Ask Your Question
1

Yet another "Can't ping my VM instance!" Now with Openstack Kolla over AWS

asked 2016-11-22 16:36:46 -0600

fortunepickle gravatar image

updated 2016-11-22 16:42:46 -0600

I'm trying to get a multinode setup of Openstack Kolla to work over AWS.

In particular, I'm having trouble understanding Neutron networking and getting it to work properly in my AWS setup. E.g. even after using the tools/initi-runonce script provided by kolla I can't ping a VM instance.

I'll start by describing the immediate problem, providing more details below. In general, I'd appreciate if you could follow what I'm doing and tell me what I'm doing wrong, what could be wrong, etc.

Thanks in advance!

DISCLAIMER: this question may contain "noob" talk & mistakes.

Main problem: Can't ping VMs using floating IP

After running kolla-ansible deploy and init-runonce' successfuly, I create one new m1.tiny instance and giving it a floating IP:

$ openstack server create --image cirros --flavor m1.tiny --nic net-id=$(neutron net-list | awk '/demo-net/ {print $2}') demo-instance

$ openstack server list
INFO: urllib3.connectionpool Starting new HTTP connection (1): 192.168.8.99
INFO: urllib3.connectionpool Starting new HTTP connection (1): 192.168.8.99
+--------------------------------------+---------------+--------+-------------------+
| ID                                   | Name          | Status | Networks          |
+--------------------------------------+---------------+--------+-------------------+
| 4a76515c-3b47-44d2-b5c7-3ff25f25ac5a | demo-instance | ACTIVE | demo-net=10.0.0.3 |
+--------------------------------------+---------------+--------+-------------------+

$ nova floating-ip-create public1
+---------------+-----------+----------+---------+
| Ip            | Server Id | Fixed Ip | Pool    |
+---------------+-----------+----------+---------+
| 192.168.8.201 |           | -        | public1 |
+---------------+-----------+----------+---------+

$ nova add-floating-ip 4a76515c-3b47-44d2-b5c7-3ff25f25ac5a 192.168.8.201
$ nova list
+--------------------------------------+---------------+--------+------------+-------------+----------------------------------+
| ID                                   | Name          | Status | Task State | Power State | Networks                         |
+--------------------------------------+---------------+--------+------------+-------------+----------------------------------+
| 4a76515c-3b47-44d2-b5c7-3ff25f25ac5a | demo-instance | ACTIVE | -          | Running     | demo-net=10.0.0.3, 192.168.8.201 |
+--------------------------------------+---------------+--------+------------+-------------+----------------------------------+

When I try to ping the instance (from the deployment node), I get no response:

$ ping 192.168.8.201
PING 192.168.8.201 (192.168.8.201) 56(84) bytes of data.
From 192.168.8.20 icmp_seq=1 Destination Host Unreachable
(...)

In the end, this could all be a problem of a very strict default firewall policy in AWS. If there's someone out there who can give me some advice to handle these issues in an AWS context, it would be awesome.

Setup

I have the following setup:

                                             (...........)
                                            (   Internet  )
                                             (...........)
                                                   |
                                              -----o-----
                                              |   VPC   |
                                              -----------
                       +-------------------(192.168.8.0/24)--------------------+
                       |                           |                           |
                       |                           |                           |
Nova + Neutron node    |    Controller node        |    Deployment node        |
+----------------+     |    +----------------+     |    +----------------+     |
|                |     |    |                |     |    |                |     |
|           eth0 o-----+    |           eth0 o-----+    |           eth0 o-----+
| (192.168.8.18) |     |    | (192.168.8.19) |          | (192.168.8.20) |
|                |     |    |                |          |                |
|           eth1 o-----+    +----------------+          +----------------+
| (neutron ext.) |     
|                |     
+----------------+

Comments:

  • The deployment node is where I run kolla-ansible, the openstack clients and a Docker registry for the kolla Docker images.

  • I realize this not recommended for a multinode setup. E.g. the controller, compute and network nodes should be separated. In fact, if I had to join 2 of them, it would probably make more sense to join the network and controller nodes.

  • Also, I've read that a "by-the-book" Openstack deployment should use 3 types of networks: management (for communication between OS services), external (access OS services/VMs from the outside) and VM data (for communication between VMs). Here I merge all of these in the same network.

