[rhos-list] Validating the installation

Rhys Oxenham roxenham at redhat.com
Thu Aug 1 23:08:06 UTC 2013


Hi Hao,

To clarify, you've got two issues now…

1) From within your instances you cannot get access the outside world, i.e. it won't go any further than 10.2.0.1 (or 192.168.1.1)?

What's the output of…

# ip netns exec qrouter-946402dd-cefc-4317-b640-a2d2f53cdd9e route
# ip netns exec qrouter-946402dd-cefc-4317-b640-a2d2f53cdd9e ip a

I am wondering whether the gateway is configured properly on your external network so it knows how to route things accordingly.

2) You cannot use the namespace to SSH into your instances via the tenant-network address, e.g. 192.168.1.102?

This shouldn't be affected by security group rules as we're not using iptables/NAT if going via the tenant network. Does it also fail with a ping?

Thanks
Rhys



--

Rhys Oxenham
Cloud Solution Architect, Red Hat UK
e: roxenham at redhat.com
m: +44 (0)7866 446625




On 1 Aug 2013, at 19:50, "Chen, Hao" <Hao.Chen at NRCan-RNCan.gc.ca> wrote:

> Hi Rhys,
> 
> Thanks for the suggestions. But I still could not reach the external network from the internal subnet even though the interface status became "Active". The screenshot of the network topology is attached. The internal network (192.168.1.0/24) is working well. 10.2.0.1 is the external gate way. From the internal subnet I can ping the gateway 192.168.1.1/10.2.0.1, but just cannot reach outside and the 10.2. network. 
> 
> [root at cloud1 ~(keystone_admin)]# quantum port-show 38eea51a-2956-4168-aaeb-e52a3b5e9505 (internal interface)
> +----------------------+------------------------------------------------------------------------------------+
> | Field                | Value                                                                              |
> +----------------------+------------------------------------------------------------------------------------+
> | admin_state_up       | True                                                                               |
> | binding:capabilities | {"port_filter": true}                                                              |
> | binding:vif_type     | ovs                                                                                |
> | device_id            | 946402dd-cefc-4317-b640-a2d2f53cdd9e                                               |
> | device_owner         | network:router_interface                                                           |
> | fixed_ips            | {"subnet_id": "182c64c0-9671-4c48-b50c-91e8bb24ccbd", "ip_address": "192.168.1.1"} |
> | id                   | 38eea51a-2956-4168-aaeb-e52a3b5e9505                                               |
> | mac_address          | fa:16:3e:d4:77:39                                                                  |
> | name                 |                                                                                    |
> | network_id           | 02af0ab9-6ef1-4250-be48-feb36cc98d00                                               |
> | security_groups      |                                                                                    |
> | status               | ACTIVE                                                                             |
> | tenant_id            | 35caeda3b4d84d1582e675c2f871a00c                                                   |
> +----------------------+------------------------------------------------------------------------------------+
> [root at cloud1 ~(keystone_admin)]# quantum port-show 22ed85aa-63f8-4cce-9cfb-d75409c45014 (external interface)
> +----------------------+---------------------------------------------------------------------------------+
> | Field                | Value                                                                           |
> +----------------------+---------------------------------------------------------------------------------+
> | admin_state_up       | True                                                                            |
> | binding:capabilities | {"port_filter": true}                                                           |
> | binding:vif_type     | ovs                                                                             |
> | device_id            | 946402dd-cefc-4317-b640-a2d2f53cdd9e                                            |
> | device_owner         | network:router_interface                                                        |
> | fixed_ips            | {"subnet_id": "b41f60d2-d880-48dc-8588-60bafe712180", "ip_address": "10.2.0.1"} |
> | id                   | 22ed85aa-63f8-4cce-9cfb-d75409c45014                                            |
> | mac_address          | fa:16:3e:20:14:44                                                               |
> | name                 |                                                                                 |
> | network_id           | b343ced9-89a9-43dc-bea9-861f9bf6123f                                            |
> | security_groups      |                                                                                 |
> | status               | ACTIVE                                                                          |
> | tenant_id            | 35caeda3b4d84d1582e675c2f871a00c                                                |
> +----------------------+---------------------------------------------------------------------------------+
> 
> When running "ip netns exec qrouter-946402dd-cefc-4317-b640-a2d2f53cdd9e ssh hchen at 192.168.1.102" I did not get any response. Any suggestions?
> 
> Thanks,
> Hao
> 
> -----Original Message-----
> From: Rhys Oxenham [mailto:roxenham at redhat.com] 
