openstack网络不能ping /从/到虚拟机ssh

Question

我已经使用devstack脚本安装了多节点openstak。可以运行虚拟机，但网络问题不能从一台虚拟机到另一台虚拟机进行ssh/ping。我只能从运行的主机（control1，computeX）ssh到其他主机不能运行的虚拟机。有什么建议么？

nova-compute  control1        nova    enabled :-) 
nova-cert  control1        nova    enabled :-) 
nova-network  control1        nova    enabled :-) 
nova-scheduler control1        nova    enabled :-) 
nova-consoleauth control1        nova    enabled :-) 
nova-compute  compute1        nova    enabled :-) 
nova-volume  compute1        nova    enabled :-) 
nova-network  compute1        nova    enabled :-) 
nova-compute  compute2        nova    enabled :-) 
nova-volume  compute2        nova    enabled :-) 
nova-network  compute2        nova    enabled :-) 

CONTROL1的/ etc /网络/接口

# The loopback network interface 
auto lo 
iface lo inet loopback 

# The primary network interface 
auto eth0 
iface eth0 inet static 
address 172.16.0.1 
#address 172.16.0.101 
netmask 255.255.255.0 
network 172.16.0.0 
broadcast 172.16.0.255 
gateway 172.16.0.254 
dns-nameservers 8.8.8.8 


auto eth1 
iface eth1 inet static 
address 11.0.0.4 
netmask 255.255.255.0 
network 11.0.0.0 
broadcast 11.0.0.255 

compute1的/ etc /网络/接口

# The loopback network interface 
auto lo 
iface lo inet loopback 

# The primary network interface 
auto eth0 
iface eth0 inet static 
address 172.16.0.2 
netmask 255.255.255.0 
network 172.16.0.0 
broadcast 172.16.0.255 
gateway 172.16.0.254 
dns-nameservers 8.8.8.8 


auto eth1 
iface eth1 inet static 
address 11.0.0.5 
netmask 255.255.255.0 
network 11.0.0.0 
broadcast 11.0.0.255 

CONTROL1 /etc/nova/nova.conf

[DEFAULT] 
verbose=True 
auth_strategy=keystone 
allow_resize_to_same_host=True 
root_helper=sudo /usr/local/bin/nova-rootwrap /etc/nova/rootwrap.conf 
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler 
dhcpbridge_flagfile=/etc/nova/nova.conf 
fixed_range=10.1.0.0/16 
s3_host=172.16.0.1 
s3_port=3333 
network_manager=nova.network.manager.FlatDHCPManager 
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions 
my_ip=172.16.0.1 
public_interface=eth0 
vlan_interface=eth0 
flat_network_bridge=br100 
flat_interface=eth1 
sql_connection=mysql://root:supersecret@172.16.0.1/nova?charset=utf8 
libvirt_type=qemu 
libvirt_cpu_mode=none 
instance_name_template=instance-%08x 
novncproxy_base_url=http://172.16.0.1:6080/vnc_auto.html 
xvpvncproxy_base_url=http://172.16.0.1:6081/console 
vncserver_listen=127.0.0.1 
vncserver_proxyclient_address=127.0.0.1 
api_paste_config=/etc/nova/api-paste.ini 
image_service=nova.image.glance.GlanceImageService 
ec2_dmz_host=172.16.0.1 
rabbit_host=172.16.0.1 
rabbit_password=supersecret 
glance_api_servers=172.16.0.1:9292 
force_dhcp_release=True 
multi_host=True 
send_arp_for_ha=True 
use_syslog=True 
logging_context_format_string=%(asctime)s %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s 
volume_api_class=nova.volume.cinder.API 
compute_driver=libvirt.LibvirtDriver 
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver 
enabled_apis=ec2,osapi_compute,metadata 

Answer 1

尝试更改network_manager = nov将a.network.manager.FlatDHCPManager更改为network_manager = nova.network.manager.FlatManager，并尝试为您的network_manager设置配置其他配置。它说FLatManager应该在这里工作：http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-flat-networking.html它与FLatDHCPManager相似，所以不太清楚问题是什么，因为看起来你绑定了物理以太网卡。

Answer 2

尝试添加下列选项nova.conf，控制防火墙是否（iptables的）将允许交通实例之间：

allow_same_net_traffic=true 

它应该是默认的，所以这可能不是你的问题，但这是我第一次尝试。

这是来自OpenStack Compute Admin guide的表Description of nova.conf file configuration options of networking options。

Answer 3

您可能需要规则添加到默认的OpenStack安全组，使ping和SSH：

nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 

的第一条规则允许Internet控制消息协议（ICMP）VM实例（ping命令）。第二条规则通过SSH使用的22端口启用TCP连接。