<div dir="ltr">안녕하세요. 질문자 입니다.<div><br></div><div>해당 문제를 해결했습니다.</div><div>조금 더 확인을 해봤어야 했었네요.</div><div><br></div><div>혹시라도 도움을 주시려고 찾는 분이 있으실까봐 답장 메일을 드립니다.</div><div><br></div><div>좋은 하루 되세요.</div></div><div hspace="streak-pt-mark" style="max-height:1px"><img alt="" style="width:0px;max-height:0px;overflow:hidden" src="https://mailfoogae.appspot.com/t?sender=abGVlbWluc2VvYkBnbWFpbC5jb20%3D&type=zerocontent&guid=48a144d7-c346-45c9-9451-01b3d2ade185"><font color="#ffffff" size="1">ᐧ</font></div><div class="gmail_extra"><br><div class="gmail_quote">2017년 4월 3일 오후 5:45, 서비 <span dir="ltr"><<a href="mailto:leeminseob@gmail.com" target="_blank">leeminseob@gmail.com</a>></span>님이 작성:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">안녕하세요. 최근 OpenStack을 처음 접하게 된 엔지니어 입니다.<div><br></div><div>현재 사용이 가능한 Ocata 버전으로 OpenStack을 구성했습니다.</div><div>다름이 아니오라 문제가 있어 문의 드립니다. 웹 사이트 검색했지만, 정확한 문제점을 찾을 수 없습니다.</div><div><br></div><div><b># 환경 정보</b></div><div>서버 구성 : 실제 물리 서버 2 대(Controller Node 1대, Compute Node 1대).</div><div>설치 참조 URL : <a href="https://docs.openstack.org/ocata/install-guide-rdo/" target="_blank">https://docs.openstack.org/<wbr>ocata/install-guide-rdo/</a></div><div>운영체제 정보 : Centos 7.3<br></div><div>오픈스택 버전 : Ocata</div><div>오픈스택 Neutron 구성 정보 : Self-Service Network</div><div><br></div><div><b># 문제점</b></div><div>현재 제가 겪고 있는 문제점은 Controller Node에 방화벽(Firewall)을 Enable을 시킬 경우 인스턴스 실행 시 DHCP로부터 인스턴스가 IP를 할당 받을 수 없습니다.</div><div>반면, 방화벽(Firewall)을 Disable 할 때에는 문제 없이 IP를 할당 받을 수 있습니다.</div><div><br></div><div>서로 Controller Node와 Compute Node 간 방화벽은 아래 명령어로 구성하여 접근이 가능하도록 설정했습니다.</div><div><br></div><div>- Controller Node</div><div><p style="margin:0in;font-family:"malgun gothic";font-size:10pt"><span lang="ko">firewall-cmd --permanent --add-rich-rule="rule family='ipv4'
source address='<<font color="#ff0000"><b>Compute Node IP</b></font>></span><span lang="ko">' accept"</span></p><p style="margin:0in;font-family:"malgun gothic";font-size:10pt"><span lang="ko"><br></span></p><p style="margin:0in;font-family:"malgun gothic";font-size:10pt"><span lang="ko">- Compute Node</span></p><p style="margin:0in;font-family:"malgun gothic";font-size:10pt"><span lang="ko"></span></p><p style="margin:0in;font-family:"malgun gothic";font-size:10pt"><span lang="ko">firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='<<font color="#ff0000"><b>Controller Node IP</b></font>></span><span lang="ko">' accept"</span></p></div><div><span lang="ko"><br></span></div><div><b># 예상되는 절차</b><br></div><div>일단은 패킷을 확인했을 때 정상적으로는 다음과 같이 진행되어야 합니다. [ 아래는 패킷으로 확인한 것이라 정확한 순서가 아닐 수 있습니다. ]</div><div><br></div><div>1. [Discover] 생성된 인스턴스가 브로드 캐스트를 통하여 OpenStack의 DHCP를 찾는다.</div><div>2. [Offen] OpenStack의 DHCP은 메시지를 받고 할당 할 수 있는 IP를 제안합니다.</div><div>3. [Request] 제안을 받은 인스턴스는 해당 아이피를 요청합니다.</div><div>4. [ACK] OpenStack의 DHCP은 요청된 아이피를 응답하여 할당합니다.</div><div><br></div><div>하지만, 현재 Controller Node의 방화벽을 Enable 했을 때 1번에서 머물고 있습니다.</div><div>확인해본 결과 DHCP 트래픽은 UDP를 사용하고 클라이언트는 서버에 68에서 67으로 보내는 것으로 알고 있어, 방화벽 규칙을 적용했지만 제대로 되지 않네요.</div><div><br></div><div>다음을 추측해보고 있지만, OpenStack 방화벽 규칙 적용도 간단한게 아니라 이것도 확인 중입니다.</div><div>1. [이미 언급] Compute Node에 동작하는 인스턴스가 브로드 캐스트를 날렸지만, Controller Node의 Self-Service Network까지 전달이 되지 않음.</div><div>2. [이건 정확히 모르겠습니다.] Ocata 버전부터 <span style="color:rgb(62,67,73);font-family:arial,sans-serif;font-size:14.4px">dhcp_release6 </span>지원으로 기존에 있던 것보다 추가 구성이 필요함.</div><div><br></div><div>이 문제를 어떻게 해결 할 수 있을까요 ?</div><div>의견을 주시면 감사하겠습니다. 좋은 하루 되세요.</div></div><div hspace="streak-pt-mark" style="max-height:1px"><img alt="" style="width:0px;max-height:0px;overflow:hidden" src="https://mailfoogae.appspot.com/t?sender=abGVlbWluc2VvYkBnbWFpbC5jb20%3D&type=zerocontent&guid=597622d7-e8a8-4a69-9bec-8fdfa43953db"><font color="#ffffff" size="1">ᐧ</font></div>
</blockquote></div><br></div>