Re: [openstack-dev] Issues with IPTables
Quite a while. RDO's documentation for configuring multinode Packstack with Neutron was a bit lacking, so after attempting to get that working for a while, I switched to following the Basic Install Guide (http://docs.openstack.org/trunk/basic-install/content/basic-install_intro.html). I also found the basic install guide catered for Fedora (http://docs.openstack.org/trunk/basic-install/yum/content/basic-install_intro.html), but that is sorely lacking in the actual instruction department, and is missing several steps. If you would like, I can attach the raw draft of my notes. Eventually, some of the changes or clairifications should make their way into the actual OpenStack Docs. Best Regards, Solly Ross - Original Message - From: "Qing He" To: sr...@redhat.com Sent: Monday, September 16, 2013 1:14:42 PM Subject: RE: Issues with IPTables Solly, A side question, how long did this process take you? Thanks, Qing -Original Message- From: Solly Ross [mailto:sr...@redhat.com] Sent: Monday, September 16, 2013 10:11 AM To: OpenStack Development Mailing List Subject: [openstack-dev] Issues with IPTables In a enfort to improve/verify the Openstack Documentation with regards to RHEL and Fedora, I've been attempting to follow the basic install guides. I've managed to create a working installation and set of instructions. However, to do so I needed to disable the Neutron IPTables firewall, as it was blocking non-VM traffic. Namely, it was blocking the GRE packets being used by Neutron. Did I miss something, or is this a bug? Best Regards, Solly Ross ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Issues with IPTables
Solly, It would be great if you can share the notes. The reason I asked the question is that I'm trying to decide If I need to allocate development time in installation following the installation guide. The usual wisdom is that installation with detailed instruction would "take no time". However, your experience and mine showed the contrary. I have not finished mine following the Ubuntu installation guide. Thus, I was interested in knowing your effort spent on it so that I would know that it was not just me who had issues with the supposedly "plug and play" installation with the packages. Thanks, Qing -Original Message- From: Solly Ross [mailto:sr...@redhat.com] Sent: Monday, September 16, 2013 10:24 AM To: Qing He Cc: OpenStack Development Mailing List Subject: Re: Issues with IPTables Quite a while. RDO's documentation for configuring multinode Packstack with Neutron was a bit lacking, so after attempting to get that working for a while, I switched to following the Basic Install Guide (http://docs.openstack.org/trunk/basic-install/content/basic-install_intro.html). I also found the basic install guide catered for Fedora (http://docs.openstack.org/trunk/basic-install/yum/content/basic-install_intro.html), but that is sorely lacking in the actual instruction department, and is missing several steps. If you would like, I can attach the raw draft of my notes. Eventually, some of the changes or clairifications should make their way into the actual OpenStack Docs. Best Regards, Solly Ross - Original Message - From: "Qing He" To: sr...@redhat.com Sent: Monday, September 16, 2013 1:14:42 PM Subject: RE: Issues with IPTables Solly, A side question, how long did this process take you? Thanks, Qing -Original Message- From: Solly Ross [mailto:sr...@redhat.com] Sent: Monday, September 16, 2013 10:11 AM To: OpenStack Development Mailing List Subject: [openstack-dev] Issues with IPTables In a enfort to improve/verify the Openstack Documentation with regards to RHEL and Fedora, I've been attempting to follow the basic install guides. I've managed to create a working installation and set of instructions. However, to do so I needed to disable the Neutron IPTables firewall, as it was blocking non-VM traffic. Namely, it was blocking the GRE packets being used by Neutron. Did I miss something, or is this a bug? Best Regards, Solly Ross ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Issues with IPTables
Here you go. Keep in mind that I structured them more like their own install
guide. Basic tweaks were integrated into the steps, but larger issues are
noted at the bottom under the "notes" section.
Best Regards,
Solly Ross
- Original Message -
From: "Qing He"
To: "Solly Ross"
Cc: "OpenStack Development Mailing List"
Sent: Monday, September 16, 2013 1:37:02 PM
Subject: RE: Issues with IPTables
Solly,
It would be great if you can share the notes. The reason I asked the question
is that I'm trying to decide If I need to allocate development time in
installation following the installation guide. The usual wisdom is that
installation with detailed instruction would "take no time". However, your
experience and mine showed the contrary. I have not finished mine following the
Ubuntu installation guide. Thus, I was interested in knowing your effort spent
on it so that I would know that it was not just me who had issues with the
supposedly "plug and play" installation with the packages.
