Fuel for OpenStack

Cannot reach Horizon from outside the specified public subnet

Bug #1336023 reported by Joshua Dotson

This bug report was converted into a question: question #251040: Cannot reach Horizon from outside the specified public subnet.

6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Invalid
Undecided
Unassigned
Fuel for OpenStack 5.1

Bug Description

My 5.0.1 prerelease build deployed well. However, I have a few problems with it.

One is that I cannot reach Horizon from outside the public subnet it's in. My public subnet is 22-bit, which may be the issue I guess. Fuel shows me the URL to Horizon with an IP that I think comes from HAProxy. Can anyone help me reach this IP from outside the subnet that it's in? All of our workstations are in a different subnet than the OpenStack cluster. Until I can open Horizon to them, my cluster isn't really production ready.

Thanks,
Joshua

Dmitry Pyzhov (dpyzhov)
Changed in fuel:
milestone: none → 5.1
no longer affects: fuel/5.0.x
Revision history for this message
Evgeny Kozhemyakin (ekozhemyakin) wrote :

It seems not a bug.

Dmitry Pyzhov (dpyzhov)
no longer affects: fuel/5.1.x
Revision history for this message
Sergii Golovatiuk (sgolovatiuk) wrote :

To be able to analyze your problem we are asking to upload diagnostic snapshot to any public servers. Here is an article how to contribute to Fuel project https://wiki.openstack.org/wiki/Fuel/How_to_contribute#Test_and_report_bugs. Thank you.

Revision history for this message
Evgeny Kozhemyakin (ekozhemyakin) wrote :

From your post I've got you do can access your horizon from the inside of your network.
Are you able to access it from the gateway inside the network? Can you ping the gateway from the current horizon's ip?
If so you should configure routing on your gateway.

Revision history for this message
Joshua Dotson (tns9) wrote :
Download full text (3.3 KiB)

Here is the snapshot file: http://mirrors.knoesis.org/fuel-snapshot-2014-06-30_20-03-49.tgz

It seems I can ping from the VIP holding machine. Please note the 16-bit netmask on my public VIP. This should be 22-bit, per my Fuel install configuration. This is a bug.

root@node-6:/etc# crm_mon -1Ar
Last updated: Tue Jul 1 14:53:58 2014
Last change: Sun Jun 29 14:23:09 2014 via cibadmin on node-20
Stack: classic openais (with plugin)
Current DC: node-6 - partition with quorum
Version: 1.1.10-42f2063
3 Nodes configured, 3 expected votes
11 Resources configured

Online: [ node-16 node-20 node-6 ]

Full list of resources:

 vip__management_old (ocf::mirantis:ns_IPaddr2): Started node-6
 vip__public_old (ocf::mirantis:ns_IPaddr2): Started node-6
 Clone Set: clone_p_haproxy [p_haproxy]
     Started: [ node-16 node-20 node-6 ]
 Clone Set: clone_p_mysql [p_mysql]
     Started: [ node-16 node-20 node-6 ]
 heat-engine (ocf::mirantis:heat-engine): Started node-16
 p_ceilometer-agent-central (ocf::mirantis:ceilometer-agent-central): Started node-20
 p_ceilometer-alarm-evaluator (ocf::mirantis:ceilometer-alarm-evaluator): Started node-16

Node Attributes:
* Node node-16:
* Node node-20:
* Node node-6:
root@node-6:/etc# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 130.108.84.1 0.0.0.0 UG 0 0 0 eth1
10.5.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0.5
10.5.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth0.5-hapr
10.20.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.30.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2.30
130.108.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
130.108.84.120 0.0.0.0 255.255.255.255 UH 0 0 0 eth1-hapr
root@node-6:/etc# ping 130.108.84.1
PING 130.108.84.1 (130.108.84.1) 56(84) bytes of data.
64 bytes from 130.108.84.1: icmp_req=1 ttl=255 time=0.352 ms
64 bytes from 130.108.84.1: icmp_req=2 ttl=255 time=0.498 ms
64 bytes from 130.108.84.1: icmp_req=3 ttl=255 time=0.534 ms
^C
--- 130.108.84.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.352/0.461/0.534/0.080 ms
root@node-6:/etc#
root@node-6:/etc# ip netns exec haproxy ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
9: hapr-m: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether be:56:3e:63:13:af brd ff:ff:ff:ff:ff:ff
    inet 10.5.0.2/16 scope global hapr-m
       valid_lft forever preferred_lft forever
    inet6 fe80::bc56:3eff:fe63:13af/64 scope link
       valid_lft forever preferred_lft forever
11: hapr-p: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether c2:87:80:ff:c0:7e brd ff:ff:ff:ff:ff:ff
    inet 130.108.84.120/16 scope g...

Read more...

Revision history for this message
Joshua Dotson (tns9) wrote :

Aha! I was wrong.. I configured the netmask as 16 in the Fuel networks page. 20th time installing human error. :-)

Please close this. Thanks very much!

-Joshua

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.