[Openstack-operators] Cant ping or SSH Cirros VM #Kilo-Multinode#

Yuki Nishiwaki uckey.1067 at gmail.com
Fri Jul 10 13:50:41 UTC 2015


Hello Abhishek.

I will answer about two problem
 -  controller can’t ping any external network 
 -  vm can’t access internet


First , about the problem controller can’t ping any external network 
>  I am able to boot a VM and it goes to active state but cannot ping it from Controller or any external network.
> 

If you want to ping vm which connected to external network  from controller , 
you need to create nic belong to segment the same as external network in controller.

As described  bellow, your controller don’t have the nic belong to external network.
> **#Controller Node**
> 
> # The primary network interface - NAT connection
> auto eth0
> iface eth0 inet dhcp
> 
> # vboxnet0 - OpenStack management network
> auto eth1
> iface eth1 inet static
> address 10.0.0.11
> netmask 255.255.255.0

Second, about the problem vm can’t access internet
> Moreover, as per the install guide the VM should be able to ping “openstack.org” to verify ext-net connectivity it is not doing that. The VM is able to ping the tenant router gateway of the external network interface “192.168.56.105”.
> 

the reason of this problem is that your network node don’t routing  or the next router of network node don’t know external network ( 192.168.56.0/24 ).

this problem can be solved  by following 
 - Set NAT to NIC belong to segment which can access internet in network node


I’m grad if this information help you.


Yuki Nishiwaki 

2015/07/09 18:38、Abhishek Talwar <abhishek.talwar at tcs.com> のメール:

