Devstack (Libvirt driver) install on Ubuntu 14.04 foating IPs not working
$ $ git clone https://git.openstack.org/openstack-dev/devstack
$ cd devstack
$ ./stack.sh
My local.conf. ( tested also on VM with 14.04.2 with same results )
[[local|localrc]]
HOST_IP=192.169.142.52
ADMIN_PASSWORD=secret
MYSQL_PASSWORD=secret
RABBIT_PASSWORD=secret
SERVICE_PASSWORD=secret
FLOATING_RANGE=192.168.10.0/24
FLAT_INTERFACE=eth0
Q_FLOATING_ALLOCATION_POOL=start=192.168.10.150,end=192.168.10.254
PUBLIC_NETWORK_GATEWAY=192.168.10.15
SERVICE_TOKEN=super-secret-admin-token
DEST=$HOME/stack
SERVICE_DIR=$DEST/status
DATA_DIR=$DEST/data
LOGFILE=$DEST/logs/stack.sh.log
LOGDIR=$DEST/logs
FIXED_RANGE=10.254.1.0/24
NETWORK_GATEWAY=10.254.1.1
# Services
disable_service n-net
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service horizon
disable_service tempest
Security rules ( demo tenant, I ran cd dev* && . openrc demo )
ubuntu@ubuntu-vm:~/devstack$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| | | | | default |
| icmp | -1 | -1 | 0.0.0.0/0 | |
| | | | | default |
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
I can login to VF21 intance only
. openrc demo
ubuntu@ubuntu-vm:~/devstack$ sudo ip netns exec qdhcp-94d8a1e6-89bf-4162-9fc3-061a9bc17737 ssh -i osxkey.pem fedora@10.254.1.4
Last login: Wed Feb 25 22:01:09 2015 from 10.254.1.3
[fedora@vf21rsx01 ~]$ uname -a
Linux vf21rsx01.novalocal 3.18.7-200.fc21.x86_64 #1 SMP Wed Feb 11 21:53:17 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
I have internet access && can run yum -y update.
I ping from 192.169.142.53 (host running stack.sh) floating IP 192.168.10.154 ( private IP 50.0.0.13) . tcpdump -vv -i eth0 is running inside VM (192.168.10.154, 50.0.0.13)
20:19:34.729398 IP (tos 0x0, ttl 63, id 42021, offset 0, flags [DF], proto ICMP (1), length 84)
ip-192-169-142-53.ip.secureserver.net > 50-0-0-13.static.sonic.net: ICMP echo request, id 8588, seq 560, length 64
20:19:34.729696 IP (tos 0x0, ttl 64, id 41602, offset 0, flags [none], proto ICMP (1), length 84)
50-0-0-13.static.sonic.net > ip-192-169-142-53.ip.secureserver.net: ICMP echo reply, id 8588, seq 560, length 64
20:19:35.729432 IP (tos 0x0, ttl 63, id 42096, offset 0, flags [DF], proto ICMP (1), length 84)
ip-192-169-142-53.ip.secureserver.net > 50-0-0-13.static.sonic.net: ICMP echo request, id 8588, seq 561, length 64
20:19:35.729742 IP (tos 0x0, ttl 64, id 41605, offset 0, flags [none], proto ICMP (1), length 84)
50-0-0-13.static.sonic.net > ip-192-169-142-53.ip.secureserver.net: ICMP echo reply, id 8588, seq 561, length 64
Runtime snapshot
ubuntu@ubuntu-vm2:~/devstack$ brctl show
bridge name bridge id STP enabled interfaces
qbr715a260e-b2 8000.0648d25a79c4 no qvb715a260e-b2
qbra7a715f5-02 8000.522935fa9c61 no qvba7a715f5-02
tapa7a715f5-02
virbr0 8000.000000000000 yes
ubuntu@ubuntu-vm2:~/devstack$ sudo ovs-vsctl show | grep a7a715f5-02
Port "qvoa7a715f5-02"
Interface "qvoa7a715f5-02"
ICMP traffic is OK on "tapa7a715f5-02" , on "qbra7a715f5-02" ICMP replies from VM are already lost.
So the don't reach br-int via (qvba7a715f5-02, qvba7a715f5-02) veth pair
add a comment