More updates:
I now have a public network and a internal network linked together with
a router. I can create instances on the internal network and then
associate a floating IP address with the instance. However, I still
can't talk to the instances over the network.
As of now I have an instance running with a floating IP of 192.168.5.11
assigned to it.
I ran a packet sniffer on the laptop while trying to ping my router from
the instance using the console built into openstack. I can see traffic
on the bridge interface but nothing is answering.
[root@localhost ~]# tshark
Running as user "root" and group "root". This could be dangerous.
Capturing on 'br-ex'
1 0.000000 fa:16:3e:a9:b0:f8 -> Broadcast ARP 42 Who has
192.168.5.1? Tell 192.168.5.11
2 1.001142 fa:16:3e:a9:b0:f8 -> Broadcast ARP 42 Who has
192.168.5.1? Tell 192.168.5.11
3 2.003167 fa:16:3e:a9:b0:f8 -> Broadcast ARP 42 Who has
192.168.5.1? Tell 192.168.5.11
If I try to ping from other machines in 192.168.5.0/24 to 192.168.5.11 I
get no response and nothing even shows up on the bridge interface from
sniffing.
I'm trying to think what to look at next, any ideas?
-Dave
On 12/24/2014 12:23 PM, David Krovich wrote:
Thanks, I think I had already adjusted my security groups
appropriately. Here is a listing.
[root@localhost ~(keystone_admin)]# neutron security-group-rule-list
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
| id | security_group | direction |
protocol | remote_ip_prefix | remote_group |
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
| 50b74169-5f5c-40f3-b193-d568e1cd2864 | default | egress
| | | |
| 5d3a0a6e-7d90-49a7-8114-998b06d525df | default | ingress
| | | default |
| 670a2b30-bc93-415c-9998-750334ce99d8 | default | egress |
icmp | 0.0.0.0/0 | |
| 68d7fb55-b04f-4b0e-b488-5f6a6f429616 | default | egress
| | | |
| 6ec01872-1735-4e46-8a4a-6e3a78e5d867 | default | ingress
| | | default |
| 747224b1-7415-49f4-ad77-1acb604508a0 | default | ingress
| | | default |
| 836c2c01-710f-44a1-8e85-826729c2f152 | default | ingress |
udp | 0.0.0.0/0 | |
| 8f9f6446-64c8-46f3-943a-d13723a92aa9 | default | ingress
| | | default |
| 939931a6-7769-4cb7-adef-3170285449a7 | default | egress
| | | |
| b1a2837c-6c64-4c31-9d4b-e50084db3212 | default | ingress
| | | default |
| ba1f61ba-9b3a-4618-935e-e6a9c23b3f34 | default | ingress |
icmp | 0.0.0.0/0 | |
| bc32a758-079d-4fd8-9668-e748d3b075ec | default | egress
| | | |
| bf27706a-4d85-4f54-b18d-99877155bfb2 | default | ingress |
tcp | 0.0.0.0/0 | |
| c315bdfa-fe04-490b-aab3-8422c79d1b7f | default | ingress
| | | default |
| cf799c38-222e-4e5b-9056-c3b7ebac40b5 | default | egress
| | | |
| e2d3ea34-ab71-4764-986e-da2545b81e39 | default | egress
| | | |
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
[root@localhost ~(keystone_admin)]#
On 12/24/2014 01:46 AM, Udi Kalifon wrote:
> Usually this is because you forgot to allow ssh and icmp in the
> security group rules. It's easiest to configure if you use the GUI.
> Hope it helps.
>
> -- Udi.
>
>
> ----- Original Message -----
> From: "David Krovich" <David.Krovich(a)mail.wvu.edu>
> To: rdo-list(a)redhat.com
> Sent: Wednesday, December 24, 2014 2:59:22 AM
> Subject: Re: [Rdo-list] Single Node Openstack
>
>
>
> Adding more information.
