Re: [Openstack] DHCP Request Failed on Ocata
For anyone out there facing similar issues my problem was due to the following line in /etc/sysconfig/iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited As soon all forward rules were permitted my problem has been solved. Best regards, G. I have installed on Ubuntu, so I don't files as /etc/sysconfig/iptables. Apart from the listed below DROP/REJECT rules there are no more of such rules. Regards, Manjunath -Original Message- From: Georgios Dimitrakakis [mailto:gior...@acmac.uoc.gr] Sent: Monday, 20 March, 2017 6:32 PM To: openstack@lists.openstack.org Subject: Re: [Openstack] DHCP Request Failed on Ocata Hello and thanks for providing the detailed iptables output. I don't believe that having initially "firewalld" enabled had any impact because (to my understanding) all rules are added when the services are restarted. So by rebooting the nodes everything should be OK which isn't. Can you tell me if in your "/etc/sysconfig/iptables" you have any other rules that DROP or REJECT packages? Best, G. On Mon, 20 Mar 2017 03:08:09 +, Warad, Manjunath (Nokia - SG) wrote: Here are my filter tables... I did a default installation of 1 controller and 1 compute following openstack install docs. I read through that the firewalld was not stopped during installation. I'm not sure if that could have cause some invalid insertions/deletions into iptables. Probably, you may want to consider re-installing controller and compute nodes with firewalld disabled in the beginning unless you have enough time to troubleshoot the problem. Controller Filter Table: Chain INPUT (policy ACCEPT) target prot opt source destination neutron-linuxbri-INPUT all -- anywhere anywhere nova-api-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination neutron-filter-top all -- anywhere anywhere neutron-linuxbri-FORWARD all -- anywhere anywhere nova-filter-top all -- anywhere anywhere nova-api-FORWARD all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination neutron-filter-top all -- anywhere anywhere neutron-linuxbri-OUTPUT all -- anywhere anywhere nova-filter-top all -- anywhere anywhere nova-api-OUTPUT all -- anywhere anywhere Chain neutron-filter-top (2 references) target prot opt source destination neutron-linuxbri-local all -- anywhere anywhere Chain neutron-linuxbri-FORWARD (1 references) target prot opt source destination Chain neutron-linuxbri-INPUT (1 references) target prot opt source destination Chain neutron-linuxbri-OUTPUT (1 references) target prot opt source destination Chain neutron-linuxbri-local (1 references) target prot opt source destination Chain neutron-linuxbri-sg-chain (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain neutron-linuxbri-sg-fallback (0 references) target prot opt source destination DROP all -- anywhere anywhere /* Default drop rule for unmatched traffic. */ Chain nova-api-FORWARD (1 references) target prot opt source destination Chain nova-api-INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere controller tcp dpt:8775 Chain nova-api-OUTPUT (1 references) target prot opt source destination Chain nova-api-local (1 references) target prot opt source destination Chain nova-filter-top (2 references) target prot opt source destination nova-api-local all -- anywhere anywhere Compute Filter Table: Chain INPUT (policy ACCEPT) target prot opt source destination neutron-linuxbri-INPUT all -- anywhere anywhere nova-compute-INPUT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps Chain FORWARD (policy ACCEPT) target prot opt source destination neutron-filter-top all -- anywhere anywhere neutron-linuxbri-FORWARD all -- anywhere anywhere nova-filter-top all -- anywhere anywhere nova-compute-FORWARD all -- anywhere anywhere ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT
Re: [Openstack] DHCP Request Failed on Ocata
