<div dir="ltr">taken from <a href="https://github.com/marafa/openstack/blob/master/openstack-project-add.sh">https://github.com/marafa/openstack/blob/master/openstack-project-add.sh</a><br><br><table class=""><tbody><tr><td id="LC106" class=""><span class="">write_security_rules</span>(){</td> </tr> <tr> </tr></tbody></table><table class=""><tbody><tr></tr><tr> <td id="LC107" class=""><span class="">echo</span> <span class=""><span class="">"</span>todo: use neutron secgroup to add ssh and ping rules instead of nova<span class="">"</span></span></td> </tr> <tr> </tr><tr></tr><tr> <td id="LC108" class=""><span class="">source</span> <span class="">$ks_dir</span>/keystonerc_<span class="">$user$id</span></td> </tr> <tr> </tr><tr></tr><tr> <td id="LC109" class="">nova keypair-add key<span class="">$id</span> <span class="">></span> <span class="">$ks_dir</span>/key<span class="">$id</span>.pem</td> </tr> <tr> </tr><tr></tr><tr> <td id="LC110" class="">chmod 600 <span class="">$ks_dir</span>/key<span class="">$id</span>.pem</td> </tr> <tr> </tr><tr></tr><tr> <td id="LC111" class="">nova secgroup-create SecGrp<span class="">$id</span> <span class=""><span class="">"</span>Security Group <span class="">$id</span><span class="">"</span></span></td> </tr> <tr> </tr><tr></tr><tr> <td id="LC112" class="">nova secgroup-add-rule SecGrp<span class="">$id</span> tcp 22 22 <a href="http://0.0.0.0/0">0.0.0.0/0</a></td> </tr> <tr> </tr><tr></tr><tr> <td id="LC113" class="">neutron security-group-rule-create --direction ingress --protocol tcp --port_range_min 1 --port_range_max 65535 SecGrp<span class="">$id</span> </td> </tr> <tr> </tr><tr></tr><tr> <td id="LC114" class="">neutron security-group-rule-create --direction ingress --protocol udp --port_range_min 1 --port_range_max 65535 SecGrp<span class="">$id</span> </td> </tr> <tr> </tr><tr></tr><tr> <td id="LC115" class="">neutron security-group-rule-create --direction ingress --protocol icmp SecGrp<span class="">$id</span></td> </tr> <tr> </tr></tbody></table><table class=""><tbody><tr> <td id="LC116" class="">}</td></tr></tbody></table><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 20, 2015 at 5:07 PM, Pasquale Salza <span dir="ltr"><<a href="mailto:pasquale.salza@gmail.com" target="_blank">pasquale.salza@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Rhys,<div>I suppose so, because these are my iptables rules:</div><div><br></div><div><div>iptables -F</div><div>iptables -t nat -F</div><div>iptables -P INPUT ACCEPT</div><div>iptables -P OUTPUT ACCEPT</div><div>iptables -P FORWARD ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -m state --state ESTABLISHED,RELATED -j ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -p tcp --dport ssh -j ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -p tcp --dport www -j ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -p tcp --dport pptp -j ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -p tcp --sport domain -j ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -p tcp --dport domain -j ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -p udp --sport domain -j ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -p udp --dport domain -j ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -p gre -j ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -p icmp -j ACCEPT</div><div>iptables -A INPUT -d <a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a> -j DROP</div><div>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</div><div>service iptables save</div></div><div><br></div><div>Firstly, do you think I planned the network organisation well? Do you have other suggestion (best practices) with 2 interfaces?