Ask Your Question
0

Cannot ping router tenant gateway by OS Nodes and www by Instance

asked 2014-08-07 07:16:12 -0500

n7rxDE gravatar image

updated 2014-08-27 02:25:51 -0500

hello, setup-> OS Icehouse Networking Issue 3Nodesetup as VM with Neutron ML2 GRE

UPDATE6

curl command does work now! Still cannot ping router tenannt gateway by any cloud node!

UPDATE5 exec namespace qrouter

   root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-fa3fc507-5c ! -o qg-fa3fc507-5c -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 192.168.1.0/24 -j SNAT --to-source 203.0.113.101
-A neutron-postrouting-bottom -j neutron-l3-agent-snat
root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables -S -t nat | grep 169.254 
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables netstat -antp
Bad argument `netstat'
Try `iptables -h' or 'iptables --help' for more information.
root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables -netstat -antp
iptables v1.4.21: unknown option "iptables"

by starting the instance i saw in log

checking http://169.254.169.254/2009-04-04/instance-id
failed 1/20: up 4.87. request failed
...
failed 20/20: up 46.93. request failed

UPDATE1+2: Changed some configs and uncomment rabbit_pass in each... So at now i can start an instance but nevertheless i am not able to ping tenant gateway with ping -c 4 203.0.113.101 or the vm itself it just works with defined namespace and netns command...

What do you think, maybe it is a problem of Virtualbox because of i cannot not even ping some internetaddress by the 3 OS Nodes... and anywhere i read that this is an issue of virtualbox. Do you think that can be a reason why i cannot ping my tenant gateway with normal ping command?

New Problem arrives... the startet instance is not be able to ping internetadresses!!!

What works is to telnet http://google.com at port 80 by the 3 OS Nodes. But telnet by instance doesn´t work too with error message: bad adresss....

i addressed some more: tried to get some information on qdhcp point with:

ip netns exec qdhcp-200c9ced-eb47-4f94-99f3-73e3a555d4f9 tcpdump -ln -i tap87176921-56

so there are no packets captured at this point!?

NO_ONE with ideas?

Update 3 (curl command by instance)

cannot upload the image because of carma:

$ uname -a
Linux cirros 3.2.0-60-.... #91-Ubuntu ...
$ curl http://169.254.169.254   (For what is this command?)
1.0
2007-01-19
2007-03-01
2007-08-29
2007-10-10
2007-12-15
2008-02-01
2008-09-01
2009-04-04
$ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
...
3packets transmitted 0 packets received

Rules for security group are set:

root@controller:~# neutron security-group-list
+--------------------------------------+---------+-------------+
| id                                   | name    | description |
+--------------------------------------+---------+-------------+
| 38e7edaa-87cd-4c28-a4cf-c1f32d4bf11a | default | default     |
| 7e5d3f0b-84ce-448c-8b76-69ceab021e21 | default | default     |
+--------------------------------------+---------+-------------+
root@controller ...
(more)
edit retag flag offensive close merge delete

Comments

Check your compute node is running properly and you see availability zone while launching VM. Also add icmp & tcp rules in security group.

SGPJ gravatar imageSGPJ ( 2014-08-11 08:24:52 -0500 )edit

added some information about the rules and what do you mean by availability zone?!

n7rxDE gravatar imagen7rxDE ( 2014-08-13 03:16:37 -0500 )edit

Availability zone

This enables you to arrange OpenStack compute hosts into logical groups and provides a form of physical isolation and redundancy from other availability zones, such as by using a separate power supply or network equipment.

You define the availability zone in which a specified compute host resides locally on each server. An availability zone is commonly used to identify a set of servers that have a common attribute. For instance, if some of the racks in your data center are on a separate power source, you can put servers in those racks in their own availability zone. Availability zones can also help separate different classes of hardware.

When users provision resources, they can specify from which availability zone they want their instance to be built. This allows cloud consumers to ensure that their application resources are spread across disparate machines to achieve high availability in the event of hardware failure.

SGPJ gravatar imageSGPJ ( 2014-08-13 03:23:01 -0500 )edit

"curl http://169.254.169.254 (For what is this command?)" This is to see whether your VM can access metadata server. It will normally do it on boot to obtain different configuraiton (e.g. ssh keys, host name, etc) from that server.

T u l gravatar imageT u l ( 2014-08-14 14:08:18 -0500 )edit

how did you fix the curl command. I have the same problem with you.

leethaoqn gravatar imageleethaoqn ( 2014-08-27 03:45:08 -0500 )edit

2 answers

Sort by » oldest newest most voted
0

answered 2014-08-08 10:25:26 -0500

dbaxps gravatar image

updated 2014-08-14 12:18:05 -0500

After login to CirrOS instance try to run :-
$ curl http://169.254.169.254/latest/meta-data
$ ping 8.8.8.8
Does CirrOS instance complaining 169.254.169.254 when starting up ?

image description

Failure  to run   
$ curl http://169.254.169.254/latest/meta-data/instance-id 
$ curl http://169.254.169.254/latest/meta-data/ 
is a core reason of your problems. You don't have access to nova metadata server, 
what causes cloud-init to fail setting up your CirrOS instance.
View troubleshooting steps here  http://bderzhavets.blogspot.com/2014/07/rdo-setup-two-real-node.html
edit flag offensive delete link more

Comments

curl not avaible at CirrOS instance... and because of no net i can´t install it. Ping 8.8.8.8 sends packets but doesnt get any response!

n7rxDE gravatar imagen7rxDE ( 2014-08-11 02:34:40 -0500 )edit

output looks exactly like yours: Update 3

n7rxDE gravatar imagen7rxDE ( 2014-08-13 02:43:55 -0500 )edit

Please, post ovs-vsctl show && ifconfig on Neutron Node.
Commands to create private && external network.

dbaxps gravatar imagedbaxps ( 2014-08-13 03:28:22 -0500 )edit

UPDATE4: gr8 thx for your support! not sure what you mean by commands: used: Doku and ovs-vsctl add-port br-ex eth3

n7rxDE gravatar imagen7rxDE ( 2014-08-13 03:43:45 -0500 )edit

Look at http://bderzhavets.blogspot.com/2014/... , regarding ml2_plugin.ini && plugin.ini configuration under /etc/neutron on Neutron Server.

dbaxps gravatar imagedbaxps ( 2014-08-13 04:07:58 -0500 )edit
0

answered 2014-09-03 02:38:15 -0500

n7rxDE gravatar image

Question can be closed in fact of some progress. Resulting Problem is asked here: https://ask.openstack.org/en/question/45984/icehouse-instance-cannot-reach-web-updated/ (https://ask.openstack.org/en/question...)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2014-08-07 05:11:14 -0500

Seen: 2,042 times

Last updated: Sep 03 '14