Kolla Ansible was installed in the all-in-one config and a provisioned nova VM is not reachable either via ping or ssh. The default security group rules are added to let ingress 22 and icmp on all remote IPs 0.0.0.0/0
. There is only one interface on the controller node so 2 veth pairs are created so one can be supplied to network_interface: kolla_i
and other to neutron_external_interface: neutron_i
+ ironic_dnsmasq_interface: neutron_i
in globals.yml
. The two veth pairs are kolla_i/kolla_b
and neutron_i/neutron_b
. Testing the interfaces by assigning them IP addresses on the same network, one can ping another, and both are reached from other physical machines on the network. The vm is being launched on the OpenStack controller node.
A network is created on physical interface e2
named n1
(venv) [admin@controller]# openstack network create --share --provider-network-type flat --provider-physical-network physnet1 --external n1
(venv) [admin@controller]# openstack subnet create --network n1 --allocation-pool start=10.0.2.6,end=10.0.2.230 --dns-nameserver 8.8.8.8 --gateway 10.0.3.1 --subnet-range 10.0.0.0/16 n1-subnet
Provisioning baremetal works and can be reached but VMs are not reachable. The vms are created successfully though:
(venv) [admin@controller]# openstack server create --flavor m1.small --image centos8-dev --nic net-id=403a56b9-5ac2-4ec0-9b59-831dfa7fed37 --security-group default --key-name mykey vm01
(venv) [admin@controller]# svrls
+--------------------------------------+---------------------------+--------+--------------------------+----------------------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+---------------------------+--------+--------------------------+----------------------+----------+
| f05e9708-91e8-40c4-9a06-16d7ab9f387c | vm01 | ACTIVE | validation=10.0.2.131 | centos8-dev | m1.small |
+--------------------------------------+---------------------------+--------+--------------------------+----------------------+----------+
(venv) [root@r20s04 kolla-dev]# openstack port list
+--------------------------------------+-----------------------------------------------------------------------------------------+-------------------+----------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+-----------------------------------------------------------------------------------------+-------------------+----------------------------------------------------------------------------+--------+
| 17af7b4f-c290-45ef-8421-781e17df8b46 | | fa:16:3e:b3:2a:45 | ip_address='10.0.2.131', subnet_id='afd6221b-26d1-4469-b9af-478756fdd661' | ACTIVE |
+--------------------------------------+-----------------------------------------------------------------------------------------+-------------------+----------------------------------------------------------------------------+--------+
It seems as if openvswitch is not doing its job correctly
+-------+
| e2 |
+---+---+
|
+------------+ +-----------+ +------------+ +---+---+ +-------+ +--------+
| ovssystem +------+ neutron_i +------+ neutron_b +------+ e2_br +------+kolla_b+---------+kolla_i |
+----+-------+ +-----------+ +------------+ +-------+ +-------+ +--------+ openstack services
| ironic_dnsmasq |10.0.0.4|
| +--------+
+------+----------+
| vm networking |
+-----------------+
In globals.yml
:
network_interface: "kolla_i"
neutron_external_interface: "neutron_i"
ironic_dnsmasq_interface: "neutron_i"
One possible issue is to change ironic_dnsmasq_interface
to kolla_i
instead of neutron_i
but not sure if this will resolve the issue of vm machines not being reached on the network.
Using the correct image (not the baremetal one) and making sure the security group for port 22 and icmp ingress is enabled solved the issue.