I have installed devstack in a single physical machine. I have already added ICMP rule and TCP rule on port 22 in openstack security group, therefore I can ssh into the instance from the same physical machine that is not a problem. What i want is to ssh into the Openstack instance from a different machine within the same network.
Use Provider network:
If an instance is created using provider network IPs, you can access the instance from outside of the tenant/project.
Case 1: Ping laptop from instance:
INSTANCE --> ARP --> LAPTOP.
LAPTOP --> ARP(Reply) --> INSTANCE
Case 2: Ping instance from laptop ,not working because ARP resolution failed.
LAPTOP --> ARP --> Failed
Solution:
Use free IP(in your subnet).
Related
I am running Devstack on my machine and i would like to know if it is possible to ping an instance from Host. The default external network of Devstack is 172.24.4.0/24 and br-ex on Host has the IP 172.24.4.1. I launch an instance using the internal network of Devstack (192.168.233.0/24) and the instance gets the IP 192.168.233.100. My Host's IP is 192.168.1.10. Is there a way to ping 192.168.233.100 from my Host? Another thing i thought is to boot up a VM directly to the external network (172.24.4.0/24) but the VM does not boot up correctly. I can only use that network for associating floating IP's.
I have edited the security group and i have allowed ICMP and SSH, so this is not a problem.
I have created a firewall rule in VPC network for port 22 by assigning an IP with the port e.g (192.168.xx.yy) instead of 0.0.0.0/0 in the rules. Now, when I create a compute engine VM instance in Google Cloud Platform and SSH into it, it states that "cannot connect to port 22".
I don't want the port tcp:22 to have ip range 0.0.0.0/0 but only have a single ip as stated above? How can I solve this issue?
The 192.168.x.x is an internal IP address, and in your situation would apply to a VM instance within the same network as the instance you want to connect to.
If you want to connect from outside that network, you'll need to set the source of the firewall rule to the external IP of the instance/machine you want to connect from. You can get your external IP by going to https://whatismyipaddress.com for example.
The firewall rule setting would be something like this:
Direction of traffic: Ingress
Action on match: Allow
Targets: Specified target tags (for example)
Source filter: IP ranges
Source IP ranges: x.x.x.x/32 (your external IP)
If you would not like to have your GCE instance's port 22 open to internet, but you would like to connect to it, I propose you 2 different solutions:
Create a bastion host. This VM is a proxy to access to your GCE instances. You log into the bastion and then you can perform a ssh hop to your GCE instance. Only the bastion host is opened to internet on port 22. And you can start this Bastion VM only when you need to connect to your others GCE instances, that increase the security and decrease the risk of attack on this "backdoor" instance.
For both the bastion and for directly reaching your VM on port 22, you can limit the source IP of your firewall rule to your current IP.
But remember, the IP is not a source of truth.
I am running proxmox 4 with around 10 KVM and 14LXC.
I can configure ips and network from web GUI for LXC container.
I want to configure the Network interface For KVM without accessing the VM.
Is is possible to configure Network interface without accessing the VM.
As far as I know you can't configure the IP address in proxmox for a KVM vm (only for the lxc container you can define the ip address). For a KVM vm you can configure if the network connection is in Bridged mode or NAT.
For LXC containers you can use the pct command to set network for the container. More info about that on the Proxmox WIKI (scroll down to the Network section) - https://pve.proxmox.com/wiki/Linux_Container
What you could do for KVM would be to use a local DHCP server (you can install one on your proxmox if you want (apt-get install isc-dhcp-server). You have to define an ip address pool that will be assigned to your vms by the dhcp server.
Then configure the kvm machine using: qm command
qm set vmid options
From a man qm you discover this:
-net[n] [model=]<enum> [,bridge=<bridge>] [,firewall=<1|0>] [,link_down=<1|0>] [,macaddr=<XX:XX:XX:XX:XX:XX>] [,queues=<integer>]
[,rate=<number>] [,tag=<integer>] [,trunks=<vlanid[;vlanid...]>] [,<model>=<macaddr>]
So basically you can define the network for your kvm vm, say if it's bridged, set a specific mac address for that card.
