Ask Your Question
0

Can't ping instance from external host

asked 2015-03-17 13:06:56 -0600

jslater gravatar image

updated 2015-03-19 17:14:29 -0600

smaffulli gravatar image

This was all working but I suspect a reboot of the packstack Juno all-in-one has reset something. From within the instance I can ping out to the external gateway and beyond fine, just not the other way round.

This is OpenStack running in a VMware vm (and promiscous mode is enabled). Routing info:

[root@openstack ~(keystone_admin)]# netstat -lntp | grep 8775
tcp        0      0 0.0.0.0:8775            0.0.0.0:*               LISTEN      1634/python         
[root@openstack ~(keystone_admin)]# neutron router-list

+--------------------------------------+---------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| id                                   | name                | external_gateway_info                                                                                                                                                                     | distributed | ha    |
+--------------------------------------+---------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| 8b4c1e42-8bc3-4eb2-89c6-c48e633d977a | public_router_admin | {"network_id": "f4dbf780-54dd-4754-8e30-3749d2e397ae", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "b54397d9-1ff1-48f7-987f-cee58299d3ed", "ip_address": "192.168.2.190"}]} | False       | False |
+--------------------------------------+---------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+

[root@openstack ~(keystone_admin)]# neutron router-port-list 8b4c1e42-8bc3-4eb2-89c6-c48e633d977a
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                            |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 0cc088b4-ab92-4a12-bd1d-d37562bd536e |      | fa:16:3e:81:5f:fb | {"subnet_id": "c9c263e1-1479-4025-8f8e-b9f9bea0c459", "ip_address": "10.0.0.1"}      |
| c25c44b7-9295-4770-8b3a-2cedb066a564 |      | fa:16:3e:15:23:75 | {"subnet_id": "b54397d9-1ff1-48f7-987f-cee58299d3ed", "ip_address": "192.168.2.190"} |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
[root@openstack ~(keystone_admin)]# ip netns exec qrouter-8b4c1e42-8bc3-4eb2-89c6-c48e633d977a iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-c25c44b7-92 ! -o qg-c25c44b7-92 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 10.0.0.0/24 -j SNAT --to-source 192.168.2.190
-A neutron-postrouting-bottom -j neutron-l3-agent-snat
[root@openstack ~(keystone_admin)]# neutron agent-list
+--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+
| id                                   | agent_type         | host      | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+
| 6db84485-b13a-4abf-b9e5-74d049745f21 | Metadata agent     | openstack | :-)   | True           | neutron-metadata-agent    |
| 7034c903-15a2-436f-8788-4fc3e1b2b852 | L3 agent           | openstack | :-)   | True           | neutron-l3-agent          |
| 80fc7d4c-4b7e-41c5-b59d-6106ad4688ec | DHCP agent         | openstack | :-)   | True           | neutron-dhcp-agent        |
| 9a113b33-c195-41ae-a554-1f2eb76a2b70 | Open vSwitch agent | openstack | :-)   | True           | neutron-openvswitch-agent |
+--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+

[root@openstack ~(keystone_admin)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

Not sure what else to check?

Here's what I used to set up a new evironment that exhibits the same problem:

Install Centos 7.0, then:

yum -y update
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl enable network
vi /etc/resolv.conf - add in DNS 8.8.8.8
vi /etc/sysconfig/network - add GATEWAY=192.168.2.1
systemctl stop firewalld
systemctl disable firewalld

vi /etc/selinux/config      - set SELINUX=disabled
yum install -y https://rdo.fedorapeople.org/rdo-release.rpm
yum install -y openstack-packstack
reboot

# packstack --allinone --provision-all-in-one-ovs-bridge=n

/etc/sysconfig/network-scripts/ifcfg-br-ex :

DEVICE=br-ex
DEVICETYPE=ovs
BOOTPROTO=static
IPADDR=192.168.2.159
NETMASK=255.255.255.0 
GATEWAY=192.168.2.1 
DNS1=8.8.8.8 
NM_CONTROLLED="no"
DEFROUTE="yes"
OVS_BRIDGE=br-ex
TYPE="OVSIntPort"
IPV4_FAILURE_FATAL="yes"
IPV6INIT=no

/etc/sysconfig/network-scripts/ifcfg-ens160 :

DEVICE=ens160 
HWADDR=52:54:00:92:05:AE # your MAC hwaddr
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes
NM_CONTROLLED=no
IPV6INIT=no

service network restart

Clean up openstack config:

. keystonerc_admin  
neutron subnet-list
neutron router-list
neutron router-interface-delete <router_id> <private_subnet_name>
neutron router-delete <router_name>

Check and delete any ports: 

neutron port-list ...
(more)

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted
0

answered 2015-03-17 13:30:00 -0600

dbaxps gravatar image

Run :-

ifdown br-ex ;
ifup br-ex ;
service network restart

Having NetworkManager disabled and stopped

edit flag offensive delete link more

Comments

root@openstack ~(keystone_admin)]# chkconfig NetworkManager Note: Forwarding request to 'systemctl is-enabled NetworkManager.service'. disabled # /bin/systemctl stop NetworkManager.service # ifdown br-ex ; # ifup br-ex ; ovs-vsctl: cannot create a port named br-ex because a br

jslater gravatar imagejslater ( 2015-03-17 13:50:25 -0600 )edit

ovs-vsctl: cannot create a port named br-ex because a bridge named br-ex already exists

jslater gravatar imagejslater ( 2015-03-17 13:50:40 -0600 )edit

Up on packstack completition you are supposed

# chkconfig network on
# service network restart 
#systemctl stop NetworkManager
#systemctl disable NetworkManager

View https://www.rdoproject.org/Quickstart

dbaxps gravatar imagedbaxps ( 2015-03-17 14:12:58 -0600 )edit

Had already done that, and it was working, haven't touched the setup in a while. re-running the above still didn't change anything unfortunately.

jslater gravatar imagejslater ( 2015-03-17 14:49:59 -0600 )edit

PLease post

ovs-vsctl show
ifconfig
dbaxps gravatar imagedbaxps ( 2015-03-17 14:59:46 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-03-17 13:06:56 -0600

Seen: 2,399 times

Last updated: Mar 19 '15