Openstack 无法ping/ssh实例
我已经使用Devstack(一体机)成功地安装了带有中子的openstack实例。现在我有了一组IPv4地址,我需要将它们作为浮动IP分配给我的实例,并使它们能够从主机外部ping/ssable 虽然我可以将预期的IP作为浮动IP分配给我的实例,但它们在主机内部和外部都不可ping。我修改了安全组规则以允许SSH和PING。以下是我的网络详细信息-Openstack 无法ping/ssh实例,openstack,devstack,openstack-neutron,floating-ip,Openstack,Devstack,Openstack Neutron,Floating Ip,我已经使用Devstack(一体机)成功地安装了带有中子的openstack实例。现在我有了一组IPv4地址,我需要将它们作为浮动IP分配给我的实例,并使它们能够从主机外部ping/ssable 虽然我可以将预期的IP作为浮动IP分配给我的实例,但它们在主机内部和外部都不可ping。我修改了安全组规则以允许SSH和PING。以下是我的网络详细信息- stack@tanmoy:/etc/init.d$ neutron net-list +------------------------------
stack@tanmoy:/etc/init.d$ neutron net-list
+--------------------------------------+-----------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+-----------+------------------------------------------------------+
| 1566fc4f-60a9-4170-b860-333a264f22d8 | my-public | 101675c6-7c92-4ea0-b361-7cade98fa5a2 10.158.XXX.0/24 |
| be6f76d4-954f-475e-853e-adb860508e9c | public | 0604470a-761e-4913-998c-cc5413dcd5a6 172.24.4.0/24 |
| e816c35f-45a0-446b-b3ff-ca3196c98eb2 | private | f4d617a7-e250-45fa-bb0a-95290cfafb20 10.0.0.0/24 |
+--------------------------------------+-----------+------------------------------------------------------+
stack@tanmoy:/etc/init.d$ neutron subnet-list
+--------------------------------------+----------------+-----------------+----------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+----------------+-----------------+----------------------------------------------------+
| 0604470a-761e-4913-998c-cc5413dcd5a6 | public-subnet | 172.24.4.0/24 | {"start": "172.24.4.2", "end": "172.24.4.254"} |
| 101675c6-7c92-4ea0-b361-7cade98fa5a2 | ipcloud-dev | 10.158.XXX.0/24 | {"start": "10.158.XXX.56", "end": "10.158.XXX.62"} |
| f4d617a7-e250-45fa-bb0a-95290cfafb20 | private-subnet | 10.0.0.0/24 | {"start": "10.0.0.2", "end": "10.0.0.254"} |
+--------------------------------------+----------------+-----------------+----------------------------------------------------+
stack@tanmoy:/etc/init.d$ neutron router-list
+--------------------------------------+--------------+-----------------------------------------------------------------------------+
| id | name | external_gateway_info |
+--------------------------------------+--------------+-----------------------------------------------------------------------------+
| 811a483a-6faf-4dad-9d28-d51aa9530691 | ExternalLink | {"network_id": "1566fc4f-60a9-4170-b860-333a264f22d8", "enable_snat": true} |
| f71a6574-75c8-424e-ab57-ff0f9a20ef54 | router1 | {"network_id": "be6f76d4-954f-475e-853e-adb860508e9c", "enable_snat": true} |
+--------------------------------------+--------------+-----------------------------------------------------------------------------+
My security rules are as follows -
stack@tanmoy:$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 443 | 443 | 0.0.0.0/0 | |
| | | | | default |
| | | | | default |
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 80 | 80 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
stack@tanmoy:/var/log$ sudo ip netns exec qrouter-f71a6574-75c8-424e-ab57-ff0f9a20ef54 ping 10.158.XXX.60
PING 10.158.XXX.60 (10.158.XXX.60) 56(84) bytes of data.
