Ask Your Question
-1

Instance incoming connection doesn't work

asked 2014-07-22 12:14:49 -0600

apanagiotou gravatar image

updated 2014-07-23 01:39:17 -0600

I've installed openstack with multi-host nova-network. Everything is fine exept this: I can't access(ping/ssh) instance from anywhere except it's compute host,not even from the other compute nodes or the controller. From the instance I can connect anywhere I want. I added the security rules for ssh and ping but nothing happend. I'm searching for two weeks now but I haven't found a solution for my problem. What do you suggest?

edit retag flag offensive close merge delete

Comments

Did you source before credentials of corresponding tenant ?

dbaxps gravatar imagedbaxps ( 2014-07-22 12:26:00 -0600 )edit

what do you mean? If I source the credenetials before I create the rules? yes I did.

apanagiotou gravatar imageapanagiotou ( 2014-07-22 12:35:35 -0600 )edit

Then run $ nova secgroup-list-rules default

dbaxps gravatar imagedbaxps ( 2014-07-22 12:40:49 -0600 )edit

It is like yours except the default values at source group.

apanagiotou gravatar imageapanagiotou ( 2014-07-22 12:45:22 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-07-22 13:21:48 -0600

dbaxps gravatar image

updated 2014-07-25 04:40:19 -0600

Try run as tenant :-

$ neutron security-group-rule-create --protocol icmp \
  --direction ingress --remote-ip-prefix 0.0.0.0/0 default

$ neutron security-group-rule-create --protocol tcp \
  --port-range-min 22 --port-range-max 22 \
  --direction ingress --remote-ip-prefix 0.0.0.0/0 default

Working sample for nova :-

[root@icehouse1 ~(keystone_demo)]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
[root@icehouse1 ~(keystone_demo)]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
[root@icehouse1 ~(keystone_demo)]# nova  secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
+-------------+-----------+---------+-----------+--------------+
[root@icehouse1 ~(keystone_demo)]# nova secgroup-list
+--------------------------------------+---------+-------------+
| Id                                   | Name    | Description |
+--------------------------------------+---------+-------------+
| 188ea87e-73ef-4ae2-a40b-7258f7ddc650 | default | default     |
+--------------------------------------+---------+-------------+

I believe that security group rules are about floating IPs. 
Update your fixed range 10.0.0.0/24 ( for instance )
View http://openstack.redhat.com/Floating_IP_range   (192.168.1.0/24) 
public_interface=eth0
edit flag offensive delete link more

Comments

Please run: $ nova secgroup-list

dbaxps gravatar imagedbaxps ( 2014-07-22 14:01:25 -0600 )edit

this is the output

  • +----+---------+-------------+
  • | Id | Name | Description |
  • +----+---------+-------------+
  • | 1 | default | default |
  • +----+---------+-------------+
apanagiotou gravatar imageapanagiotou ( 2014-07-22 14:06:00 -0600 )edit

I've setup secgroups as you said..but it still don't work. Maybe the problem is not secgroups. Whjat do you think?

apanagiotou gravatar imageapanagiotou ( 2014-07-22 14:44:35 -0600 )edit

Launch CirrOS VM, login as cirros ( cubswin:))
$ ifconfig
$ curl http://169.254.169.254
$ curl http://msn.com

dbaxps gravatar imagedbaxps ( 2014-07-22 14:58:02 -0600 )edit

Please read the http://ask.openstack.org/faq , edit your question to make it readable, don't entertain in conversations on the comments because that makes your question more complex to read.

smaffulli gravatar imagesmaffulli ( 2014-07-22 16:14:01 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2014-07-22 12:14:49 -0600

Seen: 407 times

Last updated: Jul 25 '14