问题
To this project, my hardware configuration is a host ESXi 6.7 (OS boot USB 8GB), i7, 8 vCPU, 16GB RAM, 128GB SSD and 500GB HDD.
And I created a single vm (7 vCPU, 15GB RAM, 100GB SSD, 1 NIC) and I installed Ubuntu 18.04 (LVM filesystems).
I installed the Devstack with “stack.sh”.
My Devstack “local.conf” includes those lines about the network:
[[local|localrc]]
...
IP_VERSION=4
HOST_IP=192.168.1.104
FLOATING_RANGE="192.168.1.224/27"
Q_FLOATING_ALLOCATION_POOL=start=192.168.1.226,end=192.168.1.254
Devstack script added vibr0 and br-ex:
ens160: 192.168.1.104,
virbr0: 192.168.122.1
br-ex: 192.168.1.225
stack@devstack:~$ ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.1.104/24 brd 192.168.1.255 scope global ens160
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
inet 192.168.1.225/27 scope global br-ex
valid_lft forever preferred_lft forever
Installation done, using the dashboard Horizon and Project demo :
- In Security Groups I added ingress rules to ICMP, SSH and also HTTP and HTTPS;
- In the private Network, I edited private-subnet to add a DNS Name Servers (8.8.8.8, 1.1.1.1, etc);
- I allocated some Floating IP's;
- I launched some Cirros instances;
- I associated a floating IP to each instance.
Tip 1: Good idea to create a key pair and save the private key.
Tip 2: WIth Ubuntu 16, to set a user/password to the cloud image, in “Launch instance”, you can put those lines in Configuration:
#!/bin/bash
echo "root:secret" | chpasswd
Now, I can:
- From my Cirros VM’s, reach my local network and the internet (ping google.com);
- From a Cirros VM, ping another Cirros VM (ping 10.0.0.x or 192.168.1.x);
- From my Devstack VM, ping my Cirros VM’s by ip (ping 192.168.1.236).
I can even, in the Devstack host, create iptable NAT rules to expose VM specific ports. By example:
sudo iptables -t nat -A PREROUTING -p tcp --dport 60080 -j DNAT --to 192.168.1.236:80
BUT, and this is my problem:
I can not to directly reach my Cirros VM floating ip from outer devstack host machine.
I don't know how to expose a floating ip to the world!So, my question is how to expose a Devstack floating ip to the external world?
More notes:
- Since I can ping 192.168.1.225 outer than Devstack host, I tested to create a static route in my router, but that didn't solve my problem (or I did some mistake!).
- I put the VMware vSwitch in promiscuous mode, but no effect.
回答1:
Well, after 5 days of research, lecture and harassment from stackoverflow reviewers, I found those lines to solve my problem:
echo 1 > /proc/sys/net/ipv4/conf/ens160/proxy_arp
iptables -t nat -A POSTROUTING -o ens160 -j MASQUERADE
Openstack VM is not accessible on LAN
Openstack in a box: Setting up Devstack Havana on your local network
Good Luck.
来源:https://stackoverflow.com/questions/59109557/how-to-expose-the-devstack-floating-ip-to-the-external-world