>
>
>
>
>
> ONBOOT=yes[root@localhost ~]# ip addr
>
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default
>
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>
> inet 127.0.0.1/8 scope host lo
>
> valid_lft forever preferred_lft forever
>
> inet6 ::1/128 scope host
>
> valid_lft forever preferred_lft forever
>
> 2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
>
> link/ether 00:22:41:28:14:20 brd ff:ff:ff:ff:ff:ff
>
> inet 192.168.5.151/24 brd 192.168.5.255 scope global dynamic p5p1
>
> valid_lft 85871sec preferred_lft 85871sec
>
> inet6 fe80::222:41ff:fe28:1420/64 scope link
>
> valid_lft forever preferred_lft forever
>
> 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
> group default
>
> link/ether 22:4a:7f:81:49:15 brd ff:ff:ff:ff:ff:ff
>
> 4: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UNKNOWN group default
>
> link/ether 32:1a:96:7a:7e:4a brd ff:ff:ff:ff:ff:ff
>
> inet 192.168.5.151/24 brd 192.168.5.255 scope global br-ex
>
> valid_lft forever preferred_lft forever
>
> inet6 fe80::301a:96ff:fe7a:7e4a/64 scope link
>
> valid_lft forever preferred_lft forever
>
> 8: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
> default
>
> link/ether 32:99:19:54:f9:40 brd ff:ff:ff:ff:ff:ff
>
> 10: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
> group default
>
> link/ether 76:49:ac:a6:ce:4f brd ff:ff:ff:ff:ff:ff
>
>
>
>
>
>
>
>
>
>
>
> /etc/sysconfig/network-scripts/ifcfg-br-ex
>
>
>
>
>
> [root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-br-ex
>
> DEVICE=br-ex
>
> DEVICETYPE=ovs
>
> TYPE=OVSBridge
>
> BOOTPROTO=static
>
> IPADDR=192.168.5.151
>
> NETMASK=255.255.255.0
>
> ONBOOT=yes
>
>
>
>
>
>
>
>
> [root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-p5p1
>
> TYPE="OVSPort"
>
> DEVICETYPE="ovs"
>
> OVS_BRIDGE="br-ex"
>
> DEFROUTE="yes"
>
> IPV4_FAILURE_FATAL="no"
>
> IPV6INIT="yes"
>
> IPV6_AUTOCONF="yes"
>
> IPV6_DEFROUTE="yes"
>
> IPV6_PEERDNS="yes"
>
> IPV6_PEERROUTES="yes"
>
> IPV6_FAILURE_FATAL="no"
>
> NAME="p5p1"
>
> UUID="70997a7b-a01c-48a6-b961-b11304839108"
>
> ONBOOT="yes"
>
> HWADDR="00:22:41:28:14:20"
>
> PEERDNS="yes"
>
> PEERROUTES="yes"
>
>
>
>
>
> Ran the following:
>
>
>
>
>
> [root@localhost ~]# . keystonerc_admin
>
> [root@localhost ~(keystone_admin)]# neutron router-gateway-clear router1
>
> Removed gateway from router router1
>
> [root@localhost ~(keystone_admin)]# neutron subnet-delete public_subnet
>
> Deleted subnet: public_subnet
>
> [root@localhost ~(keystone_admin)]# neutron subnet-create --name
> public_subnet --enable_dhcp=False
> --allocation-pool=start=192.168.5.10,end=192.168.5.20
> --gateway=192.168.5.1 public 192.168.5.0/24
>
> Created a new subnet:
>
> +-------------------+--------------------------------------------------+
>
> | Field | Value |
>
> +-------------------+--------------------------------------------------+
>
> | allocation_pools | {"start": "192.168.5.10", "end":
"192.168.5.20"} |
>
> | cidr | 192.168.5.0/24 |
>
> | dns_nameservers | |
>
> | enable_dhcp | False |
>
> | gateway_ip | 192.168.5.1 |
>
> | host_routes | |
>
> | id | 8f11b060-73a9-4b43-a3cc-be192436102c |
>
> | ip_version | 4 |
>
> | ipv6_address_mode | |
>
> | ipv6_ra_mode | |
>
> | name | public_subnet |
>
> | network_id | 7fbe63c2-0745-45c3-9f00-622ee0eb223b |
>
> | tenant_id | 636f926081a345fc93ca12fb5401ffe5 |
>
> +-------------------+--------------------------------------------------+
>
> [root@localhost ~(keystone_admin)]#
>
>
>
>
>
>
>
>
>
>
>
>
> From: rdo-list-bounces(a)redhat.com <rdo-list-bounces(a)redhat.com> on
> behalf of David Krovich <David.Krovich(a)mail.wvu.edu>
> Sent: Tuesday, December 23, 2014 3:56 PM
> To: rdo-list(a)redhat.com
> Subject: [Rdo-list] Single Node Openstack
>
>
> Hi,
>
>
>
>
> I'm trying to learn about how to setup and configure OpenStack.
>
>
>
>
> I've got a laptop that I want to use a test machine to run a single
> OpenStack node with instances appearing on the same network as the
> node itself. I'm trying to follow the instructions from this web site.
>
>
>
>
>
https://openstack.redhat.com/Neutron_with_existing_external_network
>
>
> I'm running Fedora 20 on this laptop.
>
>
>
>
> My network range is 192.168.5.0/24.
>
>
>
>
> First question, does anyone have a similar setup? Fedora 20, single
> node, instances on the same network? I can get openstack installed
> via packstack and everything appears to work except that I can't seem
> to talk to the instances over the network. At this point I'm stuck
> and could use some advise on where to look further.
>
>
>
>
> Thanks.
>
>
>
>
> -Dave
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Rdo-list mailing list
> Rdo-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/rdo-list
_______________________________________________
Rdo-list mailing list
Rdo-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/rdo-list