4:12 p.m.
taken from
https://github.com/marafa/openstack/blob/master/openstack-project-add.sh
write_security_rules(){ echo "todo: use neutron secgroup to add ssh and
ping rules instead of nova" source $ks_dir/keystonerc_$user$id nova
keypair-add key$id > $ks_dir/key$id.pem chmod 600 $ks_dir/key$id.pem nova
secgroup-create SecGrp$id "Security Group $id" nova secgroup-add-rule
SecGrp$id tcp 22 22 0.0.0.0/0 neutron security-group-rule-create
--direction ingress --protocol tcp --port_range_min 1 --port_range_max
65535 SecGrp$id neutron security-group-rule-create --direction ingress
--protocol udp --port_range_min 1 --port_range_max 65535 SecGrp$id neutron
security-group-rule-create --direction ingress --protocol icmp SecGrp$id }
On Fri, Feb 20, 2015 at 5:07 PM, Pasquale Salza <pasquale.salza(a)gmail.com>
wrote:
Hi Rhys,
I suppose so, because these are my iptables rules:
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -m state --state ESTABLISHED,RELATED
-j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport www -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport pptp -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p tcp --sport domain -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport domain -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p udp --sport domain -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p udp --dport domain -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p gre -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p icmp -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -j DROP
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
Firstly, do you think I planned the network organisation well? Do you have
other suggestion (best practices) with 2 interfaces?
2015-02-20 18:30 GMT+01:00 Rhys Oxenham <roxenham(a)redhat.com>:
> Hi Pasquale,
>
> Did you modify your security group rules to allow ICMP and/or 22:tcp
> access?
>
> Many thanks
> Rhys
>
> > On 20 Feb 2015, at 17:11, Pasquale Salza <pasquale.salza(a)gmail.com>
> wrote:
> >
> > Hi there, I have a lot of problems with RDO/OpenStack configuration.
> Firstly, I need to describe my network situation.
> >
> > I have 7 machine, each of them with 2 NIC. I would like to use one
> machine as a controller/network node and the others as compute nodes.
> >
> > I would like to use the eth0 to connect nodes to internet (and get
> access by remote sessions) with the network "172.16.58.0/24", in which I
> have just 7 available IPs, and eth1 as configuration network on the network
> 10.42.100.0/42.
> >
> > This is my current configuration, for each node (varying the IPs on
> each machine):
> >
> > eth0:
> > DEVICE=eth0
> > TYPE=Ethernet
> > ONBOOT=yes
> > BOOTPROTO=static
> > IPADDR=172.16.58.50
> > NETMASK=255.255.255.0
> > GATEWAY=172.16.58.254
> > DNS1=172.16.58.50
> > DOMAIN=###
> > DEFROUTE="yes"
> >
> > eth1:
> > DEVICE=eth1
> > TYPE=OVSPort
> > DEVICETYPE=ovs
> > OVS_BRIDGE=br-ex
> > ONBOOT=yes
> >
> > br-ex:
> > DEVICE=br-ex
> > DEVICETYPE=ovs
> > TYPE=OVSBridge
> > BOOTPROTO=static
> > IPADDR=10.42.100.1
> > NETMASK=255.255.255.0
> > ONBOOT=yes
> >
> > I'd like to have instances on 10.42.200.0/24 virtual private network
> and the remaining IPs of 10.42.100.0/24 network as floating IPs.
> >
> > These are the relevant parts of my answers.txt file:
> >
> > CONFIG_CONTROLLER_HOST=10.42.100.1
> >
>
CONFIG_COMPUTE_HOSTS=10.42.100.10,10.42.100.11,10.42.100.12,10.42.100.13,10.42.100.14,10.42.100.15
> > CONFIG_NETWORK_HOSTS=10.42.100.1
> > CONFIG_AMQP_HOST=10.42.100.1
> > CONFIG_MARIADB_HOST=10.42.100.1
> > CONFIG_NOVA_COMPUTE_PRIVIF=eth1
> > CONFIG_NOVA_NETWORK_PUBIF=eth1
> > CONFIG_NOVA_NETWORK_PRIVIF=eth1
> > CONFIG_NOVA_NETWORK_FIXEDRANGE=10.42.200.0/24
> > CONFIG_NOVA_NETWORK_FLOATRANGE=10.42.100.0/24
> > CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
> > CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan
> > CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vxlan
> > CONFIG_NEUTRON_ML2_VNI_RANGES=10:100
> > CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
> > CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=
> > CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
> > CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
> >
> > After the installation, I configure the network like this:
> >
> > neutron router-create router
> > neutron net-create private
> > neutron subnet-create private 10.42.200.0/24 --name private-subnet
> > neutron router-interface-add router private-subnet
> > neutron net-create public --router:external=True
> > neutron subnet-create public 10.42.100.0/24 --name public-subnet
> --enable_dhcp=False --allocation-pool start=10.42.100.100,end=10.42.100.200
> --no-gateway
> > neutron router-gateway-set router public
> >
> > I'm able to launch instances but I can't get access (ping/ssh) to them.
> >
> > I don't know if I'm doing something wrong starting from planning.
> >
> > Please, help me!
> >
> > _______________________________________________
> > Rdo-list mailing list
> > Rdo-list(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/rdo-list
> >
> > To unsubscribe: rdo-list-unsubscribe(a)redhat.com
>
>
--
Pasquale Salza
e-mail: pasquale.salza(a)gmail.com
phone: +39 393 4415978
fax: +39 089 8422939
skype: pasquale.salza
linkedin: http://it.linkedin.com/in/psalza/
_______________________________________________
Rdo-list mailing list
Rdo-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/rdo-list
To unsubscribe: rdo-list-unsubscribe(a)redhat.com
--
<https://candidate.peoplecert.org/ReportsLink.aspx?argType=1&id=13D642...
*805010942448935*
<https://www.redhat.com/wapps/training/certification/verify.html?certNumbe...
*GR750055912MA*
<https://candidate.peoplecert.org/ReportsLink.aspx?argType=1&id=13D642...
*Link to me on LinkedIn <http://www.linkedin.com/in/mohammedarafa>*