Ask Your Question
0

cant ping the tenant router gateway or assign IP floatingip address to compute node

asked 2014-10-19 23:31:03 -0500

David Kilcy gravatar image

I configured the demo tenant Icehouse on 4 CentOS bare-metal servers: controller, neutron network node and 2 compute nodes per these instructions: http://docs.openstack.org/icehouse/in...

Can create a VM and Problem is I cannot ping my tenant gateway 192.168.1.200. Below is my configuration

I created a cirros instance and can access it thru VNC, but no IP address is assigned to eth0.

Any help would be greatly appreciated.


[devops@workstation-02 openstack]$ nova list
+--------------------------------------+----------------+---------+------------+-------------+------------------------------------+
| ID                                   | Name           | Status  | Task State | Power State | Networks                           |
+--------------------------------------+----------------+---------+------------+-------------+------------------------------------+
| 5dea6636-7600-405b-b9bd-c99496d4a56a | demo-instance1 | SHUTOFF | -          | Shutdown    | demo-net=172.16.1.2, 192.168.1.201 |
| 9d277d3b-f42b-4576-9e16-f9e95f8815bd | demo-instance2 | ACTIVE  | -          | Running     | demo-net=172.16.1.4, 192.168.1.202 |
+--------------------------------------+----------------+---------+------------+-------------+------------------------------------+

10.0.0.x is mgmt network
192.168.1.x is external network with gateway 192.168.1.1
10.0.1.x is VM network

source admin-openrc.sh
neutron net-create ext-net --shared --router:external=True
neutron subnet-create ext-net --name ext-subnet \
  --allocation-pool start=192.168.1.200,end=192.168.1.254 \
  --disable-dhcp --gateway 192.168.1.1 192.168.1.0/24
source demo-openrc.sh
neutron net-create demo-net
neutron subnet-create demo-net --name demo-subnet \
  --gateway 172.16.1.1 172.16.1.0/24
neutron net-list
neutron router-create demo-router
neutron router-interface-add demo-router demo-subnet
neutron router-gateway-set demo-router ext-net


Gateway IP = 192.168.1.1
DHCP is turned off
10.x network is on its own switch
192.x network is on its own switch connected to gateway ip

###############################################################################
# Network:
# *.mgmt    - OpenStack Internal Network
# *.pub     - Public Network
# *.vm      - VM Traffic Network
###############################################################################

10.0.0.6        workstation-02.mgmt workstation-02 salt ntp yumrepo 
10.0.0.11       controller-01.mgmt  controller-01
10.0.0.21       network-01.mgmt  network-01
10.0.0.31       compute-01.mgmt  compute-01
10.0.0.32       compute-02.mgmt  compute-02
10.0.1.31       compute-01.vm    compute-01 
10.0.1.32       compute-02.vm    compute-02
192.168.1.6     workstation-02.pub
192.168.1.11    controller-01.pub
```

##### Network Node

```

[root@network-01 ~]$ ping 192.168.1.200
connect: Network is unreachable

[root@controller-01 openstack]$  ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
From 192.168.1.11 icmp_seq=2 Destination Host Unreachable
From 192.168.1.11 icmp_seq=3 Destination Host Unreachable
From 192.168.1.11 icmp_seq=4 Destination Host Unreachable


[root@network-01 ~]$ echo $OS_USERNAME
admin


[root@network-01 ~]$ ovs-vsctl show
3ada494e-2979-4cff-b748-2f9becbc4c72
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "qr-90090478-78"
            tag: 1
            Interface "qr-90090478-78"
                type: internal
        Port "tap26b688cd-94"
            tag: 1
            Interface "tap26b688cd-94"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-ex
        Port "eth2"
            Interface "eth2"
        Port "qg-40d23e5f-87"
            Interface "qg-40d23e5f-87"
                type: internal
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        Port "gre-0a00011f"
            Interface "gre-0a00011f"
                type: gre
                options: {in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.31"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-0a000120"
            Interface "gre-0a000120"
                type: gre
                options: {in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip ...
(more)
edit retag flag offensive close merge delete

Comments

Does cirros VM comlaining address 169.254.169.254 when booting ?