From 10.158.XXX.71 icmp_seq=1 Destination Host Unreachable
如果我遗漏了什么,请告诉我。检查br ex是否有ip地址?如果没有分配172.24.4.1 ip地址,请尝试pining。我认为br ex不应该为其分配ip地址。我有一个集所有功能于一体的设置,但是是手动构建的。我注意到您定义了两个路由器。当您尝试通过ip网络ping时,您使用的是router1的名称空间。但是,如果我正确解释了您的中子路由器列表命令,则此路由器未连接到外部网络10.158.XXX.0。尝试从其他路由器命名空间执行ip网络ping 以下是我的设置,似乎可以正常工作:
root@columbo:~# ifconfig br-ex
br-ex Link encap:Ethernet HWaddr 08:00:27:f9:7b:07
inet6 addr: fe80::a83d:11ff:fe5e:b595/64 Scope:Link
inet6 addr: fd17:625c:f037:1064:19a0:c74a:caf0:b3bd/64 Scope:Global
inet6 addr: fd17:625c:f037:1064:a00:27ff:fef9:7b07/64 Scope:Global
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:29 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2454 (2.4 KB) TX bytes:924 (924.0 B)
root@columbo:~# neutron net-list
+--------------------------------------+---------------+----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------------+----------------------------------------------------+
| 120a6fde-7e2d-4856-90ee-5609a5f3035f | SecondVlan | 5432f1c9-0bb6-4619-b897-65d301071f72 5.5.5.0/25 |
| f2597437-a005-44ad-9ce2-168fbc331e56 | outside_world | 3fe35e71-53d7-4432-8c82-a06856b79316 |
| b7ab2080-a71a-44f6-9f66-fde526bb73d3 | SERVER_VLAN_1 | 87d769f1-5cf3-48cf-8741-44a01479ff3e 10.255.1.0/24 |
+--------------------------------------+---------------+----------------------------------------------------+
root@columbo:~# nova list
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+
| 624c747f-520c-4215-acac-aaa41eef2815 | CIRROSone | SHUTOFF | - | Shutdown | SERVER_VLAN_1=10.255.1.12 |
| 6529c62c-0754-4cc6-a012-e77e71795eb1 | CIRROSone | ACTIVE | - | Running | SERVER_VLAN_1=10.255.1.15, 172.16.100.51 |
| 7784c6ed-eea8-49c9-a312-8c40a77c1758 | CIRROStwo | ACTIVE | powering-off | Running | SERVER_VLAN_1=10.255.1.14 |
| 7b6bfc23-f0df-4c40-b558-f8e4bb71028f | UBUNTUone | SHUTOFF | - | Shutdown | SERVER_VLAN_1=10.255.1.13 |
| 5c06344c-d5c1-4c0c-b074-c9a30e34759d | UBUNTUtwo | SHUTOFF | - | Shutdown | SecondVlan=5.5.5.2 |
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+
root@columbo:~# ip netns exec qrouter-e53979a8-8bab-4da5-9b57-58dba6d5db7b ping 172.16.100.51
PING 172.16.100.51 (172.16.100.51) 56(84) bytes of data.
64 bytes from 172.16.100.51: icmp_seq=1 ttl=64 time=5.68 ms
64 bytes from 172.16.100.51: icmp_seq=2 ttl=64 time=1.86 ms
^C
--- 172.16.100.51 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.866/3.776/5.687/1.911 ms
我希望这会有所帮助。允许所有端口(TCP/UDP/ICMP)并尝试执行telnet和ping。如果从内部实例执行,请使用内部IP。试试看,然后告诉我们结果。我允许所有端口。请参阅上面的nova secgroup列表规则默认部分。在创建ipcloud dev子网时是否启用了DHCP?尝试
openstack子网设置ipcloud dev--dhcproot@columbo:~# nova list
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+
| 624c747f-520c-4215-acac-aaa41eef2815 | CIRROSone | SHUTOFF | - | Shutdown | SERVER_VLAN_1=10.255.1.12 |
| 6529c62c-0754-4cc6-a012-e77e71795eb1 | CIRROSone | ACTIVE | - | Running | SERVER_VLAN_1=10.255.1.15, 172.16.100.51 |
| 7784c6ed-eea8-49c9-a312-8c40a77c1758 | CIRROStwo | ACTIVE | powering-off | Running | SERVER_VLAN_1=10.255.1.14 |
| 7b6bfc23-f0df-4c40-b558-f8e4bb71028f | UBUNTUone | SHUTOFF | - | Shutdown | SERVER_VLAN_1=10.255.1.13 |
| 5c06344c-d5c1-4c0c-b074-c9a30e34759d | UBUNTUtwo | SHUTOFF | - | Shutdown | SecondVlan=5.5.5.2 |
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+
root@columbo:~# ip netns exec qrouter-e53979a8-8bab-4da5-9b57-58dba6d5db7b ping 172.16.100.51
PING 172.16.100.51 (172.16.100.51) 56(84) bytes of data.
64 bytes from 172.16.100.51: icmp_seq=1 ttl=64 time=5.68 ms
64 bytes from 172.16.100.51: icmp_seq=2 ttl=64 time=1.86 ms
^C
--- 172.16.100.51 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.866/3.776/5.687/1.911 ms