Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I am still searching for a way to do this. A quick hack for doing this manually and not loosing your configuration on nova-network restart can be achieved by the following. I wouldn't recommend doing this in production environments though:

Infra: openstack folsom host - host1 + 1 vm running (instance - vm_inst1) for the image - linux_1

Requirement: For any traffic coming on port 1234 of host1 forward it to port 8000 of vm_inst1

Steps:

  1. Create a security rule which opens up port 8000 for vm_inst1

    nova secgroup-create secgroup1 'test security group' nova secgroup-add-rule secgroup1 tcp 8000 8000 0.0.0.0/0 nova boot --flavor 1 --image linux_1 --security_groups secgroup1 vm_inst1

  2. Once the VM get's the IP - flush out it's internal iptables rules to remove any confusion. Hence, inside vm_inst1:

    iptables -F python -m SimpleHTTPServer

  3. In nova.network.linux_net.py locate the function - metadata_forward

  4. Add the following snippet to it:

    iptables_manager.ipv4['nat'].add_rule('PREROUTING', '-s 0.0.0.0/0 -d %s/32 ' '-p tcp -m tcp --dport %s -j DNAT ' '--to-destination %s:%s' % (FLAGS.metadata_host, '1234', '<vm_isnt1_ip>', '8000'))

  5. restart nova-network

  6. This adds a nova-network-PREROUTING rule which does the requisite forwarding.

  7. Test it by going to a different host other than host1 and doing:

    telnet host1_ip 1234 this

  8. You should see "this" appearing on the python session in the VM.

But I am looking for a cleaner way to do this. Is there a plugin based approach for this - or is there a way to execute arbitary hook programs upon events like VM startup, shutdown.

I did find references to https://wiki.openstack.org/wiki/Novaplugin - just want to know that - is that the right way to go for it? If any of the stackers have used it - is there any reference code that can be looked at. There is a filesystem code available on the novaplugin page - but I am looking for a simpler example.

Hope this insight helps anyone else looking to do port forwarding.

I am still searching for a way to do this. A quick hack for doing this manually and not loosing your configuration on nova-network restart can be achieved by the following. I wouldn't recommend doing this in production environments though:

Infra: openstack folsom host - host1 + 1 vm running (instance - vm_inst1) for the image - linux_1

Requirement: For any traffic coming on port 1234 of host1 forward it to port 8000 of vm_inst1

Steps:

  1. Create a security rule which opens up port 8000 for vm_inst1

    nova secgroup-create secgroup1 'test security group' nova secgroup-add-rule secgroup1 tcp 8000 8000 0.0.0.0/0 nova boot --flavor 1 --image linux_1 --security_groups secgroup1 vm_inst1

  2. Once the VM get's the IP - flush out it's internal iptables rules to remove any confusion. Hence, inside vm_inst1:

    iptables -F

    python -m SimpleHTTPServer

  3. In nova.network.linux_net.py locate the function - metadata_forward

  4. Add the following snippet to it:

    iptables_manager.ipv4['nat'].add_rule('PREROUTING', '-s 0.0.0.0/0 -d %s/32 ' '-p tcp -m tcp --dport %s -j DNAT ' '--to-destination %s:%s' % (FLAGS.metadata_host, '1234', '<vm_isnt1_ip>', '8000'))

  5. restart nova-network

  6. This adds a nova-network-PREROUTING rule which does the requisite forwarding.

  7. Test it by going to a different host other than host1 and doing:

    telnet host1_ip 1234 this

  8. You should see "this" appearing on the python session in the VM.

But I am looking for a cleaner way to do this. Is there a plugin based approach for this - or is there a way to execute arbitary hook programs upon events like VM startup, shutdown.

I did find references to https://wiki.openstack.org/wiki/Novaplugin - just want to know that - is that the right way to go for it? If any of the stackers have used it - is there any reference code that can be looked at. There is a filesystem code available on the novaplugin page - but I am looking for a simpler example.

Hope this insight helps anyone else looking to do port forwarding.

click to hide/show revision 3
fixed formatting and added an update

I am still searching for a way to do this. A quick hack for doing this manually and not loosing your configuration on nova-network restart can be achieved by the following. I wouldn't recommend doing this in production environments though:

Infra: openstack folsom host - host1 + 1 vm running (instance - vm_inst1) for the image - linux_1

Requirement: For any traffic coming on port 1234 of host1 forward it to port 8000 of vm_inst1

Steps:

  1. Create a security rule which opens up port 8000 for vm_inst1

    nova secgroup-create secgroup1 'test security group' nova secgroup-add-rule secgroup1 tcp 8000 8000 0.0.0.0/0 nova boot --flavor 1 --image linux_1 --security_groups secgroup1 vm_inst1

  2. Once the VM get's the IP - flush out it's internal iptables rules to remove any confusion. Hence, inside vm_inst1:

    iptables -F

    python -m SimpleHTTPServer

  3. In nova.network.linux_net.py locate the function - metadata_forward

  4. Add the following snippet to it:

    iptables_manager.ipv4['nat'].add_rule('PREROUTING',
                                          '-s 0.0.0.0/0 -d %s/32 '
                                          '-p tcp -m tcp --dport %s -j DNAT '
                                          '--to-destination %s:%s' %
                                          (FLAGS.metadata_host,
                                           '1234',
                                           '<vm_isnt1_ip>',
                                           '8000'))

    '8000'))
  5. restart nova-network

  6. This adds a nova-network-PREROUTING rule which does the requisite forwarding.

  7. Test it by going to a different host other than host1 and doing:

    telnet host1_ip 1234 this

  8. You should see "this" appearing on the python session in the VM.

But I am looking for a cleaner way to do this. Is there a plugin based approach for this - or is there a way to execute arbitary hook programs upon events like VM startup, shutdown.

I did find references to https://wiki.openstack.org/wiki/Novaplugin - just want to know that - is that the right way to go for it? If any of the stackers have used it - is there any reference code that can be looked at. There is a filesystem code available on the novaplugin page - but I am looking for a simpler example.

Hope this insight helps anyone else looking to do port forwarding.

UPDATE: From what I read on https://www.redhat.com/archives/rhos-list/2012-November/msg00022.html - there isn't a way to hook in your code but you can subscribe for notifications upon VM events.