can not ping router or vms on private network that I created in openstack

asked 2017-12-04 15:47:07 -0600

jcorkey gravatar image

updated 2017-12-05 10:54:16 -0600

I did a multinode deployment of openstack with kolla on a one control node and one compute node. Because I used kolla to deploy, all openstack services are running in docker containers which is confusing me about how exactly I should trouble shoot this problem.

I can allocate a floating ip to an instance but I can not ssh or ping the floating ip assigned to the instance.

I have add the following security groups as well:

Egress  IPv6    Any Any ::/0    -   
Egress  IPv4    Any Any 0.0.0.0/0   -   
Egress  IPv4    ICMP    Any 0.0.0.0/0   -   
Ingress IPv4    ICMP    Any 0.0.0.0/0   -   
Egress  IPv4    TCP 1 - 65535   0.0.0.0/0   -   
Ingress IPv4    TCP 22 (SSH)    0.0.0.0/0   -   
Ingress IPv4    TCP 53 (DNS)    -   SecurityGLV 
Ingress IPv4    TCP 80 (HTTP)   -   SecurityGLV 
Ingress IPv4    TCP 443 (HTTPS) 0.0.0.0/0   -   
Ingress IPv4    UDP 1 - 65535   0.0.0.0/0   -   
Egress  IPv4    UDP 1 - 65535   0.0.0.0/0   -

both compute node and control node can ping each other but I cannot ping my vm's floating ip. I went into the console of the vm through the horizon dashboard and tried to ping the public network and the gateway but had no success. The only thing I can successfully ping from the vm instance is the router I created in openstack and other openstack vm's.

Here is info on the control node where all networking services are running:

[root@openstackcontroller ~]# ip netns

qrouter-4f3ba475-9bb3-4486-a947-19fa16ed76bd
qdhcp-1ddec8f5-0c9f-4318-bd05-07a6fb4a523d
qdhcp-7025e955-1656-4510-97ae-bc99403e5a32

in my globals.yml I set em1 as my network_interface and I set em2 as my neutron_external_interface

[root@openstackcontroller ~]# nmcli d

DEVICE          TYPE         STATE         CONNECTION
docker0         bridge       connected     docker0
em1             ethernet     connected     em1
vxlan_sys_4789  vxlan        disconnected  --
em3             ethernet     unavailable   --
em4             ethernet     unavailable   --
p5p1            ethernet     unavailable   --
p5p2            ethernet     unavailable   --
p5p3            ethernet     unavailable   --
p5p4            ethernet     unavailable   --
em2             ethernet     unmanaged     --
lo              loopback     unmanaged     --
br-ex           openvswitch  unmanaged     --
br-int          openvswitch  unmanaged     --
br-tun          openvswitch  unmanaged     --
ovs-system      openvswitch  unmanaged     --

here is the em2 configuration on control node and compute node that I think br-ex uses?

TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
NAME=em2
UUID=d1c9d522-aa05-4c2e-9ee7-3369eee04bc6
DEVICE=em2
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none

ovs-vsctl show on Control node

[root@openstackcontroller neutron]# docker exec -ti openvswitch_vswitchd ovs-vsctl show
59269da8-6cdc-4fbf-a8f9-e1f5448f8452
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-ex
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "em2"
            Interface "em2"
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-ac1c0906"
            Interface "vxlan-ac1c0906"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="172.28.9.5", out_key=flow, remote_ip="172.28.9.6"}
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch ...
(more)
edit retag flag offensive close merge delete