Search code examples
ansibleopenstackpingconnectivity

Kolla Ansilble: Openstack Instances Unable to access Internet or eachother

I am a newbie to openstack (deployed using kolla-ansible) and have created two instances both are ubuntu 20.04 VMs. I am able to ping and ssh them from the host machine (192.168.211.133) and vice versa. However instances are unable to access internet. The virtual router is also unable to access internet:

Configuration of one of the machine is below;

root@kypo-virtual-machine:/etc/apt/sources.list.d# ip netns ls
qrouter-caca1d42-86b4-42a2-b591-ec7a90437029 (id: 1)
qdhcp-0ec41857-9420-4322-9fef-e332c034e98e (id: 0) 


root@kypo-virtual-machine:/etc/apt/sources.list.d# ip netns e qrouter-caca1d42-86b4-42a2-b591-ec7a90437029 route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.211.1   0.0.0.0         UG    0      0        0 qg-f31a26b7-25
192.168.64.0    0.0.0.0         255.255.192.0   U     0      0        0 qr-e5c8842c-c2
192.168.211.0   0.0.0.0         255.255.255.0   U     0      0        0 qg-f31a26b7-25

Netplan of instance shows:

# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    version: 2
    ethernets:
        ens3:
           dhcp4: true
           match:
               macaddress: fa:16:3e:a7:9d:70
           mtu: 1450
           set-name: ens3

And IP sheme is:

  ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
      valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc 
 fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:a7:9d:70 brd ff:ff:ff:ff:ff:ff
    inet 192.168.65.39/18 brd 192.168.127.255 scope global dynamic ens3
       valid_lft 85719sec preferred_lft 85719sec
     inet6 fe80::f816:3eff:fea7:9d70/64 scope link 
       valid_lft forever preferred_lft forever

From Horizon

IP Addresses

kypo-base-net
    192.168.65.39,  192.168.211.250 

Security Groups

kypo-base-proxy-sg

        ALLOW IPv6 to ::/0
        ALLOW IPv4 icmp from 0.0.0.0/0
        ALLOW IPv4 22/tcp from 0.0.0.0/0
        ALLOW IPv4 udp from b9904736-6d8a
        ALLOW IPv4 tcp from b9904736-6d8a
        ALLOW IPv4 tcp from 73ca626b-7cfb
        ALLOW IPv4 udp from 73ca626b-7cfb
        ALLOW IPv4 to 0.0.0.0/0
Solution

  • I was able to resolve the issue by pinpointing that the gateway used by the virtual router (192.168.211.1) was different form the one used by my host VM (192.168.211.2).

    kypo@kypo-virtual-machine:/etc/kolla$ ip route show
default via 192.168.211.2 dev ens33 proto dhcp 
src 192.168.211.133 metric 100

    I modify the gateway;

    openstack subnet set --gateway 192.168.211.2 public-subnet

    And now my instances are able to access internet.

    The main reason for this configuration issue was while creating the subnet I used auto for --gateway option and obviously it didn't pick the correct gateway.