Ask Your Question
1

Would like OpenStack VMs to be able to communicate with local network

asked 2015-04-02 17:08:08 -0600

fatk1d gravatar image

updated 2015-04-03 13:49:32 -0600

dbaxps gravatar image

Goal:

I would like to use DevStack to set up an all-on-one-machine (bare metal) installation of OpenStack that will allow me to launch VMs with the ability for those VMs to communicate over the LAN and reach the internet. I would also like machines on the LAN to be able to communicate directly with the OpenStack VMs.

History:

I installed Ubuntu 14.04 and installed Dev stack with a minimal local.conf configuration file using defaults which gave me networking with Nova networking. The setup and installation was a snap. I could ping the machines on my 192.168.1.0/24 network just fine. However, I couldn't reach the OpenStack VMs on a 10.11.12.0/24 network which wasn't surprising to me once I started to investigate the configuration of the environment.

I came to the conclusion that what I really wanted to do was to reinstall using neutron with DevStack to provide the capability that I'm looking for. I didn't know what I was in for. I've been trying to get this to work for around one week solid now (a couple of hours each evening) and I'm no closer than when I started. There are several resources out there on the internet that supposedly show you how to do this but I've tried each one of them and ran into issues each time I've tried it

What's absolutely frustrating is that I can keep the same local.conf file, perform a git clone (after ./unstack.sh && ./clean.sh and removing ./devstack) and I get a different failure. Wow.

So, is it even possible to do what I'm trying to do with devstack? Should I install OpenStack from scratch??

local.conf File:

    [[local|localrc]]

HOST_IP=192.168.1.114
FLAT_INTERFACE=em1
ADMIN_PASSWORD=super-secret-password
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
SERVICE_TOKEN=psycho-hex-string-here
FIXED_RANGE=10.11.12.0/24
NETWORK_GATEWAY=192.168.1.254
FLOATING_RANGE=192.168.1.0/24

disable_service n-net

enable-service q-svc q-agt q-dhcp q-l3

Current Error:

    + echo 'stuff "/usr/local/bin/glance-api --config-file=/etc/glance/glance-api.conf
"'
+ [[ -n /opt/stack/logs ]]
+ echo 'logfile /opt/stack/logs/g-api.log.2015-04-02-154834'
+ echo 'log on'
+ screen -S stack -X screen -t g-api
+ local real_logfile=/opt/stack/logs/g-api.log.2015-04-02-154834
+ echo 'LOGDIR: /opt/stack/logs'
LOGDIR: /opt/stack/logs
+ echo 'SCREEN_LOGDIR: '
SCREEN_LOGDIR: 
+ echo 'log: /opt/stack/logs/g-api.log.2015-04-02-154834'
log: /opt/stack/logs/g-api.log.2015-04-02-154834
+ [[ -n /opt/stack/logs ]]
+ screen -S stack -p g-api -X logfile /opt/stack/logs/g-api.log.2015-04-02-154834
+ screen -S stack -p g-api -X log on
+ ln -sf /opt/stack/logs/g-api.log.2015-04-02-154834 /opt/stack/logs/g-api.log
+ [[ -n '' ]]
+ sleep 3
++ echo -ne '\015'
+ NL=$'\r'
+ [[ -n '' ]]
+ screen -S stack -p g-api -X stuff '/usr/local/bin/glance-api --config-file=/etc/glance/glance-api.conf & echo $! >/opt/stack/status/stack/g-api.pid; fg || echo "g-api failed to start" | tee "/opt/stack/status/stack/g-api.failure"
'
+ is_service_enabled g-graffiti
++ set +o
++ grep xtrace
+ local 'xtrace ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-04-03 14:19:00 -0600

dbaxps gravatar image

updated 2015-04-03 16:52:24 -0600

Your HOST_IP belongs to FLOATING_RANGE via my limited experience with devstack installs it's does not work at least in meantime. Public network created by devstack is not supposed contain your HOST_IP, e.g. cannot match your real office LAN. It's not a problem provide Internet access to VMs via running .

   # iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE

which provides outbound connectivity, but not inbound.

The option which I suspect to be available is create local.conf forcing devstack make eth0 OVS port of br-ex up on finish, either update /etc/network/interfaces as post install step making eth0 OVS port (with no IP) of br-ex , then shut down system and restart via rejoin-stack.sh. However, devstack is really needed when you are testing the most recent nova ( nova-docker, nova-xen ) commits. I was forced to work with devstack mainly due to switching to oslo logging in nova-docker driver, which was in turn had to follow upstream nova commits.

 Not been devstack expert, to solve this task I perform RDO Juno packstack install on CentOS7 or F21 box.  As post installation procedure I make em1 OVS port of OVS bridge br-ex assigning  br-ex IP which had interface em1 and get inbound and outbound connectivity for VMs created on AIO RDO Juno Node. This is absolutely painless standard procedure for AIO as well as multi node RDO Juno installs via packstack

Actually, I manually configure /etc/sysconfig/network-scripts/ifcfg-br-ex && /etc/sysconfig/network-scripts/ifcfg-em1, disabling NetworkManager and enabling service network. Then I just recreate via Horizon public network matching office LAN with gateway value matching real Internet gateway IP ( my office router IP ). As of end of may 2015 RDO Kilo will be available for packstack installations on the most recent RH's Fedora releases.

edit flag offensive delete link more

Comments

Thanks so much for your feedback. I read through the OpenStack documents earlier today and I have a much better understanding of virtual network components like TAP devices, vnetX devices and so forth. I also appreciate your suggestion of using RDO Juno packstack along with the manual steps.

fatk1d gravatar imagefatk1d ( 2015-04-03 14:37:26 -0600 )edit

I'll look through your response in greater detail later tonight and see if I can't make some additional progress with OpenStack. If I can't, I'll strongly consider going with RDO.

fatk1d gravatar imagefatk1d ( 2015-04-03 14:40:08 -0600 )edit

Please , view for details https://www.rdoproject.org/Quickstart (AIO install)
Multi node install RDO Juno, view http://bderzhavets.blogspot.com/2014/...
The last howto would work for Fedora 21 as well.

dbaxps gravatar imagedbaxps ( 2015-04-03 15:06:44 -0600 )edit

View also https://ask.openstack.org/en/question...
regarding VNC tunnelling over SSH for remote connection to VMs running on devstack AIO node.

dbaxps gravatar imagedbaxps ( 2015-04-04 09:32:40 -0600 )edit

Thanks again for the great information. I honestly appreciate the fact that you took the time to respond. I have been cloning from the master branch (I believe) and I plan to try a set up once more later today cloning devstack from the stable/juno branch.

fatk1d gravatar imagefatk1d ( 2015-04-04 10:35:40 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2015-04-02 17:08:08 -0600

Seen: 828 times

Last updated: Apr 03 '15