I have installed on Ubuntu, so I don't files as /etc/sysconfig/iptables. Apart from the listed below DROP/REJECT rules there are no more of such rules. Regards, Manjunath -Original Message- From: Georgios Dimitrakakis [mailto:gior...@acmac.uoc.gr] Sent: Monday, 20 March, 2017 6:32 PM To: openstack@lists.openstack.org Subject: Re: [Openstack] DHCP Request Failed on Ocata Hello and thanks for providing the detailed iptables output. I don't believe that having initially "firewalld" enabled had any impact because (to my understanding) all rules are added when the services are restarted. So by rebooting the nodes everything should be OK which isn't. Can you tell me if in your "/etc/sysconfig/iptables" you have any other rules that DROP or REJECT packages? Best, G. On Mon, 20 Mar 2017 03:08:09 +, Warad, Manjunath (Nokia - SG) wrote: > Here are my filter tables... > I did a default installation of 1 controller and 1 compute following > openstack install docs. > > I read through that the firewalld was not stopped during > installation. I'm not sure if that could have cause some invalid > insertions/deletions into iptables. > Probably, you may want to consider re-installing controller and > compute nodes with firewalld disabled in the beginning unless you > have enough time to troubleshoot the problem. > > Controller Filter Table: > > Chain INPUT (policy ACCEPT) > target prot opt source destination > neutron-linuxbri-INPUT all -- anywhere anywhere > nova-api-INPUT all -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > neutron-filter-top all -- anywhere anywhere > neutron-linuxbri-FORWARD all -- anywhere anywhere > nova-filter-top all -- anywhere anywhere > nova-api-FORWARD all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > neutron-filter-top all -- anywhere anywhere > neutron-linuxbri-OUTPUT all -- anywhere anywhere > nova-filter-top all -- anywhere anywhere > nova-api-OUTPUT all -- anywhere anywhere > > Chain neutron-filter-top (2 references) > target prot opt source destination > neutron-linuxbri-local all -- anywhere anywhere > > Chain neutron-linuxbri-FORWARD (1 references) > target prot opt source destination > > Chain neutron-linuxbri-INPUT (1 references) > target prot opt source destination > > Chain neutron-linuxbri-OUTPUT (1 references) > target prot opt source destination > > Chain neutron-linuxbri-local (1 references) > target prot opt source destination > > Chain neutron-linuxbri-sg-chain (0 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > > Chain neutron-linuxbri-sg-fallback (0 references) > target prot opt source destination > DROP all -- anywhere anywhere /* > Default drop rule for unmatched traffic. */ > > Chain nova-api-FORWARD (1 references) > target prot opt source destination > > Chain nova-api-INPUT (1 references) > target prot opt source destination > ACCEPT tcp -- anywhere controller tcp > dpt:8775 > > Chain nova-api-OUTPUT (1 references) > target prot opt source destination > > Chain nova-api-local (1 references) > target prot opt source destination > > Chain nova-filter-top (2 references) > target prot opt source destination > nova-api-local all -- anywhere anywhere > > Compute Filter Table: > > Chain INPUT (policy ACCEPT) > target prot opt source destination > neutron-linuxbri-INPUT all -- anywhere anywhere > nova-compute-INPUT all -- anywhere anywhere > ACCEPT udp -- anywhere anywhere udp > dpt:domain > ACCEPT tcp -- anywhere anywhere tcp > dpt:domain > ACCEPT udp -- anywhere anywhere udp > dpt:bootps > ACCEPT tcp -- anywhere anywhere tcp > dpt:bootps > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > neutron-filter-top all -- anywhere anywhere > neutron-linuxbri-FORWARD all -- anywhere anywhere > nova-filter-top all -- anywhere anywhere > nova-comput
Re: [Openstack] DHCP Request Failed on Ocata
anywhere PHYSDEV match --physdev-in tapc2ae9c01-6b --physdev-is-bridged /* Jump to the VM specific chain. */ neutron-linuxbri-id0191424-8 all -- anywhere anywhere PHYSDEV match --physdev-out tapd0191424-88 --physdev-is-bridged /* Jump to the VM specific chain. */ neutron-linuxbri-od0191424-8 all -- anywhere anywhere PHYSDEV match --physdev-in tapd0191424-88 --physdev-is-bridged /* Jump to the VM specific chain. */ ACCEPT all -- anywhere anywhere Chain neutron-linuxbri-sg-fallback (6 references) target prot opt source destination DROP all -- anywhere anywhere /* Default drop rule for unmatched traffic. */ Chain nova-compute-FORWARD (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere Chain nova-compute-INPUT (1 references) target prot opt source destination Chain nova-compute-OUTPUT (1 references) target prot opt source destination Chain nova-compute-local (1 references) target prot opt source destination Chain nova-filter-top (2 references) target prot opt source destination nova-compute-local all -- anywhere anywhere Regards, Manjunath -Original Message- From: Georgios Dimitrakakis [mailto:gior...