Unable to ping IPs of VMs in provider network
Hello,
I've set up a single node OSA AIO using the stable/newton checkout. I have configured things as I think they should be, but I am unable to ping any of the IP addresses of VMs created in the provider network. Here are some further details:
root@osa-test:~# openstack subnet show provider1-v4
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 172.16.46.50-172.16.46.60 |
| cidr | 172.16.46.0/24 |
| created_at | 2017-03-09T09:49:36Z |
| description | |
| dns_nameservers | 172.16.46.2 |
| enable_dhcp | True |
| gateway_ip | 172.16.46.2 |
| host_routes | |
| id | 86104fd5-a86b-4b65-bae4-f821507824a6 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | provider1-v4 |
| network_id | 865b0a5f-ff55-44f3-bef4-89ae946079eb |
| project_id | 24b30f4391d8432cb0dc4a07f2a4b114 |
| project_id | 24b30f4391d8432cb0dc4a07f2a4b114 |
| revision_number | 3 |
| service_types | [] |
| subnetpool_id | None |
| updated_at | 2017-03-09T10:23:42Z |
+-------------------+--------------------------------------+
root@osa-test:~# openstack network show provider1
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2017-03-09T09:48:25Z |
| description | |
| id | 865b0a5f-ff55-44f3-bef4-89ae946079eb |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| mtu | 1500 |
| name | provider1 |
| port_security_enabled | True |
| project_id | 24b30f4391d8432cb0dc4a07f2a4b114 |
| project_id | 24b30f4391d8432cb0dc4a07f2a4b114 |
| provider:network_type | flat |
| provider:physical_network | flat |
| provider:segmentation_id | None |
| revision_number | 7 |
| router:external | External |
| shared | True |
| status | ACTIVE |
| subnets | 86104fd5-a86b-4b65-bae4-f821507824a6 |
| tags | [] |
| updated_at | 2017-03-09T10:23:42Z |
+---------------------------+--------------------------------------+
The security group looks good:
root@osa-test:~# openstack security group show d3e82391-a709-4473-816a-dd2b5d6d979f
+-----------------+----------------------------------------------------------------------------------+
| Field | Value |
+-----------------+----------------------------------------------------------------------------------+
| created_at | 2017-03-09T08:26:10Z |
| description | Default security group |
| id | d3e82391-a709-4473-816a-dd2b5d6d979f |
| name | default |
| project_id | 24b30f4391d8432cb0dc4a07f2a4b114 |
| project_id | 24b30f4391d8432cb0dc4a07f2a4b114 |
| revision_number | 3 |
| rules | created_at='2017-03-09T08:26:10Z', direction='egress', ethertype='IPv4', |
| | id='14668c04-f281-4f4c-a555-3699f27f286f', |
| | project_id='24b30f4391d8432cb0dc4a07f2a4b114', revision_number='1', |
| | updated_at='2017-03-09T08:26:10Z' |
| | created_at='2017-03-09T08:51:24Z', direction='ingress', ethertype='IPv4', id |
| | ='7065041e-58e6-4d3b-ad2f-e95675f8d733', port_range_max='22', |
| | port_range_min='22', project_id='24b30f4391d8432cb0dc4a07f2a4b114', |
| | protocol='tcp', remote_ip_prefix='0.0.0.0/0', revision_number='1', |
| | updated_at='2017-03-09T08:51:24Z' |
| | created_at='2017-03-09T08:51:10Z', direction='ingress', ethertype='IPv4', id |
| | ='78653ecd-89c4-4c80-a75a-3158d2d0b71e', |
| | project_id='24b30f4391d8432cb0dc4a07f2a4b114', protocol='icmp', |
| | remote_ip_prefix='0.0.0.0/0', revision_number='1', |
| | updated_at='2017-03-09T08:51:10Z' |
| | created_at='2017-03-09T08:26:10Z', direction='egress', ethertype='IPv6', |
| | id='c152c5f1-7777-4048-8858-f4b75f43028a', |
| | project_id='24b30f4391d8432cb0dc4a07f2a4b114', revision_number='1', |
| | updated_at='2017-03-09T08:26:10Z' |
| | created_at='2017-03-09T08:26:10Z', direction='ingress', ethertype='IPv4', |
| | id='d31918c6-4822-4931-8054-5596072734f0', |
| | project_id='24b30f4391d8432cb0dc4a07f2a4b114', |
| | remote_group_id='d3e82391-a709-4473-816a-dd2b5d6d979f', revision_number='1', |
| | updated_at='2017-03-09T08:26:10Z' |
| | created_at='2017-03-09T08:26:10Z', direction='ingress', ethertype='IPv6', |
| | id='f7b4fcb2-227f-44f8-b141-3e0b5a907a9e', |
| | project_id='24b30f4391d8432cb0dc4a07f2a4b114', |
| | remote_group_id='d3e82391-a709-4473-816a-dd2b5d6d979f', revision_number='1', |
| | updated_at='2017-03-09T08:26:10Z' |
| updated_at | 2017-03-09T08:51:24Z |
+-----------------+----------------------------------------------------------------------------------+
Instance details:
root@osa-test:~# openstack server show provider-instance1
+--------------------------------------+----------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | osa-test |
| OS-EXT-SRV-ATTR:hypervisor_hostname | osa-test |
| OS-EXT-SRV-ATTR:instance_name | instance-00000004 |
| OS-EXT-STS:power_state | Running |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2017-03-09T10:13:15.000000 |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | provider1=172.16.46.54 |
| config_drive | |
| created | 2017-03-09T10:13:00Z |
| flavor | m1.tiny (dfac6d15-03d9-40e0-a53a-510569d293b0) |
| hostId | afb48985d625af1e63cf0b06acc12b27bdc511c2a7dcc29f00eb3e67 |
| id | cd2d237c-708c-4215-9917-5fd12d031892 |
| image | cirros (1a72d2a7-1b2f-4bba-8d5a-67cde08f78de) |
| key_name | None |
| name | provider-instance1 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 24b30f4391d8432cb0dc4a07f2a4b114 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | ACTIVE |
| updated | 2017-03-09T10:25:29Z |
| user_id | 07407d46af2e459091301a2c6f0d247e |
+--------------------------------------+----------------------------------------------------------+
It's also worth noting that I have configured VMware to permit promiscuous mode traffic on the interface.
Masquerading is in place on the bridged interface:
root@osa-test:~# iptables -t nat -L -n -v | grep 'MASQ.*eth0'
0 0 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
From the instance itself, I can see that an IP address has been obtained ...