Aaron, It really works after I add the icmp rule for my second tenant. Thanks for your help!
Leon From: Aaron Rosen [mailto:aro...@nicira.com] Sent: 2013年6月4日 10:37 To: Li, Leon Cc: openstack-operat...@lists.openstack.org; openstack@lists.launchpad.net (openstack@lists.launchpad.net) Subject: Re: [Openstack] [Quantum] second tenant's several VMs' floating ip can't be accessed. You are probably running quantum commands as an admin user that's why you got the error: Multiple security_group matches found for name 'default', use an ID to be more specific. If you run quantum security-group-list and then: quantum security-group-rule-create --protocol icmp --direction ingress <group_uuid> for each default security group. I'm guessing the security group for your second tenant does not have this rule as I don't see two icmp rules in the security-group-rule-list output you pasted. Aaron On Mon, Jun 3, 2013 at 7:05 PM, Li, Leon <leon....@emc.com<mailto:leon....@emc.com>> wrote: Aaron, Thanks for helping. Actually I already have had this rule: (quantum) security-group-rule-list +--------------------------------------+----------------+-----------+----------+------------------+--------------+ | id | security_group | direction | protocol | remote_ip_prefix | remote_group | +--------------------------------------+----------------+-----------+----------+------------------+--------------+ | 1a5867db-864b-4ae9-a423-092f3c25d710 | default | ingress | | | default | | 5449c312-00ba-4625-813f-1d7f06bb8259 | default | ingress | tcp | 0.0.0.0/0<http://0.0.0.0/0> | | | 59166d99-0901-4c58-8bf3-ff46cfd4bb01 | default | egress | | | | | 79708fb2-50b1-4c7b-82a5-5cd0275603ad | default | egress | | | | | 940a2743-859a-444c-9c3c-0204995e87ba | default | ingress | | | default | | a7812053-a913-4288-bbd3-c5f225f38d13 | default | ingress | | | default | | b160a8cf-7ca0-4da6-b238-68315b199314 | default | egress | | | | | bce886e7-74d2-46bc-aba6-5928a17b2c74 | default | ingress | | | default | | c3ccbe23-5d44-4cbc-991d-a5df29aa5300 | default | ingress | | | default | | c86af4d4-d6eb-4b15-a23c-1d84d8b27716 | default | egress | | | | | c9b96941-c652-4b24-9162-4a1dcd999088 | default | ingress | icmp | 0.0.0.0/0<http://0.0.0.0/0> | | | dd26aab7-7641-4ad8-ac53-fe443f41ab5f | default | ingress | | | default | | f87eeaea-4b97-4995-968e-34f127d09bd3 | default | egress | | | | | fc7d35d0-d2b6-4df1-a03b-ca28c5e5c487 | default | egress | | | | +--------------------------------------+----------------+-----------+----------+------------------+--------------+ (quantum) security-group-rule-create --protocol icmp --direction ingress default Multiple security_group matches found for name 'default', use an ID to be more specific. (quantum) Actualy my first tenant’s several VMs don’t have network issue. Can ping their’s floating IP from Internet. However my second tenant’s several VMs have same network issue: can ping Internet from vm, but can’t ping their floating IP from Internet. Leon From: Aaron Rosen [mailto:aro...@nicira.com<mailto:aro...@nicira.com>] Sent: 2013年6月4日 9:03 To: Li, Leon Cc: openstack-operat...@lists.openstack.org<mailto:openstack-operat...@lists.openstack.org>; openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net> (openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>) Subject: Re: [Openstack] [Quantum] second tenant VM's floating ip can't be accessed. Hi Li, If you can ping out to the internet from your second vm but not back in it's most likely related to security groups. I'd try running: quantum security-group-rule-create --protocol icmp --direction ingress default and see if that allows ping from the internet to be received. Aaron On Mon, Jun 3, 2013 at 2:43 AM, Li, Leon <leon....@emc.com<mailto:leon....@emc.com>> wrote: Hi all, I set up an openstack recently. My first tenant’s VMs’ floating IP work fine. All of them is pingable from “Internet”. However on second tenant, via GUI or CLI I can successfully assign floating IPs to VMs, but they are not pingable. Meanwhile, I can ping Internet from VM’s private network(IP). My environment: Grizzly. Quantum. 3 physical servers. One is controller; one is network; and the other is compute node. GRE tunnel. Anyone has idea? Thanks for your help. Leon _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net> Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
