openstack: pas de ping à l'instance de la passerelle de neutrons / 0 - erreur "hôte de destination inaccessible"
J'ai effectué une installation de nœud de cluster à l'aide de ce guide [OpenStack Charms Deployment Guide]. ( https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/install-maas.html ), où le type de réseau est un réseau plat et les composants utilisés sont:
- Maas
- Juju
- Pile ouverte.
Mon laboratoire dispose du plan de réseau suivant:
+-------------+
Firewall
10.20.81.254
+-------------+
|
+-------------------------------------------------------------+
Switch
vlan81 vlan81 vlan81
+-------------------------------------------------------------+
| | || || || ||
+--------------+ +------------+ +------------------+
|Maas+Juju |Juju Gui| |Openstack
|10.20.81.1 |10.20.81.2 |10.20.81.21-24
+--------------+ +-------------+ +------------------+
|
+--------------------------------------------+
Private Subnet-1 Public Subnet-2
10.0.0.0/24 10.20.81.0/24
+---+----+--+ +----+------+
| | +----+ |
| | | | |
| +--------+ VR +-------------+
| | |
+--+-+ +----+
| |
| VM |
| .9 |
| |
mon laboratoire:
1 IBM System 3540 M4 Maas (500GB HDD - 8GB RAM - 1 Nic)
1 IBM System 3540 M4 Juju (500GB HDD - 8GB RAM -1 Nic)
4 IBM System 3540 M4 Openstack (500GBx2 HDD - 16GB RAM - 2 Nic)
1 Palo Alto Network Firewall
Plan de propriété intellectuelle:
Public Network: 10.20.81.0/24
Private Network: 10.0.0.0/24
Maas: 10.20.81.1
Juju: 10.20.81.2
Openstack: 10.20.81.21-24
Gateway 10.20.81.254
Private Network 10.0.0.0/24
Instance: 10.0.0.9 - 10.20.81.215 (floating)
Openstack Router: 
Groupe de sécurité Openstack: 
Itinéraire Maas:
$: ip route
default via 10.20.81.254 dev enp2s0 proto static
10.20.81.0/24 dev enp2s0 proto kernel scope link src 10.20.81.1
Contrôleur Juju:
ubuntu@juju-controller:~$ ip route
default via 10.20.81.254 dev enp8s0 proto static
10.20.81.0/24 dev enp8s0 proto kernel scope link src 10.20.81.2
Nœuds de calcul:
ubuntu@os-compute01:~$ ip route
default via 10.20.81.254 dev br-eno2 proto static
10.20.81.0/24 dev br-eno2 proto kernel scope link src 10.20.81.21
10.38.53.0/24 dev lxdbr0 proto kernel scope link src 10.38.53.1
ubuntu@os-compute02:~$ ip route
default via 10.20.81.254 dev br-eno2 proto static
10.20.81.0/24 dev br-eno2 proto kernel scope link src 10.20.81.22
10.104.230.0/24 dev lxdbr0 proto kernel scope link src 10.104.230.1
ubuntu@os-compute03:~$ ip route
default via 10.20.81.254 dev br-eno2 proto static
10.20.81.0/24 dev br-eno2 proto kernel scope link src 10.20.81.23
10.126.34.0/24 dev lxdbr0 proto kernel scope link src 10.126.34.1
ubuntu@os-compute04:~$ ip route
default via 10.20.81.254 dev br-eno2 proto static
10.20.81.0/24 dev br-eno2 proto kernel scope link src 10.20.81.24
10.72.47.0/24 dev lxdbr0 proto kernel scope link src 10.72.47.1
Routeur:
$:openstack router show u1804Ro
Password:
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2019-02-28T22:27:36Z |
| description | |
| distributed | False |
| external_gateway_info | {"network_id": "e2ba9320-b1cb-4fd8-acd8-b4d9df9df819", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "b3ae37b6-487b-4063-8d69-ec849fd9c9c7", "ip_address": "10.20.81.212"}]} |
| flavor_id | None |
| ha | False |
| id | fc288112-3fce-405d-9c3f-5451253de4f0 |
| interfaces_info | [{"subnet_id": "c7fcfa82-ec70-4917-8f24-7074bf22743b", "ip_address": "10.0.0.1", "port_id": "84693247-3f86-4c84-b0f6-aa8bd95c6c16"}] |
| name | u1804Ro |
| project_id | 1f4809b5083549c1a35c4c023487752c |
| revision_number | 8 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2019-03-01T14:02:46Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Liste des groupes de sécurité
$:openstack security group list
Password:
+--------------------------------------+----------+-----------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+----------+-----------------------------+----------------------------------+
| 57f3fbd9-7574-4116-826f-083a1241bc0f | default | Default security group | 3e59e7cde179423abcdce8fe431fbea0 |
