On 11/19/2014 05:45 PM, Mark Kirkwood wrote: > Hi, > > I have a small multi host devstack setup running from from 2 Ubuntu 14.04 > hosts > (themselves VMs): > - controller node (stack1) running everything except compute > - compute node (stack2) running compute only > > If I amend the default security group to allow ping and start a VM: > > stack1 $ neutron security-group-rule-create --protocol icmp --direction > ingress > default > stack1 $ nova boot --image cirros-0.3.2-x86_64-uec --flavor 1 cirros0 > stack1 $ nova list > +--------------------------------------+---------+--------+------------+-------------+------------------+ > > | ID | Name | Status | Task State | Power > State | Networks | > +--------------------------------------+---------+--------+------------+-------------+------------------+ > > | 2bebd3c2-0bab-41b7-b0dd-555b49fd147a | cirros0 | ACTIVE | - | > Running | private=10.0.0.2 | > +--------------------------------------+---------+--------+------------+-------------+------------------+ > > > stack1 $ ping 10.0.0.2 > PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. > 64 bytes from 10.0.0.2: icmp_seq=1 ttl=63 time=2.99 ms > > > But from the compute node: > > stack2 $ ping 10.0.0.2 > (hangs) > > It looks like I'm missing a route or nat rule of some kind: > > stack1 $ route > $ route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > default 192.168.122.1 0.0.0.0 UG 0 0 0 eth0 > 10.0.0.0 172.24.4.2 255.255.255.0 UG 0 0 0 br-ex > 172.24.4.0 * 255.255.255.0 U 0 0 0 br-ex > 192.168.122.0 * 255.255.255.0 U 0 0 0 eth0
If you look in the lib/neutron file in the devstack directory, you'll see it's doing a 'route add' for this, and from what you've shown it's only on the network node. I'd almost argue it shouldn't be doing this at all since that is supposed to be a tenant private network, but I digress. The best thing for you to do would be to add a floating IP to the instance, which should be in the correct subnet range to work, but I think you'll still need to add a network route for it as well, you just won't need the additional route for the 10.0.0.0 network. Sorry, it's been a while since I setup a multi-host devstack. -Brian _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