</div><div><br></div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">2015-02-20 18:30 GMT+01:00 Rhys Oxenham <span dir="ltr"><<a href="mailto:roxenham@redhat.com" target="_blank">roxenham@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Pasquale,<br> <br> Did you modify your security group rules to allow ICMP and/or 22:tcp access?<br> <br> Many thanks<br> Rhys<br> <div><div><br> > On 20 Feb 2015, at 17:11, Pasquale Salza <<a href="mailto:pasquale.salza@gmail.com" target="_blank">pasquale.salza@gmail.com</a>> wrote:<br> ><br> > Hi there, I have a lot of problems with RDO/OpenStack configuration. Firstly, I need to describe my network situation.<br> ><br> > I have 7 machine, each of them with 2 NIC. I would like to use one machine as a controller/network node and the others as compute nodes.<br> ><br> > I would like to use the eth0 to connect nodes to internet (and get access by remote sessions) with the network "<a href="http://172.16.58.0/24" target="_blank">172.16.58.0/24</a>", in which I have just 7 available IPs, and eth1 as configuration network on the network <a href="http://10.42.100.0/42" target="_blank">10.42.100.0/42</a>.<br> ><br> > This is my current configuration, for each node (varying the IPs on each machine):<br> ><br> > eth0:<br> > DEVICE=eth0<br> > TYPE=Ethernet<br> > ONBOOT=yes<br> > BOOTPROTO=static<br> > IPADDR=172.16.58.50<br> > NETMASK=255.255.255.0<br> > GATEWAY=172.16.58.254<br> > DNS1=172.16.58.50<br> > DOMAIN=###<br> > DEFROUTE="yes"<br> ><br> > eth1:<br> > DEVICE=eth1<br> > TYPE=OVSPort<br> > DEVICETYPE=ovs<br> > OVS_BRIDGE=br-ex<br> > ONBOOT=yes<br> ><br> > br-ex:<br> > DEVICE=br-ex<br> > DEVICETYPE=ovs<br> > TYPE=OVSBridge<br> > BOOTPROTO=static<br> > IPADDR=10.42.100.1<br> > NETMASK=255.255.255.0<br> > ONBOOT=yes<br> ><br> > I'd like to have instances on <a href="http://10.42.200.0/24" target="_blank">10.42.200.0/24</a> virtual private network and the remaining IPs of <a href="http://10.42.100.0/24" target="_blank">10.42.100.0/24</a> network as floating IPs.<br> ><br> > These are the relevant parts of my answers.txt file:<br> ><br> > CONFIG_CONTROLLER_HOST=10.42.100.1<br> > CONFIG_COMPUTE_HOSTS=10.42.100.10,10.42.100.11,10.42.100.12,10.42.100.13,10.42.100.14,10.42.100.15<br> > CONFIG_NETWORK_HOSTS=10.42.100.1<br> > CONFIG_AMQP_HOST=10.42.100.1<br> > CONFIG_MARIADB_HOST=10.42.100.1<br> > CONFIG_NOVA_COMPUTE_PRIVIF=eth1<br> > CONFIG_NOVA_NETWORK_PUBIF=eth1<br> > CONFIG_NOVA_NETWORK_PRIVIF=eth1<br> > CONFIG_NOVA_NETWORK_FIXEDRANGE=<a href="http://10.42.200.0/24" target="_blank">10.42.200.0/24</a><br> > CONFIG_NOVA_NETWORK_FLOATRANGE=<a href="http://10.42.100.0/24" target="_blank">10.42.100.0/24</a><br> > CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex<br> > CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan<br> > CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vxlan<br> > CONFIG_NEUTRON_ML2_VNI_RANGES=10:100<br> > CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=<br> > CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=<br> > CONFIG_NEUTRON_OVS_BRIDGE_IFACES=<br> > CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1<br> ><br> > After the installation, I configure the network like this:<br> ><br> > neutron router-create router<br> > neutron net-create private<br> > neutron subnet-create private <a href="http://10.42.200.0/24" target="_blank">10.42.200.0/24</a> --name private-subnet<br> > neutron router-interface-add router private-subnet<br> > neutron net-create public --router:external=True<br> > neutron subnet-create public <a href="http://10.42.100.0/24" target="_blank">10.42.100.0/24</a> --name public-subnet --enable_dhcp=False --allocation-pool start=10.42.100.100,end=10.42.100.200 --no-gateway<br> > neutron router-gateway-set router public<br> ><br> > I'm able to launch instances but I can't get access (ping/ssh) to them.