Ask Your Question
2

kolla aio external network with single NIC

asked 2016-12-29 19:10:26 -0500

HallFonce gravatar image

updated 2017-01-21 09:15:35 -0500

As in title, I want to setup an all-in-one Kolla Openstack platform on my CentOS testing machine which only holds a single physical network interface. Here is my goal:

image description

This doc seemed all dedicated to achieving this task, so I did try to follow it, and at some point I ended up there:

The “neutron_external_interface” variable is the interface that will be used for the external bridge in Neutron. Without this bridge the deployment instance traffic will be unable to access the rest of the Internet. In the case of a single interface on a machine, a veth pair may be used where one end of the veth pair is listed here and the other end is in a bridge on the system.

Unfortunately, my machine does not have 2 physical interfaces as recommended, so I had to setup these 2 veth pair. I found the some references to help (1 2), then I've managed to setup this persistent veth pair following these steps:

  • Copy ifup-veth and ifdown-veth to your /etc/sysconfig/network-scripts directory
  • Setup the ifcfg-br0 and ifcfg-enp0s31f6 files to setup the bridge
  • Edit the ifcfg-veth0 file to setup the veth pair

Then my /etc/kolla/globals.yml only includes the below changes:

-kolla_internal_vip_address: "10.10.10.254"
+kolla_internal_vip_address: "192.168.1.5"
...
-network_interface: "eth0"
+network_interface: "br0"
...
-neutron_external_interface: "eth1"
+neutron_external_interface: "veth1"
...
+enable_haproxy: "no"

I've also tried playing with neutron_plugin_agent (either openvswitch or linuxbridge) parameter.

Slight modification in script /usr/share/kolla/init-runonce

-neutron subnet-create --name 1-subnet --disable-dhcp --allocation-pool start=10.0.2.150,end=10.0.2.199 public1 10.0.2.0/24 --gateway 10.0.2.1
+neutron subnet-create --name 1-subnet  --allocation-pool start=192.168.1.151,end=192.168.1.200 public1 192.168.1.0/24 --gateway 192.168.1.1 --dns-nameserver 192.168.1.1 --dns-nameserver 8.8.8.8

Then I run the whole kolla-ansible chain:

kolla-ansible prechecks && kolla-ansible pull && kolla-ansible deploy && kolla-ansible post-deploy

It all runs well, which only leaves me the init to run:

. /etc/kolla/admin-openrc.sh
/usr/share/kolla/init-runonce

This is where I'm stuck as I'm unable to reach any of the instances I launch either from my physical host or my 192.168.1.0 LAN. Any idea about what I'm missing?

edit retag flag offensive close merge delete

Comments

I have the same issue. Did you manage to make it work ?

kyomster gravatar imagekyomster ( 2017-08-05 17:14:56 -0500 )edit

Same here. Did you fix it? How?

sacha-m gravatar imagesacha-m ( 2018-01-28 15:33:20 -0500 )edit
add a comment

2 answers

Sort by » oldest newest most voted
0

answered 2020-07-22 02:38:41 -0500

Mike Chen gravatar image

In the end you have to set the security group policy, that acts like a per-instance firewall. The default policy allows only traffics between instances within the same security group, so in your case, you should be able to ping / ssh from one instance to another, but can't from any other hosts, although they are on the same subnet. Add ingress rules that allow SSH / ICMP traffic from the subnet should solve the problem. Just think it over before deploying with such settings for production use.

edit flag offensive delete link more
add a comment
0

answered 2019-03-21 04:49:12 -0500

shrum gravatar image

Try RDO packstack, it can be install without any configuration with one interface, but you need to add rules in security group after installation.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

4 followers

subscribe to rss feed

Stats

Asked: 2016-12-29 18:56:17 -0500

Seen: 1,971 times

Last updated: Jan 21 '17

Related questions

Setting up a static network

how to conf the quantum of f3

What network configuration is required for a provider network?

SSH to instance in Physical Network fails "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)"

Cannot reach floating IP from outside network

Openstack network error - RTNETLINK answers: File exists

How to deploy bare metal OpenStack in 2018 - MAAS, Kolla + Ironic, Fuel or The Foreman?

Neutron-ovs-cleanup delete interfaces

neutron public subnet wrong IP

Create a Network Toplogy via Dashboard