@acmac.uoc.gr] Sent: Sunday, 19 March, 2017 11:35 PM To: openstack@lists.openstack.org Subject: Re: [Openstack] DHCP Request Failed on Ocata Any ideas on this? Here are my firewall rules on Controller Node: #ALLOW ALL Compute Node -A INPUT -s $COMPUTE_NODE_IP/32 -p udp -j ACCEPT -A OUTPUT -d $COMPUTE_NODE_IP/32 -p udp -j ACCEPT -A INPUT -s $COMPUTE_NODE_IP/32 -p tcp -j ACCEPT -A OUTPUT -d $COMPUTE_NODE_IP/32 -p tcp -j ACCEPT #ALLOW ALL from-to Public Subnet -A INPUT -s $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A INPUT -s $PUBLIC_SUBNET/29 -p tcp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p tcp -j ACCEPT After these more rule are following for SSH (port 22) , HTTP (port 80) etc. Repsectively on Compute Node I have #ALLOW ALL Controller Node -A INPUT -s $CONTROLLER_NODE_IP/32 -p udp -j ACCEPT -A OUTPUT -d $CONTROLLER_NODE_IP/32 -p udp -j ACCEPT -A INPUT -s $CONTROLLER_NODE_IP/32 -p tcp -j ACCEPT -A OUTPUT -d $CONTROLLER_NODE_IP/32 -p tcp -j ACCEPT #ALLOW ALL from-to Public Subnet -A INPUT -s $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A INPUT -s $PUBLIC_SUBNET/29 -p tcp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p tcp -j ACCEPT After these more rule are following for SSH (port 22) , HTTP (port 80) etc. where on all the above: The $COMPUTE_NODE_IP is the static IP address of the compute node The $CONTROLLER_NODE_IP is the static IP address of the controller node The $PUBLIC_SUBNET is the subnet for the public IP addresses as defined by my provider The above rules are on the top of my IPTABLES files immediately after: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT while at the very end (after all the rules) I have: -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Using the above rules I believe that I have an open communication between the Controller, the Compute Node and the VMs. Obviously I am missing something...but what??? Can someone help me or share with me its firewall rules between a controller and a compute node?? Keeping the firewall disabled solves the problem and all VMs are getting IP addresses without a problem, but this is not desired. I really appreciate any help provided since I am puzzled for quiet a few days now with this Regards, G. I have also disabled completely the "firewalld" service and reverted back to "iptables" service but without success. No matter what I do my instances cannot get a DHCP address unless the firewall is "stopped". I 've tried to add the UDP ports 67-68 on the firewall but without success as well. What else should I do in order to be able to have "iptables" enabled for basic firewall functionality and at the same time my OpenStack environment to work without a problem? Any ideas??? Regards, G. On Mon, 13 Mar 2017 19:37:41 -0400, Mohammed Naser wrote: It causes problems for us so we uninstall and disable it on all compute nodes. yum -y remove firewalld Sent from my iPhone On Mar 13, 2017, at 5:58 PM, Geo
Re: [Openstack] DHCP Request Failed on Ocata
-linuxbri-o220f832a-a all -- anywhere anywhere PHYSDEV match --physdev-in tap220f832a-a0 --physdev-is-bridged /* Jump to the VM specific chain. */ neutron-linuxbri-ic2ae9c01-6 all -- anywhere anywhere PHYSDEV match --physdev-out tapc2ae9c01-6b --physdev-is-bridged /* Jump to the VM specific chain. */ neutron-linuxbri-oc2ae9c01-6 all -- anywhere anywhere PHYSDEV match --physdev-in tapc2ae9c01-6b --physdev-is-bridged /* Jump to the VM specific chain. */ neutron-linuxbri-id0191424-8 all -- anywhere anywhere PHYSDEV match --physdev-out tapd0191424-88 --physdev-is-bridged /* Jump to the VM specific chain. */ neutron-linuxbri-od0191424-8 all -- anywhere anywhere PHYSDEV match --physdev-in tapd0191424-88 --physdev-is-bridged /* Jump to the VM specific chain. */ ACCEPT all -- anywhere anywhere Chain neutron-linuxbri-sg-fallback (6 references) target prot opt source destination DROP all -- anywhere anywhere /* Default drop rule for unmatched traffic. */ Chain nova-compute-FORWARD (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere Chain nova-compute-INPUT (1 references) target prot opt source destination Chain nova-compute-OUTPUT (1 references) target prot opt source destination Chain nova-compute-local (1 references) target prot opt source destination Chain nova-filter-top (2 references) target prot opt source destination nova-compute-local all -- anywhere anywhere Regards, Manjunath -Original Message- From: Georgios Dimitrakakis [mailto:gior...