[Openstack-operators] Cant ping or SSH Cirros VM #Kilo-Multinode#
Yuki Nishiwaki
uckey.1067 at gmail.com
Fri Jul 10 13:50:41 UTC 2015
Hello Abhishek.
I will answer about two problem
- controller can’t ping any external network
- vm can’t access internet
First , about the problem controller can’t ping any external network
> I am able to boot a VM and it goes to active state but cannot ping it from Controller or any external network.
>
If you want to ping vm which connected to external network from controller ,
you need to create nic belong to segment the same as external network in controller.
As described bellow, your controller don’t have the nic belong to external network.
> **#Controller Node**
>
> # The primary network interface - NAT connection
> auto eth0
> iface eth0 inet dhcp
>
> # vboxnet0 - OpenStack management network
> auto eth1
> iface eth1 inet static
> address 10.0.0.11
> netmask 255.255.255.0
Second, about the problem vm can’t access internet
> Moreover, as per the install guide the VM should be able to ping “openstack.org” to verify ext-net connectivity it is not doing that. The VM is able to ping the tenant router gateway of the external network interface “192.168.56.105”.
>
the reason of this problem is that your network node don’t routing or the next router of network node don’t know external network ( 192.168.56.0/24 ).
this problem can be solved by following
- Set NAT to NIC belong to segment which can access internet in network node
I’m grad if this information help you.
Yuki Nishiwaki
2015/07/09 18:38、Abhishek Talwar <abhishek.talwar at tcs.com> のメール:
> HI Folks,
>
>
>
> I have a multinode OpenStack kilo setup with a controller node, network node and 2 compute nodes. I followed all the steps (http://docs.openstack.org/kilo/instal...) given in the OpenStack kilo install guide. I am able to boot a VM and it goes to active state but cannot ping it from Controller or any external network.
>
> The external network interface (eth3) has a gateway of 192.168.56.105 and we can ping it from any external network.
>
> I have assigned a floting ip to the VM, and added the icmp and tcp rules to allow the ping and SSH but we can't ping to the VM.
>
> Moreover, as per the install guide the VM should be able to ping “openstack.org” to verify ext-net connectivity it is not doing that. The VM is able to ping the tenant router gateway of the external network interface “192.168.56.105”.
>
> How should we proceed further to enable the ping and SSH functionality.
>
> The setup details are listed as follows:
>
>
>
>
> **#Controller Node**
>
> # The primary network interface - NAT connection
> auto eth0
> iface eth0 inet dhcp
>
> # vboxnet0 - OpenStack management network
> auto eth1
> iface eth1 inet static
> address 10.0.0.11
> netmask 255.255.255.0
>
> **#Network Node**
>
> # vboxnet0 - OpenStack management network
> auto eth1
> iface eth1 inet static
> address 10.0.0.21
> netmask 255.255.255.0
>
> # vboxnet2 - OpenStack data/communication network
> auto eth2
> iface eth2 inet static
> address 10.0.1.21
> netmask 255.255.255.0
>
> #vboxnet0 - For exposing external network
> auto eth3
> iface eth3 inet manual
> up ip link set dev $IFACE up
> down ip link set dev $IFACE down
>
>
>
> **#Compute Node**
>
> # The primary network interface - NAT connection
> auto eth0
> iface eth0 inet dhcp
>
> # vboxnet0 - OpenStack management network
> auto eth1
> iface eth1 inet static
> address 10.0.0.31
> netmask 255.255.255.0
>
> # vboxnet2 - OpenStack VM data/communication network
> auto eth2
> iface eth2 inet static
> address 10.0.1.31
> netmask 255.255.255.0
>
>
> **#Compute1 Node**
>
> # The primary network interface - NAT connection
> auto eth0
> iface eth0 inet dhcp
>
> # vboxnet0 - OpenStack management network
> auto eth1
> iface eth1 inet static
> address 10.0.0.32
> netmask 255.255.255.0
>
> # vboxnet2 - OpenStack VM data/communication network
> auto eth2
> iface eth2 inet static
> address 10.0.1.32
> netmask 255.255.255.0
>
> **#neutron net-list**
>
> ------------------------------------------+
> | id | name | subnets |