> HI Folks,
> 
> 
> 
> I have a multinode OpenStack kilo setup with a controller node, network node and 2 compute nodes. I followed all the steps (http://docs.openstack.org/kilo/instal...) given in the OpenStack kilo install guide. I am able to boot a VM and it goes to active state but cannot ping it from Controller or any external network.
> 
> The external network interface (eth3) has a gateway of 192.168.56.105 and we can ping it from any external network.
> 
> I have assigned a floting ip to the VM, and added the icmp and tcp rules to allow the ping and SSH but we can't ping to the VM.
> 
> Moreover, as per the install guide the VM should be able to ping “openstack.org” to verify ext-net connectivity it is not doing that. The VM is able to ping the tenant router gateway of the external network interface “192.168.56.105”.
> 
> How should we proceed further to enable the ping and SSH functionality.
> 
> The setup details are listed as follows:
> 
> 
> 
> 
> **#Controller Node**
> 
> # The primary network interface - NAT connection
> auto eth0
> iface eth0 inet dhcp
> 
> # vboxnet0 - OpenStack management network
> auto eth1
> iface eth1 inet static
> address 10.0.0.11
> netmask 255.255.255.0
> 
> **#Network Node**
> 
> # vboxnet0 - OpenStack management network
> auto eth1
> iface eth1 inet static
> address 10.0.0.21
> netmask 255.255.255.0
> 
> # vboxnet2 - OpenStack data/communication network
> auto eth2
> iface eth2 inet static
> address 10.0.1.21
> netmask 255.255.255.0
> 
> #vboxnet0 - For exposing external network
> auto eth3
> iface eth3 inet manual
>         up ip link set dev $IFACE up
>         down ip link set dev $IFACE down
> 
> 
> 
> **#Compute Node** 
> 
> # The primary network interface - NAT connection
> auto eth0
> iface eth0 inet dhcp
> 
> # vboxnet0 - OpenStack management network
> auto eth1
> iface eth1 inet static
> address 10.0.0.31
> netmask 255.255.255.0
> 
> # vboxnet2 - OpenStack VM data/communication network
> auto eth2
> iface eth2 inet static
> address 10.0.1.31
> netmask 255.255.255.0
> 
> 
> **#Compute1 Node** 
> 
> # The primary network interface - NAT connection
> auto eth0
> iface eth0 inet dhcp
> 
> # vboxnet0 - OpenStack management network
> auto eth1
> iface eth1 inet static
> address 10.0.0.32
> netmask 255.255.255.0
> 
> # vboxnet2 - OpenStack VM data/communication network
> auto eth2
> iface eth2 inet static
> address 10.0.1.32
> netmask 255.255.255.0
> 
> **#neutron net-list**
> 
> ------------------------------------------+ 
> | id                                   | name      | subnets                                             | 
> +--------------------------------------+-----------+-----------------------------------------------------+ 
> | 
> | 6c91a7e8-4182-4fb7-8d42-b83ca6775e57 | ext-net   | c4dac528-3fa9-47db-a5c4-50590ed8edf5                | 
> | 314323cd-cbd1-43e9-a5f5-58213a6afdee | demo-net1 | 7412369e-a91f-4228-af55-2792fde85d3d 192.168.1.0/24 | 
> +--------------------------------------+-----------+-----------------------------------------------------+ 
> 
> 
> **# neutron floatingip-list**
> -----------------+--------------------------------------+ 
> | id                                   | fixed_ip_address | floating_ip_address | port_id                              | 
> +--------------------------------------+------------------+---------------------+--------------------------------------+ 
> | 65872868-6318-4eb3-bce4-6bd8922b90e1 | 192.168.1.3      | 192.168.56.109      | 3a2f47f7-cbc4-4558-b91c-2886de545cd7 | 
> +--------------------------------------+------------------+---------------------+--------------------------------------+ 
> 
> **# nova list**
> ------+-------------+---------------------------------------+ 
> | ID                                   | Name  | Status | Task State | Power State | Networks                              | 
> +--------------------------------------+-------+--------+------------+-------------+---------------------------------------+ 
> | 1ebf21e7-3073-4d68-ae59-ec168c3e51c7 | vm786 | ACTIVE | -          | Running     | demo-net1=192.168.1.3, 192.168.56.109 | 
> 
> 
> 
> 
> 
> 
> 
> **Added the rules to the default security group:**
> 
> a. Permit ICMP (ping):
> $ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
> +-------------+-----------+---------+-----------+--------------+
> | IP Protocol | From Port | To Port | IP Range  | Source Group |
> +-------------+-----------+---------+-----------+--------------+
> | icmp        | -1        | -1      | 0.0.0.0/0 |              |
> +-------------+-----------+---------+-----------+--------------+
> 
> b. Permit secure shell (SSH) access:
> $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
> +-------------+-----------+---------+-----------+--------------+
> | IP Protocol | From Port | To Port | IP Range  | Source Group |
> +-------------+-----------+---------+-----------+--------------+
> | tcp         | 22        | 22      | 0.0.0.0/0 |              |
> +-------------+-----------+---------+-----------+--------------+
> 
> 
> # ovs-vsctl show
> ebc068e7-0b6d-45c7-9408-87e2af9af64a 
>     Bridge br-tun 
>         fail_mode: secure 
>         Port patch-int 
>             Interface patch-int 
>                 type: patch 
>                 options: {peer=patch-tun} 
>         Port "gre-0a00011f" 
>             Interface "gre-0a00011f" 
>                 type: gre 
>                 options: {df_default="true", in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.31"} 
>         Port "gre-0a000120" 
>             Interface "gre-0a000120" 
>                 type: gre 
>                 options: {df_default="true", in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.32"} 
>         Port br-tun 
>             Interface br-tun 
>                 type: internal 
>     Bridge br-int 
>         fail_mode: secure 
>         Port "qr-b1bbd942-2e" 
>             tag: 3 
>             Interface "qr-b1bbd942-2e" 
>                 type: internal 
>         Port "qg-d104c0f4-62" 
>             tag: 2 
>             Interface "qg-d104c0f4-62" 
>                 type: internal 
>         Port "qr-f5934280-24" 
>             tag: 1 
>             Interface "qr-f5934280-24" 
>                 type: internal 
>         Port patch-tun 
>             Interface patch-tun 
>                 type: patch 
>                 options: {peer=patch-int} 
>         Port "tap5cc41425-9c" 
>             tag: 1 
>             Interface "tap5cc41425-9c" 
>                 type: internal 
>         Port "qr-565908b5-18" 
>             tag: 1 
>             Interface "qr-565908b5-18" 
>                 type: internal 
>         Port "qg-1ac2537b-9d" 
>             tag: 2 
>             Interface "qg-1ac2537b-9d" 
>                 type: internal 
>         Port "qg-a0ff0263-ca" 
>             tag: 2 
>             Interface "qg-a0ff0263-ca" 
>                 type: internal 
>         Port br-int 
>             Interface br-int 
>                 type: internal 
>         Port "tap333dbc90-e6" 
>             tag: 3 
>             Interface "tap333dbc90-e6" 
>                 type: internal 
>         Port int-br-ex 
>             Interface int-br-ex 
>                 type: patch 
>                 options: {peer=phy-br-ex} 
>     Bridge br-ex 
>         Port "eth3" 
>             Interface "eth3" 
>         Port br-ex 
>             Interface br-ex 
>                 type: internal 
>         Port phy-br-ex 
>             Interface phy-br-ex 
>                 type: patch 
>                 options: {peer=int-br-ex} 
>     ovs_version: "2.3.1"
> 
> 
> Kindly check my setup and please provide some inputs how can I proceed further.
> 
> 
> Thanks and Regards
> Abhishek Talwar
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain 
> confidential or privileged information. If you are 
> not the intended recipient, any dissemination, use, 
> review, distribution, printing or copying of the 
> information contained in this e-mail message 
> and/or attachments to it are strictly prohibited. If 
> you have received this communication in error, 
> please notify us by reply e-mail or telephone and 
> immediately and permanently delete the message 
> and any attachments. Thank you
> 
> 
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150710/7a5e334b/attachment.html>


More information about the OpenStack-operators mailing list