OpenStack Compute (nova)

Problems with VM network

Asked by Nickolas Olazabal

Hi everyone.
I have issues with networking of the instances. I'm running openstack (nova, glance, dashbord) in a single server configuration.
I used https://github.com/elasticdog/OpenStack-NOVA-Installer-Script/raw/master/nova - for Nova installation (glance, dashboard - manual install). For the reason that I can add images to Glance from command line, and then could run instances in Dashboard from added images I could suggest that all is installed properly. The VM instances state are "Running". After all i find out that I couldn't connect to my instances. Where I can start finding what is wrong with network?

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Nickolas Olazabal (nickolas-olazabal) said : 		#1

My nova config:

--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--verbose
--s3_host=192.168.160.28
--rabbit_host=192.168.160.28
--cc_host=192.168.160.28
--ec2_url=http://192.168.160.28:8773/services/Cloud
--fixed_range=172.16.0.0/12
--network_size=256
--FAKE_subdomain=ec2
--routing_source_ip=192.168.160.28
--verbose
--sql_connection=mysql://root:rke,ybrf@192.168.160.28/nova
--network_manager=nova.network.manager.FlatDHCPManager
--flat_network_dhcp_start=172.16.132.10
--flat_interface=eth0
--flat_injected=False
--glance_host=192.168.160.28
--image_service=nova.image.glance.GlanceImageService

Revision history for this message
Nickolas Olazabal (nickolas-olazabal) said : 		#2

ifconfig

br100 Link encap:Ethernet HWaddr 00:22:4d:47:ce:ea
          inet addr:172.16.132.1 Bcast:172.16.132.7 Mask:255.255.255.248
          inet6 addr: fe80::d43a:57ff:fe4e:89b3/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
          RX packets:1382929 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13982 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:116072818 (116.0 MB) TX bytes:5473461 (5.4 MB)

eth0 Link encap:Ethernet HWaddr 00:22:4d:47:ce:ea
          inet6 addr: fe80::222:4dff:fe47:ceea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:1508516 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24849 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:148791419 (148.7 MB) TX bytes:8636826 (8.6 MB)
          Interrupt:20 Memory:88400000-88420000

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:87104826 errors:0 dropped:0 overruns:0 frame:0
          TX packets:87104826 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7048356308 (7.0 GB) TX bytes:7048356308 (7.0 GB)

virbr0 Link encap:Ethernet HWaddr 56:df:01:7e:ff:f3
          inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

vnet0 Link encap:Ethernet HWaddr fe:16:3e:20:db:ce
          inet6 addr: fe80::fc16:3eff:fe20:dbce/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:378 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B) TX bytes:52617 (52.6 KB)

Revision history for this message
Nickolas Olazabal (nickolas-olazabal) said : 		#3

iptables-save

# Generated by iptables-save v1.4.10 on Mon May 16 14:15:37 2011
*nat
:PREROUTING ACCEPT [204:30221]
:INPUT ACCEPT [7:629]
:OUTPUT ACCEPT [42:2568]
:POSTROUTING ACCEPT [212:28741]
:nova-compute-OUTPUT - [0:0]
:nova-compute-POSTROUTING - [0:0]
:nova-compute-PREROUTING - [0:0]
:nova-compute-floating-snat - [0:0]
:nova-compute-snat - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-POSTROUTING - [0:0]
:nova-network-PREROUTING - [0:0]
:nova-network-floating-snat - [0:0]
:nova-network-snat - [0:0]
:nova-postrouting-bottom - [0:0]
-A PREROUTING -j nova-compute-PREROUTING
-A PREROUTING -j nova-network-PREROUTING
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A POSTROUTING -j nova-compute-POSTROUTING
-A POSTROUTING -j nova-network-POSTROUTING
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -j nova-postrouting-bottom
-A nova-compute-snat -j nova-compute-floating-snat
-A nova-network-POSTROUTING -s 172.16.0.0/12 -d 10.128.0.0/24 -j ACCEPT
-A nova-network-POSTROUTING -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT
-A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.160.28:8773
-A nova-network-snat -j nova-network-floating-snat
-A nova-network-snat -s 172.16.0.0/12 -j SNAT --to-source 192.168.160.28
-A nova-postrouting-bottom -j nova-compute-snat
-A nova-postrouting-bottom -j nova-network-snat
COMMIT
# Completed on Mon May 16 14:15:37 2011
# Generated by iptables-save v1.4.10 on Mon May 16 14:15:37 2011
*mangle
:PREROUTING ACCEPT [978747:84150720]
:INPUT ACCEPT [977235:83915622]
:FORWARD ACCEPT [10843:1610293]
:OUTPUT ACCEPT [973316:84473312]
:POSTROUTING ACCEPT [984159:86083605]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Mon May 16 14:15:37 2011
# Generated by iptables-save v1.4.10 on Mon May 16 14:15:37 2011
*filter
:INPUT ACCEPT [51922:4567636]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [51702:4640910]
:nova-compute-FORWARD - [0:0]
:nova-compute-INPUT - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-inst-13 - [0:0]
:nova-compute-local - [0:0]
:nova-compute-sg-fallback - [0:0]
:nova-filter-top - [0:0]
:nova-network-FORWARD - [0:0]
:nova-network-INPUT - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-local - [0:0]
-A INPUT -j nova-compute-INPUT
-A INPUT -j nova-network-INPUT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -j nova-filter-top
-A FORWARD -j nova-compute-FORWARD
-A FORWARD -j nova-network-FORWARD
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j nova-filter-top
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A nova-compute-FORWARD -i br100 -j ACCEPT
-A nova-compute-FORWARD -o br100 -j ACCEPT
-A nova-compute-inst-13 -m state --state INVALID -j DROP
-A nova-compute-inst-13 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-13 -s 172.16.132.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-13 -s 172.16.132.0/24 -j ACCEPT
-A nova-compute-inst-13 -j nova-compute-sg-fallback
-A nova-compute-local -d 172.16.132.2/32 -j nova-compute-inst-13
-A nova-compute-sg-fallback -j DROP
-A nova-filter-top -j nova-compute-local
-A nova-filter-top -j nova-network-local
-A nova-network-FORWARD -i br100 -j ACCEPT
-A nova-network-FORWARD -o br100 -j ACCEPT
COMMIT
# Completed on Mon May 16 14:15:37 2011