<br> ><br> > I don't know if I'm doing something wrong starting from planning.<br> ><br> > Please, help me!<br> ><br> </div></div>> _______________________________________________<br> > Rdo-list mailing list<br> > <a href="mailto:Rdo-list@redhat.com" target="_blank">Rdo-list@redhat.com</a><br> > <a href="https://www.redhat.com/mailman/listinfo/rdo-list" target="_blank">https://www.redhat.com/mailman/listinfo/rdo-list</a><br> ><br> > To unsubscribe: <a href="mailto:rdo-list-unsubscribe@redhat.com" target="_blank">rdo-list-unsubscribe@redhat.com</a><br> <br> </blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br><div><div dir="ltr">Pasquale Salza<div><div><br></div><div>e-mail: <a href="mailto:pasquale.salza@gmail.com" target="_blank">pasquale.salza@gmail.com</a></div><div>phone: <a href="tel:%2B39%20393%204415978" value="+393934415978" target="_blank">+39 393 4415978</a></div><div>fax: <a href="tel:%2B39%20089%208422939" value="+390898422939" target="_blank">+39 089 8422939</a></div><div>skype: pasquale.salza</div><div>linkedin: <a href="http://it.linkedin.com/in/psalza/" target="_blank">http://it.linkedin.com/in/psalza/</a></div></div></div></div> </font></span></div> <br>_______________________________________________<br> Rdo-list mailing list<br> <a href="mailto:Rdo-list@redhat.com">Rdo-list@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/rdo-list" target="_blank">https://www.redhat.com/mailman/listinfo/rdo-list</a><br> <br> To unsubscribe: <a href="mailto:rdo-list-unsubscribe@redhat.com">rdo-list-unsubscribe@redhat.com</a><br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"> <table cellpadding="4" cellspacing="0" width="418"> <colgroup><col width="138"> <col width="158"> <col width="98"> </colgroup><tbody><tr valign="TOP"> <td style="border:none;padding:0in" width="138"> <p><img src="http://www.in-egypt.net/RED-HAT-LOGO.jpg" name="SafeHtmlFilter_graphics1" border="0" height="184" width="135"></p> </td> <td style="border:none;padding:0in" width="158"> <p><a href="https://candidate.peoplecert.org/ReportsLink.aspx?argType=1&id=13D642E995903C076FA394F816CC136539DBA6A32D7305539E4219F5A650358C02CA2ED9F1F26319&AspxAutoDetectCookieSupport=1" target="_blank"><font color="#000080"><img src="http://www.in-egypt.net/ITIL_Logo.jpg" name="SafeHtmlFilter_graphics2" border="1" align="BOTTOM" height="156" width="156"></font></a></p> </td> <td style="border:none;padding:0in" width="98"> <p><img src="http://www.in-egypt.net/linkedin.png" name="SafeHtmlFilter_graphics3" border="0" align="BOTTOM" height="96" width="96"></p> </td> </tr> <tr valign="TOP"> <td style="border:none;padding:0in" width="138"> <p><a href="https://www.redhat.com/wapps/training/certification/verify.html?certNumber=805010942448935&verify=Verify" target="_blank"><b>805010942448935</b></a><b> </b> </p> </td> <td style="border:none;padding:0in" width="158"> <p><a href="https://candidate.peoplecert.org/ReportsLink.aspx?argType=1&id=13D642E995903C076FA394F816CC136539DBA6A32D7305539E4219F5A650358C02CA2ED9F1F26319&AspxAutoDetectCookieSupport=1" target="_blank"><b>GR750055912MA</b></a></p> </td> <td style="border:none;padding:0in" width="98"> <p><b>Link to me on <a href="http://www.linkedin.com/in/mohammedarafa" target="_blank">LinkedIn</a></b></p> </td> </tr> </tbody></table> </div></div> </div>