@acmac.uoc.gr] Sent: Sunday, 19 March, 2017 11:35 PM To: openstack@lists.openstack.org Subject: Re: [Openstack] DHCP Request Failed on Ocata Any ideas on this? Here are my firewall rules on Controller Node: #ALLOW ALL Compute Node -A INPUT -s $COMPUTE_NODE_IP/32 -p udp -j ACCEPT -A OUTPUT -d $COMPUTE_NODE_IP/32 -p udp -j ACCEPT -A INPUT -s $COMPUTE_NODE_IP/32 -p tcp -j ACCEPT -A OUTPUT -d $COMPUTE_NODE_IP/32 -p tcp -j ACCEPT #ALLOW ALL from-to Public Subnet -A INPUT -s $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A INPUT -s $PUBLIC_SUBNET/29 -p tcp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p tcp -j ACCEPT After these more rule are following for SSH (port 22) , HTTP (port 80) etc. Repsectively on Compute Node I have #ALLOW ALL Controller Node -A INPUT -s $CONTROLLER_NODE_IP/32 -p udp -j ACCEPT -A OUTPUT -d $CONTROLLER_NODE_IP/32 -p udp -j ACCEPT -A INPUT -s $CONTROLLER_NODE_IP/32 -p tcp -j ACCEPT -A OUTPUT -d $CONTROLLER_NODE_IP/32 -p tcp -j ACCEPT #ALLOW ALL from-to Public Subnet -A INPUT -s $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A INPUT -s $PUBLIC_SUBNET/29 -p tcp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p tcp -j ACCEPT After these more rule are following for SSH (port 22) , HTTP (port 80) etc. where on all the above: The $COMPUTE_NODE_IP is the static IP address of the compute node The $CONTROLLER_NODE_IP is the static IP address of the controller node The $PUBLIC_SUBNET is the subnet for the public IP addresses as defined by my provider The above rules are on the top of my IPTABLES files immediately after: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT while at the very end (after all the rules) I have: -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Using the above rules I believe that I have an open communication between the Controller, the Compute Node and the VMs. Obviously I am missing something...but what??? Can someone help me or share with me its firewall rules between a controller and a compute node?? Keeping the firewall disabled solves the problem and all VMs are getting IP addresses without a problem, but this is not desired. I really appreciate any help provided since I am puzzled for quiet a few days now with this Regards, G. > I have also disabled completely the "firewalld" service and reverted > back to "iptables" service but without success. > > No matter what I do my instances
Re: [Openstack] DHCP Request Failed on Ocata
Any ideas on this? Here are my firewall rules on Controller Node: #ALLOW ALL Compute Node -A INPUT -s $COMPUTE_NODE_IP/32 -p udp -j ACCEPT -A OUTPUT -d $COMPUTE_NODE_IP/32 -p udp -j ACCEPT -A INPUT -s $COMPUTE_NODE_IP/32 -p tcp -j ACCEPT -A OUTPUT -d $COMPUTE_NODE_IP/32 -p tcp -j ACCEPT #ALLOW ALL from-to Public Subnet -A INPUT -s $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A INPUT -s $PUBLIC_SUBNET/29 -p tcp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p tcp -j ACCEPT After these more rule are following for SSH (port 22) , HTTP (port 80) etc. Repsectively on Compute Node I have #ALLOW ALL Controller Node -A INPUT -s $CONTROLLER_NODE_IP/32 -p udp -j ACCEPT -A OUTPUT -d $CONTROLLER_NODE_IP/32 -p udp -j ACCEPT -A INPUT -s $CONTROLLER_NODE_IP/32 -p tcp -j ACCEPT -A OUTPUT -d $CONTROLLER_NODE_IP/32 -p tcp -j ACCEPT #ALLOW ALL from-to Public Subnet -A INPUT -s $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p udp -j ACCEPT -A INPUT -s $PUBLIC_SUBNET/29 -p tcp -j ACCEPT -A OUTPUT -d $PUBLIC_SUBNET/29 -p tcp -j ACCEPT After these more rule are following for SSH (port 22) , HTTP (port 80) etc. where