Relevant kolla config files

Here I include the relevant definitions in the kolla config files. When appropriate, I also post some characteristics of the deployment which follow from these configurations ... (more)

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2017-02-27 12:56:17 -0600

Coder LOL gravatar image

I deployed Kolla/newton/3.0.2 AIO to a baremetal Ubuntu 16.04.2 with 2 NICs. From the baremetal host, I cannot ssh nor ping my cirros instance. The cirros instance is deployed on the public1 network with IP: 10.0.2.156 Any idea? All help would be greatly appreciated. Thanks...

Here is the cirros log: info: initramfs: up at 2.25 GROWROOT: CHANGED: partition=1 start=16065 old: size=64260 end=80325 new: size=2072385,end=2088450 info: initramfs loading root from /dev/vda1 info: /etc/init.d/rc.sysinit: up at 3.58 info: container: none Starting logging: OK modprobe: module virtio_blk not found in modules.dep modprobe: module virtio_net not found in modules.dep WARN: /etc/rc3.d/S10-load-modules failed Initializing random number generator... done. Starting acpid: OK cirros-ds 'local' up at 5.66 no results found for mode=local. up 6.07. searched: nocloud configdrive ec2 Starting network... udhcpc (v1.20.1) started Sending discover... Sending discover... Sending discover... Usage: /sbin/cirros-dhcpc <up|down> No lease, failing WARN: /etc/rc3.d/S40-network failed cirros-ds 'net' up at 187.08 checking http://169.254.169.254/2009-04-04/instance-id (http://169.254.169.254/2009-04-04/ins...) failed 1/20: up 187.27. request failed failed 2/20: up 189.59. request failed failed 3/20: up 191.79. request failed failed 4/20: up 194.03. request failed failed 5/20: up 196.24. request failed failed 6/20: up 198.51. request failed failed 7/20: up 200.68. request failed failed 8/20: up 202.92. request failed failed 9/20: up 205.13. request failed failed 10/20: up 207.37. request failed failed 11/20: up 209.59. request failed failed 12/20: up 211.81. request failed failed 13/20: up 214.13. request failed failed 14/20: up 216.29. request failed failed 15/20: up 218.48. request failed failed 16/20: up 220.67. request failed failed 17/20: up 222.85. request failed failed 18/20: up 225.04. request failed failed 19/20: up 227.28. request failed failed 20/20: up 229.45. request failed failed to read iid from metadata. tried 20 no results found for mode=net. up 231.66. searched: nocloud configdrive ec2 failed to get instance-id of datasource Starting dropbear sshd: generating rsa key... generating dsa key... OK === system information === Platform: OpenStack Foundation OpenStack Nova Container: none Arch: x86_64 CPU(s): 1 @ 2593.665 MHz Cores/Sockets/Threads: 1/1/1 Virt-type: RAM Size: 491MB Disks: NAME MAJ:MIN SIZE LABEL MOUNTPOINT vda 253:0 1073741824 </up|down>
vda1 253:1 1061061120 cirros-rootfs / === sshd host keys ===

========

The bare metal host ifconfig -a

br-ex Link encap:Ethernet HWaddr 00:1e:67:5a:6d:16 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:19 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 ... (more)

edit flag offensive delete link more
add a comment
0

answered 2016-12-08 17:35:14 -0600

sayantani.goswami gravatar image

You need a second NIC on the Controller node for external_network_interface used by neutron.

edit flag offensive delete link more

Comments

Hi, Does the second NIC has any requirements? for example, in a dhcp network, or any connected network is ok?

cshuo gravatar imagecshuo ( 2017-06-21 07:26:35 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-11-22 16:36:46 -0600

Seen: 1,196 times

Last updated: Dec 08 '16

Related questions

Mitaka: Connectivity with VM is not stable, What to do?

ERROR neutron.notifiers.nova [-] Failed to notify nova on events

Opendaylight, Neutron, & Kolla

No valid host was found, There are not enough hosts available ERROR nova.compute.manager Instance failed network setup after 1 attempts(s) in openstack mitaka

make br-ex use vxlan like br-tun

How to fix my kolla-ansible -i multinode bootstrap-servers from FAILING??

port security impact on fragmentation

Pulling kolla toolbox image task fails

TypeError: push() got an unexpected keyword argument 'insecure_registry'

Need help building my kolla images...tox -e genconfig error