[Rdo-list] I can't get access to VM instances
Mohammed Arafa
mohammed.arafa at gmail.com
Fri Feb 20 22:12:44 UTC 2015
taken from
https://github.com/marafa/openstack/blob/master/openstack-project-add.sh
write_security_rules(){ echo "todo: use neutron secgroup to add ssh and
ping rules instead of nova" source $ks_dir/keystonerc_$user$id nova
keypair-add key$id > $ks_dir/key$id.pem chmod 600 $ks_dir/key$id.pem nova
secgroup-create SecGrp$id "Security Group $id" nova secgroup-add-rule
SecGrp$id tcp 22 22 0.0.0.0/0 neutron security-group-rule-create
--direction ingress --protocol tcp --port_range_min 1 --port_range_max
65535 SecGrp$id neutron security-group-rule-create --direction ingress
--protocol udp --port_range_min 1 --port_range_max 65535 SecGrp$id neutron
security-group-rule-create --direction ingress --protocol icmp SecGrp$id }
On Fri, Feb 20, 2015 at 5:07 PM, Pasquale Salza <pasquale.salza at gmail.com>
wrote:
> Hi Rhys,
> I suppose so, because these are my iptables rules:
>
> iptables -F
> iptables -t nat -F
> iptables -P INPUT ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -m state --state ESTABLISHED,RELATED
> -j ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport ssh -j ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport www -j ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport pptp -j ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -p tcp --sport domain -j ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport domain -j ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -p udp --sport domain -j ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -p udp --dport domain -j ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -p gre -j ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -p icmp -j ACCEPT
> iptables -A INPUT -d 172.16.58.0/24 -j DROP
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> service iptables save
>
> Firstly, do you think I planned the network organisation well? Do you have
> other suggestion (best practices) with 2 interfaces?
>
>
> 2015-02-20 18:30 GMT+01:00 Rhys Oxenham <roxenham at redhat.com>:
>
>> Hi Pasquale,
>>
>> Did you modify your security group rules to allow ICMP and/or 22:tcp
>> access?
>>
>> Many thanks
>> Rhys
>>
>> > On 20 Feb 2015, at 17:11, Pasquale Salza <pasquale.salza at gmail.com>
>> wrote:
>> >
>> > Hi there, I have a lot of problems with RDO/OpenStack configuration.
>> Firstly, I need to describe my network situation.
>> >
>> > I have 7 machine, each of them with 2 NIC. I would like to use one
>> machine as a controller/network node and the others as compute nodes.
>> >
>> > I would like to use the eth0 to connect nodes to internet (and get
>> access by remote sessions) with the network "172.16.58.0/24", in which I
>> have just 7 available IPs, and eth1 as configuration network on the network
>> 10.42.100.0/42.
>> >
>> > This is my current configuration, for each node (varying the IPs on
>> each machine):
>> >
>> > eth0:
>> > DEVICE=eth0
>> > TYPE=Ethernet
>> > ONBOOT=yes
>> > BOOTPROTO=static
>> > IPADDR=172.16.58.50
>> > NETMASK=255.255.255.0
>> > GATEWAY=172.16.58.254
>> > DNS1=172.16.58.50
>> > DOMAIN=###
>> > DEFROUTE="yes"
>> >
>> > eth1:
>> > DEVICE=eth1
>> > TYPE=OVSPort
>> > DEVICETYPE=ovs
>> > OVS_BRIDGE=br-ex
>> > ONBOOT=yes
>> >
>> > br-ex:
>> > DEVICE=br-ex
>> > DEVICETYPE=ovs
>> > TYPE=OVSBridge
>> > BOOTPROTO=static
>> > IPADDR=10.42.100.1
>> > NETMASK=255.255.255.0
>> > ONBOOT=yes
>> >
>> > I'd like to have instances on 10.42.200.0/24 virtual private network
>> and the remaining IPs of 10.42.100.0/24 network as floating IPs.
>> >
>> > These are the relevant parts of my answers.txt file:
>> >
>> > CONFIG_CONTROLLER_HOST=10.42.100.1
>> >
>> CONFIG_COMPUTE_HOSTS=10.42.100.10,10.42.100.11,10.42.100.12,10.42.100.13,10.42.100.14,10.42.100.15
>> > CONFIG_NETWORK_HOSTS=10.42.100.1
>> > CONFIG_AMQP_HOST=10.42.100.1
>> > CONFIG_MARIADB_HOST=10.42.100.1
>> > CONFIG_NOVA_COMPUTE_PRIVIF=eth1
>> > CONFIG_NOVA_NETWORK_PUBIF=eth1
>> > CONFIG_NOVA_NETWORK_PRIVIF=eth1
>> > CONFIG_NOVA_NETWORK_FIXEDRANGE=10.42.200.0/24
>> > CONFIG_NOVA_NETWORK_FLOATRANGE=10.42.100.0/24
>> > CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
>> > CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan
>> > CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vxlan
>> > CONFIG_NEUTRON_ML2_VNI_RANGES=10:100
>> > CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
>> > CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=
>> > CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
>> > CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
>> >
>> > After the installation, I configure the network like this:
>> >
>> > neutron router-create router
>> > neutron net-create private
>> > neutron subnet-create private 10.42.200.0/24 --name private-subnet
>> > neutron router-interface-add router private-subnet
>> > neutron net-create public --router:external=True
>> > neutron subnet-create public 10.42.100.0/24 --name public-subnet
>> --enable_dhcp=False --allocation-pool start=10.42.100.100,end=10.42.100.200
>> --no-gateway
>> > neutron router-gateway-set router public
>> >
>> > I'm able to launch instances but I can't get access (ping/ssh) to them.
>> >
>> > I don't know if I'm doing something wrong starting from planning.
>> >
>> > Please, help me!
>> >
>> > _______________________________________________
>> > Rdo-list mailing list
>> > Rdo-list at redhat.com
>> > https://www.redhat.com/mailman/listinfo/rdo-list
>> >
>> > To unsubscribe: rdo-list-unsubscribe at redhat.com
>>
>>
>
>
> --
> Pasquale Salza
>
> e-mail: pasquale.salza at gmail.com
> phone: +39 393 4415978
> fax: +39 089 8422939
> skype: pasquale.salza
> linkedin: http://it.linkedin.com/in/psalza/
>
> _______________________________________________
> Rdo-list mailing list
> Rdo-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rdo-list
>
> To unsubscribe: rdo-list-unsubscribe at redhat.com
>
--
<https://candidate.peoplecert.org/ReportsLink.aspx?argType=1&id=13D642E995903C076FA394F816CC136539DBA6A32D7305539E4219F5A650358C02CA2ED9F1F26319&AspxAutoDetectCookieSupport=1>
*805010942448935*
<https://www.redhat.com/wapps/training/certification/verify.html?certNumber=805010942448935&verify=Verify>
*GR750055912MA*
<https://candidate.peoplecert.org/ReportsLink.aspx?argType=1&id=13D642E995903C076FA394F816CC136539DBA6A32D7305539E4219F5A650358C02CA2ED9F1F26319&AspxAutoDetectCookieSupport=1>
*Link to me on LinkedIn <http://www.linkedin.com/in/mohammedarafa>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20150220/833460df/attachment.html>
More information about the dev
mailing list