Ask Your Question
0

Cannot Ping Tennant Router

asked 2014-06-22 21:20:46 -0500

loopback127 gravatar image

I have been following along IceHouse installation guide for a multi-node setup. I have reached the point the the tennat gateway router should be pingable from the external netwrok however I can't seem to access it.

Here is some trouble shooting information of the network node (external IPs are obscured but correct):

[root@network ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 78:2b:cb:2f:d3:38 brd ff:ff:ff:ff:ff:ff
    inet XX.XX.XX.229/28 brd xx.xx.xx.239 scope global em1
    inet6 fe80::7a2b:cbff:fe2f:d338/64 scope link 
       valid_lft forever preferred_lft forever
3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 78:2b:cb:2f:d3:39 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.21/24 brd 10.0.0.255 scope global em2
    inet6 fe80::7a2b:cbff:fe2f:d339/64 scope link 
       valid_lft forever preferred_lft forever
4: p1p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:1b:21:97:b8:f0 brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.21/24 brd 10.0.1.255 scope global p1p1
    inet6 fe80::21b:21ff:fe97:b8f0/64 scope link 
       valid_lft forever preferred_lft forever
5: p1p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:1b:21:97:b8:f1 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::21b:21ff:fe97:b8f1/64 scope link 
       valid_lft forever preferred_lft forever
...
8: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether de:ee:38:9d:33:4c brd ff:ff:ff:ff:ff:ff
9: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 00:1b:21:97:b8:f1 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::90a3:17ff:fe88:57e7/64 scope link 
       valid_lft forever preferred_lft forever
10: br-int: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether ee:78:7a:18:45:46 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4047:dff:feff:9209/64 scope link 
       valid_lft forever preferred_lft forever

Relavant neutron information:

[root@network ~]# neutron router-list
+--------------------------------------+-------------+-----------------------------------------------------------------------------+
| id                                   | name        | external_gateway_info                                                       |
+--------------------------------------+-------------+-----------------------------------------------------------------------------+
| 3bc22a6a-c490-467a-aa02-8b0e96f17f0e | demo-router | {"network_id": "433f9499-a8d9-4fcc-98f3-eba7edae9fce", "enable_snat": true} |
+--------------------------------------+-------------+-----------------------------------------------------------------------------+
[root@network ~]# neutron net-list
+--------------------------------------+----------+------------------------------------------------------+
| id                                   | name     | subnets                                              |
+--------------------------------------+----------+------------------------------------------------------+
| 433f9499-a8d9-4fcc-98f3-eba7edae9fce | ext-net  | c342f5a0-bc7d-45c0-8a95-ca9b766402bd xx.xx.xx.224/28 |
| a4e86d9a-6291-44c2-8847-10e473d53c87 | demo-net | 037946c3-e60b-4b97-ab12-78aee959f3d6 192.168.1.0/24  |
+--------------------------------------+----------+------------------------------------------------------+
[root@network ~]# neutron subnet-list
+--------------------------------------+-------------+-----------------+--------------------------------------------------+
| id                                   | name        | cidr            | allocation_pools                                 |
+--------------------------------------+-------------+-----------------+--------------------------------------------------+
| 037946c3-e60b-4b97-ab12-78aee959f3d6 | demo-subnet | 192.168.1.0/24  | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| c342f5a0-bc7d-45c0-8a95-ca9b766402bd | ext-subnet  | xx.xx.xx.224/28 | {"start": "xx.xx.xx.232", "end": "xx.xx.xx.238"} |
+--------------------------------------+-------------+-----------------+--------------------------------------------------+
[root@network ~]# neutron port-list 
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| id ...
(more)
edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2014-06-22 23:00:41 -0500

loopback127 gravatar image

The problem has been identified and resolved as a result of a stupid problem:

Iptables was blocking qpidd....

sigh..

The above configuration works now.

