[Openstack-operators] can't access vms in quantum, Folsom

Jānis Ģeņģeris janis.gengeris at gmail.com
Tue Oct 2 14:13:33 UTC 2012 

Hello all,

I'm trying to set up quantum+openvswitch with the Folsom release. The
intended configuration is fixed IP network 10.0.1.0/24 and floating IP
network 85.254.50.0/24. And am a little stuck with connection problems to
VMs.

My config is the following:

1) Controller node that is running rabbit, mysql, quantum-server, nova-api,
nova-scheduler, nova-volume, keystone, etc. Have two net interfaces, one
for service network (192.168.164.1 <http://192.168.164.0/24>) and other for
outside world connections.

2) Compute node, which is working also as quantum network node, and is
running: kvm, nova-compute, quantum-l3-agent, quantum-dchp-agent. Have two
net interfaces, one is from service network 192.168.164.101, and the other
is for floating ips 85.254.50.0/24, bridged into openvswitch. And using
libvirt 0.9.11.

I wonder if local_ip in ovs_quantum_plugin.ini might break something,
because the docs say that it should be set only on hypervisors, but I have
merged hypervisor with network node.

ovs_quantum_plugin.ini fragment:
[OVS]
enable_tunneling = True
tenant_network_type = gre
tunnel_id_ranges = 1:1000
local_ip = 192.168.164.101

nova.conf fragment:
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchVirtualPortDriver
libvirt_use_virtio_for_bridges=True

The VMs are getting created successfully, nova-compute.log and console-log
for each vm looks ok.

Here are the dumps of current network configuration:

ovs-vsctl show - http://pastebin.com/0V6kRw1N
ip addr (on default namespace) - http://pastebin.com/VTLbit11
output from router and dhcp namespaces - http://pastebin.com/pDmjpmLE

pings for gateways in router namespace work ok:
# ip netns exec qrouter-3442d231-2e00-4d26-823e-1feb5d02a798 ping 10.0.1.1
# ip netns exec qrouter-3442d231-2e00-4d26-823e-1feb5d02a798 ping
85.254.50.1

But it is not possible to ping any of the instances in fixed network from
router namespace (floating network is also not working of course).

a) Can this be an iptables/NAT problem?
b) What about libvirt nwfilters, they are also active.
c) What else could be wrong?

Any help and comments how to fix this are welcome.

Regards,
--janis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20121002/d1dcec8a/attachment.html>

More information about the OpenStack-operators mailing list