Fatal编程技术网
  • openstack/
  • Openstack juno中子带gre隧道,qrouter未ping vm,vm未从dhcp获取ip

Openstack juno中子带gre隧道,qrouter未ping vm,vm未从dhcp获取ip

openstack

Openstack juno中子带gre隧道,qrouter未ping vm,vm未从dhcp获取ip,openstack,openstack-nova,openstack-neutron,Openstack,Openstack Nova,Openstack Neutron,我有openstack juno设置的3节点架构 在控制器和计算机上一切正常。虚拟机正在创建和所有 但似乎我的网络节点和计算节点在数据网络上有一些问题,因为VM并没有从DHCP获取IP。另外,当我手动检查并将IP分配给vm时,它正在ping网关,而不是ping vm实例 qrouter配置正确,租户网络已连接到它。qrouter还将ping租户网络默认网关作为其唯一的接口之一 帮帮我,伙计们,我被困在这里不知道该怎么办。放置一些命令输出以获取详细信息: [root@network ~]# ip

我有openstack juno设置的3节点架构

在控制器和计算机上一切正常。虚拟机正在创建和所有

但似乎我的网络节点和计算节点在数据网络上有一些问题,因为VM并没有从DHCP获取IP。另外,当我手动检查并将IP分配给vm时,它正在ping网关,而不是ping vm实例

qrouter配置正确,租户网络已连接到它。qrouter还将ping租户网络默认网关作为其唯一的接口之一

帮帮我,伙计们,我被困在这里不知道该怎么办。放置一些命令输出以获取详细信息:

[root@network ~]# ip netns show
qdhcp-ade4d591-6016-4a11-8e07-6718340d673e
qrouter-99ed72a2-b69c-41f8-854e-4c6c8448f50d

[root@network ~]# ovs-vsctl show
c6e9b29e-9dac-4e74-a31a-c8cba6a8c977
Bridge br-tun
    fail_mode: secure
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port "gre-0a00011f"
        Interface "gre-0a00011f"
            type: gre
            options: {df_default="true", in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.31"}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port int-br-ex
        Interface int-br-ex
            type: patch
            options: {peer=phy-br-ex}
    Port "tap1c21fba3-49"
        tag: 1
        Interface "tap1c21fba3-49"
            type: internal
    Port "qr-d8ce18d8-96"
        tag: 1
        Interface "qr-d8ce18d8-96"
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
    Port br-int
        Interface br-int
            type: internal
Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port phy-br-ex
        Interface phy-br-ex
            type: patch
            options: {peer=int-br-ex}
    Port "eth1"
        Interface "eth1"
    Port "qg-3a032814-ae"
        Interface "qg-3a032814-ae"
            type: internal
ovs_version: "2.3.1"

[root@network ~]# ip netns exec qrouter-99ed72a2-b69c-41f8-854e-4c6c8448f50d iptables-save
# Generated by iptables-save v1.4.21 on Wed Sep  2 11:16:12 2015
*filter
:INPUT ACCEPT [9733:4197036]
:FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [34:2617]
:neutron-filter-top - [0:0]
:neutron-l3-agent-FORWARD - [0:0]
:neutron-l3-agent-INPUT - [0:0]
:neutron-l3-agent-OUTPUT - [0:0]
:neutron-l3-agent-local - [0:0]
-A INPUT -j neutron-l3-agent-INPUT
-A FORWARD -j neutron-filter-top
-A FORWARD -j neutron-l3-agent-FORWARD
-A OUTPUT -j neutron-filter-top
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A neutron-filter-top -j neutron-l3-agent-local
-A neutron-l3-agent-INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 9697 -j ACCEPT
COMMIT
# Completed on Wed Sep  2 11:16:12 2015
# Generated by iptables-save v1.4.21 on Wed Sep  2 11:16:12 2015
*nat
:PREROUTING ACCEPT [7984:630587]
:INPUT ACCEPT [173:20642]
:OUTPUT ACCEPT [16:1201]
:POSTROUTING ACCEPT [12:865]
:neutron-l3-agent-OUTPUT - [0:0]
:neutron-l3-agent-POSTROUTING - [0:0]
:neutron-l3-agent-PREROUTING - [0:0]
:neutron-l3-agent-float-snat - [0:0]
:neutron-l3-agent-snat - [0:0]
:neutron-postrouting-bottom - [0:0]
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-3a032814-ae ! -o qg-3a032814-ae -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 192.168.10.0/24 -j SNAT --to-source 135.249.88.101
-A neutron-postrouting-bottom -j neutron-l3-agent-snat
COMMIT
# Completed on Wed Sep  2 11:16:12 2015
# Generated by iptables-save v1.4.21 on Wed Sep  2 11:16:12 2015
*raw
:PREROUTING ACCEPT [17544:4806981]
:OUTPUT ACCEPT [34:2617]
:neutron-l3-agent-OUTPUT - [0:0]
:neutron-l3-agent-PREROUTING - [0:0]
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
COMMIT
# Completed on Wed Sep  2 11:16:12 2015
在计算节点上

[root@compute1 ~]# ovs-vsctl show
491cdefe-00ef-46ad-b4a8-5b57ac630968
Bridge br-int
    fail_mode: secure
    Port "qvoc4e1f1c6-dd"
        tag: 1
        Interface "qvoc4e1f1c6-dd"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
Bridge br-tun
    fail_mode: secure
    Port br-tun
        Interface br-tun
            type: internal
    Port "gre-0a000115"
        Interface "gre-0a000115"
            type: gre
            options: {df_default="true", in_key=flow, local_ip="10.0.1.31", out_key=flow, remote_ip="10.0.1.21"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
ovs_version: "2.3.1"
如果需要任何其他详细信息,请告诉我。

我得到了答案:配置中没有问题,一切正常。唯一的问题是
安全组上的规则:-默认值。

默认安全组规则不允许您从qrouter或qdhcp ping vm

因此,解决方案是要么为项目添加另一个具有适当规则的安全组,要么向默认安全组添加规则

我添加了以下两条无障碍规则:

Ingress IPv4    ICMP    -   0.0.0.0/0 (CIDR)
Egress  IPv4    ICMP    -   0.0.0.0/0 (CIDR)
这解决了我的问题,现在我可以从qrouter访问VM