[rhos-list] Validating the installation
Chen, Hao
Hao.Chen at NRCan-RNCan.gc.ca
Fri Aug 2 21:32:31 UTC 2013
Hi Rhys,
Thanks for your suggestions.
1) From within your instances you cannot get access the outside world, i.e. it won't go any further than 10.2.0.1 (or 192.168.1.1)?
Yes. The instances can ping each other, the internal interface 192.168.1.1, and the external interface 10.2.0.195 (after resetting router gateway, now .195), but it can't go further.
I realized that I have "tenant_network_type = local". Is this the problem?
I tried to switch "tenant_network_type = vlan" and have "network_vlan_ranges = physnet1:70:80", but didn't know how to set up "bridge_mappings = ?". Which of the following parameters should I use?
"physnet1:br-ex"
"physnet1:eth0" (physical interface)
"physnet1:70:80"
In https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack_Preview/3/html/Installation_and_Configuration_Guide/sect-Configuring_the_Plug-in_Agent.html it says " # openstack-config --set /etc/quantum/plugin.ini OVS bridge_mappings MAPPINGS" - " Replace MAPPINGS with the physical network to VLAN range mappings." The example in /etc/quantum/plugin.ini is like "physnet1:br-eth1".
2) You cannot use the namespace to SSH into your instances via the tenant-network address, e.g. 192.168.1.102?
I guess this is the same problem caused by "tenant_network_type = local"?
Thanks
Hao
[root at cloud1 ~(keystone_admin)]# ip netns exec qrouter-946402dd-cefc-4317-b640-a2d2f53cdd9e route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.2.0.0 * 255.255.255.0 U 0 0 0 qg-cb09493c-cb
192.168.1.0 * 255.255.255.0 U 0 0 0 qr-38eea51a-29
default 10.2.0.1 0.0.0.0 UG 0 0 0 qg-cb09493c-cb
[root at cloud1 ~(keystone_admin)]# ip netns exec qrouter-946402dd-cefc-4317-b640-a2d2f53cdd9e ip a
37: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
40: qr-38eea51a-29: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:d4:77:39 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global qr-38eea51a-29
inet6 fe80::f816:3eff:fed4:7739/64 scope link
valid_lft forever preferred_lft forever
69: qg-cb09493c-cb: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:57:23:c5 brd ff:ff:ff:ff:ff:ff
inet 10.2.0.195/24 brd 10.2.0.255 scope global qg-cb09493c-cb
inet6 fe80::f816:3eff:fe57:23c5/64 scope link
valid_lft forever preferred_lft forever
On 1 Aug 2013, at 19:50, "Chen, Hao" <Hao.Chen at NRCan-RNCan.gc.ca> wrote:
> Hi Rhys,
>
> Thanks for the suggestions. But I still could not reach the external network from the internal subnet even though the interface status became "Active". The screenshot of the network topology is attached. The internal network (192.168.1.0/24) is working well. 10.2.0.1 is the external gate way. From the internal subnet I can ping the gateway 192.168.1.1/10.2.0.1, but just cannot reach outside and the 10.2. network.
>
> [root at cloud1 ~(keystone_admin)]# quantum port-show
> 38eea51a-2956-4168-aaeb-e52a3b5e9505 (internal interface)
> +----------------------+------------------------------------------------------------------------------------+
> | Field | Value |
> +----------------------+------------------------------------------------------------------------------------+
> | admin_state_up | True |
> | binding:capabilities | {"port_filter": true} |
> | binding:vif_type | ovs |
> | device_id | 946402dd-cefc-4317-b640-a2d2f53cdd9e |
> | device_owner | network:router_interface |
> | fixed_ips | {"subnet_id": "182c64c0-9671-4c48-b50c-91e8bb24ccbd", "ip_address": "192.168.1.1"} |
> | id | 38eea51a-2956-4168-aaeb-e52a3b5e9505 |
> | mac_address | fa:16:3e:d4:77:39 |
> | name | |
> | network_id | 02af0ab9-6ef1-4250-be48-feb36cc98d00 |
> | security_groups | |
> | status | ACTIVE |
> | tenant_id | 35caeda3b4d84d1582e675c2f871a00c |
> +----------------------+------------------------------------------------------------------------------------+
> [root at cloud1 ~(keystone_admin)]# quantum port-show
> 22ed85aa-63f8-4cce-9cfb-d75409c45014 (external interface)
> +----------------------+---------------------------------------------------------------------------------+
> | Field | Value |
> +----------------------+---------------------------------------------------------------------------------+
> | admin_state_up | True |
> | binding:capabilities | {"port_filter": true} |
> | binding:vif_type | ovs |
> | device_id | 946402dd-cefc-4317-b640-a2d2f53cdd9e |
> | device_owner | network:router_interface |
> | fixed_ips | {"subnet_id": "b41f60d2-d880-48dc-8588-60bafe712180", "ip_address": "10.2.0.1"} |
> | id | 22ed85aa-63f8-4cce-9cfb-d75409c45014 |
> | mac_address | fa:16:3e:20:14:44 |
> | name | |
> | network_id | b343ced9-89a9-43dc-bea9-861f9bf6123f |
> | security_groups | |
> | status | ACTIVE |
> | tenant_id | 35caeda3b4d84d1582e675c2f871a00c |
> +----------------------+---------------------------------------------------------------------------------+
>
> When running "ip netns exec qrouter-946402dd-cefc-4317-b640-a2d2f53cdd9e ssh hchen at 192.168.1.102" I did not get any response. Any suggestions?
