[Rdo-list] DNS resolver problems w/ instack-virt-setup
Lars Kellogg-Stedman
lars at redhat.com
Fri Apr 17 17:09:02 UTC 2015
On Fri, Apr 17, 2015 at 06:15:37PM +0200, Marius Cornea wrote:
> 192.168.122.1 is set on the virbr0 interface on the host (default
> libvirt net) where under/overcloud VMs are running.
It is also the address of the virbr0 interface *on the overcloud
nodes*.
> (192.0.2.0/24 subnet). The overcloud nodes have one interface in the
> brbm bridge and route the traffic through the undercloud node. You can
> check that default gw on overcloud nodes is 192.0.2.1 (eth1 of instack
> VM).
That confirms what I said in my previous email:
> That's not a useful address for either of these nodes, on which
> external connectivity -- at least on the controller -- is via
> eth0/br-ex on the 192.0.2.0/24 network.
> The undercloud node masquerades all traffic coming from
> 192.0.2.0/24 so the overcloud nodes can get external connectivity,
> including to 192.168.122.1 which handles the dns queries.
It doesn't. First, because 192.168.122.1 is set on the virbr0
interface on the overcloud controller node, traffic to this address
never leaves the host.
While the undercloud node does have masquerade rules in place:
# iptables -t nat -S | grep -i masquerade
-A POSTROUTING -s 192.0.2.0/24 -o eth0 -j MASQUERADE
-A BOOTSTACK_MASQ -s 192.0.2.0/24 ! -d 192.0.2.0/24 -j MASQUERADE
It doesn't have ip forwarding enabled:
# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 0
No forwarding, so no masquerading.
--
Lars Kellogg-Stedman <lars at redhat.com> | larsks @ {freenode,twitter,github}
Cloud Engineering / OpenStack | http://blog.oddbit.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20150417/ef63677d/attachment.sig>
More information about the dev
mailing list