diablo: no access via floating ip

Asked by Michael Hempel

hi,
I've setup openstack with flat_dhcp according the instructions on devstack (http://devstack.org/guides/single-machine.html).
I can spin up machines via dashboard and access them from the host via the fixed-range ip, the virtual instances have connectivity to the outside as well. But if I assign them a public IP from the floating range I can't ping them. We traced traffic and see that it even reaches the bridge, just the final hop is missing...
I tried running

euca-authorize -P icmp -t -1:-1 default
euca-authorize -P tcp -p 22 default

but these commands failed, because auth is handled by keystone and I don't find documentation on getting euca2ools authorized with that.
I setup with:

FLOATING_RANGE=192.168.250.64/26
FIXED_RANGE=10.0.0.0/24

and have the following nova.conf:

--verbose
--nodaemon
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
--dhcpbridge_flagfile=/opt/stack/nova/bin/nova.conf
--network_manager=nova.network.manager.FlatDHCPManager
--my_ip=192.168.250.25
--public_interface=eth0
--vlan_interface=eth0
--sql_connection=mysql://root:XXX@localhost/nova
--libvirt_type=kvm
--osapi_extensions_path=/opt/stack/openstackx/extensions
--vncproxy_url=http://192.168.250.25:6080
--vncproxy_wwwroot=/opt/stack/noVNC/
--api_paste_config=/opt/stack/keystone/examples/paste/nova-api-paste.ini
--image_service=nova.image.glance.GlanceImageService
--ec2_dmz_host=192.168.250.25
--rabbit_host=localhost
--rabbit_password=3860016f488ca195e5747587
--glance_api_servers=192.168.250.25:9292
--flat_network_bridge=br100
--flat_interface=eth0
--multi_host=0

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Solved by:
Vish Ishaya
Solved:
Last query:
Last reply:
Revision history for this message
Best Vish Ishaya (vishvananda) said :
#1

You should be able to set up security groups through the dashboard.

On Oct 10, 2011, at 5:45 AM, Michael Hempel wrote:

> New question #173821 on OpenStack Compute (nova):
> https://answers.launchpad.net/nova/+question/173821
>
> hi,
> I've setup openstack with flat_dhcp according the instructions on devstack (http://devstack.org/guides/single-machine.html).
> I can spin up machines via dashboard and access them from the host via the fixed-range ip, the virtual instances have connectivity to the outside as well. But if I assign them a public IP from the floating range I can't ping them. We traced traffic and see that it even reaches the bridge, just the final hop is missing...
> I tried running
>
> euca-authorize -P icmp -t -1:-1 default
> euca-authorize -P tcp -p 22 default
>
> but these commands failed, because auth is handled by keystone and I don't find documentation on getting euca2ools authorized with that.
> I setup with:
>
> FLOATING_RANGE=192.168.250.64/26
> FIXED_RANGE=10.0.0.0/24
>
> and have the following nova.conf:
>
> --verbose
> --nodaemon
> --scheduler_driver=nova.scheduler.simple.SimpleScheduler
> --dhcpbridge_flagfile=/opt/stack/nova/bin/nova.conf
> --network_manager=nova.network.manager.FlatDHCPManager
> --my_ip=192.168.250.25
> --public_interface=eth0
> --vlan_interface=eth0
> --sql_connection=mysql://root:XXX@localhost/nova
> --libvirt_type=kvm
> --osapi_extensions_path=/opt/stack/openstackx/extensions
> --vncproxy_url=http://192.168.250.25:6080
> --vncproxy_wwwroot=/opt/stack/noVNC/
> --api_paste_config=/opt/stack/keystone/examples/paste/nova-api-paste.ini
> --image_service=nova.image.glance.GlanceImageService
> --ec2_dmz_host=192.168.250.25
> --rabbit_host=localhost
> --rabbit_password=3860016f488ca195e5747587
> --glance_api_servers=192.168.250.25:9292
> --flat_network_bridge=br100
> --flat_interface=eth0
> --multi_host=0
>
>
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

Revision history for this message
Michael Hempel (otaku) said :
#2

Thanks Vish Ishaya, that solved my question.