>
> Thanks,
> Hao
>
> -----Original Message-----
> From: Rhys Oxenham [mailto:roxenham at redhat.com]
> Sent: July 30, 2013 17:40
> To: Chen, Hao
> Cc: rhos-list at redhat.com
> Subject: Re: [rhos-list] Validating the installation
>
> Hi Hao,
>
> On 31 Jul 2013, at 00:25, "Chen, Hao" <Hao.Chen at NRCan-RNCan.gc.ca> wrote:
>
>> Greetings,
>>
>> (1) After creating an instance with rhel-server-x86_64-kvm-6.4_20130130.0-4.qcow2, a KVM Guest Image downloaded fromhttps://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=16952, I was asked for the Login ID and Password for the console access. Does anyone know the Login info?
>
> Please see: http://rhn.redhat.com/errata/RHSA-2013-0849.html
> (https://bugzilla.redhat.com/show_bug.cgi?id=964299)
>
> As far as I'm aware the image expects you to inject an SSH key using the metadata service in OpenStack and that the default root password is locked. Once connected into the instance via the SSH key it would be possible to reset the root password there. But hopefully others will clarify the situation.
>
> If this is not an option for you, you may want to take the image and use libguestfs/guestfish to make modifications to the image before uploading into Glance. For example, set the root password to something specific to your requirements, but please note that the image will likely disable password logins via sshd, so this too will have to be changed.
>
> If this is ONLY for testing and will not be used in production then I'd just reset the root password to blank as it's quick and easy to get the image up and running, below is just an example...
>
> # virt-edit -a /path/to/rhel-server-x86_64-kvm-6.4_20130130.0-4.qcow2 /etc/ssh/sshd_config -e 's/^PasswordAuthentication.*/PasswordAuthentication yes/'
> # virt-edit -a /path/to/rhel-server-x86_64-kvm-6.4_20130130.0-4.qcow2 /etc/ssh/sshd_config -e 's/^PermitRootLogin.*/PermitRootLogin yes/'
> # virt-edit -a /path/to/rhel-server-x86_64-kvm-6.4_20130130.0-4.qcow2 /etc/ssh/sshd_config -e 's/^PermitEmptyPasswords.*/PermitEmptyPasswords yes/'
> # virt-edit -a /path/to/rhel-server-x86_64-kvm-6.4_20130130.0-4.qcow2 /etc/ssh/sshd_config -e 's/^root:.*?:/root::/'
> # glance image-create ....
>
> I've not tested the above, it may require further steps for it to work as expected. I'll try this out in the morning.
>
>>
>> (2) I am having trouble with the Router Interfaces. The internal interface is working " 192.168.1.1 ACTIVE Internal Interface", but the status of the external interface always shows Down "10.2.0.193 DOWN External Gateway". Very grateful for any suggestions.
>
> I too have this, my internal interface (as in the internal port on the router) is shown as "UP" yet the external gateway port is "DOWN". I don't actually have any problems though...
>
> [root at openstack-controller ~(keystone_admin)]$ quantum port-show
> 11f2d170-baec-461f-bc30-b1f880132a03
> +----------------------+---------------------------------------------------------------------------------------+
> | Field | Value |
> +----------------------+---------------------------------------------------------------------------------------+
> | admin_state_up | True |
> | binding:capabilities | {"port_filter": true} |
> | binding:vif_type | ovs |
> | device_id | 6bea3ee4-47d6-4a3e-a9da-c82fed18baa0 |
> | device_owner | network:router_gateway |
> | fixed_ips | {"subnet_id": "89ee4bc1-073e-4ccd-a108-6c839dad011d", "ip_address": "192.168.122.10"} |
> | id | 11f2d170-baec-461f-bc30-b1f880132a03 |
> | mac_address | fa:16:3e:cd:2b:20 |
> | name | |
> | network_id | 7382ead9-faba-405a-a78f-404c236c9334 |
> | security_groups | |
> | status | DOWN |
> | tenant_id | |
> +----------------------+---------------------------------------------------------------------------------------+
>
> Yet the L3 agent works perfectly for me...
>
> [root at openstack-controller ~(keystone_admin)]$ ip netns exec qrouter-6bea3ee4-47d6-4a3e-a9da-c82fed18baa0 ssh cirros at 30.0.0.4 cirros at 30.0.0.4's password:
> $ ping 8.8.8.8 -c 3
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> 64 bytes from 8.8.8.8: seq=0 ttl=127 time=29.141 ms
> 64 bytes from 8.8.8.8: seq=1 ttl=127 time=32.105 ms
> 64 bytes from 8.8.8.8: seq=2 ttl=127 time=27.258 ms
>
> --- 8.8.8.8 ping statistics ---
> 3 packets transmitted, 3 packets received, 0% packet loss round-trip
> min/avg/max = 27.258/29.501/32.105 ms
>
> Do things work for you like above, or are you seeing problems?
>
>
> Cheers,
> Rhys
>
>
>>
>> Thanks,
>> Hao
>>
>>
>> _______________________________________________
>> rhos-list mailing list
>> rhos-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhos-list
>
> <networktopology.png>
More information about the rhos-list
mailing list