Thank you very much for identifying the security issues however.

edit flag offensive delete link more
0

answered 2014-06-22 21:31:15 -0500

dbaxps gravatar image

updated 2014-06-22 21:59:09 -0500

        1. neutron-server:                         inactive  (disabled on boot)
        2. [root@network ~]# nova secgroup-list-rules default
        +-------------+-----------+---------+----------+--------------+
        | IP Protocol | From Port | To Port | IP Range | Source Group |
        +-------------+-----------+---------+----------+--------------+
        |             |           |         |          | default      |
        |             |           |         |          | default      |
        +-------------+-----------+---------+----------+--------------+
        This are  a serious mistakes
        Your Neutron Server is not alive, security rools not implemented

    Security rules enabled looks like
    [root@icehouse1 ~(keystone_admin)]# nova secgroup-list-rules default
    +-------------+-----------+---------+-----------+--------------+
    | IP Protocol | From Port | To Port | IP Range  | Source Group |
    +-------------+-----------+---------+-----------+--------------+
    | icmp        | -1        | -1      | 0.0.0.0/0 |              |
    |             |           |         |           | default      |
    | tcp         | 22        | 22      | 0.0.0.0/0 |              |
    |             |           |         |           | default      |
    +-------------+-----------+---------+-----------+--------------+

     Neutron services:-
 == neutron services ==
neutron-server:                         active
neutron-dhcp-agent:                     active
neutron-l3-agent:                       active
neutron-metadata-agent:                 active
neutron-openvswitch-agent:              active
edit flag offensive delete link more

Comments

Security rules enabled looks like this
[root@icehouse1 ~(keystone_admin)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
| | | | | default |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| | | | | default |
+-------------+-----------+---------+-----------+--------------+

dbaxps gravatar imagedbaxps ( 2014-06-22 21:34:11 -0500 )edit

neutron-server is running on the controller node:

[root@controller ~]# openstack-status 
== Nova services ==
openstack-nova-api:                     active
openstack-nova-cert:                    active
openstack-nova-compute:                 dead      (disabled on boot)
openstack-nova-network:                 dead      (disabled on boot)
openstack-nova-scheduler:               active
openstack-nova-conductor:               active
== Glance services ==
openstack-glance-api:                   active
openstack-glance-registry:              active
== Keystone service ==
openstack-keystone:                     active
== neutron services ==
neutron-server:                         active
neutron-dhcp-agent:                     inactive  (disabled on boot)
neutron-l3-agent:                       inactive  (disabled on boot)
neutron-metadata-agent:                 inactive  (disabled on boot)
neutron-lbaas-agent:                    inactive  (disabled on boot)
== Support services ==
mysqld:                                 active
messagebus:                             dead      (disabled on boot)
qpidd:                                  active

And I have implemented the correct security rules:

[root@network ~]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
+-------------+-----------+---------+-----------+--------------+
loopback127 gravatar imageloopback127 ( 2014-06-22 21:41:39 -0500 )edit

Mistakes again :-
neutron-dhcp-agent: inactive (disabled on boot)
neutron-l3-agent: inactive (disabled on boot)
neutron-metadata-agent: inactive (disabled on boot)

dbaxps gravatar imagedbaxps ( 2014-06-22 21:44:51 -0500 )edit

Active on the network node (as per the guide):

[root@network ~]# openstack-status 
== neutron services ==
neutron-server:                         inactive  (disabled on boot)
neutron-dhcp-agent:                     active
neutron-l3-agent:                       active
neutron-metadata-agent:                 active
neutron-lbaas-agent:                    inactive  (disabled on boot)
neutron-openvswitch-agent:              active
== Support services ==
openvswitch:                            active
messagebus:                             active
loopback127 gravatar imageloopback127 ( 2014-06-22 21:49:15 -0500 )edit

I've updated answer. Run also neutron agent-list

dbaxps gravatar imagedbaxps ( 2014-06-22 22:00:36 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-06-22 21:20:46 -0500

Seen: 323 times

Last updated: Jun 22 '14