[Openstack-operators] [Openstack] [Quantum] second tenant's several VMs' floating ip can't be accessed.

Aaron Rosen arosen at nicira.com
Tue Jun 4 02:36:57 UTC 2013 

You are probably running quantum commands as an admin user that's why you
got the error:
Multiple security_group matches found for name 'default', use an ID to be
more specific.

If you run quantum security-group-list

and then:

quantum security-group-rule-create --protocol icmp --direction ingress
<group_uuid>

for each default security group.

I'm guessing the security group for your second tenant does not have this
rule as I don't see two icmp rules in the security-group-rule-list output
you pasted.

Aaron



On Mon, Jun 3, 2013 at 7:05 PM, Li, Leon <Leon.Li2 at emc.com> wrote:

> Aaron,****
>
> ** **
>
> Thanks for helping.****
>
> Actually I already have had this rule:****
>
> (quantum)  security-group-rule-list****
>
>
> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
> ****
>
> | id                                   | security_group | direction |
> protocol | remote_ip_prefix | remote_group |****
>
>
> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
> ****
>
> | 1a5867db-864b-4ae9-a423-092f3c25d710 | default        | ingress
> |          |                  | default      |****
>
> | 5449c312-00ba-4625-813f-1d7f06bb8259 | default        | ingress   |
> tcp      | 0.0.0.0/0        |              |****
>
> | 59166d99-0901-4c58-8bf3-ff46cfd4bb01 | default        | egress
> |          |                  |              |****
>
> | 79708fb2-50b1-4c7b-82a5-5cd0275603ad | default        | egress
> |          |                  |              |****
>
> | 940a2743-859a-444c-9c3c-0204995e87ba | default        | ingress
> |          |                  | default      |****
>
> | a7812053-a913-4288-bbd3-c5f225f38d13 | default        | ingress
> |          |                  | default      |****
>
> | b160a8cf-7ca0-4da6-b238-68315b199314 | default        | egress
> |          |                  |              |****
>
> | bce886e7-74d2-46bc-aba6-5928a17b2c74 | default        | ingress
> |          |                  | default      |****
>
> | c3ccbe23-5d44-4cbc-991d-a5df29aa5300 | default        | ingress
> |          |                  | default      |****
>
> | c86af4d4-d6eb-4b15-a23c-1d84d8b27716 | default        | egress
> |          |                  |              |****
>
> | c9b96941-c652-4b24-9162-4a1dcd999088 | default        | ingress   |
> icmp     | 0.0.0.0/0        |              |****
>
> | dd26aab7-7641-4ad8-ac53-fe443f41ab5f | default        | ingress
> |          |                  | default      |****
>
> | f87eeaea-4b97-4995-968e-34f127d09bd3 | default        | egress
> |          |                  |              |****
>
> | fc7d35d0-d2b6-4df1-a03b-ca28c5e5c487 | default        | egress
> |          |                  |              |****
>
>
> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
> ****
>
> (quantum) security-group-rule-create --protocol icmp --direction ingress
> default****
>
> Multiple security_group matches found for name 'default', use an ID to be
> more specific.****
>
> (quantum)****
>
> ** **
>
> Actualy my first tenant’s several VMs don’t have network issue. Can ping
> their’s floating IP from Internet.****
>
> However my second tenant’s several VMs have same network issue: can ping
> Internet from vm, but can’t ping their floating IP from Internet.****
>
> ** **
>
> Leon****
>
> ** **
>
> *From:* Aaron Rosen [mailto:arosen at nicira.com]
> *Sent:* 2013年6月4日 9:03
> *To:* Li, Leon
> *Cc:* openstack-operators at lists.openstack.org;
> openstack at lists.launchpad.net (openstack at lists.launchpad.net)
> *Subject:* Re: [Openstack] [Quantum] second tenant VM's floating ip can't
> be accessed.****
>
> ** **
>
> Hi Li, ****
>
> ** **
>
> If you can ping out to the internet from your second vm but not back in
> it's most likely related to security groups. ****
>
> ** **
>
> I'd try running: quantum security-group-rule-create --protocol icmp
> --direction ingress default ****
>
> ** **
>
> and see if that allows ping from the internet to be received. ****
>
> ** **
>
> Aaron****
>
> ** **
>
> On Mon, Jun 3, 2013 at 2:43 AM, Li, Leon <Leon.Li2 at emc.com> wrote:****
>
> Hi all,****
>
>  ****
>
> I set up an openstack recently. My first tenant’s VMs’ floating IP work
> fine. All of them is pingable from “Internet”.****
>
> However on second tenant, via GUI or CLI I can successfully assign
> floating IPs to VMs, but they are not pingable. Meanwhile, I can ping
> Internet from VM’s private network(IP).****
>
> My environment: Grizzly. Quantum. 3 physical servers. One is controller;
> one is network; and the other is compute node. GRE tunnel.****
>
> Anyone has idea? Thanks for your help.****
>
>  ****
>
> Leon****
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130603/c5bc07bd/attachment.html>

More information about the OpenStack-operators mailing list