Ask Your Question

Openstack instances can't ping the outside world

asked 2015-09-24 13:11:09 -0600

Gentux gravatar image

updated 2015-09-29 11:01:14 -0600


We're trying to setup a single node installation of Openstack, and soon a multi-node one. We're using puppetto achieve that, following this great article : (

After installation, we can't directly create floating ip and use them, we need to add these two security-group rules :

nova secgroup-add-rule default icmp -1 -1
nova secgroup-add-rule default tcp 22 22

And then we can ping our instances from the host, and instances can ping the host.

The problem is: instances can't ping the outside world (ex: or

I believe the answer can solve another issue I didn't fully understand, we got an IP Block (/27) When I run this command:

ifconfig eth1 <my_public_ip>

Then I can ping my_public_ip from anywhere, but when neutron try to use those public IPs it doesn't work and I can't access my instances.

Can anyone give us some leads to find out what's wrong ?

EDIT: As suggested in comments, I switched to RDO deployment.

Now, instances can ping the outside world, and name resolution works. So the "title question" is solved. Should I create another question on to continue troubleshoot my installation ?

Public IP block given by ISP isn't working, I installed packstack this way

packstack --allinone --provision-demo-floatrange=

VM are accessible, but public IPs can't be accessed from outside.

edit retag flag offensive close merge delete


Check your resolv.conf file maybe you need to add the nameserver

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-09-25 00:23:17 -0600 )edit

My /etc/resolv.conf:

nameserver <local_name_server>
nameserver <local_name_server2>
search <private-domain>.com

The host can pin and resolve hostname like

Gentux gravatar imageGentux ( 2015-09-25 02:30:20 -0600 )edit

Your choice of puppet technology for Openstack deployment looks a bit strange, unless it's your own project.

dbaxps gravatar imagedbaxps ( 2015-09-25 02:45:18 -0600 )edit

There's some puppet project maintained by openstack community, it seems like a logical choice to me.

What would you suggest ?

Gentux gravatar imageGentux ( 2015-09-25 02:48:37 -0600 )edit

RH RDO deployment via packstack.

dbaxps gravatar imagedbaxps ( 2015-09-25 03:01:26 -0600 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2015-09-29 11:44:22 -0600

Gentux gravatar image


I just found the solution I was looking for.

Thanks to dbaxps in the comment I switched to RH RDO deployment via packstack. So, thank you dbaxps.

And the issue regarding those public ips was a settings in /etc/sysctl.conf

sysctl -w net.ipv4.conf.eth0.proxy_arp=1

I hope this solution will be helpful for some people in the future :) And thanks to these people who spent time helping me in comments !

edit flag offensive delete link more

answered 2015-09-29 14:53:41 -0600

dbaxps gravatar image

updated 2015-09-29 15:21:43 -0600

I strongly believe that RH's RDO-Manager and more restrictive RDO utility packstack
are supposed to win on the market. Yes , packstack cannot install 3 Node HA Controller,
but RDO-Manager already can. Puppet technology has certain advantages even on packstack level
allowing self learning persons to move on very fast and understand Openstack via already been built
properly configured Multi node RDO systems even deployed via packstack and tuned manually afterwards

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-09-24 13:11:09 -0600

Seen: 3,608 times

Last updated: Sep 29 '15