> Sent: July 30, 2013 17:40
> To: Chen, Hao
> Cc: rhos-list at redhat.com
> Subject: Re: [rhos-list] Validating the installation
> 
> Hi Hao,
> 
> On 31 Jul 2013, at 00:25, "Chen, Hao" <Hao.Chen at NRCan-RNCan.gc.ca> wrote:
> 
>> Greetings,
>> 
>> (1) After creating an instance with rhel-server-x86_64-kvm-6.4_20130130.0-4.qcow2, a KVM Guest Image downloaded fromhttps://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=16952,  I was asked for the Login ID and Password for the console access. Does anyone know the Login info?
> 
> Please see: http://rhn.redhat.com/errata/RHSA-2013-0849.html (https://bugzilla.redhat.com/show_bug.cgi?id=964299)
> 
> As far as I'm aware the image expects you to inject an SSH key using the metadata service in OpenStack and that the default root password is locked. Once connected into the instance via the SSH key it would be possible to reset the root password there. But hopefully others will clarify the situation.
> 
> If this is not an option for you, you may want to take the image and use libguestfs/guestfish to make modifications to the image before uploading into Glance. For example, set the root password to something specific to your requirements, but please note that the image will likely disable password logins via sshd, so this too will have to be changed. 
> 
> If this is ONLY for testing and will not be used in production then I'd just reset the root password to blank as it's quick and easy to get the image up and running, below is just an example...
> 
> # virt-edit -a /path/to/rhel-server-x86_64-kvm-6.4_20130130.0-4.qcow2 /etc/ssh/sshd_config -e 's/^PasswordAuthentication.*/PasswordAuthentication yes/'
> # virt-edit -a /path/to/rhel-server-x86_64-kvm-6.4_20130130.0-4.qcow2 /etc/ssh/sshd_config -e 's/^PermitRootLogin.*/PermitRootLogin yes/'
> # virt-edit -a /path/to/rhel-server-x86_64-kvm-6.4_20130130.0-4.qcow2 /etc/ssh/sshd_config -e 's/^PermitEmptyPasswords.*/PermitEmptyPasswords yes/'
> # virt-edit -a /path/to/rhel-server-x86_64-kvm-6.4_20130130.0-4.qcow2 /etc/ssh/sshd_config -e 's/^root:.*?:/root::/'
> # glance image-create ....
> 
> I've not tested the above, it may require further steps for it to work as expected. I'll try this out in the morning.
> 
>> 
>> (2) I am having trouble with the Router Interfaces. The internal interface is working " 192.168.1.1 ACTIVE Internal Interface", but the status of the external interface always shows Down "10.2.0.193 DOWN External Gateway". Very grateful for any suggestions.
> 
> I too have this, my internal interface (as in the internal port on the router) is shown as "UP" yet the external gateway port is "DOWN". I don't actually have any problems though...
> 
> [root at openstack-controller ~(keystone_admin)]$ quantum port-show 11f2d170-baec-461f-bc30-b1f880132a03
> +----------------------+---------------------------------------------------------------------------------------+
> | Field                | Value                                                                                 |
> +----------------------+---------------------------------------------------------------------------------------+
> | admin_state_up       | True                                                                                  |
> | binding:capabilities | {"port_filter": true}                                                                 |
> | binding:vif_type     | ovs                                                                                   |
> | device_id            | 6bea3ee4-47d6-4a3e-a9da-c82fed18baa0                                                  |
> | device_owner         | network:router_gateway                                                                |
> | fixed_ips            | {"subnet_id": "89ee4bc1-073e-4ccd-a108-6c839dad011d", "ip_address": "192.168.122.10"} |
> | id                   | 11f2d170-baec-461f-bc30-b1f880132a03                                                  |
> | mac_address          | fa:16:3e:cd:2b:20                                                                     |
> | name                 |                                                                                       |
> | network_id           | 7382ead9-faba-405a-a78f-404c236c9334                                                  |
> | security_groups      |                                                                                       |
> | status               | DOWN                                                                                  |
> | tenant_id            |                                                                                       |
> +----------------------+---------------------------------------------------------------------------------------+
> 
> Yet the L3 agent works perfectly for me...
> 
> [root at openstack-controller ~(keystone_admin)]$ ip netns exec qrouter-6bea3ee4-47d6-4a3e-a9da-c82fed18baa0 ssh cirros at 30.0.0.4 cirros at 30.0.0.4's password: 
> $ ping 8.8.8.8 -c 3
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> 64 bytes from 8.8.8.8: seq=0 ttl=127 time=29.141 ms
> 64 bytes from 8.8.8.8: seq=1 ttl=127 time=32.105 ms
> 64 bytes from 8.8.8.8: seq=2 ttl=127 time=27.258 ms
> 
> --- 8.8.8.8 ping statistics ---
> 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 27.258/29.501/32.105 ms
> 
> Do things work for you like above, or are you seeing problems?
> 
> 
> Cheers,
> Rhys
> 
> 
>> 
>> Thanks,
>> Hao
>> 
>> 
>> _______________________________________________
>> rhos-list mailing list
>> rhos-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhos-list
> 
> <networktopology.png>





More information about the rhos-list mailing list