PM, James Denton <james.den...@rackspace.com>
> wrote:
>
>> Hi Christina,
>>
>> Is 131.X.Y.Z configured as a floating IP and associated with the LB VIP
>> port?
>>
>
> yes
> # neutron floatingip-list
>
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
> | id | fixed_ip_address |
> floating_ip_address | port_id |
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
> | d04cb674-ae42-435f-be10-a66fd9f4ca4b | 10.0.1.10 | 131.X.Y.W
> | 3699ac91-6287-4b2b-a637-03eae03abde4 |
> | e6448d37-3c26-4601-b4a5-a5e6b041af34 | 10.0.1.22 | 131.X.Y.Z
> | b003b440-a092-409e-b329-eca38eada1f4 |
>
> $ neutron lb-vip-list
>
> +--------------------------------------+-------+-----------+----------+----------------+--------+
> | id | name | address | protocol |
> admin_state_up | status |
>
> +--------------------------------------+-------+-----------+----------+----------------+--------+
> | 824c9ee7-c9bd-40fd-91ff-1f2b88372f95 | myvip | 10.0.1.22 | HTTP |
> True | ACTIVE |
>
> +--------------------------------------+-------+-----------+----------+----------------+--------+
>
> $ neutron port-list |grep 1.22
>
> +--------------------------------------+------------------------------------------+-------------------+----------------------------------------------------------------------------------+
> | id |
> name | mac_address |
> fixed_ips
> |
>
> +--------------------------------------+------------------------------------------+-------------------+----------------------------------------------------------------------------------+
> | b003b440-a092-409e-b329-eca38eada1f4 |
> vip-824c9ee7-c9bd-40fd-91ff-1f2b88372f95 | fa:16:3e:c9:58:a1 |
> {"subnet_id": "df1dd585-2c59-49c4-b995-53d6cfa26e3c", "ip_address":
> "10.0.1.22"} |
>
>
> The NAT is configured on the router connected to the VIP network, in this
>> case private_net.
>>
>
>
>> Can the router access the VIP 10.0.1.22? I’d start there.
>>
>
> how do I check this?
> I can see:
> # ip netns exec qrouter-0af31338-5aba-4dd3-9af5-6ba0050bea93 ip a |grep
> inet
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> inet 131.X.Y.U/24 <http://131.154.96.19/24> brd 131.154.96.255 scope
> global qg-00604913-37
> inet 131.X.Y.W/32 <http://131.154.96.20/32> brd 131.154.96.20 scope
> global qg-00604913-37
> inet 131.X.Y.Z/32 <http://131.154.96.28/32> brd 131.154.96.28 scope
> global qg-00604913-37
> inet6 fe80::f816:3eff:fe25:fb59/64 scope link
> inet 10.0.1.1/24 brd 10.0.1.255 scope global qr-3ed09227-5f
> inet6 fe80::f816:3eff:feeb:f81c/64 scope link
>
> Thanks again,
> Cristina
>
>>
>> James
>>
>>
>>
>> On May 1, 2015, at 4:21 PM, Cristina Aiftimiei <cai...@gmail.com> wrote:
>>
>> Dear all,
>>
>> I have a problem when configuring LBaaS in Juno.
>> Our setup is an OpenStack Juno with 2 controller and 2 network nodes in
>> HA, using HAproxy & Keepalived.
>>
>> After playing with the Havana version, where services were not in HA
>> (just 1 controller and 1 network-node) and where everything was working as
>> explained in all posts and blogs that I found around (mainly based on
>> https://wiki.openstack.org/wiki/Neutron/LBaaS/HowToRun) I went on
>> configuring in a similar way the Juno version.
>>
>> Everyting went fine until the last check "curl<vip-floating-ip>" that
>> says "curl: (7) couldn't connect to host" (Connection timed out)
>>
>> Some details:
>>
>> $ neutron router-list
>>
>> +--------------------------------------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>> | id | name |
>> external_gateway_info
>> |
>>
>> +--------------------------------------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>> | 0af31338-5aba-4dd3-9af5-6ba0050bea93 | myrouter | {"network_id":
>> "17d5949b-5694-4eab-abe0-c8039f0bd498", "enable_snat": true,
>> "external_fixed_ips": [{"subnet_id":
>> "825bc708-c4f9-4684-8c20-8bddf7e5aa7b", "ip_address": "131.X.Y.U"}]} |
>>
>> +--------------------------------------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>>
>> $ neutron lb-pool-list
>>
>> +--------------------------------------+--------+----------+-------------+----------+----------------+--------+
>> | id | name | provider | lb_method
>> | protocol | admin_state_up | status |
>>
>> +--------------------------------------+--------+----------+-------------+----------+----------------+--------+
>> | 3ed76c5b-681b-46dc-80ac-83c6686adc18 | mypool | haproxy | ROUND_ROBIN
>> | HTTP | True | ACTIVE |
>>
>> +--------------------------------------+--------+----------+-------------+----------+----------------+--------+
>>
>> $ neutron lb-vip-list
>>
>> +--------------------------------------+-------+-----------+----------+----------------+--------+
>> | id | name | address | protocol |
>> admin_state_up | status |
>>
>> +--------------------------------------+-------+-----------+----------+----------------+--------+
>> | 824c9ee7-c9bd-40fd-91ff-1f2b88372f95 | myvip | 10.0.1.22 | HTTP |
>> True | ACTIVE |
>>
>> +--------------------------------------+-------+-----------+----------+----------------+--------+
>>
>> $ nova list
>>
>> +--------------------------------------+------------+--------+------------+-------------+--------------------------------------+
>> | ID | Name | Status | Task State
>> | Power State | Networks |
>>
>> +--------------------------------------+------------+--------+------------+-------------+--------------------------------------+
>> | 959f0059-f5a8-4085-b093-a1d30d22170c | jumphost | ACTIVE | -
>> | Running | private_net=10.0.1.10, 131.X.Y.W |
>> | 0ecbe8de-8219-4c05-9198-ce0b8cca8bc5 | webserver1 | ACTIVE | -
>> | Running | private_net=10.0.1.11 |
>> | ac62c3f3-5b2d-40f3-afb7-c83291541bf5 | webserver2 | ACTIVE | -
>> | Running | private_net=10.0.1.12 |
>>
>> +--------------------------------------+------------+--------+------------+-------------+--------------------------------------+
>>
>> # ip netns exec qlbaas-3ed76c5b-681b-46dc-80ac-83c6686adc18 curl
>> http://10.0.1.22
>> Welcome to webserver1
>> # ip netns exec qlbaas-3ed76c5b-681b-46dc-80ac-83c6686adc18 curl
>> http://10.0.1.22
>> Welcome to webserver2
>>
>> $ curl -vvv 131.X.Y.Z
>> * About to connect() to 131.X.Y.Z port 80 (#0)
>> * Trying 131.X.Y.Z... Connection timed out
>> * couldn't connect to host
>> * Closing connection #0
>> curl: (7) couldn't connect to host
>>
>> Am I missing something? Where can I look for errors or missconfigurations?
>>
>> Thank you very much,
>> Cristina
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack@lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>>
>
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
