Description of problem: Internet or outside networks are not accessible from overcloud machine. Also ping to DNS defined in /etc/resolv.conf is not possible. Version-Release number of selected component (if applicable): How reproducible: Consistent Steps to Reproduce: Follow https://mojo.redhat.com/docs/DOC-1010112, deploy overcloud, connect to some controller machine, try ping 8.8.8.8, yum install or ping outside Actual results: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. From 192.0.2.1 icmp_seq=1 Destination Host Prohibited Expected results: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=5.46 ms Additional info: Possible solution or workaround: on undercloud: sudo iptables -I FORWARD 5 -s 192.0.2.0/24 -j ACCEPT -m comment --comment forward_from_undercloud
Marek, Is this still an issue?
Not an issue anymore. Tested with installation from docs at https://repos.fedorapeople.org/repos/openstack-m/docs/master/ and works fine.
Verified on : RHEL-OSP director puddle 7.0 RC puddle 2015-06-29-1 [stack@instack ~]$ rpm -qa |grep neutron openstack-neutron-common-2015.1.0-10.el7ost.noarch python-neutronclient-2.4.0-1.el7ost.noarch python-neutron-2015.1.0-10.el7ost.noarch openstack-neutron-openvswitch-2015.1.0-10.el7ost.noarch openstack-neutron-2015.1.0-10.el7ost.noarch openstack-neutron-ml2-2015.1.0-10.el7ost.noarch [stack@instack ~]$ rpm -qa |grep tuskar python-tuskarclient-0.1.18-3.el7ost.noarch openstack-tuskar-0.4.18-3.el7ost.noarch openstack-tuskar-ui-extras-0.0.4-1.el7ost.noarch openstack-tuskar-ui-0.3.0-6.el7ost.noarch Original contents retained as /home/stack/.ssh/known_hosts.old PKI initialization in init-keystone is deprecated and will be removed. Warning: Permanently added '10.0.0.4' (ECDSA) to the list of known hosts. The following cert files already exist, use --rebuild to remove the existing files before regenerating: /etc/keystone/ssl/certs/ca.pem already exists /etc/keystone/ssl/private/signing_key.pem already exists /etc/keystone/ssl/certs/signing_cert.pem already exists Connection to 10.0.0.4 closed. Overcloud Endpoint: http://10.0.0.4:5000/v2.0/ Overcloud Deployed [stack@instack ~]$ nova list +--------------------------------------+------------------------+--------+------------+-------------+---------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------------------------+--------+------------+-------------+---------------------+ | 1ea1d8f6-f3f2-4e53-b0d6-5d7be143f679 | overcloud-compute-0 | ACTIVE | - | Running | ctlplane=192.0.2.16 | | 29ce3b37-412c-4e21-a9b2-ff6e2370a459 | overcloud-controller-0 | ACTIVE | - | Running | ctlplane=192.0.2.17 | +--------------------------------------+------------------------+--------+------------+-------------+---------------------+ [stack@instack ~]$ ssh heat-admin.2.17 The authenticity of host '192.0.2.17 (192.0.2.17)' can't be established. ECDSA key fingerprint is 7e:f2:40:23:5b:85:ef:cf:b4:25:c7:bd:14:eb:cb:60. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.0.2.17' (ECDSA) to the list of known hosts. Last login: Thu Jul 2 08:28:55 2015 from 10.0.0.251 [heat-admin@overcloud-controller-0 ~]$ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=89.8 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=91.1 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=48 time=89.0 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 89.044/90.025/91.182/0.947 ms [heat-admin@overcloud-controller-0 ~]$ exit logout Connection to 192.0.2.17 closed. [stack@instack ~]$ ssh heat-admin.2.16 The authenticity of host '192.0.2.16 (192.0.2.16)' can't be established. ECDSA key fingerprint is f1:07:70:9f:e7:c5:d6:a2:3f:f1:e2:5d:15:2f:c8:29. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.0.2.16' (ECDSA) to the list of known hosts. [heat-admin@overcloud-compute-0 ~]$ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=88.3 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=89.1 ms ^C --- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2015:1549