Revision history for this message
Nickolas Olazabal (nickolas-olazabal) said : 		#4

(on eof instances log)

2011-05-16 14:12:34.039: starting up
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.14 -enable-kvm -m 512 -smp 1,sockets=1,cores=1,threads=1 -name instance-0000000d -uuid 02a80ac4-95f1-4adc-9767-4e7453602814 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/instance-0000000d.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=readline -rtc base=utc -boot c -drive file=/var/lib/nova/instances/instance-0000000d/disk,if=none,id=drive-virtio-disk0,boot=on,format=qcow2 -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,fd=17,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=02:16:3e:20:db:ce,bus=pci.0,addr=0x3 -chardev file,id=charserial0,path=/var/lib/nova/instances/instance-0000000d/console.log -device isa-serial,chardev=charserial0,id=serial0 -chardev pty,id=charserial1 -device isa-serial,chardev=charserial1,id=serial1 -usb -vnc 0.0.0.0:0 -k en-us -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5
char device redirected to /dev/pts/2
Read failed

Revision history for this message
Nickolas Olazabal (nickolas-olazabal) said : 		#5

/var/lib/nova/instances/instance-0000000d/console.log - CLEAN

Revision history for this message
Nickolas Olazabal (nickolas-olazabal) said : 		#6

euca-describe-instances

RESERVATION r-hrngqdk8 OMF2 default
INSTANCE i-0000000e ami-00000001 172.16.132.4 172.16.132.4 running key2011 (OMF2, U114S) 0 m1.tiny 2011-05-16T11:25:23Z nova
RESERVATION r-qpogpp27 OMF2 default
INSTANCE i-0000000f ami-00000001 172.16.132.2 172.16.132.2 running key2011 (OMF2, U114S) 0 m1.tiny 2011-05-16T11:28:33Z nova

Revision history for this message
Nickolas Olazabal (nickolas-olazabal) said : 		#7

ping 172.16.132.4
PING 172.16.132.4 (172.16.132.4) 56(84) bytes of data.
From 172.16.132.1 icmp_seq=1 Destination Host Unreachable
From 172.16.132.1 icmp_seq=2 Destination Host Unreachable
From 172.16.132.1 icmp_seq=3 Destination Host Unreachable
From 172.16.132.1 icmp_seq=5 Destination Host Unreachable
From 172.16.132.1 icmp_seq=6 Destination Host Unreachable
From 172.16.132.1 icmp_seq=7 Destination Host Unreachable
From 172.16.132.1 icmp_seq=8 Destination Host Unreachable
From 172.16.132.1 icmp_seq=9 Destination Host Unreachable

ssh 172.16.132.4
ssh: connect to host 172.16.132.4 port 22: No route to host

Revision history for this message
Nickolas Olazabal (nickolas-olazabal) said : 		#8

cat /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 192.168.160.28
    netmask 255.255.255.0
    network 192.168.160.0
    broadcast 192.168.160.255
    gateway 192.168.160.1
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 8.8.8.8 192.168.2.3
    dns-search ddns.myserver.com

Revision history for this message
Nickolas Olazabal (nickolas-olazabal) said : 		#9

euca-describe-group

GROUP OMF default default
PERMISSION OMF default ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
PERMISSION OMF default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0

Revision history for this message
Nickolas Olazabal (nickolas-olazabal) said : 		#10

ps aux|grep -i dnsmasq

nobody 31985 0.0 0.0 23184 1144 ? S 14:26 0:00 dnsmasq --strict-order --bind-interfaces --conf-file= --domain=novalocal --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=172.16.132.1 --except-interface=lo --dhcp-range=172.16.132.10,static,120s --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro
root 31986 0.0 0.0 23052 408 ? S 14:26 0:00 dnsmasq --strict-order --bind-interfaces --conf-file= --domain=novalocal --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=172.16.132.1 --except-interface=lo --dhcp-range=172.16.132.10,static,120s --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro

Revision history for this message
Vish Ishaya (vishvananda) said : 		#11

Your DHCP start ends in .10 but nova is assigning .2+ You will probably have to either switch the start address to .2 or edit the database and set reserved=1 for .2 - .9 so nova doesn't give them out.

Vish

On May 16, 2011, at 8:41 AM, Nickolas Olazabal wrote:

> Question #157719 on OpenStack Compute (nova) changed:
> https://answers.launchpad.net/nova/+question/157719
>
> Nickolas Olazabal gave more information on the question:
> ps aux|grep -i dnsmasq
>
> nobody 31985 0.0 0.0 23184 1144 ? S 14:26 0:00 dnsmasq --strict-order --bind-interfaces --conf-file= --domain=novalocal --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=172.16.132.1 --except-interface=lo --dhcp-range=172.16.132.10,static,120s --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro
> root 31986 0.0 0.0 23052 408 ? S 14:26 0:00 dnsmasq --strict-order --bind-interfaces --conf-file= --domain=novalocal --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=172.16.132.1 --except-interface=lo --dhcp-range=172.16.132.10,static,120s --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

Can you help with this problem?

Provide an answer of your own, or ask Nickolas Olazabal for more information if necessary.

To post a message you must log in.