Ask Your Question
0

Devstack (Libvirt driver) install on Ubuntu 14.04 foating IPs not working

asked 2015-02-25 13:40:29 -0500

dbaxps gravatar image

updated 2015-02-27 10:13:49 -0500

$ $ git clone https://git.openstack.org/openstack-dev/devstack
$ cd devstack
$ ./stack.sh

My local.conf. ( tested also on VM with 14.04.2 with same results )

[[local|localrc]]
HOST_IP=192.169.142.52
ADMIN_PASSWORD=secret
MYSQL_PASSWORD=secret
RABBIT_PASSWORD=secret
SERVICE_PASSWORD=secret
FLOATING_RANGE=192.168.10.0/24
FLAT_INTERFACE=eth0
Q_FLOATING_ALLOCATION_POOL=start=192.168.10.150,end=192.168.10.254
PUBLIC_NETWORK_GATEWAY=192.168.10.15
SERVICE_TOKEN=super-secret-admin-token

DEST=$HOME/stack
SERVICE_DIR=$DEST/status
DATA_DIR=$DEST/data
LOGFILE=$DEST/logs/stack.sh.log
LOGDIR=$DEST/logs

FIXED_RANGE=10.254.1.0/24
NETWORK_GATEWAY=10.254.1.1

# Services
disable_service n-net
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service horizon
disable_service tempest

Security rules ( demo tenant, I ran cd dev* && . openrc demo )

ubuntu@ubuntu-vm:~/devstack$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

I can login to VF21 intance only

. openrc demo
ubuntu@ubuntu-vm:~/devstack$ sudo ip netns exec qdhcp-94d8a1e6-89bf-4162-9fc3-061a9bc17737 ssh -i osxkey.pem fedora@10.254.1.4
Last login: Wed Feb 25 22:01:09 2015 from 10.254.1.3
[fedora@vf21rsx01 ~]$ uname -a
Linux vf21rsx01.novalocal 3.18.7-200.fc21.x86_64 #1 SMP Wed Feb 11 21:53:17 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

I have internet access && can run yum -y update.

I ping from 192.169.142.53 (host running stack.sh) floating IP 192.168.10.154 ( private IP 50.0.0.13) . tcpdump -vv -i eth0 is running inside VM (192.168.10.154, 50.0.0.13)

20:19:34.729398 IP (tos 0x0, ttl 63, id 42021, offset 0, flags [DF], proto ICMP (1), length 84)
    ip-192-169-142-53.ip.secureserver.net > 50-0-0-13.static.sonic.net: ICMP echo request, id 8588, seq 560, length 64
20:19:34.729696 IP (tos 0x0, ttl 64, id 41602, offset 0, flags [none], proto ICMP (1), length 84)
    50-0-0-13.static.sonic.net > ip-192-169-142-53.ip.secureserver.net: ICMP echo reply, id 8588, seq 560, length 64
20:19:35.729432 IP (tos 0x0, ttl 63, id 42096, offset 0, flags [DF], proto ICMP (1), length 84)
    ip-192-169-142-53.ip.secureserver.net > 50-0-0-13.static.sonic.net: ICMP echo request, id 8588, seq 561, length 64
20:19:35.729742 IP (tos 0x0, ttl 64, id 41605, offset 0, flags [none], proto ICMP (1), length 84)
    50-0-0-13.static.sonic.net > ip-192-169-142-53.ip.secureserver.net: ICMP echo reply, id 8588, seq 561, length 64

Runtime snapshot

ubuntu@ubuntu-vm2:~/devstack$ brctl show
bridge name bridge id       STP enabled interfaces
qbr715a260e-b2      8000.0648d25a79c4   no      qvb715a260e-b2
qbra7a715f5-02      8000.522935fa9c61   no      qvba7a715f5-02
                                                tapa7a715f5-02
virbr0      8000.000000000000   yes     
ubuntu@ubuntu-vm2:~/devstack$ sudo ovs-vsctl show | grep a7a715f5-02
        Port "qvoa7a715f5-02"
            Interface "qvoa7a715f5-02"
ICMP traffic is OK  on "tapa7a715f5-02" , on "qbra7a715f5-02"   ICMP replies from VM are already lost.

So the don't reach br-int via (qvba7a715f5-02, qvba7a715f5-02) veth pair

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-02-27 11:57:30 -0500

dbaxps gravatar image

updated 2015-03-13 12:24:18 -0500

UPDATE As of 03/13/2015

Correct command is :-
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
It keeps floating IPs 100% usable and security rules 100% effective
Command like :-
$ iptables -t nat -A POSTROUTING -s 172.24.4.0/24 -j MASQUERADE
disables floating IPs  if 172.24.4.0/24 is devstack public network
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-02-25 13:40:29 -0500

Seen: 735 times

Last updated: Mar 13 '15