If you want to add a specific ip to that vm you can do it based on its mac address (you have to configure in the dhcp server that a specific ip address is assigned to the desired mac address).
I am deploying OpenStack Havana over Ubuntu Server 12.04 LTS following the official documentation (http://docs.openstack.org/havana/install-guide/install/apt/content/index.html). I'm using a single-node installation, so one physical machine is acting as controller node and compute node at the same time.
Right now I have everything working except for the network. I should remark that I am not using Neutron, just Nova Network. Also, I should say I'm far from being a networking expert.
The problem is the next one: in my enterprise, as far as I know, every device has a public IP. This is, there are no IPs such as 192.168.X.X or 10.0.X.X. Rather, all IPs are located in a public subnet, to say, A.B.0.0/16. In particular, my department has the subnet A.B.C.0/24 assigned, so all our devices should be assigned an IP in that range. The gateway has assigned the IP A.B.C.2.
So far, I have not been able to configure the network correctly. What I would like to do is the following:
Using, nova network create, create a new network which is the same one that the physical machine:
nova network-create vmnet --fixed-range-v4=A.B.C.0/24 --gateway=A.B.C.2 --dns1=8.8.8.8 --dns2=4.4.4.4
Then, assign IPs manually to each virtual machine. If IPs were assigned in that subnet, it would override other IPs from existing computers. So what I would like is doing pretty much what I can do with VirtualBox when I setup the adapter as a "Bridge Adapter", i.e., assigning an IP manually in the guest OS.
Is that even possible?
Thanks a lot.
Use Neutron network and specifically go for ovs plugin. Because the instructions I am giving below will only work for it.
You have to setup the ovs plugin with the following configuration in '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini'
[OVS]
tenant_network_type = gre
network_vlan_ranges = EXTNet
enable_tunneling = True
tunnel_type = gre
tunnel_id_ranges = 1:1000
integration_bridge = br-int
tunnel_bridge = br-tun
bridge_mappings = EXTNet:br-ex
local_ip = <your machine IP here>
Note the Bridge mappings entry. It maps the EXTNet to br-ex. Later you will use this EXTNet as provider physical network while creating your network in Openstack. For now you have to add one of your host's interfaces that is connected to your enterprise networks to br-ex. After adding it you may not be able to access your host through that interface so always use a secondary interface for this.
Once you are done with the setup do the following.
quantum net-create EXTNet --provider:physical_network EXTNet --provider:network_type flat
quantum net-update EXTNet --router:external True
quantum net-update EXTNet --shared True
quantum subnet-create --name EXTSubnet --gateway <external network gateway> EXTNet <external network CIDR> --enable_dhcp False
There may be other ways of doing. But I have tested this approach and hence recommend.
Once you have successfully created a subnet, just lauch instances in it.
One thing to note here is since you have disabled dhcp in your subnet openstack will not run dnsmasq on it ahd hence you should have to provide your own dhcp server.
Second since the network_type is flat there wont be any vlan packets. The packets from your instance will flow as it is on your external network, which is what you want.
I have a host laptop running Debian, and a client VM running Debian. On the client, I run NGINX, and it serves up a complex web application with several hostnames (e.g. www.host, api.host, blog.host). The laptop moves between several different networks, with a seemingly ever-changing IP address.
I'm trying to meet the following conditions with this VM:
The IP address of the client shouldn't change (e.g. always 192.168.10.10)
With a static IP, I could edit the host /etc/hosts file and keep complex hostnames
The client should have access to the Internet
No other machines need to access the client
What is the best way to set up the Attached to settings for this client?
To do this, simply add two network interfaces to the box.
The first interface will use Host-Only, and that is how your host can connect to the client. This will create an additional network adapter on the host.
The second interface will use NAT, and that is the gateway to the internet. This will create an additional network adapter on the client.
If you've already got a client running, you'll need to get the next network adapter up and running by executing sudo ifconfig eth1 up and to get an IP address, run sudo dhclient eth1.