Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I managed to achieve the second goal: on the instance I want to be able to ping 137.131.143.147 to reach the host and something like ping 8.8.8.8 because I want to reach the internet.

First I added the gateway IP address to br-ex:

  • ip link set down br-ex
  • ip addr add 10.0.21.1/24 dev br-ex
  • ip link set up br-ex

Do not change /etc/sysconfig/network-scripts/ifcfg-br-ex to include the IP address because this will interfere with OpenVSwitch.

Then I added iptables rules to create a NAT:

  • iptables -I FORWARD -i br-ex -j ACCEPT
  • iptables -I FORWARD -o br-ex -j ACCEPT
  • iptables -t nat -I POSTROUTING -s 10.0.21.0/24 ! -d 10.0.21.0/24 -j MASQUERADE

To add DNS support for external domains, I changed the private subnet to announce the same DNS servers my host is using:

neutron subnet-update $SUBNET_ID --dns-nameservers list=true $DNS1 $DNS2

After this change a reboot of the instances or a run of the DHCP client is necessary.

I don't know yet why I cannot reach the instances via their external addresses, but for now, this is enough for my test setup as I can reach the instances via

ip netns exec qdhcp-… ssh cirros@10.0.90.2

I managed to achieve the second goal: on the instance I want to be able to ping 137.131.143.147 to reach the host and something like ping 8.8.8.8 because I want to reach the internet.

First I started the tutorial from the beginning and before creating the OpenStack networks with neutron I did the following. I added the gateway IP address to br-ex:

  • ip link set down br-ex
  • ip addr add 10.0.21.1/24 dev br-ex
  • ip link set up br-ex

Do not change /etc/sysconfig/network-scripts/ifcfg-br-ex to include the IP address because this will interfere for me that interfered with OpenVSwitch.OpenVSwitch and stopped it from creating the other interfaces.

Then I added iptables rules to create a NAT:

  • iptables -I FORWARD -i br-ex -j ACCEPT
  • iptables -I FORWARD -o br-ex -j ACCEPT
  • iptables -t nat -I POSTROUTING -s 10.0.21.0/24 ! -d 10.0.21.0/24 -j MASQUERADE

To add DNS support for external domains, I changed the private subnet to announce the same DNS servers my host is using:

neutron subnet-update $SUBNET_ID --dns-nameservers list=true $DNS1 $DNS2

After this change a reboot of the instances or a run of the DHCP client is necessary.

I don't know yet why I cannot reach the instances via their external addresses, but for now, this is enough for my test setup as I can reach the instances via

ip netns exec qdhcp-… ssh cirros@10.0.90.2

The scripts I wrote for this setup are available under https://gist.github.com/blipp/46e5b84e4d0c5c62347f

I managed to achieve the second goal: on the instance I want to be able to ping 137.131.143.147 to reach the host and something like ping 8.8.8.8 because I want to reach the internet.

I started the tutorial from the beginning and before creating the OpenStack networks with neutron I did the following. I added the gateway IP address to br-ex:

  • ip link set down br-ex
  • ip addr add 10.0.21.1/24 dev br-ex
  • ip link set up br-ex

Do not change /etc/sysconfig/network-scripts/ifcfg-br-ex to include the IP address because for me that interfered with OpenVSwitch and stopped it from creating the other interfaces.

Then I added iptables rules to create a NAT:

  • iptables -I FORWARD -i br-ex -j ACCEPT
  • iptables -I FORWARD -o br-ex -j ACCEPT
  • iptables -t nat -I POSTROUTING -s 10.0.21.0/24 ! -d 10.0.21.0/24 -j MASQUERADE

To add DNS support for external domains, I changed the private subnet to announce the same DNS servers my host is using:

neutron subnet-update $SUBNET_ID --dns-nameservers list=true $DNS1 $DNS2

After this change a reboot of the instances or a run of the DHCP client is necessary.

I don't know yet why I cannot reach the instances via their external addresses, but for now, this is enough for my test setup as I can reach the instances via

ip netns exec qdhcp-… ssh cirros@10.0.90.2

The scripts I wrote for this setup are available under https://gist.github.com/blipp/46e5b84e4d0c5c62347f

Actually, what I did looks a lot like what I now found here: http://oddbit.com/rdo-hangout-multinode-packstack-slides/#/29/1 which belongs to this screencast https://www.youtube.com/watch?v=DGf-ny25OAw .