<div dir="ltr">Good job guys.<div style>I reckon we might make users' life easier if we change naming strategy for default security groups to 'default-$tenant_id'</div><div style>On the other hand this is not a priority since as an admin user I guess you can already get that information properly choosing the fields to display.</div>
<div style><br></div><div style>Salvatore</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 4 June 2013 09:23, Li, Leon <span dir="ltr"><<a href="mailto:Leon.Li2@emc.com" target="_blank">Leon.Li2@emc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Aaron,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">It really works after I add the icmp rule for my second tenant. Thanks for your help!<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Leon<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Aaron Rosen [mailto:<a href="mailto:arosen@nicira.com" target="_blank">arosen@nicira.com</a>] <br>
<b>Sent:</b> 2013</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:宋体">年</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">6</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:宋体">月</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">4</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:宋体">日</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> 10:37</span></p>
<div class="im"><br><b>To:</b> Li, Leon<br><b>Cc:</b> <a href="mailto:openstack-operators@lists.openstack.org" target="_blank">openstack-operators@lists.openstack.org</a>; <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a> (<a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a>)<br>
</div><b>Subject:</b> Re: [Openstack] [Quantum] second tenant's several VMs' floating ip can't be accessed.<u></u><u></u><p></p><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">
You are probably running quantum commands as an admin user that's why you got the error: <br>Multiple security_group matches found for name 'default', use an ID to be more specific.<br><br>If you run quantum security-group-list <br>
<br>and then: <br><br>quantum security-group-rule-create --protocol icmp --direction ingress <group_uuid> <u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">for each default security group. <u></u><u></u></p>
<div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">I'm guessing the security group for your second tenant does not have this rule as I don't see two icmp rules in the security-group-rule-list output you pasted. <u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Aaron<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<div><p class="MsoNormal">On Mon, Jun 3, 2013 at 7:05 PM, Li, Leon <<a href="mailto:Leon.Li2@emc.com" target="_blank">Leon.Li2@emc.com</a>> wrote:<u></u><u></u></p><div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Aaron,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks for helping.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Actually I already have had this rule:</span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none">
<span style="font-size:9.0pt;font-family:"Courrier New"">(quantum) security-group-rule-list</span><u></u><u></u></p><p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">+--------------------------------------+----------------+-----------+----------+------------------+--------------+</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| id | security_group | direction | protocol | remote_ip_prefix | remote_group |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">+--------------------------------------+----------------+-----------+----------+------------------+--------------+</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| 1a5867db-864b-4ae9-a423-092f3c25d710 | default | ingress | | | default |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| 5449c312-00ba-4625-813f-1d7f06bb8259 | default | ingress | tcp | <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> | |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| 59166d99-0901-4c58-8bf3-ff46cfd4bb01 | default | egress | | | |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| 79708fb2-50b1-4c7b-82a5-5cd0275603ad | default | egress | | | |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| 940a2743-859a-444c-9c3c-0204995e87ba | default | ingress | | | default |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| a7812053-a913-4288-bbd3-c5f225f38d13 | default | ingress | | | default |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| b160a8cf-7ca0-4da6-b238-68315b199314 | default | egress | | | |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| bce886e7-74d2-46bc-aba6-5928a17b2c74 | default | ingress | | | default |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| c3ccbe23-5d44-4cbc-991d-a5df29aa5300 | default | ingress | | | default |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| c86af4d4-d6eb-4b15-a23c-1d84d8b27716 | default | egress | | | |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| c9b96941-c652-4b24-9162-4a1dcd999088 | default | ingress | icmp | <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> | |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| dd26aab7-7641-4ad8-ac53-fe443f41ab5f | default | ingress | | | default |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| f87eeaea-4b97-4995-968e-34f127d09bd3 | default | egress | | | |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">| fc7d35d0-d2b6-4df1-a03b-ca28c5e5c487 | default | egress | | | |</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">+--------------------------------------+----------------+-----------+----------+------------------+--------------+</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">(quantum) security-group-rule-create --protocol icmp --direction ingress default</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">Multiple security_group matches found for name 'default', use an ID to be more specific.</span><u></u><u></u></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courrier New"">(quantum)</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Actualy my first tenant’s several VMs don’t have network issue. Can ping their’s floating IP from Internet.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">However my second tenant’s several VMs have same network issue: can ping Internet from vm, but can’t ping their floating IP from Internet.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Leon</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Aaron Rosen [mailto:<a href="mailto:arosen@nicira.com" target="_blank">arosen@nicira.com</a>] <br>
<b>Sent:</b> 2013</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:宋体">年</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">6</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:宋体">月</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">4</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:宋体">日</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> 9:03<br>
<b>To:</b> Li, Leon<br><b>Cc:</b> <a href="mailto:openstack-operators@lists.openstack.org" target="_blank">openstack-operators@lists.openstack.org</a>; <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a> (<a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a>)<br>
<b>Subject:</b> Re: [Openstack] [Quantum] second tenant VM's floating ip can't be accessed.</span><u></u><u></u></p><p class="MsoNormal"> <u></u><u></u></p><div><p class="MsoNormal">Hi Li, <u></u><u></u></p><div><p class="MsoNormal">
<u></u><u></u></p></div><div><p class="MsoNormal">If you can ping out to the internet from your second vm but not back in it's most likely related to security groups. <u></u><u></u></p></div><div><p class="MsoNormal">
<u></u><u></u></p></div><div><p class="MsoNormal">I'd try running: quantum security-group-rule-create --protocol icmp --direction ingress default <u></u><u></u></p></div><div><p class="MsoNormal"> <u></u><u></u></p></div>
<div><p class="MsoNormal">and see if that allows ping from the internet to be received. <u></u><u></u></p></div><div><p class="MsoNormal"> <u></u><u></u></p></div><div><p class="MsoNormal">Aaron<u></u><u></u></p></div></div>
<div><p class="MsoNormal" style="margin-bottom:12.0pt"> <u></u><u></u></p><div><p class="MsoNormal">On Mon, Jun 3, 2013 at 2:43 AM, Li, Leon <<a href="mailto:Leon.Li2@emc.com" target="_blank">Leon.Li2@emc.com</a>> wrote:<u></u><u></u></p>
<div><div><p class="MsoNormal">Hi all,<u></u><u></u></p><p class="MsoNormal"> <u></u><u></u></p><p class="MsoNormal">I set up an openstack recently. My first tenant’s VMs’ floating IP work fine. All of them is pingable from “Internet”.<u></u><u></u></p>
<p class="MsoNormal">However on second tenant, via GUI or CLI I can successfully assign floating IPs to VMs, but they are not pingable. Meanwhile, I can ping Internet from VM’s private network(IP).<u></u><u></u></p><p class="MsoNormal">
My environment: Grizzly. Quantum. 3 physical servers. One is controller; one is network; and the other is compute node. GRE tunnel.<u></u><u></u></p><p class="MsoNormal">Anyone has idea? Thanks for your help.<u></u><u></u></p>
<p class="MsoNormal"><span style="color:#888888"> </span><u></u><u></u></p><p class="MsoNormal"><span style="color:#888888">Leon</span><u></u><u></u></p></div></div><p class="MsoNormal" style="margin-bottom:12.0pt"><br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><u></u><u></u></p>
</div><p class="MsoNormal"> <u></u><u></u></p></div></div></div></div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div></div></div></div></div><br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br></div>