Ask Your Question

kolla aio external network with single NIC

asked 2016-12-29 19:10:26 -0500

HallFonce gravatar image

updated 2017-01-21 09:15:35 -0500

As in title, I want to setup an all-in-one Kolla Openstack platform on my CentOS testing machine which only holds a single physical network interface. Here is my goal:

image description

This doc seemed all dedicated to achieving this task, so I did try to follow it, and at some point I ended up there:

The “neutron_external_interface” variable is the interface that will be used for the external bridge in Neutron. Without this bridge the deployment instance traffic will be unable to access the rest of the Internet. In the case of a single interface on a machine, a veth pair may be used where one end of the veth pair is listed here and the other end is in a bridge on the system.

Unfortunately, my machine does not have 2 physical interfaces as recommended, so I had to setup these 2 veth pair. I found the some references to help (1 2), then I've managed to setup this persistent veth pair following these steps:

  • Copy ifup-veth and ifdown-veth to your /etc/sysconfig/network-scripts directory
  • Setup the ifcfg-br0 and ifcfg-enp0s31f6 files to setup the bridge
  • Edit the ifcfg-veth0 file to setup the veth pair

Then my /etc/kolla/globals.yml only includes the below changes:

-kolla_internal_vip_address: ""
+kolla_internal_vip_address: ""
-network_interface: "eth0"
+network_interface: "br0"
-neutron_external_interface: "eth1"
+neutron_external_interface: "veth1"
+enable_haproxy: "no"

I've also tried playing with neutron_plugin_agent (either openvswitch or linuxbridge) parameter.

Slight modification in script /usr/share/kolla/init-runonce

-neutron subnet-create --name 1-subnet --disable-dhcp --allocation-pool start=,end= public1 --gateway
+neutron subnet-create --name 1-subnet  --allocation-pool start=,end= public1 --gateway --dns-nameserver --dns-nameserver

Then I run the whole kolla-ansible chain:

kolla-ansible prechecks && kolla-ansible pull && kolla-ansible deploy && kolla-ansible post-deploy

It all runs well, which only leaves me the init to run:

. /etc/kolla/

This is where I'm stuck as I'm unable to reach any of the instances I launch either from my physical host or my LAN. Any idea about what I'm missing?

edit retag flag offensive close merge delete


I have the same issue. Did you manage to make it work ?

kyomster gravatar imagekyomster ( 2017-08-05 17:14:56 -0500 )edit

Same here. Did you fix it? How?

sacha-m gravatar imagesacha-m ( 2018-01-28 15:33:20 -0500 )edit

2 answers

Sort by » oldest newest most voted

answered 2020-07-22 02:38:41 -0500

Mike Chen gravatar image

In the end you have to set the security group policy, that acts like a per-instance firewall. The default policy allows only traffics between instances within the same security group, so in your case, you should be able to ping / ssh from one instance to another, but can't from any other hosts, although they are on the same subnet. Add ingress rules that allow SSH / ICMP traffic from the subnet should solve the problem. Just think it over before deploying with such settings for production use.

edit flag offensive delete link more

answered 2019-03-21 04:49:12 -0500

shrum gravatar image

Try RDO packstack, it can be install without any configuration with one interface, but you need to add rules in security group after installation.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2016-12-29 18:56:17 -0500

Seen: 1,971 times

Last updated: Jan 21 '17