Ask Your Question
1

VMs can't ping internal gateway or access internet

asked 2015-08-05 21:19:58 -0500

Hi everyone. I'm new to Openstack and deployed a test environment using kilo on 3 x CentOS 7 servers using instructions from http://docs.openstack.org/kilo/install-guide/install/yum/content/ (http://docs.openstack.org/kilo/instal...)

We're using QEMU 1.5.3/KVM 1.2.8 on the compute node.

I can spawn instances, however, they do not automatically get assigned an ip after checking ifconfig. I'm using the same Cirros 0.3.4-x86_64 image mentioned in the documentation.

Here is some background info:

192.168.18.0/24 = management network 192.168.102.0/24 = tenant tunnel network 192.168.102.10 = network node tenant network ip 192.168.102.3 = compute node tenant network ip

enp1s0f0 = management interface enp1s0f1 = vlan trunked interface (vlan 102 is the tenant tunnel network) tenant = tenant tunnel network enp3s0f0 = external internet facing network

I've looked through other questions with the same issue with no luck.

On my network node "ovs-vsctl show" outputs:

69538c28-2ab6-4dc6-be13-3c0763c37438
    Bridge br-ex
        Port "enp3s0f0"
            Interface "enp3s0f0"
        Port br-ex
            Interface br-ex
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-int
        fail_mode: secure
        Port "qg-ce1f47ee-16"
            tag: 5
            Interface "qg-ce1f47ee-16"
                type: internal
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qr-1f4dabe3-2d"
            tag: 4
            Interface "qr-1f4dabe3-2d"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "tapd0c56928-b7"
            tag: 4
            Interface "tapd0c56928-b7"
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "gre-c0a86603"
            Interface "gre-c0a86603"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="192.168.102.10", out_key=flow, remote_ip="192.168.102.3"}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.3.1"

running an ifconfig outputs:

enp1s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.18.71  netmask 255.255.255.0  broadcast 192.168.18.255
        inet6 fe80::225:90ff:fe1c:a8a  prefixlen 64  scopeid 0x20<link>
        ether 00:25:90:1c:0a:8a  txqueuelen 1000  (Ethernet)
        RX packets 3423  bytes 615949 (601.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4427  bytes 868227 (847.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfae60000-fae7ffff

enp1s0f1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::225:90ff:fe1c:a8b  prefixlen 64  scopeid 0x20<link>
        ether 00:25:90:1c:0a:8b  txqueuelen 1000  (Ethernet)
        RX packets 1262  bytes 383870 (374.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 362  bytes 44111 (43.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfaee0000-faefffff

enp3s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::21b:21ff:fe97:930a  prefixlen 64  scopeid 0x20<link>
        ether 00:1b:21:97:93:0a  txqueuelen 1000  (Ethernet)
        RX packets 5833  bytes 904589 (883.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3564  bytes 689431 (673.2 KiB)
        TX errors 0  dropped ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
2

answered 2015-08-11 20:44:04 -0500

Hey everyone,

I got it figured out after thoroughly reading Openstack's network troubleshooting documentation at http://docs.openstack.org/openstack-ops/content/network_troubleshooting.html (http://docs.openstack.org/openstack-o...)

In short, I disabled firewalld on both my compute and network nodes. GRE tunnel traffic between br-tun on both nodes was being blocked :/ Also cleaned up Openvswitch setup on my compute node. I read a tutorial that included br-ex on the compute node which was necessary in my case.

edit flag offensive delete link more

Comments

" I disabled firewalld on both my compute and network nodes" ( as far I understand and didn't enable ipv4 iptables firewall ). Then how you are going to support Neutron chains on Compute ( i.e. security rools)

dbaxps gravatar imagedbaxps ( 2015-08-12 02:45:01 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-08-05 21:18:12 -0500

Seen: 1,269 times

Last updated: Aug 11 '15