Public VIP is inaccessible from external networks
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Triaged
|
Critical
|
Fuel Library (Deprecated) |
Bug Description
Failed to access to horizon at VIP ip from external network.
[root@nailgun ~]# fuel --f
DEPRECATION WARNING: file /etc/fuel/
api: '1.0'
astute_sha: 3e43895621370e6
auth_required: true
build_id: 2015-03-19_07-51-55
build_number: '162'
feature_groups:
- experimental
fuellib_sha: de7ea04ef1a8b83
fuelmain_sha: fbfe367850a7e90
nailgun_sha: ff2e37abf580175
ostf_sha: 9435ec9f0aaf5bb
production: docker
python-
release: '6.1'
release_versions:
2014.2-6.1:
VERSION:
api: '1.0'
astute_sha: 3e43895621370e6
build_id: 2015-03-19_07-51-55
build_number: '162'
feature_
- experimental
fuellib_sha: de7ea04ef1a8b83
fuelmain_sha: fbfe367850a7e90
nailgun_sha: ff2e37abf580175
ostf_sha: 9435ec9f0aaf5bb
production: docker
python-
release: '6.1'
Ubuntu, 5 nodes (3 controller + 2 Computes) ALL parameters by default.
Changed in mos: | |
importance: | Undecided → Critical |
milestone: | none → 6.1 |
Changed in mos: | |
status: | New → Incomplete |
assignee: | nobody → Fuel Library Team (fuel-library) |
summary: |
- horizon VIP is inaccessible from external networks + Public VIP is inaccessible from external networks |
tags: | added: ha ocf |
How to reproduce. I have a the following setup
my_pc (172.18.214.24) <------ MIRANTIS NETWORK -------> fuel172.16.56.98, horizon VIP 172.16.56.99, controller1 172.16.56.101, controller2 172.16.56.102 controller3 172.16.56.103
I can access 172.16.56.101:80 from my pc
$ telnet 172.16.56.101 80
Trying 172.16.56.101...
Connected to 172.16.56.101.
Escape character is '^]'.
^C^]
telnet> ^Cq
Connection closed.
but can't horizon VIP:
vsaienko@ vsaienko- pc:~/Work/ review. fuel-infra. org/openstack/ oslo.messaging$ telnet 172.16.56.99 80
Trying 172.16.56.99...
at the same time, packets can reach to controller, but no responce from it
root@node-1:~# tcpdump -nei br-ex host 172.18.214.24
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-ex, link-type EN10MB (Ethernet), capture size 65535 bytes
14:17:21.197000 52:54:00:1d:70:70 > d6:0e:51:5f:24:da, ethertype IPv4 (0x0800), length 74: 172.18.214.24.53300 > 172.16.56.99.80: Flags [S], seq 3542400440, win 29200, options [mss 1460,sackOK,TS val 26648494 ecr 0,nop,wscale 7], length 0
14:17:22.195110 52:54:00:1d:70:70 > d6:0e:51:5f:24:da, ethertype IPv4 (0x0800), length 74: 172.18.214.24.53300 > 172.16.56.99.80: Flags [S], seq 3542400440, win 29200, options [mss 1460,sackOK,TS val 26648744 ecr 0,nop,wscale 7], length 0
14:17:24.200121 52:54:00:1d:70:70 > d6:0e:51:5f:24:da, ethertype IPv4 (0x0800), length 74: 172.18.214.24.53300 > 172.16.56.99.80: Flags [S], seq 3542400440, win 29200, options [mss 1460,sackOK,TS val 26649245 ecr 0,nop,wscale 7], length 0
As possible solution it is switch default route in haproxy namespace
root@node-1:~# ip netns exec haproxy ip route del default
root@node-1:~# ip netns exec haproxy ip route add default via 172.16.56.97
root@node-1:~# tcpdump -nei br-ex host 172.18.214.24 214.24. 53378: Flags [S.], seq 2771456757, ack 654135809, win 28960, options [mss 1460,sackOK,TS val 1673755 ecr 26711514,nop,wscale 7], length 0 214.24. 53378: Flags [F.], seq 1:188, ack 6, win 227, options [nop,nop,TS val 1673890 ecr 26711649], length 187
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-ex, link-type EN10MB (Ethernet), capture size 65535 bytes
14:21:33.274221 52:54:00:1d:70:70 > d6:0e:51:5f:24:da, ethertype IPv4 (0x0800), length 74: 172.18.214.24.53378 > 172.16.56.99.80: Flags [S], seq 654135808, win 29200, options [mss 1460,sackOK,TS val 26711514 ecr 0,nop,wscale 7], length 0
14:21:33.274313 d6:0e:51:5f:24:da > 52:54:00:1d:70:70, ethertype IPv4 (0x0800), length 74: 172.16.56.99.80 > 172.18.
14:21:33.361838 52:54:00:1d:70:70 > d6:0e:51:5f:24:da, ethertype IPv4 (0x0800), length 66: 172.18.214.24.53378 > 172.16.56.99.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 26711535 ecr 1673755], length 0
14:21:33.816452 52:54:00:1d:70:70 > d6:0e:51:5f:24:da, ethertype IPv4 (0x0800), length 71: 172.18.214.24.53378 > 172.16.56.99.80: Flags [P.], seq 1:6, ack 1, win 229, options [nop,nop,TS val 26711649 ecr 1673755], length 5
14:21:33.816597 d6:0e:51:5f:24:da > 52:54:00:1d:70:70, ethertype IPv4 (0x0800), length 253: 172.16.56.99.80 > 172.18.
14:21:33.892212 52:54:00:1d:70:70 > d6:0e:51:5f:24:da, ethertype IPv4 (0x0...