Cannot ping router tenant gateway by OS Nodes and www by Instance
hello, setup-> OS Icehouse Networking Issue 3Nodesetup as VM with Neutron ML2 GRE
UPDATE6
curl command does work now! Still cannot ping router tenannt gateway by any cloud node!
UPDATE5 exec namespace qrouter
root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-fa3fc507-5c ! -o qg-fa3fc507-5c -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 192.168.1.0/24 -j SNAT --to-source 203.0.113.101
-A neutron-postrouting-bottom -j neutron-l3-agent-snat
root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables -S -t nat | grep 169.254
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables netstat -antp
Bad argument `netstat'
Try `iptables -h' or 'iptables --help' for more information.
root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables -netstat -antp
iptables v1.4.21: unknown option "iptables"
by starting the instance i saw in log
checking http://169.254.169.254/2009-04-04/instance-id
failed 1/20: up 4.87. request failed
...
failed 20/20: up 46.93. request failed
UPDATE1+2: Changed some configs and uncomment rabbit_pass in each... So at now i can start an instance but nevertheless i am not able to ping tenant gateway with ping -c 4 203.0.113.101 or the vm itself it just works with defined namespace and netns command...
What do you think, maybe it is a problem of Virtualbox because of i cannot not even ping some internetaddress by the 3 OS Nodes... and anywhere i read that this is an issue of virtualbox. Do you think that can be a reason why i cannot ping my tenant gateway with normal ping command?
New Problem arrives... the startet instance is not be able to ping internetadresses!!!
What works is to telnet http://google.com at port 80 by the 3 OS Nodes. But telnet by instance doesn´t work too with error message: bad adresss....
i addressed some more: tried to get some information on qdhcp point with:
ip netns exec qdhcp-200c9ced-eb47-4f94-99f3-73e3a555d4f9 tcpdump -ln -i tap87176921-56
so there are no packets captured at this point!?
NO_ONE with ideas?
Update 3 (curl command by instance)
cannot upload the image because of carma:
$ uname -a
Linux cirros 3.2.0-60-.... #91-Ubuntu ...
$ curl http://169.254.169.254 (For what is this command?)
1.0
2007-01-19
2007-03-01
2007-08-29
2007-10-10
2007-12-15
2008-02-01
2008-09-01
2009-04-04
$ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
...
3packets transmitted 0 packets received
Rules for security group are set:
root@controller:~# neutron security-group-list
+--------------------------------------+---------+-------------+
| id | name | description |
+--------------------------------------+---------+-------------+
| 38e7edaa-87cd-4c28-a4cf-c1f32d4bf11a | default | default |
| 7e5d3f0b-84ce-448c-8b76-69ceab021e21 | default | default |
+--------------------------------------+---------+-------------+
root@controller ...
Check your compute node is running properly and you see availability zone while launching VM. Also add icmp & tcp rules in security group.
added some information about the rules and what do you mean by availability zone?!
Availability zone
This enables you to arrange OpenStack compute hosts into logical groups and provides a form of physical isolation and redundancy from other availability zones, such as by using a separate power supply or network equipment.
You define the availability zone in which a specified compute host resides locally on each server. An availability zone is commonly used to identify a set of servers that have a common attribute. For instance, if some of the racks in your data center are on a separate power source, you can put servers in those racks in their own availability zone. Availability zones can also help separate different classes of hardware.
When users provision resources, they can specify from which availability zone they want their instance to be built. This allows cloud consumers to ensure that their application resources are spread across disparate machines to achieve high availability in the event of hardware failure.
"curl http://169.254.169.254 (For what is this command?)" This is to see whether your VM can access metadata server. It will normally do it on boot to obtain different configuraiton (e.g. ssh keys, host name, etc) from that server.
how did you fix the curl command. I have the same problem with you.