Ask Your Question
0

No available ports for floating IPs in new project

asked 2014-12-05 10:24:02 -0600

patrickt33 gravatar image

updated 2014-12-08 11:57:46 -0600

So, I've gotten this working within the initial admin project. I can churn out instances, assign floating IPs and access them on my network. Trying to keep this as simple as possible, I've two networks: public = 10.5.0.0/16 private=10.50.0.0/16

In my floating IP allocation, I've set 10.5.2.1 to 10.5.254.254. Like I said, simple, it's all one company, not need for complexity. So I make both of these networks shared, and they can be seen from both projects. When I launch an new instance in the other project (we'll call it newproj), I get a properly assigned address from the allocation pool and the instance starts fine. But when I go to associate an IP, there are "no ports available". Running neutron port-list shows that the port IS being created. In the dashboard, I can see the ports listed under that network listed as UP.

I tried the neutron.py patch suggested in this thread with no luck: https://ask.openstack.org/en/question...

I also looked at this thread: https://ask.openstack.org/en/question... which suggested recreating the private net in that project. Which begs the question, do I have to have a separate private network for each project? Can I not use a shared private net amongst ALL projects?

I see no errors in any of the logs, so I'm not really even sure what you might need to see to help resolve this.

UPDATE 1

Ran this in new project "tp" source ~/keystonerc_tp neutron router-create tp-router neutron net-create tp-private neutron subnet-create --name tp-private_subnet tp-private 10.50.4.0/22 --allocation-pool start=10.50.4.11,end=10.50.7.254 neutron router-interface-add tp-router tp-private_subnet

[root@os-node-1 ~(keystone_tp)]# neutron router-list
+--------------------------------------+-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| id                                   | name      | external_gateway_info                                                                                                                                                                  | distributed | ha    |
+--------------------------------------+-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| 7f023ced-9320-4e08-9fe9-35bf924ab47b | router1   | {"network_id": "92dc875c-f6c1-4ac5-bd62-65f1fd0536db", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "fcbb1684-1c67-472a-85b3-30a31fa7de4a", "ip_address": "10.5.0.200"}]} | False       | False |
| e2e331a9-8c2a-4988-8353-b62c929777ff | tp-router | null                                                                                                                                                                                   | False       | False |
+--------------------------------------+-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+

[root@os-node-1 ~(keystone_tp)]# neutron net-list
+--------------------------------------+------------+---------------------------------------------------+
| id                                   | name       | subnets                                           |
+--------------------------------------+------------+---------------------------------------------------+
| 61598905-8013-4414-923f-2090d5e748bf | tp-private | dce4ed19-22b2-4a37-86ea-9da55708b94a 10.50.4.0/22 |
| 92dc875c-f6c1-4ac5-bd62-65f1fd0536db | public     | fcbb1684-1c67-472a-85b3-30a31fa7de4a 10.5.0.0/16  |
| 469751f2-8a62-413d-b966-8a5bb9812338 | private    | c52bb9ca-1335-4f8b-8da7-6ba4254b70c9 10.50.0.0/22 |
+--------------------------------------+------------+---------------------------------------------------+

[root@os-node-1 ~(keystone_tp)]# neutron subnet-list
+--------------------------------------+-------------------+--------------+------------------------------------------------+
| id                                   | name              | cidr         | allocation_pools                               |
+--------------------------------------+-------------------+--------------+------------------------------------------------+
| dce4ed19-22b2-4a37-86ea-9da55708b94a | tp-private_subnet | 10.50.4.0/22 | {"start": "10.50.4.11", "end": "10.50.7.254"}  |
| fcbb1684-1c67-472a-85b3-30a31fa7de4a | public_subnet     | 10.5.0.0/16  | {"start": "10.5.0.200", "end": "10.5.0.254"}   |
| c52bb9ca-1335-4f8b-8da7-6ba4254b70c9 | private_subnet    | 10.50.0.0/22 | {"start": "10.50.0.100", "end": "10.50.3.254"} |
+--------------------------------------+-------------------+--------------+------------------------------------------------+

[root@os-node-1 ~(keystone_tp)]# neutron router-port-list tp-router
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                        |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+
| c2a3dbae-f590-460a-bdbb-acc182f7b071 |      | fa:16:3e:bd:2f:64 | {"subnet_id": "dce4ed19-22b2-4a37-86ea-9da55708b94a", "ip_address": "10.50.4.1"} |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+