dbaxps gravatar imagedbaxps ( 2014-10-19 23:39:30 -0500 )edit
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2014-10-19 23:42:16 -0500

dbaxps gravatar image

updated 2014-10-20 00:12:34 -0500

Forced to use field due to leack of formatting tools in comments. You did not implement security rools for tenant :-

[root@icehouse1 ~(keystone_boris)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
+-------------+-----------+---------+-----------+--------------+

Export tenants credenials and run :-

 $ neutron security-group-rule-create --protocol icmp \
  --direction ingress --remote-ip-prefix 0.0.0.0/0 default

$ neutron security-group-rule-create --protocol tcp \
  --port-range-min 22 --port-range-max 22 \
  --direction ingress --remote-ip-prefix 0.0.0.0/0 default

You also seem to miss /etc/neutron/plugin.ini :

[root@icehouse1 neutron(keystone_admin)]# ls -l
total 72
-rw-r--r--. 1 root root      193 Sep 30 17:08 api-paste.ini
-rw-r-----. 1 root neutron  3901 Sep 30 19:19 dhcp_agent.ini
-rw-r--r--. 1 root root       86 Sep 30 19:20 dnsmasq.conf
-rw-r-----. 1 root neutron   208 Sep 30 17:08 fwaas_driver.ini
-rw-r-----. 1 root neutron  3431 Sep 30 17:08 l3_agent.ini
-rw-r-----. 1 root neutron  1400 Aug  8 02:56 lbaas_agent.ini
-rw-r-----. 1 root neutron  1863 Sep 30 17:08 metadata_agent.ini
lrwxrwxrwx. 1 root root       37 Sep 30 18:41 ml2_conf.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
-rw-r-----. 1 root neutron 19187 Sep 30 17:08 neutron.conf
lrwxrwxrwx. 1 root root       55 Sep 30 18:40 plugin.ini -> /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
-rw-r--r--. 1 root root      211 Sep 30 17:30 plugin.out
drwxr-xr-x. 4 root root     4096 Sep 30 17:08 plugins
-rw-r-----. 1 root neutron  6148 Aug  8 02:56 policy.json
-rw-r--r--. 1 root root       79 Aug 11 15:27 release
-rw-r--r--. 1 root root     1216 Aug  8 02:56 rootwrap.conf

[root@icehouse1 neutron(keystone_admin)]# cat ml2_conf.ini
[ml2]
type_drivers = gre
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
[ovs]
local_ip = 192.168.0.127
[agent]
tunnel_types = gre
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

[root@icehouse1 neutron(keystone_admin)]# cat plugin.ini
[ml2]
type_drivers = gre
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
[ovs]
local_ip = 192.168.0.127
[agent]
tunnel_types = gre
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

Please, run :-

$ neutron agent-list

Does cirros VM complaining address 169.254.169.254 when booting ?

edit flag offensive delete link more

Comments

Thank you, I will look tomorrow, it is late here. What is 192.168.0.127 in your network? Thanks!

David Kilcy gravatar imageDavid Kilcy ( 2014-10-20 00:18:57 -0500 )edit

192.168.0.127 is GRE endpoint

dbaxps gravatar imagedbaxps ( 2014-10-20 00:22:27 -0500 )edit
add a comment
0

answered 2014-10-19 23:47:11 -0500

RHK gravatar image

Do you have l3 agent configured?

Create a router for the new tenant:

neutron router-create --tenant-id $put_id_of_project_one router_proj_one

Add the router to the running l3 agent (if it wasn't automatically added):

neutron agent-list (to get the l3 agent ID)
neutron l3-agent-router-add $l3_agent_ID router_proj_one

Paste the /neutron/server.log & ml2 plugin logs.

Regards,
RHK

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-10-19 23:31:03 -0500

Seen: 3,950 times

Last updated: Oct 20 '14

Related questions

no default gateway on neutron router

Router gateway to public network status is down

QoS: neutron bandwidth limit method

unable to assign floating ip to instance

lbaas Error: Unable to add pool "new-pool".

create security group

Install and configure network node - neutron agent-list emty

Domain admin can access entities out of scope

What are neutron metadata ?

Instances not reachable from outside