| c242b952-8b07-4d25-b24e-ada213cc116f | u1804Sec | Security Group for u1804Pro | 3e59e7cde179423abcdce8fe431fbea0 |
+--------------------------------------+----------+-----------------------------+----------------------------------+
Liste de règles du groupe de sécurité
$:openstack security group rule list
Password:
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
| 07b3bd3f-cc62-409c-bc65-62eea6c7b3ea | None | None | | 57f3fbd9-7574-4116-826f-083a1241bc0f | 57f3fbd9-7574-4116-826f-083a1241bc0f |
| 34216d9f-f5fc-44a3-9e1a-ac52b0cdc334 | None | None | | None | 57f3fbd9-7574-4116-826f-083a1241bc0f |
| 472eff92-c0f8-4a7e-806d-de98fe066d8f | tcp | 0.0.0.0/0 | 22:22 | None | c242b952-8b07-4d25-b24e-ada213cc116f |
| 8f101215-759d-48bc-b665-bd72463ecb3d | None | None | | None | c242b952-8b07-4d25-b24e-ada213cc116f |
| a6a0e040-3cc8-4cc3-bedf-2aa1adc52018 | None | None | | None | 57f3fbd9-7574-4116-826f-083a1241bc0f |
| d4346b18-65b3-49a6-9763-05229e468dac | None | None | | 57f3fbd9-7574-4116-826f-083a1241bc0f | 57f3fbd9-7574-4116-826f-083a1241bc0f |
| dc9f8a32-7315-493a-b8ed-9b5919afc2c8 | None | None | | None | c242b952-8b07-4d25-b24e-ada213cc116f |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+--------------------------------------+
quelqu'un peut-il m'aider à résoudre ce problème? Merci d'avance
mise à jour le 23/03/19:
Je peux cingler les eths virtuels de la passerelle à neutrons:
De MAAS
$: juju ssh neutron-gateway/0
ensuite
ubuntu@os-compute01:~$ ip netns list
qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 (id: 4)
qdhcp-feb5596f-b201-4e01-9c04-64abd1273d2f (id: 3)
résultat du ping sur le routeur eth on:
ubuntu@os-compute01:~$ ip netns exec qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 ping 10.20.81.212
PING 10.20.81.212 (10.20.81.212) 56(84) bytes of data.
64 bytes from 10.20.81.212: icmp_seq=1 ttl=64 time=0.085 ms
64 bytes from 10.20.81.212: icmp_seq=2 ttl=64 time=0.054 ms
ubuntu@os-compute01:~$ Sudo ip netns exec qdhcp-feb5596f-b201-4e01-9c04-64abd1273d2f ping 10.0.0.2
PING 10.0.0.1 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=1.32 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.096 ms
si j'essaie d'envoyer une requête ping à l'instance ou à son adresse IP flottante attribuée, ils sont inaccessibles
ubuntu@os-compute01:~$ Sudo ip netns exec qdhcp-feb5596f-b201-4e01-9c04-64abd1273d2f ping 10.0.0.9
PING 10.0.0.9 (10.0.0.9) 56(84) bytes of data.
From 10.0.0.2 icmp_seq=1 Destination Host Unreachable
From 10.0.0.2 icmp_seq=2 Destination Host Unreachable
ubuntu@os-compute01:~$ Sudo ip netns exec qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 ping 10.20.81.215
PING 10.20.81.215 (10.20.81.215) 56(84) bytes of data.
From 10.20.81.215 icmp_seq=1 Destination Host Unreachable
From 10.20.81.215 icmp_seq=2 Destination Host Unreachable
son itinéraire est:
ubuntu@os-compute03:~$ Sudo ip netns exec qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 ip route
default via 10.20.81.254 dev qg-2af6bb57-15
10.0.0.0/24 dev qr-b089085a-11 proto kernel scope link src 10.0.0.1
10.20.81.0/24 dev qg-2af6bb57-15 proto kernel scope link src 10.20.81.212
Mise à jour 01/04/19:
En changeant le type d'image chargée sur Opentstack, de LXD (bionic-server-cloudimg-AMD64-lxd.tar.) À IMG (bionic-server-cloudimg-AMD64.img), le ping fonctionne désormais correctement.
ubuntu@os-compute01:~$ Sudo ip netns exec qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 ping 10.0.0.9
PING 10.0.0.9 (10.0.0.9) 56(84) bytes of data.
64 bytes from 10.0.0.9: icmp_seq=1 ttl=64 time=0.075 ms
64 bytes from 10.0.0.9: icmp_seq=2 ttl=64 time=0.070 ms
et sa propre adresse IP flottante
ubuntu@os-compute02:~$ Sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ping 10.20.81.220
PING 10.20.81.220 (10.20.81.220) 56(84) bytes of data.
64 bytes from 10.20.81.220: icmp_seq=1 ttl=64 time=0.608 ms
64 bytes from 10.20.81.220: icmp_seq=2 ttl=64 time=0.550 ms
le reste des ensembles sur Openstack sont les mêmes que ceux utilisés au début.