<div dir="ltr">You are probably running quantum commands as an admin user that's why you got the error: <br>Multiple security_group matches found for name 'default', use an ID to be more specific.<br><br>If you run quantum security-group-list <br>
<br>and then: <br><br>quantum security-group-rule-create --protocol icmp --direction ingress <group_uuid> <div><br></div><div>for each default security group. <br><div><br></div><div>I'm guessing the security group for your second tenant does not have this rule as I don't see two icmp rules in the security-group-rule-list output you pasted. </div>
<div><br></div><div>Aaron<br><div class="gmail_extra"><font face="Courrier New"><span style="font-size:12px"><br></span></font></div><div class="gmail_extra"><font face="Courrier New"><span style="font-size:12px"><br></span></font><br>
<div class="gmail_quote">On Mon, Jun 3, 2013 at 7:05 PM, Li, Leon <span dir="ltr"><<a href="mailto:Leon.Li2@emc.com" target="_blank">Leon.Li2@emc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple"><div><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Aaron,<u></u><u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Thanks for helping.<u></u><u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Actually I already have had this rule:<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">(quantum)  security-group-rule-list<u></u><u></u></span></p><p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">+--------------------------------------+----------------+-----------+----------+------------------+--------------+<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| id                                   | security_group | direction | protocol | remote_ip_prefix | remote_group |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">+--------------------------------------+----------------+-----------+----------+------------------+--------------+<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| 1a5867db-864b-4ae9-a423-092f3c25d710 | default        | ingress   |          |                  | default      |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| 5449c312-00ba-4625-813f-1d7f06bb8259 | default        | ingress   | tcp      | <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>        |              |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| 59166d99-0901-4c58-8bf3-ff46cfd4bb01 | default        | egress    |          |                  |              |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| 79708fb2-50b1-4c7b-82a5-5cd0275603ad | default        | egress    |          |                  |              |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| 940a2743-859a-444c-9c3c-0204995e87ba | default        | ingress   |          |                  | default      |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| a7812053-a913-4288-bbd3-c5f225f38d13 | default        | ingress   |          |                  | default      |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| b160a8cf-7ca0-4da6-b238-68315b199314 | default        | egress    |          |                  |              |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| bce886e7-74d2-46bc-aba6-5928a17b2c74 | default        | ingress   |          |                  | default      |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| c3ccbe23-5d44-4cbc-991d-a5df29aa5300 | default        | ingress   |          |                  | default      |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| c86af4d4-d6eb-4b15-a23c-1d84d8b27716 | default        | egress    |          |                  |              |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| c9b96941-c652-4b24-9162-4a1dcd999088 | default        | ingress   | icmp     | <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>        |              |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| dd26aab7-7641-4ad8-ac53-fe443f41ab5f | default        | ingress   |          |                  | default      |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| f87eeaea-4b97-4995-968e-34f127d09bd3 | default        | egress    |          |                  |              |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">| fc7d35d0-d2b6-4df1-a03b-ca28c5e5c487 | default        | egress    |          |                  |              |<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">+--------------------------------------+----------------+-----------+----------+------------------+--------------+<u></u><u></u></span></p>
<p class="" style="text-autospace:none"><span style="font-size:9pt;font-family:'Courrier New'">(quantum) security-group-rule-create --protocol icmp --direction ingress default<u></u><u></u></span></p><p class="" style="text-autospace:none">
<span style="font-size:9pt;font-family:'Courrier New'">Multiple security_group matches found for name 'default', use an ID to be more specific.<u></u><u></u></span></p><p class="" style="text-autospace:none">
<span style="font-size:9pt;font-family:'Courrier New'">(quantum)<u></u><u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class="">
<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Actualy my first tenant’s several VMs don’t have network issue. Can ping their’s floating IP from Internet.<u></u><u></u></span></p><p class="">
<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">However my second tenant’s several VMs have same network issue: can ping Internet from vm, but can’t ping their floating IP from Internet.<u></u><u></u></span></p>
<p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Leon<u></u><u></u></span></p>
<p class=""><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class=""><b><span style="font-size:10pt;font-family:Tahoma,sans-serif">From:</span></b><span style="font-size:10pt;font-family:Tahoma,sans-serif"> Aaron Rosen [mailto:<a href="mailto:arosen@nicira.com" target="_blank">arosen@nicira.com</a>] <br>
<b>Sent:</b> 2013</span><span lang="ZH-CN" style="font-size:10pt;font-family:宋体">年</span><span style="font-size:10pt;font-family:Tahoma,sans-serif">6</span><span lang="ZH-CN" style="font-size:10pt;font-family:宋体">月</span><span style="font-size:10pt;font-family:Tahoma,sans-serif">4</span><span lang="ZH-CN" style="font-size:10pt;font-family:宋体">日</span><span style="font-size:10pt;font-family:Tahoma,sans-serif"> 9:03<br>
<b>To:</b> Li, Leon<br><b>Cc:</b> <a href="mailto:openstack-operators@lists.openstack.org" target="_blank">openstack-operators@lists.openstack.org</a>; <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a> (<a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a>)<br>
<b>Subject:</b> Re: [Openstack] [Quantum] second tenant VM's floating ip can't be accessed.<u></u><u></u></span></p><p class=""><u></u> <u></u></p><div><p class="">Hi Li, <u></u><u></u></p><div><p class=""><u></u> <u></u></p>
</div><div><p class="">If you can ping out to the internet from your second vm but not back in it's most likely related to security groups. <u></u><u></u></p></div><div><p class=""><u></u> <u></u></p></div><div><p class="">
I'd try running: quantum security-group-rule-create --protocol icmp --direction ingress default <u></u><u></u></p></div><div><p class=""><u></u> <u></u></p></div><div><p class="">and see if that allows ping from the internet to be received. <u></u><u></u></p>
</div><div><p class=""><u></u> <u></u></p></div><div><p class="">Aaron<u></u><u></u></p></div></div><div><p class="" style="margin-bottom:12pt"><u></u> <u></u></p><div><p class="">On Mon, Jun 3, 2013 at 2:43 AM, Li, Leon <<a href="mailto:Leon.Li2@emc.com" target="_blank">Leon.Li2@emc.com</a>> wrote:<u></u><u></u></p>
<div><div><p class="">Hi all,<u></u><u></u></p><p class=""> <u></u><u></u></p><p class="">I set up an openstack recently. My first tenant’s VMs’ floating IP work fine. All of them is pingable from “Internet”.<u></u><u></u></p>
<p class="">However on second tenant, via GUI or CLI I can successfully assign floating IPs to VMs, but they are not pingable. Meanwhile, I can ping Internet from VM’s private network(IP).<u></u><u></u></p><p class="">My environment: Grizzly. Quantum. 3 physical servers. One is controller; one is network; and the other is compute node. GRE tunnel.<u></u><u></u></p>
<p class="">Anyone has idea? Thanks for your help.<u></u><u></u></p><p class=""><span style="color:rgb(136,136,136)"> <u></u><u></u></span></p><p class=""><span style="color:rgb(136,136,136)">Leon<u></u><u></u></span></p>
</div></div><p class="" style="margin-bottom:12pt"><br>_______________________________________________<br>Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>Post to     : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>More help   : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><u></u><u></u></p>
</div><p class=""><u></u> <u></u></p></div></div></div></blockquote></div><br></div></div></div></div>