Thanks,
Qing
-Original Message-
From: Solly Ross [mailto:sr...@redhat.com]
Sent: Monday, September 16, 2013 10:24 AM
To: Qing He
Cc: OpenStack Development Mailing List
Subject: Re: Issues with IPTables
Quite a while. RDO's documentation for configuring multinode Packstack with
Neutron was a bit lacking, so after attempting to get that working for a while,
I switched to following the Basic Install Guide
(http://docs.openstack.org/trunk/basic-install/content/basic-install_intro.html).
I also found the basic install guide catered for Fedora
(http://docs.openstack.org/trunk/basic-install/yum/content/basic-install_intro.html),
but that is sorely lacking in the actual instruction department, and is
missing several steps.
If you would like, I can attach the raw draft of my notes. Eventually, some of
the changes or clairifications should make their way into the actual OpenStack
Docs.
Best Regards,
Solly Ross
- Original Message -
From: "Qing He"
To: sr...@redhat.com
Sent: Monday, September 16, 2013 1:14:42 PM
Subject: RE: Issues with IPTables
Solly,
A side question, how long did this process take you?
Thanks,
Qing
-Original Message-
From: Solly Ross [mailto:sr...@redhat.com]
Sent: Monday, September 16, 2013 10:11 AM
To: OpenStack Development Mailing List
Subject: [openstack-dev] Issues with IPTables
In a enfort to improve/verify the Openstack Documentation with regards to RHEL
and Fedora, I've been attempting to follow the basic install guides. I've
managed to create a working installation and set of instructions. However, to
do so I needed to disable the Neutron IPTables firewall, as it was blocking
non-VM traffic. Namely, it was blocking the GRE packets being used by Neutron.
Did I miss something, or is this a bug?
Best Regards,
Solly Ross
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Intro
=
We will be following the basic install guide at
http://docs.openstack.org/trunk/basic-install/.
Layout
==
We have three networks:
* vmnet10 (NAT, 192.168.0.x) -- management network
* vmnet11 (host-only, 10.10.10.x) -- data network
* vmnet12 (NAT, 192.168.230.x) -- "external"/API network
All networks have x.x.x.1 assigned as the host's IP, and NAT networks have
x.x.x.2 set as the default gateway/NAT box. For this reason, we will start
all IPs at x.x.x.3 instead of x.x.x.1 (just add 2 to every IP in the guide)
controller.rdo-test
---
* eth0: 192.168.0.3 (mgmt)
* eth1: 129.168.230.7 (ext)
compute.rdo-test
* eth0: 192.168.0.5 (mgmt)
* eth1: 10.10.10.4 (data)
network.rdo-test
* eth0: 192.168.0.4 (mgmt)
* eth1: 10.10.10.3 (data)
* eth2: 192.168.230.8 (ext)
Setup
=
NOTE: make sure that the outside network is reachable
(for example, in our VMWare setup, add `DNS1=192.168.0.2`
and `GATEWAY=192.168.0.2` to /etc/sysconfig/network-scripts/ifcfg-eth0)
Controller Node (controller.rdo-test)
-
1. Add the repositories:
1. `yum-config-manager --add-repo
http://repos.fedorapeople.org/repos/openstack/openstack-trunk/el6-openstack-trunk.repo`
(RDO)
2. `yum install -y
http://dl.fedoraproject.org/pub/epel/6Server/x86_64/epel-release-6-8.noarch.rpm`
(EPEL)
2. Update to grab the new kernel, and reboot to use it
`yum -y update && shutdown -r now`
3. Edit the network scripts to contain the correct lines:
`$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth{0,1}`
1. `ONBOOT=yes`
2. `NETMASK=255.255.255.0`
3. `GATEWAY=x.x.x.2` (replace the `x.x.x` with the appropriate prefix)
4. `BOOTPROTO=none`
5. `IPADDR=[SEE LAYOUT SECTION]`
4. Edit sysctl.conf to disable route verification
`$EDITOR /etc/sysctl.conf`
1. `net.ipv4.conf.all.rp_filter = 0`
2. `et.ipv4.conf.default.rp_filter = 0`
5. restart networking
`service netw
Re: [openstack-dev] Issues with IPTables