[root@os-node-1 ~(keystone_tp)]# nova list
+--------------------------------------+-------------+--------+------------+-------------+-----------------------+
| ID                                   | Name        | Status | Task State | Power State | Networks              |
+--------------------------------------+-------------+--------+------------+-------------+-----------------------+
| c20f973a-a352-41aa-88db-dc0facfdfbbf | tp-cirros-5 | ACTIVE | -          | Running     | tp-private=10.50.4.11 |
+--------------------------------------+-------------+--------+------------+-------------+-----------------------+

[root@os-node-1 neutron(keystone_tp)]# neutron floatingip-list
+--------------------------------------+------------------+---------------------+--------------------------------------+
| id                                   | fixed_ip_address | floating_ip_address | port_id                              |
+--------------------------------------+------------------+---------------------+--------------------------------------+
| 508cb197-b8b5-4bef-8238-28cc2242bb7e |                  | 10.5.0.202          |                                      |
| 63ff1407-580c-4c60-b01b-eede2c964fdb |                  | 10.5.0.203          |                                      |
| e869df32-b14e-40e1-aaac-9c059c88e7d8 | 10.50.0.100      | 10.5.0.201          | a1fc8427-dbc8-478b-9238-c63454293b18 |
+--------------------------------------+------------------+---------------------+--------------------------------------+

[root@os-node-1 neutron(keystone_tp ...
(more)
edit retag flag offensive close merge delete

Comments

How did you get c87963a2-eafa-4979-97aa-3df33ab06834 ?

dbaxps gravatar imagedbaxps ( 2014-12-08 09:36:34 -0600 )edit

From the dashboard entry for that port listed in the subnet details. I could not find a way to show that on the command line. But in any case, I still get the "no ports available" in the gui.

patrickt33 gravatar imagepatrickt33 ( 2014-12-08 09:54:21 -0600 )edit

$ neutron port-list --device-id c20f973a-a352-41aa-88db-dc0facfdfbbf

dbaxps gravatar imagedbaxps ( 2014-12-08 09:56:32 -0600 )edit

Cool, thx. It shows that id for the port, I'll add it to the update. So I really don't get why it can't use it, it's almost like it's a permissions issue, but there is nothing. Just created a new project from scratch and did all the networking from dashboard, same results.

patrickt33 gravatar imagepatrickt33 ( 2014-12-08 10:14:15 -0600 )edit

So, I ran neutron with -v and got some more info. I don't how helpful it will be, but it's posted as UPDATE 2. Also wanted to say, VMs within the tenant can talk to each other so private networking is at least working.

patrickt33 gravatar imagepatrickt33 ( 2014-12-08 11:59:19 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-12-05 11:00:24 -0600

dbaxps gravatar image

Making private sub-net shared doesn't look to me as a good idea. Each tenant is supposed to have it's own private network and router with internal interface to this private sub-net and external gateway to shared public network. It works with no problems with allocation floating IPs to VMs running on different private sub-nets.

edit flag offensive delete link more

Comments

What are you, my personal support agent? :) Ok, so that did allow me to associate a port, tho I couldn't reach the IP. do I need a separate router as well? and then, do I need an interface on the original router that has the default gateway?

patrickt33 gravatar imagepatrickt33 ( 2014-12-05 12:31:39 -0600 )edit

Once again, each tenant creates his own sub-net(X) and neutron router(X). Each router(X) has internal interface to sub-net(X) and external gateway to public sub-net common for all tenants ( simplest case).

dbaxps gravatar imagedbaxps ( 2014-12-05 13:18:06 -0600 )edit

This architecture is safe. Tenant's Network Topology reflects only neutron router created by tenant and only private sub-nets belong to tenant. Yes, number of dnsmasq daemons serving sub-nets will be equal number of private sub-nets. Pressure on Network Node will be encreased.

dbaxps gravatar imagedbaxps ( 2014-12-05 13:28:36 -0600 )edit

System will maintain several qdhcp-namespaces, neutron routing supports forwarding && NAT from every qdhcp-namespace to corresponding qrouter-namespace.You may take a look at :
https://www.hastexo.com/system/files/...

dbaxps gravatar imagedbaxps ( 2014-12-05 13:40:05 -0600 )edit

So you have a separate private and public/floating net for every project?

patrickt33 gravatar imagepatrickt33 ( 2014-12-05 14:30:28 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-12-05 10:24:02 -0600

Seen: 1,764 times

Last updated: Dec 08 '14