How to expose the Devstack floating ip to the external world?

女生的网名这么多〃 提交于 2019-12-29 09:56:10

问题


To this project, my hardware configuration is a host ESXi 6.7 (OS boot USB 8GB), i7, 8 vCPU, 16GB RAM, 128GB SSD and 500GB HDD.
And I created a single vm (7 vCPU, 15GB RAM, 100GB SSD, 1 NIC) and I installed Ubuntu 18.04 (LVM filesystems).
I installed the Devstack with “stack.sh”.
My Devstack “local.conf” includes those lines about the network:

[[local|localrc]]
...
IP_VERSION=4
HOST_IP=192.168.1.104
FLOATING_RANGE="192.168.1.224/27"
Q_FLOATING_ALLOCATION_POOL=start=192.168.1.226,end=192.168.1.254

Devstack script added vibr0 and br-ex:

ens160: 192.168.1.104, 
virbr0: 192.168.122.1
br-ex:  192.168.1.225
stack@devstack:~$ ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.1.104/24 brd 192.168.1.255 scope global ens160
       valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
8: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 192.168.1.225/27 scope global br-ex
       valid_lft forever preferred_lft forever

Installation done, using the dashboard Horizon and Project demo :

  1. In Security Groups I added ingress rules to ICMP, SSH and also HTTP and HTTPS;
  2. In the private Network, I edited private-subnet to add a DNS Name Servers (8.8.8.8, 1.1.1.1, etc);
  3. I allocated some Floating IP's;
  4. I launched some Cirros instances;
  5. I associated a floating IP to each instance.

Tip 1: Good idea to create a key pair and save the private key.
Tip 2: WIth Ubuntu 16, to set a user/password to the cloud image, in “Launch instance”, you can put those lines in Configuration:

#!/bin/bash
echo "root:secret" | chpasswd

Now, I can:

  • From my Cirros VM’s, reach my local network and the internet (ping google.com);
  • From a Cirros VM, ping another Cirros VM (ping 10.0.0.x or 192.168.1.x);
  • From my Devstack VM, ping my Cirros VM’s by ip (ping 192.168.1.236).

I can even, in the Devstack host, create iptable NAT rules to expose VM specific ports. By example:

sudo iptables -t nat -A PREROUTING -p tcp --dport 60080 -j DNAT --to 192.168.1.236:80

BUT, and this is my problem:
I can not to directly reach my Cirros VM floating ip from outer devstack host machine.
I don't know how to expose a floating ip to the world!

So, my question is how to expose a Devstack floating ip to the external world?

More notes:

  • Since I can ping 192.168.1.225 outer than Devstack host, I tested to create a static route in my router, but that didn't solve my problem (or I did some mistake!).
  • I put the VMware vSwitch in promiscuous mode, but no effect.

回答1:


Well, after 5 days of research, lecture and harassment from stackoverflow reviewers, I found those lines to solve my problem:

echo 1 > /proc/sys/net/ipv4/conf/ens160/proxy_arp
iptables -t nat -A POSTROUTING -o ens160 -j MASQUERADE

Openstack VM is not accessible on LAN

Openstack in a box: Setting up Devstack Havana on your local network

Good Luck.



来源:https://stackoverflow.com/questions/59109557/how-to-expose-the-devstack-floating-ip-to-the-external-world

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!