openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #24189
Re: [Quantum] second tenant's several VMs' floating ip can't be accessed.
Good job guys.
I reckon we might make users' life easier if we change naming strategy for
default security groups to 'default-$tenant_id'
On the other hand this is not a priority since as an admin user I guess you
can already get that information properly choosing the fields to display.
Salvatore
On 4 June 2013 09:23, Li, Leon <Leon.Li2@xxxxxxx> wrote:
> Aaron,****
>
> ** **
>
> It really works after I add the icmp rule for my second tenant. Thanks for
> your help!****
>
> ** **
>
> Leon****
>
> ** **
>
> *From:* Aaron Rosen [mailto:arosen@xxxxxxxxxx]
> *Sent:* 2013年6月4日 10:37
>
> *To:* Li, Leon
> *Cc:* openstack-operators@xxxxxxxxxxxxxxxxxxx;
> openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx)
> *Subject:* Re: [Openstack] [Quantum] second tenant's several VMs'
> floating ip can't be accessed.****
>
> ** **
>
> You are probably running quantum commands as an admin user that's why you
> got the error:
> Multiple security_group matches found for name 'default', use an ID to be
> more specific.
>
> If you run quantum security-group-list
>
> and then:
>
> quantum security-group-rule-create --protocol icmp --direction ingress
> <group_uuid> ****
>
> ** **
>
> for each default security group. ****
>
> ** **
>
> I'm guessing the security group for your second tenant does not have this
> rule as I don't see two icmp rules in the security-group-rule-list output
> you pasted. ****
>
> ** **
>
> Aaron****
>
> ** **
>
> ** **
>
> On Mon, Jun 3, 2013 at 7:05 PM, Li, Leon <Leon.Li2@xxxxxxx> wrote:****
>
> Aaron,****
>
> ****
>
> Thanks for helping.****
>
> Actually I already have had this rule:****
>
> (quantum) security-group-rule-list****
>
>
> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
> ****
>
> | id | security_group | direction |
> protocol | remote_ip_prefix | remote_group |****
>
>
> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
> ****
>
> | 1a5867db-864b-4ae9-a423-092f3c25d710 | default | ingress
> | | | default |****
>
> | 5449c312-00ba-4625-813f-1d7f06bb8259 | default | ingress |
> tcp | 0.0.0.0/0 | |****
>
> | 59166d99-0901-4c58-8bf3-ff46cfd4bb01 | default | egress
> | | | |****
>
> | 79708fb2-50b1-4c7b-82a5-5cd0275603ad | default | egress
> | | | |****
>
> | 940a2743-859a-444c-9c3c-0204995e87ba | default | ingress
> | | | default |****
>
> | a7812053-a913-4288-bbd3-c5f225f38d13 | default | ingress
> | | | default |****
>
> | b160a8cf-7ca0-4da6-b238-68315b199314 | default | egress
> | | | |****
>
> | bce886e7-74d2-46bc-aba6-5928a17b2c74 | default | ingress
> | | | default |****
>
> | c3ccbe23-5d44-4cbc-991d-a5df29aa5300 | default | ingress
> | | | default |****
>
> | c86af4d4-d6eb-4b15-a23c-1d84d8b27716 | default | egress
> | | | |****
>
> | c9b96941-c652-4b24-9162-4a1dcd999088 | default | ingress |
> icmp | 0.0.0.0/0 | |****
>
> | dd26aab7-7641-4ad8-ac53-fe443f41ab5f | default | ingress
> | | | default |****
>
> | f87eeaea-4b97-4995-968e-34f127d09bd3 | default | egress
> | | | |****
>
> | fc7d35d0-d2b6-4df1-a03b-ca28c5e5c487 | default | egress
> | | | |****
>
>
> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
> ****
>
> (quantum) security-group-rule-create --protocol icmp --direction ingress
> default****
>
> Multiple security_group matches found for name 'default', use an ID to be
> more specific.****
>
> (quantum)****
>
> ****
>
> Actualy my first tenant’s several VMs don’t have network issue. Can ping
> their’s floating IP from Internet.****
>
> However my second tenant’s several VMs have same network issue: can ping
> Internet from vm, but can’t ping their floating IP from Internet.****
>
> ****
>
> Leon****
>
> ****
>
> *From:* Aaron Rosen [mailto:arosen@xxxxxxxxxx]
> *Sent:* 2013年6月4日 9:03
> *To:* Li, Leon
> *Cc:* openstack-operators@xxxxxxxxxxxxxxxxxxx;
> openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx)
> *Subject:* Re: [Openstack] [Quantum] second tenant VM's floating ip can't
> be accessed.****
>
> ****
>
> Hi Li, ****
>
> ****
>
> If you can ping out to the internet from your second vm but not back in
> it's most likely related to security groups. ****
>
> ****
>
> I'd try running: quantum security-group-rule-create --protocol icmp
> --direction ingress default ****
>
> ****
>
> and see if that allows ping from the internet to be received. ****
>
> ****
>
> Aaron****
>
> ****
>
> On Mon, Jun 3, 2013 at 2:43 AM, Li, Leon <Leon.Li2@xxxxxxx> wrote:****
>
> Hi all,****
>
> ****
>
> I set up an openstack recently. My first tenant’s VMs’ floating IP work
> fine. All of them is pingable from “Internet”.****
>
> However on second tenant, via GUI or CLI I can successfully assign
> floating IPs to VMs, but they are not pingable. Meanwhile, I can ping
> Internet from VM’s private network(IP).****
>
> My environment: Grizzly. Quantum. 3 physical servers. One is controller;
> one is network; and the other is compute node. GRE tunnel.****
>
> Anyone has idea? Thanks for your help.****
>
> ****
>
> Leon****
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp****
>
> ****
>
> ** **
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
References
