Ubuntu

Devstack (Libvirt driver) install on Ubuntu 14.04.2 floating IPs not working

Bug #1426280 reported by Boris Derzhavets
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu
New
Undecided
Unassigned

Bug Description

$ git clone https://git.openstack.org/openstack-dev/devstack
    $ cd devstack
    $ ./stack.sh

 Tested on VMs (F21 KVM Hypervisor) 4 GB RAM , 2 VCPUs running stack.sh instance with Ubuntu 14.04.2 (1).

  My local.conf.

    [[local|localrc]]
    HOST_IP=192.169.142.52
    ADMIN_PASSWORD=secret
    MYSQL_PASSWORD=secret
    RABBIT_PASSWORD=secret
    SERVICE_PASSWORD=secret
    FLOATING_RANGE=192.168.10.0/24
    FLAT_INTERFACE=eth0
    Q_FLOATING_ALLOCATION_POOL=start=192.168.10.150,end=192.168.10.254
    PUBLIC_NETWORK_GATEWAY=192.168.10.15
    SERVICE_TOKEN=super-secret-admin-token

    DEST=$HOME/stack
    SERVICE_DIR=$DEST/status
    DATA_DIR=$DEST/data
    LOGFILE=$DEST/logs/stack.sh.log
    LOGDIR=$DEST/logs

    FIXED_RANGE=10.254.1.0/24
    NETWORK_GATEWAY=10.254.1.1

    # Services
    disable_service n-net
    enable_service q-svc
    enable_service q-agt
    enable_service q-dhcp
    enable_service q-l3
    enable_service q-meta
    enable_service horizon
    disable_service tempest

Security rules ( demo tenant, I ran `cd dev* && . openrc demo` )

    ubuntu@ubuntu-vm:~/devstack$ nova secgroup-list-rules default
    +-------------+-----------+---------+-----------+--------------+
    | IP Protocol | From Port | To Port | IP Range | Source Group |
    +-------------+-----------+---------+-----------+--------------+
    | | | | | default |
    | icmp | -1 | -1 | 0.0.0.0/0 | |
    | | | | | default |
    | tcp | 22 | 22 | 0.0.0.0/0 | |
    +-------------+-----------+---------+-----------+--------------+

I can login to VF21 instance only via qdhcp-namespace

    ubuntu@ubuntu-vm:~/devstack$ . openrc demo
    ubuntu@ubuntu-vm:~/devstack$ sudo ip netns exec qdhcp-94d8a1e6-89bf-4162-9fc3-061a9bc17737 ssh -i osxkey.pem fedora@10.254.1.4
    Last login: Wed Feb 25 22:01:09 2015 from 10.254.1.3
    [fedora@vf21rsx01 ~]$ uname -a
    Linux vf21rsx01.novalocal 3.18.7-200.fc21.x86_64 #1 SMP Wed Feb 11 21:53:17 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

 I have internet access && can run yum -y update.

I ping from 192.169.142.153 (host running stack.sh instance ) floating IP 192.168.10.154 ( private IP 50.0.0.13) . `tcpdump -vv -i eth0` is running inside VM (192.168.10.154, 50.0.0.13)

    20:19:34.729398 IP (tos 0x0, ttl 63, id 42021, offset 0, flags [DF], proto ICMP (1), length 84)
        ip-192-169-142-53.ip.secureserver.net > 50-0-0-13.static.sonic.net: ICMP echo request, id 8588, seq 560, length 64
    20:19:34.729696 IP (tos 0x0, ttl 64, id 41602, offset 0, flags [none], proto ICMP (1), length 84)
        50-0-0-13.static.sonic.net > ip-192-169-142-53.ip.secureserver.net: ICMP echo reply, id 8588, seq 560, length 64
    20:19:35.729432 IP (tos 0x0, ttl 63, id 42096, offset 0, flags [DF], proto ICMP (1), length 84)
        ip-192-169-142-53.ip.secureserver.net > 50-0-0-13.static.sonic.net: ICMP echo request, id 8588, seq 561, length 64
    20:19:35.729742 IP (tos 0x0, ttl 64, id 41605, offset 0, flags [none], proto ICMP (1), length 84)
        50-0-0-13.static.sonic.net > ip-192-169-142-53.ip.secureserver.net: ICMP echo reply, id 8588, seq 561, length 64

Runtime snapshot

    ubuntu@ubuntu-vm2:~/devstack$ brctl show

    bridge name bridge id STP enabled interfaces
    qbr715a260e-b2 8000.0648d25a79c4 no qvb715a260e-b2
    qbra7a715f5-02 8000.522935fa9c61 no qvba7a715f5-02
                                        tapa7a715f5-02
    virbr0 8000.000000000000 y es

    ubuntu@ubuntu-vm2:~/devstack$ sudo ovs-vsctl show | grep a7a715f5-02
            Port "qvoa7a715f5-02"
                Interface "qvoa7a715f5-02"

    ICMP traffic is OK on "tapa7a715f5-02" , on "qvba7a715f5-02" ICMP replies from VM are already lost.
    So , they don't reach br-int via (qvba7a715f5-02,qvoa7a715f5-02) veth pair

See original description
Tags: bot-comment
Revision history for this message
Boris Derzhavets (bderzhavets) wrote :

Typo here, should be :-
I ping from 192.169.142.53 (host running stack.sh instance ) floating IP 192.168.10.154 ( private IP 50.0.0.13) . `tcpdump -vv -i eth0` is running inside VM (192.168.10.154, 50.0.0.13)

Revision history for this message
Boris Derzhavets (bderzhavets) wrote :

Bug update :- On "qbra7a715f5-02" ICMP replies from VM are already lost

description: updated
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1426280/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Revision history for this message
Boris Derzhavets (bderzhavets) wrote :

Correct command is :-
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
It keeps floating IPs 100% usable and security rules 100% effective
Command like :-
$ iptables -t nat -A POSTROUTING -s 172.24.4.0/24 -j MASQUERADE
disables floating IPs if 172.24.4.0/24 is devstack public network

Thank you for cooperation.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.