> +--------------------------------------+-----------+-----------------------------------------------------+
> |
> | 6c91a7e8-4182-4fb7-8d42-b83ca6775e57 | ext-net | c4dac528-3fa9-47db-a5c4-50590ed8edf5 |
> | 314323cd-cbd1-43e9-a5f5-58213a6afdee | demo-net1 | 7412369e-a91f-4228-af55-2792fde85d3d 192.168.1.0/24 |
> +--------------------------------------+-----------+-----------------------------------------------------+
>
>
> **# neutron floatingip-list**
> -----------------+--------------------------------------+
> | id | fixed_ip_address | floating_ip_address | port_id |
> +--------------------------------------+------------------+---------------------+--------------------------------------+
> | 65872868-6318-4eb3-bce4-6bd8922b90e1 | 192.168.1.3 | 192.168.56.109 | 3a2f47f7-cbc4-4558-b91c-2886de545cd7 |
> +--------------------------------------+------------------+---------------------+--------------------------------------+
>
> **# nova list**
> ------+-------------+---------------------------------------+
> | ID | Name | Status | Task State | Power State | Networks |
> +--------------------------------------+-------+--------+------------+-------------+---------------------------------------+
> | 1ebf21e7-3073-4d68-ae59-ec168c3e51c7 | vm786 | ACTIVE | - | Running | demo-net1=192.168.1.3, 192.168.56.109 |
>
>
>
>
>
>
>
> **Added the rules to the default security group:**
>
> a. Permit ICMP (ping):
> $ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
> +-------------+-----------+---------+-----------+--------------+
> | IP Protocol | From Port | To Port | IP Range | Source Group |
> +-------------+-----------+---------+-----------+--------------+
> | icmp | -1 | -1 | 0.0.0.0/0 | |
> +-------------+-----------+---------+-----------+--------------+
>
> b. Permit secure shell (SSH) access:
> $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
> +-------------+-----------+---------+-----------+--------------+
> | IP Protocol | From Port | To Port | IP Range | Source Group |
> +-------------+-----------+---------+-----------+--------------+
> | tcp | 22 | 22 | 0.0.0.0/0 | |
> +-------------+-----------+---------+-----------+--------------+
>
>
> # ovs-vsctl show
> ebc068e7-0b6d-45c7-9408-87e2af9af64a
> Bridge br-tun
> fail_mode: secure
> Port patch-int
> Interface patch-int
> type: patch
> options: {peer=patch-tun}
> Port "gre-0a00011f"
> Interface "gre-0a00011f"
> type: gre
> options: {df_default="true", in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.31"}
> Port "gre-0a000120"
> Interface "gre-0a000120"
> type: gre
> options: {df_default="true", in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.32"}
> Port br-tun
> Interface br-tun
> type: internal
> Bridge br-int
> fail_mode: secure
> Port "qr-b1bbd942-2e"
> tag: 3
> Interface "qr-b1bbd942-2e"
> type: internal
> Port "qg-d104c0f4-62"
> tag: 2
> Interface "qg-d104c0f4-62"
> type: internal
> Port "qr-f5934280-24"
> tag: 1
> Interface "qr-f5934280-24"
> type: internal
> Port patch-tun
> Interface patch-tun
> type: patch
> options: {peer=patch-int}
> Port "tap5cc41425-9c"
> tag: 1
> Interface "tap5cc41425-9c"
> type: internal
> Port "qr-565908b5-18"
> tag: 1
> Interface "qr-565908b5-18"
> type: internal
> Port "qg-1ac2537b-9d"
> tag: 2
> Interface "qg-1ac2537b-9d"
> type: internal
> Port "qg-a0ff0263-ca"
> tag: 2
> Interface "qg-a0ff0263-ca"
> type: internal
> Port br-int
> Interface br-int
> type: internal
> Port "tap333dbc90-e6"
> tag: 3
> Interface "tap333dbc90-e6"
> type: internal
> Port int-br-ex
> Interface int-br-ex
> type: patch
> options: {peer=phy-br-ex}
> Bridge br-ex
> Port "eth3"
> Interface "eth3"
> Port br-ex
> Interface br-ex
> type: internal
> Port phy-br-ex
> Interface phy-br-ex
> type: patch
> options: {peer=int-br-ex}
> ovs_version: "2.3.1"
>
>
> Kindly check my setup and please provide some inputs how can I proceed further.
>
>
> Thanks and Regards
> Abhishek Talwar
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150710/7a5e334b/attachment.html>
More information about the OpenStack-operators
mailing list