To get an IP for an instance running within an instance

asked 2013-10-30 23:38:39 -0600

dukes_hack gravatar image

updated 2014-01-22 15:12:31 -0600

Evgeny gravatar image

Setup Details:

Redhat 6.4 (Packstack script used for Openstack installation) No OVS/Quantum/Neutron package installed. Using the default linux bridge br100 for dnsmasq brctl show eth1(Physical Interface on Host node),vnet0(Instance 1) and vnet1(Instance 2) attached to br100(Linux Bridge)

Every time when I launch an instance, a IP-MAC pair gets added into /var/lib/nova/networks/nova-br100.conf. As far as I understand, the Nova-compute component creates this MAC-IP pair and dnsmasq process listening on Bridge interface br100 would reply to DHCP requests and issues an IP based on IP-MAC pairing saved into nova-br100.conf.

As far as the network reachability is concerned, can ping the instances from the Physical host node(Running nova-compute/nova-network etc) and vice-versa. The actual problem would be reaching the LXC container running within an Instance. The Instance(LXC Container) within the Instance1 is sending out DHCP Requests but never receives an IP in reply. By doing an tcpdump on br100 interface, can see the DHCP request messages reaching br100 but it never sends out an IP in reply as there is no MAC-IP pairing for this specific request. Is this because Nova-Compute doesn't recognize the MAC ?

Even If I manually configure an IP to the virtual interface within the LXC container, cannot reach the LXC interface from the Host. Is this something related to IP Table filtering that is preventing the ICMP packets from reaching the LXC? Also, have added Host specific routes within Instance 1 to forward packets to LXC but it didn't help the case.

Host(Eth1, br100) ---> Instance 1(Vnet0) ----> LXC(Eth1) Host side IP table and other network settings:

iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables iptables -t filter -S iptables -t nat -S ifconfig eth1 promisc So, the question is there any way to configure an IP on the Virtual interface in the LXC Instance which is running within Instance 1 and still able to ping the LXC interface from HOST? Is this really possible within an Instance that is managed by Openstack?

For your reference:


[DEFAULT] logdir = /var/log/nova state_path = /var/lib/nova lock_path = /var/lib/nova/tmp volumes_dir = /etc/nova/volumes dhcpbridge = /usr/bin/nova-dhcpbridge dhcpbridge_flagfile = /etc/nova/nova.conf force_dhcp_release = False injected_network_template = /usr/share/nova/interfaces.template libvirt_nonblocking = True libvirt_inject_partition = -1 network_manager = iscsi_helper = tgtadm sql_connection = mysql://nova:4ecab6dad245477e@ compute_driver = libvirt.LibvirtDriver firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver rpc_backend = nova.openstack.common.rpc.impl_qpid rootwrap_config = /etc/nova/rootwrap.conf qpid_hostname= metadata_listen= qpid_reconnect_interval_min=0 osapi_compute_workers=8 image_service=nova.image.glance.GlanceImageService ec2_listen= enabled_apis=ec2,osapi_compute,metadata api_paste_config=/etc/nova/api-paste.ini qpid_reconnect_interval=0 qpid_reconnect=True qpid_reconnect_timeout=0 service_quantum_metadata_proxy=False qpid_protocol=tcp qpid_port=5672 qpid_reconnect_limit=0 osapi_volume_listen= verbose=True qpid_username=guest glance_api_servers ... (more)

edit retag flag offensive close merge delete