Yuf
Yuf
Yuf
Yuf
Yuf
Yuf
Artem
Вот смотри
Artem
nova secgroup-list-rules default
/usr/lib/python2.7/dist-packages/novaclient/client.py:278: UserWarning: The 'tenant_id' argument is deprecated in Ocata and its use may result in errors in future releases. As 'project_id' is provided, the 'tenant_id' argument will be ignored.
warnings.warn(msg)
WARNING: Command secgroup-list-rules is deprecated and will be removed after Nova 15.0.0 is released. Use python-neutronclient or openstackclient instead.
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
| | | | | default |
| | | | | default |
+-------------+-----------+---------+----------+--------------+
Artem
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
Artem
А вот правила для ICMP, у тебя их нет
Yuf
блин
Vyacheslav
все же очевидно
Yuf
какой я тупой
Yuf
(((
Yuf
подозревал что это сек группы
Artem
created_at='2017-04-05T09:14:29Z', direction='ingress', ethertype='IPv4', id='9db7b2fc-bb8e-4518-842a-d10e6b7ab5cd', protocol='icmp', remote_ip_prefix='0.0.0.0/0', |
| | revision_number='1', updated_at='2017-04-05T09:14:29Z'
Yuf
добавил
Yuf
Yuf
тоже самое
Yuf
Yuf
Yuf
40.254 это циска
Yuf
а вот tcpdump
Yuf
Vyacheslav
а вот tcpdump
а что собственно вы хотите? Циска пингуется с vRouter, но дальше не пускает. При чем здесь Openstack?
Vyacheslav
далее, как я понимаю вы живете вообще без vRouter по схеме сети
Yuf
я хотел бы чтоб инстансы выходили в инет через vrouter
Vyacheslav
в смысле трафик с vm идет на Циску.
Yuf
а vrouter через циску
Yuf
или моя задача не реальна ?
Vyacheslav
а vrouter через циску
тогда все не так. Надо создать virtual network с subnet, зааттачить на vRouter, далее все VM туда
Vyacheslav
neutron net-list
Yuf
есть две сетки
Yuf
# openstack network list
+--------------------------------------+---------+----------------------------------------------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+---------+----------------------------------------------------------------------------+
| 52ec5b44-005a-4db4-82d9-a79d503bfe0d | ext_net | a5f77080-9510-432d-a31a-911ed6dad3a9 |
| e2b12d8e-b23a-4d41-a3da-6fb4484f4018 | int_net | c92d438c-38bb-4a2a-b819-70111e864aad, f06c3e30-212d-4192-bfe6-3e61573275c9 |
+--------------------------------------+---------+----------------------------------------------------------------------------+
[root@
Yuf
Vyacheslav
ага, а почему на vRouter 1 интерфейс?
Yuf
# openstack router show router02
+-------------------------+------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2017-04-21T22:20:31Z |
| description | |
| distributed | False |
| external_gateway_info | {"network_id": "52ec5b44-005a-4db4-82d9-a79d503bfe0d", "enable_snat": true, "external_fixed_ips": [{"subnet_id": |
| | "a5f77080-9510-432d-a31a-911ed6dad3a9", "ip_address": "10.10.40.17"}]} |
| flavor_id | None |
| ha | False |
| id | 9d8940d1-340c-41d3-a8c4-bd8a8b7bf706 |
| name | router02 |
| project_id | 5e492e9f5d614bdab6edf8c16a18f5a8 |
| revision_number | 7 |
| routes | |
| status | ACTIVE |
| updated_at | 2017-04-22T13:41:47Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------+
[root@
Yuf
где вы увидели 1 интерфейс ?
Vyacheslav
neutron router-port-list
Yuf
блин
Yuf
я чтото напартачил (((
Yuf
Yuf
# neutron router-port-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
usage: neutron router-port-list [-h] [-f {csv,json,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--print-empty] [--noindent]
[--quote {all,minimal,none,nonnumeric}]
[--request-format {json}] [-D] [-F FIELD]
[-P SIZE] [--sort-key FIELD]
[--sort-dir {asc,desc}]
ROUTER
neutron router-port-list: error: too few arguments
Try 'neutron help router-port-list' for more information.