On Mon, Sep 16, 2013 at 12:24 PM, Solly Ross wrote: > Quite a while. RDO's documentation for configuring multinode Packstack > with Neutron was a bit lacking, so after attempting to get that working for > a while, I switched to following the Basic Install Guide ( > http://docs.openstack.org/trunk/basic-install/content/basic-install_intro.html). > I also found the basic install guide catered for Fedora ( > http://docs.openstack.org/trunk/basic-install/yum/content/basic-install_intro.html), > but that is sorely lacking in the actual instruction department, and is > missing several steps. > > If you would like, I can attach the raw draft of my notes. Eventually, > some of the changes or clairifications should make their way into the > actual OpenStack Docs. > Hi Solly, We really need to get this guide into shape by Oct. 17th. That's not very much time. Can you put your notes into a doc bug at http://bugs.launchpad.net/openstack-manuals/ as soon as you can? Thanks, Anne > > Best Regards, > Solly Ross > > - Original Message - > From: "Qing He" > To: sr...@redhat.com > Sent: Monday, September 16, 2013 1:14:42 PM > Subject: RE: Issues with IPTables > > Solly, > A side question, how long did this process take you? > > Thanks, > > Qing > > -Original Message- > From: Solly Ross [mailto:sr...@redhat.com] > Sent: Monday, September 16, 2013 10:11 AM > To: OpenStack Development Mailing List > Subject: [openstack-dev] Issues with IPTables > > In a enfort to improve/verify the Openstack Documentation with regards to > RHEL and Fedora, I've been attempting to follow the basic install guides. > I've managed to create a working installation and set of instructions. > However, to do so I needed to disable the Neutron IPTables firewall, as it > was blocking non-VM traffic. Namely, it was blocking the GRE packets being > used by Neutron. Did I miss something, or is this a bug? > > Best Regards, > Solly Ross > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Anne Gentle annegen...@justwriteclick.com ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Issues with IPTables
The follow up question is: Has anyone walked through the guides faithfully posted there and see if it works without back door tricks/tricks not documented there? -Original Message- From: Qing He Sent: Monday, September 16, 2013 10:37 AM To: 'Solly Ross' Cc: OpenStack Development Mailing List Subject: RE: Issues with IPTables Solly, It would be great if you can share the notes. The reason I asked the question is that I'm trying to decide If I need to allocate development time in installation following the installation guide. The usual wisdom is that installation with detailed instruction would "take no time". However, your experience and mine showed the contrary. I have not finished mine following the Ubuntu installation guide. Thus, I was interested in knowing your effort spent on it so that I would know that it was not just me who had issues with the supposedly "plug and play" installation with the packages. Thanks, Qing -Original Message- From: Solly Ross [mailto:sr...@redhat.com] Sent: Monday, September 16, 2013 10:24 AM To: Qing He Cc: OpenStack Development Mailing List Subject: Re: Issues with IPTables Quite a while. RDO's documentation for configuring multinode Packstack with Neutron was a bit lacking, so after attempting to get that working for a while, I switched to following the Basic Install Guide (http://docs.openstack.org/trunk/basic-install/content/basic-install_intro.html). I also found the basic install guide catered for Fedora (http://docs.openstack.org/trunk/basic-install/yum/content/basic-install_intro.html), but that is sorely lacking in the actual instruction department, and is missing several steps. If you would like, I can attach the raw draft of my notes. Eventually, some of the changes or clairifications should make their way into the actual OpenStack Docs. Best Regards, Solly Ross - Original Message - From: "Qing He" To: sr...@redhat.com Sent: Monday, September 16, 2013 1:14:42 PM Subject: RE: Issues with IPTables Solly, A side question, how long did this process take you? Thanks, Qing -Original Message- From: Solly Ross [mailto:sr...@redhat.com] Sent: Monday, September 16, 2013 10:11 AM To: OpenStack Development Mailing List Subject: [openstack-dev] Issues with IPTables In a enfort to improve/verify the Openstack Documentation with regards to RHEL and Fedora, I've been attempting to follow the basic install guides. I've managed to create a working installation and set of instructions. However, to do so I needed to disable the Neutron IPTables firewall, as it was blocking non-VM traffic. Namely, it was blocking the GRE packets being used by Neutron. Did I miss something, or is this a bug? Best Regards, Solly Ross ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