on all the above: The $COMPUTE_NODE_IP is the static IP address of the compute node The $CONTROLLER_NODE_IP is the static IP address of the controller node The $PUBLIC_SUBNET is the subnet for the public IP addresses as defined by my provider The above rules are on the top of my IPTABLES files immediately after: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT while at the very end (after all the rules) I have: -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Using the above rules I believe that I have an open communication between the Controller, the Compute Node and the VMs. Obviously I am missing something...but what??? Can someone help me or share with me its firewall rules between a controller and a compute node?? Keeping the firewall disabled solves the problem and all VMs are getting IP addresses without a problem, but this is not desired. I really appreciate any help provided since I am puzzled for quiet a few days now with this Regards, G. I have also disabled completely the "firewalld" service and reverted back to "iptables" service but without success. No matter what I do my instances cannot get a DHCP address unless the firewall is "stopped". I 've tried to add the UDP ports 67-68 on the firewall but without success as well. What else should I do in order to be able to have "iptables" enabled for basic firewall functionality and at the same time my OpenStack environment to work without a problem? Any ideas??? Regards, G. On Mon, 13 Mar 2017 19:37:41 -0400, Mohammed Naser wrote: It causes problems for us so we uninstall and disable it on all compute nodes. yum -y remove firewalld Sent from my iPhone On Mar 13, 2017, at 5:58 PM, Georgios Dimitrakakiswrote: My problem may be due to the "firewalld" service running Has anyone configured OpenStack on CentOS with Firewalld or do you suggest to disable it? Best, G. On Sat, 11 Mar 2017 21:28:51 +0200, Georgios Dimitrakakis wrote: Hello! I am trying to setup a new Ocata installation following the official guide but my instances fail to get a DHCP address. I am using two physical nodes (1x controller and 1x compute) each one with two network interfaces. Compute node can reach the Controller node via the first interface and vice versa. As recommended by the manual the second interface is unnumbered. When I launch an instance I can see using "tcpdump" that the DHCP request reaches the second (the unnumbered) interface of the compute node but never reaches any other interface either on compute or controller node. Therefore I am wondering how should the instance get an IP address? What is the correct path that is followed? I have tried that using both provider and self-service networks and the result is always the same. Looking forward for any directions, recommendations etc. All the best, G. ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe :
Re: [Openstack] DHCP Request Failed on Ocata
I have also disabled completely the "firewalld" service and reverted back to "iptables" service but without success. No matter what I do my instances cannot get a DHCP address unless the firewall is "stopped". I 've tried to add the UDP ports 67-68 on the firewall but without success as well. What else should I do in order to be able to have "iptables" enabled for basic firewall functionality and at the same time my OpenStack environment to work without a problem? Any ideas??? Regards, G. On Mon, 13 Mar 2017 19:37:41 -0400, Mohammed Naser wrote: It causes problems for us so we uninstall and disable it on all compute nodes. yum -y remove firewalld Sent from my iPhone On Mar 13, 2017, at 5:58 PM, Georgios Dimitrakakiswrote: My problem may be due to the "firewalld" service running Has anyone configured OpenStack on CentOS with Firewalld or do you suggest to disable it? Best, G. On Sat, 11 Mar 2017 21:28:51 +0200, Georgios Dimitrakakis wrote: Hello! I am trying to setup a new Ocata installation following the official guide but my instances fail to get a DHCP address. I am using two physical nodes (1x controller and 1x compute) each one with two network interfaces. Compute node can reach the Controller node via the first interface and vice versa. As recommended by the manual the second interface is unnumbered. When I launch an instance I can see using "tcpdump" that the DHCP request reaches the second (the unnumbered) interface of the compute node but never reaches any other interface either on compute or controller node. Therefore I am wondering how should the instance get an IP address? What is the correct path that is followed? I have tried that using both provider and self-service networks and the result is always the same. Looking forward for any directions, recommendations etc. All the best, G. ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] DHCP Request Failed on Ocata