[root@
Yuf
openstack router-port-list
openstack: 'router-port-list' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
orchestration build info
orchestration resource type list
orchestration resource type show
orchestration service list
orchestration template function list
orchestration template validate
orchestration template version list
[root@
Yuf
# openstack router port list
openstack: 'router port list' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
router add port
router add subnet
router create
router delete
router list
router remove port
router remove subnet
router set
router show
router unset
consumer create
consumer delete
consumer list
consumer set
consumer show
software config create
software config delete
software config list
software config show
software deployment create
software deployment delete
software deployment list
software deployment metadata show
software deployment output show
software deployment show
[root@
Yuf
есть только удаление порта и добавление
Yuf
Vyacheslav
все верно, neutron router-port-list 9d8940d1-340c-41d3-a8c4-bd8a8b7bf706
Yuf
нашел
Yuf
# openstack port list
+--------------------------------------+------+-------------------+----------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+----------------------------------------------------+--------+
| 0ce89105-408e-4920-a82a-6d228d36deb9 | | fa:16:3e:87:ee:ce | ip_address='10.10.30.6', subnet_id='c92d438c-38bb- | ACTIVE |
| | | | 4a2a-b819-70111e864aad' | |
| 172815ee-c0ab-4a63-8c9d-82d3c38e83c5 | | fa:16:3e:a3:79:04 | ip_address='10.10.30.2', subnet_id='c92d438c-38bb- | ACTIVE |
| | | | 4a2a-b819-70111e864aad' | |
| 182ae99b-7c12-41d6-a8e1-ae06c51e4f9f | | fa:16:3e:0f:bb:b2 | ip_address='10.10.40.17', subnet_id='a5f77080-9510 | ACTIVE |
| | | | -432d-a31a-911ed6dad3a9' | |
| 20f84f2c-ced7-4284-ae24-0b5c399c4009 | | fa:16:3e:b0:09:9c | ip_address='10.10.29.1', | ACTIVE |
| | | | subnet_id='f06c3e30-212d-4192-bfe6-3e61573275c9' | |
| 30a109e8-23ef-49d9-bf18-2585cfba01b1 | | fa:16:3e:01:15:c5 | ip_address='10.10.40.208', | ACTIVE |
| | | | subnet_id='a5f77080-9510-432d-a31a-911ed6dad3a9' | |
| 343681a1-18fc-467d-bc87-6fa1fba8280c | | fa:16:3e:a2:ff:24 | ip_address='10.10.40.201', | N/A |
| | | | subnet_id='a5f77080-9510-432d-a31a-911ed6dad3a9' | |
| 3b8d36d2-ab36-412a-bb2b-45c0399b2f37 | | fa:16:3e:1d:0c:d7 | ip_address='10.10.30.3', subnet_id='c92d438c-38bb- | ACTIVE |
| | | | 4a2a-b819-70111e864aad' | |
| 9571847e-3ffc-4732-ac43-ba80134f71dc | | fa:16:3e:ce:87:36 | ip_address='10.10.30.5', subnet_id='c92d438c-38bb- | ACTIVE |
| | | | 4a2a-b819-70111e864aad' | |
| efb3086d-55ff-492a-a781-6aaabe655607 | | fa:16:3e:26:d9:04 | ip_address='10.10.30.1', subnet_id='c92d438c-38bb- | ACTIVE |
| | | | 4a2a-b819-70111e864aad' | |
+--------------------------------------+------+-------------------+----------------------------------------------------+--------+
[root@n
Yuf
# neutron router-port-list 9d8940d1-340c-41d3-a8c4-bd8a8b7bf706
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+------+-----------+-------------------+--------------------------------------------------+
| id | name | tenant_id | mac_address | fixed_ips |
+--------------------------------------+------+-----------+-------------------+--------------------------------------------------+
| 182ae99b-7c12-41d6-a8e1-ae06c51e4f9f | | | fa:16:3e:0f:bb:b2 | {"subnet_id": "a5f77080-9510-432d-a31a- |
| | | | | 911ed6dad3a9", "ip_address": "10.10.40.17"} |
+--------------------------------------+------+-----------+-------------------+--------------------------------------------------+
[root@n
Vyacheslav
нуу, а где 2-й интерфейс, тот что внутренний?
Vyacheslav
далее, не совсем понятно зачем 2 роутера делать на 1 сеть, кто из них будет дефолт?
Yuf
это я игрался
Yuf
щас удалю 17
Yuf
оставлю только 208
Yuf
Vyacheslav
как только vm запингует 10.10.40.254, мяч не на нашей стороне ;)
Vyacheslav
10.10.29.1 тоже в топку
Yuf
вм не пингует 254
Yuf
(((
Yuf
Vyacheslav
а 208?
Vyacheslav
а ну да
Yuf
блин глюк какой то
Yuf
на карте показывает вроутер
Yuf
а в ip net нет
Yuf
Vyacheslav
ip netns list
Yuf
это после того как удалил
Yuf
[root@nasimi1 neutron(keystone)]# ip netns list
qdhcp-e2b12d8e-b23a-4d41-a3da-6fb4484f4018
[root@nasimi1 neutron(keystone)]#
Yuf
это глюк горизона ?
Yuf
Vyacheslav
не, neutron router-port-list <id>
Yuf
# neutron router-port-list ff6f8af1-7d2e-4519-9625-8a1e7eacb567
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+-------------------------------------+------+----------------------------------+-------------------+-------------------------------------+
| id | name | tenant_id | mac_address | fixed_ips |
+-------------------------------------+------+----------------------------------+-------------------+-------------------------------------+
| 20f84f2c- | | 5e492e9f5d614bdab6edf8c16a18f5a8 | fa:16:3e:b0:09:9c | {"subnet_id": "f06c3e30-212d-4192-b |
| ced7-4284-ae24-0b5c399c4009 | | | | fe6-3e61573275c9", "ip_address": |
| | | | | "10.10.29.1"} |
| 30a109e8-23ef- | | | fa:16:3e:01:15:c5 | {"subnet_id": "a5f77080-9510-432d- |
| 49d9-bf18-2585cfba01b1 | | | | a31a-911ed6dad3a9", "ip_address": |
| | | | | "10.10.40.208"} |
| efb3086d-55ff- | | 5e492e9f5d614bdab6edf8c16a18f5a8 | fa:16:3e:26:d9:04 | {"subnet_id": "c92d438c-38bb- |
| 492a-a781-6aaabe655607 | | | | 4a2a-b819-70111e864aad", |
| | | | | "ip_address": "10.10.30.1"} |
+-------------------------------------+------+----------------------------------+-------------------+-------------------------------------+
[root@
Vyacheslav
значит не горизонт, ребутни l3 агента
Yuf
Yuf
щас
Yuf
тоже самое
Yuf
# ip netns list
qdhcp-e2b12d8e-b23a-4d41-a3da-6fb4484f4018
[root@