Ask Your Question
0

Cannot ssh or ping instance floating ip's in openstack

asked 2017-11-30 13:18:08 -0500

jcorkey gravatar image

updated 2017-11-30 13:28:53 -0500

I did a multinode deployment of openstack with kolla on a one control node and one compute node.

I can allocate a floating ip to an instance but I can not ssh or ping the floating ip assigned to the instance.

Here is my multinode file

# These initial groups are the only groups required to be modified. The
# additional groups are for more control of the environment.
[control]
# These hostname must be resolvable from your deployment host
openstackcontroller

# The network nodes are where your l3-agent and loadbalancers will run
# This can be the same as a host in the control group
[network]
openstackcontroller

[compute]
openstackcompute

[monitoring]
openstackcontroller

[storage]
openstackcontroller

[deployment]
localhost       ansible_connection=local api_interface=enp5s0

I have add the following security groups as well:

Egress  IPv6    Any Any ::/0    -   
Egress  IPv4    Any Any 0.0.0.0/0   -   
Egress  IPv4    ICMP    Any 0.0.0.0/0   -   
Ingress IPv4    ICMP    Any 0.0.0.0/0   -   
Egress  IPv4    TCP 1 - 65535   0.0.0.0/0   -   
Ingress IPv4    TCP 22 (SSH)    0.0.0.0/0   -   
Ingress IPv4    TCP 53 (DNS)    -   SecurityGLV 
Ingress IPv4    TCP 80 (HTTP)   -   SecurityGLV 
Ingress IPv4    TCP 443 (HTTPS) 0.0.0.0/0   -   
Ingress IPv4    UDP 1 - 65535   0.0.0.0/0   -   
Egress  IPv4    UDP 1 - 65535   0.0.0.0/0   -

Below is my network topology:

image description

All nodes can ping each other but I cannot ping my vm's floating ip. I went into the console of the vm through the horizon dashboard and tried to ping the public network and the gateway but had no success. The only thing I can successfully ping from the vm instance is the router I created in openstack.

below is some info about my interfaces: output of running command nmcli d on Control Node:

docker0         bridge       connected     docker0
em1             ethernet     connected     em1
em2             ethernet     connected     em2
vxlan_sys_4789  vxlan        disconnected  --

output of running command nmcli d on Compute Node:

docker0         bridge       connected     docker0
qbr774fbc23-58  bridge       connected     qbr774fbc23-58
em1             ethernet     connected     em1
em2             ethernet     connected     em2
tap774fbc23-58  tun          connected     tap774fbc23-58
vxlan_sys_4789  vxlan        disconnected  --

in my globals.yml I set em1 as my network_interface and I set em2 as my neutron_external_interface

em2 is not being used correctly. I don't think its configured correctly. and by that I mean that it has its own ip address and the documentations says it should not have an ip address. Could NOT making using of em2 (the neutron_external_interface) prevent me from being able to ssh into vm's??

edit retag flag offensive close merge delete
add a comment

3 answers

Sort by » oldest newest most voted
1

answered 2017-12-13 11:00:41 -0500

jcorkey gravatar image

All I had to do to fix this was to go into horizon and create the Public network as a Flat provider network type by going to the Admin>Network>networks on the left hand panel and create the public network from there NOT from the Project>Network>networks panel.

Here's the steps I followed:

   Under Admin>Network in the left hand panel select “Networks”
   Select the "+Create Network"
   Provide Network name for public network under "Network Name"
   Select a project from the dropdown list “Project_NAME”
   Select a provider network type. This is IMPORTANT. Select “Flat” for the type and enter “physnet1” for the physical network. [https://ask.openstack.org/en/question/51388/whats-the-difference-between-flat-gre-and-vlan-neutron-network-types/](http://)
   Check "Enable Admin State"
   Check “External Network”
   Check “Create Subnet”
   Enable the Create Subnet checkbox if not already done.
   Select "Next"
   Provide "Subnet Name"
   Provide "Public Network Address"
   Provide its "Gateway IP"
   Leave the rest default and select "Next"
   Under "Subnet Details"> Allocation Pools, provide a range of subnets that will be used for floatingIPs and Select "Create"
edit flag offensive delete link more
add a comment
1

answered 2017-12-04 04:11:13 -0500

TijoV gravatar image

Under security group on default security group add ALL ICMP rule.

Rule ALL ICMP Direction INGRESS Remote
CIDR CIDR

edit flag offensive delete link more

Comments

I already have that rule as you can see in my post above

jcorkey gravatar imagejcorkey ( 2017-12-04 08:42:13 -0500 )edit

and I still cannot ping router or vms on the private opentsack network I created

jcorkey gravatar imagejcorkey ( 2017-12-04 15:35:14 -0500 )edit

Ok, can you confirm if you have added rules after the VM is created or prior creating VM. Since you have the rules in place, try disassociate and reassociate F IP, can you try create another instance and see if you can ping the floating IP's. I have Ocata setup where i am able to ping all my F IP's.

TijoV gravatar imageTijoV ( 2017-12-06 01:50:53 -0500 )edit

please check if you able to ping F IP's from neutron Gateway

TijoV gravatar imageTijoV ( 2017-12-06 02:00:46 -0500 )edit
add a comment
0

answered 2018-01-31 21:09:18 -0500

roadrunner gravatar image

I spent days on this but I finally got it working by re-creating my public network using this script

neutron net-create external --router:external=true --provider:network_type=flat --provider:physical_network=extnet

The most important piece was physical_network, it should always be extnet, b'cos neutron maps network bridge to extnet

Hope that helps

edit flag offensive delete link more

Comments

how about your private network, it is vxlan or flat?

I have allinone openstack centos vm, public network flat with extnet, private network with vxlan, added public gateway in br-ex, sometimes can ping floating but sometimes not, no clue what is reason.

robertluwang gravatar imagerobertluwang ( 2018-02-14 13:54:05 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-11-30 13:18:08 -0500

Seen: 1,236 times

Last updated: Dec 13 '17

Related questions

how to run "ovs-vsctl show" when openstack services are in docker containers??

can not ping router or vms on private network that I created in openstack

How do I configure the neutron_external_interface on my nodes?

Yet another "Can't ping my VM instance!" Now with Openstack Kolla over AWS

Adding compute node to an existing openstack environment

kolla-ansible sriov

kolla ansible pike installation fluentd container in restarting mode

Kolla Ansible User Privileges Best Practice

Tacker openwrt driver not working in kolla pike

Failed to launch instance libvirtError Unable to open logfile Permission denied