It causes problems for us so we uninstall and disable it on all compute nodes. yum -y remove firewalld Sent from my iPhone > On Mar 13, 2017, at 5:58 PM, Georgios Dimitrakakis> wrote: > > My problem may be due to the "firewalld" service running > > Has anyone configured OpenStack on CentOS with Firewalld or do you suggest to > disable it? > > Best, > > G. > >> On Sat, 11 Mar 2017 21:28:51 +0200, Georgios Dimitrakakis wrote: >> Hello! >> >> I am trying to setup a new Ocata installation following the official >> guide but my instances fail to get a DHCP address. >> >> I am using two physical nodes (1x controller and 1x compute) each one >> with two network interfaces. >> Compute node can reach the Controller node via the first interface >> and vice versa. >> As recommended by the manual the second interface is unnumbered. >> >> When I launch an instance I can see using "tcpdump" that the DHCP >> request reaches the second (the unnumbered) interface >> of the compute node but never reaches any other interface either on >> compute or controller node. >> >> Therefore I am wondering how should the instance get an IP address? >> What is the correct path that is followed? >> >> I have tried that using both provider and self-service networks and >> the result is always the same. >> >> >> Looking forward for any directions, recommendations etc. >> >> >> All the best, >> >> G. >> >> ___ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] DHCP Request Failed on Ocata
My problem may be due to the "firewalld" service running Has anyone configured OpenStack on CentOS with Firewalld or do you suggest to disable it? Best, G. On Sat, 11 Mar 2017 21:28:51 +0200, Georgios Dimitrakakis wrote: Hello! I am trying to setup a new Ocata installation following the official guide but my instances fail to get a DHCP address. I am using two physical nodes (1x controller and 1x compute) each one with two network interfaces. Compute node can reach the Controller node via the first interface and vice versa. As recommended by the manual the second interface is unnumbered. When I launch an instance I can see using "tcpdump" that the DHCP request reaches the second (the unnumbered) interface of the compute node but never reaches any other interface either on compute or controller node. Therefore I am wondering how should the instance get an IP address? What is the correct path that is followed? I have tried that using both provider and self-service networks and the result is always the same. Looking forward for any directions, recommendations etc. All the best, G. ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] DHCP Request Failed on Ocata
Hello! I am trying to setup a new Ocata installation following the official guide but my instances fail to get a DHCP address. I am using two physical nodes (1x controller and 1x compute) each one with two network interfaces. Compute node can reach the Controller node via the first interface and vice versa. As recommended by the manual the second interface is unnumbered. When I launch an instance I can see using "tcpdump" that the DHCP request reaches the second (the unnumbered) interface of the compute node but never reaches any other interface either on compute or controller node. Therefore I am wondering how should the instance get an IP address? What is the correct path that is followed? I have tried that using both provider and self-service networks and the result is always the same. Looking forward for any directions, recommendations etc. All the best, G. ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack