[Rdo-list] Attempt to reproduce Kashyap Setup (Controller+Compute) on F20 is almost done
Kashyap Chamarthy
kchamart at redhat.com
Tue Jan 21 17:25:13 UTC 2014
[Please don't top-post on technical lists.]
On 01/21/2014 12:01 PM, Boris Derzhavets wrote:
> I am pretty close. I can load Cirros instance on Compute and run nslookup inside it. Everything is fine with IP's and routing. However , i cannot connect via ssh to both Cirros and Fedora 19 instances. Might it be gre tunnelling issue ? Details :-
If it's GRE tunnelling issues, ensure you have the GRE related iptables
rules on both Controller and Compute nodes:
-A INPUT -p gre -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
(You said - "double checked iptables", but didn't mention specifics.)
Here's my working Neutron configs w/ F20+Havana set-up (might need some
tiny tweaking if you have latest RDO Ice House packages).
http://kashyapc.fedorapeople.org/virt/openstack/neutron-configs-GRE-OVS-two-node.txt
>
> On Controller :-
>
> [root at ip-192-169-142-57 ~(keystone_admin)]$ neutron security-group-rule-create --protocol tcp \
>> --port-range-min 22 --port-range-max 22 \
>> --direction ingress --remote-ip-prefix 0.0.0.0/0 default
> Multiple security_group matches found for name 'default', use an ID to be more specific.
>
> [root at ip-192-169-142-57 ~(keystone_admin)]$ neutron security-group-list
>
> +--------------------------------------+---------+-------------+
> | id | name | description |
> +--------------------------------------+---------+-------------+
> | a085748d-92c0-40e0-a4c1-bc86935ec0ee | default | default |
> | b6203882-561d-4f7b-9e2e-441c57e83419 | default | default |
> | c70b80d3-f060-4002-af22-6603c745a6cf | default | default |
> +--------------------------------------+---------+-------------+
>
> [root at ip-192-169-142-57 ~(keystone_admin)]$ neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress --remote-ip-prefix 0.0.0.0/0 a085748d-92c0-40e0-a4c1-bc86935ec0ee
> 409-{u'NeutronError': {u'message': u'Security group rule already exists. Group id is 6d15d6cc-ed13-4c26-89ff-7ff10e6c4656.', u'type': u'SecurityGroupRuleExists', u'detail': u''}}
>
> [root at ip-192-169-142-57 ~(keystone_admin)]$ neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress --remote-ip-prefix 0.0.0.0/0 b6203882-561d-4f7b-9e2e-441c57e83419
> Created a new security_group_rule:
>
> +-------------------+--------------------------------------+
> | Field | Value |
> +-------------------+--------------------------------------+
> | direction | ingress |
> | ethertype | IPv4 |
> | id | 97232fb3-6ba1-46a3-a8e3-2f25ba0c70dc |
> | port_range_max | 22 |
> | port_range_min | 22 |
> | protocol | tcp |
> | remote_group_id | |
> | remote_ip_prefix | 0.0.0.0/0 |
> | security_group_id | b6203882-561d-4f7b-9e2e-441c57e83419 |
> | tenant_id | 751cda6ede504ccd9562edd233b32b34 |
> +-------------------+--------------------------------------+
>
> [root at ip-192-169-142-57 ~(keystone_admin)]$ neutron floatingip-show \
> 3d40ed62-ad78-4042-8342-9f76c419c8c1
>
> +---------------------+--------------------------------------+
> | Field | Value |
> +---------------------+--------------------------------------+
> | fixed_ip_address | 10.0.0.2 |
> | floating_ip_address | 192.169.142.105 |
> | floating_network_id | 8e2df372-544d-4921-ad58-e164e5128410 |
> | id | 3d40ed62-ad78-4042-8342-9f76c419c8c1 |
> | port_id | 41da6b37-dfd8-49a2-8dae-45d9a99ef7d7 |
> | router_id | ba157037-747e-4a44-84d5-13d7d30e88ac |
> | tenant_id | 751cda6ede504ccd9562edd233b32b34 |
> +---------------------+--------------------------------------+
>
>
>
> [root at ip-192-169-142-57 ~(keystone_admin)]$ ssh -l fedora -i oskey1.priv 192.169.142.105
>
> Hangs
>
> I double checked iptables on compute node . It's OK
--
/kashyap
More information about the dev
mailing list