cannot visit vm from external network

asked 2019-07-03 11:06:59 -0500

zxslm gravatar image

updated 2019-07-05 09:10:26 -0500

Hi, I am running openstack( 3.18.0) on a vm(CentOS7.6.1810) with RDO. all settings are default.

my vm(10.10.122.87) sits on 10.10.122.0/24 and the VLAN ID is 122. the NIC name in my vm is ens16780032.

I use below command to create the network, subnet and then bump a openstack vm

openstack network create --no-share --external --provider-physical-network eno16780032 --provider-network-type vlan --provider-segment 122 external

openstack subnet create --subnet-range 10.10.122.0/24 --gateway 10.10.122.1 \ --network external --allocation-pool start=10.10.122.90,end=10.10.122.99 \ --dns-nameserver 8.8.8.8 external_subnet

openstack server create --flavor 1 --image db044776-b398-46f4-8f42-dc862154b80c \ --nic net-id=5c955f6f-0d91-4b3e-a2cb-bf0adf7803be vm1

and then I add ingress rules for ICMP and SSH from 0.0.0.0/0

The vm1 got a IP address 10.10.122.97. I am not able to ping 10.10.122.97 from my vm(10.10.122.87).

can anybody tell me why I am not ping the openstack vm(10.10.122.97) from my vm(10.10.122.87) which openstack installed?

update the main configs as below

===========================================

/etc/neutron/plugins/ml2/openvswitch_agent.ini

[DEFAULT]
debug = True
[ovs]
bridge_mappings=extnet:br-ex
integration_bridge=br-int
tunnel_bridge=br-tun
local_ip=10.10.122.87
[agent]
l2_population=False
drop_flows_on_start=False
tunnel_types=vxlan
vxlan_udp_port=4789
[securitygroup]
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

===========================================

/etc/neutron/plugins/ml2/ml2_conf.ini

[DEFAULT]
[ml2]
type_drivers=vlan,vxlan,flat
tenant_network_types=vxlan
mechanism_drivers=openvswitch
path_mtu=0
extension_drivers=port_security,qos
[securitygroup]
enable_security_group=True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ml2_type_vlan]
network_vlan_ranges=eno16780032:100:200
[ml2_type_vxlan]
vxlan_group=224.0.0.1
vni_ranges=10:100
[ml2_type_flat]
flat_networks=*

===========================================

/etc/neutron/neutron.conf

[DEFAULT]
debug=True
log_dir=/var/log/neutron
transport_url=rabbit://guest:guest@10.10.122.87:5672/
control_exchange=neutron
bind_host=0.0.0.0
auth_strategy=keystone
core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
allow_overlapping_ips=True
service_plugins=qos,trunk,router,metering
l3_ha=False
max_l3_agents_per_router=3
api_workers=4
rpc_workers=4
router_scheduler_driver=neutron.scheduler.l3_agent_scheduler.ChanceScheduler
notify_nova_on_port_status_changes=True
notify_nova_on_port_data_changes=True
[cors]
[database]
connection=mysql+pymysql://neutron:lifei123@10.10.122.87/neutron
[keystone_authtoken]
www_authenticate_uri=http://10.10.122.87:5000/
auth_uri=http://10.10.122.87:5000/
auth_type=password
auth_url=http://10.10.122.87:5000
username=neutron
password=lifei123
user_domain_name=Default
project_name=services
project_domain_name=Default
[oslo_concurrency]
lock_path=$state_path/lock
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
ssl=False
[oslo_middleware]
[oslo_policy]
policy_file=/etc/neutron/policy.json
[privsep]
[ssl]
[agent]
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
[service_providers]
[nova]
auth_url=http://10.10.122.87:5000
username=nova
password=lifei123
project_domain_id=default
project_domain_name=Default
project_name=services
user_domain_id=default
user_domain_name=Default
region_name=RegionOne
auth_type=password
tenant_name=services

===========================================

/etc/nova/nova.conf

[DEFAULT]
instance_usage_audit_period=hour
rootwrap_config=/etc/nova/rootwrap.conf
compute_driver=libvirt.LibvirtDriver
allow_resize_to_same_host=True
vif_plugging_is_fatal=True
vif_plugging_timeout=300
force_raw_images=True
reserved_host_memory_mb=512
cpu_allocation_ratio=16.0
ram_allocation_ratio=1.5
instance_usage_audit=True
heal_instance_info_cache_interval=60
force_snat_range=0.0.0.0/0
metadata_host=10.10.122.87
ssl_only=False
state_path=/var/lib/nova
report_interval=10
service_down_time=60
enabled_apis=osapi_compute,metadata
osapi_compute_listen=0.0 ...
(more)
edit retag flag offensive close merge delete

Comments

Let me check if I understand you. You installed OpenStack on a VM with IP address 10.10.122.87. This VM is connected to an untagged VLAN with ID 122. You create a provider network named external and launch an instance, VM1, attached to external.

Bernd Bausch gravatar imageBernd Bausch ( 2019-07-04 03:51:13 -0500 )edit

Unfortunately, vlan-type external networks expect to see tagged packets. If I am right, yours are untagged, and you have to create a flat external network instead of a vlan one. See https://developer.rackspace.com/blog/... (old but relevant).

Bernd Bausch gravatar imageBernd Bausch ( 2019-07-04 03:55:32 -0500 )edit

By the way, "RDO" is ambiguous. Do you mean Packstack, or TripleO, or a manual setup using Centos packages? What do you mean by "all settings are default" - what were the precise steps to create your cloud?

3.18.0 is the version of the openstack client. Your cloud must be version Stein.

Bernd Bausch gravatar imageBernd Bausch ( 2019-07-04 03:58:18 -0500 )edit

@Bernd, How can I check whether my VM (10.10.122.87) is connected to an untagged VLAN(ID 122). Let me try to set up a flat external to see if my OpenStack vm can talk to other VM site in VLAN 122. RDO is a community of people using and deploying OpenStack on CentOS, Fedora, and RHEL.

zxslm gravatar imagezxslm ( 2019-07-05 08:42:24 -0500 )edit

@Bernd, Yes, my OpenStack version is Stein.

zxslm gravatar imagezxslm ( 2019-07-05 08:42:52 -0500 )edit