[openstack-dev] [devstack][neutron] How to give nested VM access to outside network?
Rich Megginson
rmeggins at redhat.com
Fri Aug 7 23:04:00 UTC 2015
On 08/04/2015 01:44 AM, Andreas Scheuring wrote:
> Can you try answer 1 of [1]?
>
> I've never tried it, but I heard from folks who configured it like that.
> With this masquerading, your vm should be able to reach your 192.x
> network. But as it's NAT it won't work the other way round (e.g.
> establish a connection from outside into your vm)
>
> The proper way would be to configure your provider network to match the
> 192.x subnet. In addition you would need to plug your 192.x interface
> (eth0)? into the ovs br-ex. But be careful! This steps breaks
> connectivity via this interface. So be sure that you're logged in via
> another interface or via some vnc session.
Thanks. This works:
1) Add this to local.conf before running stack.sh:
[[local|localrc]]
ADMIN_PASSWORD=secret
ENABLED_SERVICES=g-api,g-reg,key,n-api,n-cpu,n-sch,n-cond,n-crt,n-novnc,mysql,rabbit,dstat,quantum,q-svc,q-agt,q-dhcp,q-l3,q-meta
SERVICE_HOST=127.0.0.1
NETWORK_GATEWAY=10.0.0.1
PUBLIC_NETWORK_GATEWAY=172.24.4.1
... other config ...
[[post-config|$Q_DHCP_CONF_FILE]]
[DEFAULT]
dnsmasq_dns_servers = 192.168.122.1
NOTE: If you are adding the above from a script as e.g. a here doc,
don't forget to escape the $ e.g. [[post-config|\$Q_DHCP_CONF_FILE]]
2) Run this command after running stack.sh and before creating a vm:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Now, the nested VM can ping external IP addresses, and name server
lookups work.
>
> If you have further questions regarding provider networks, feel free to
> ask again!
>
>
>
> [1]
> https://ask.openstack.org/en/question/44266/connect-vm-in-devstack-to-external-network/
>
>
> On Mo, 2015-08-03 at 22:07 -0600, Rich Megginson wrote:
>> I'm running devstack in a VM (Fedora 21 host, EL 7.1.x VM) with a static
>> IP address (because dhcp was not working):
>>
>> cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
>> DEVICE="eth0"
>> BOOTPROTO="static"
>> DHCPCLASS=
>> HWADDR=$VM_MAC
>> IPADDR=192.168.122.5
>> NETMASK=255.255.255.0
>> GATEWAY=192.168.122.1
>> ONBOOT=yes
>> NM_CONTROLLED=no
>> TYPE="Ethernet"
>> USERCTL="yes"
>> PEERDNS="yes"
>> DNS1="192.168.122.1"
>> IPV6INIT="no"
>> EOF
>>
>> with Neutron networking enabled and Nova networking disabled:
>>
>> [[local|localrc]]
>> IP_VERSION=4
>> ENABLED_SERVICES=g-api,g-reg,key,n-api,n-cpu,n-sch,n-cond,n-crt,n-novnc,mysql,rabbit,dstat,quantum,q-svc,q-agt,q-dhcp,q-l3,q-meta
>> SERVICE_HOST=127.0.0.1
>> NETWORK_GATEWAY=10.0.0.1
>> PUBLIC_NETWORK_GATEWAY=172.24.4.1
>> ...
>>
>> I've followed this some, but I don't want to use the provider network:
>> http://docs.openstack.org/developer/devstack/guides/neutron.html
>>
>> I've hacked the floating_ips exercise to use neutron networking commands:
>>
>> http://ur1.ca/ncjm6
>>
>> I can ssh into the nested VM, I can assign it a floating IP.
>>
>> However, it cannot see the outside world. From it, I can ping the
>> 10.0.0.1 network and the 172.24.4.1 network, and even 192.168.122.5, but
>> not 192.168.122.1 or anything outside of the VM.
>>
>> route looks like this: http://ur1.ca/ncjog
>>
>> ip addr looks like this: http://ur1.ca/ncjop
>>
>> Here is the entire output of stack.sh:
>> https://rmeggins.fedorapeople.org/stack.out
>>
>> Here is the entire output of the exercise:
>> https://rmeggins.fedorapeople.org/exercise.out
>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
More information about the OpenStack-dev
mailing list