devstack - allow ssh from guest vm to devstack

Question

can a guest instance in devstack with the following interfaces and route (see below) access the devstack instance in this way: ssh ubuntu@10.0.0.1 (keys are set correctly)?

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:68:3d:7c brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.4/26 brd 10.0.0.63 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe68:3d7c/64 scope link 
       valid_lft forever preferred_lft forever


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.192 U     0      0        0 eth0
169.254.169.254 10.0.0.1        255.255.255.255 UGH   0      0        0 eth0

this is the routing table of devstack instance Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
10.0.0.0        192.168.1.228   255.255.252.0   UG    0      0        0 br-ex
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.224   0.0.0.0         255.255.255.224 U     0      0        0 br-ex
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

6: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether 12:14:51:c6:b2:49 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.225/27 scope global br-ex
       valid_lft forever preferred_lft forever
    inet6 fe80::1014:51ff:fec6:b249/64 scope link 
       valid_lft forever preferred_lft forever

What rule should I add to allow instances with ip 10.0.0.0/24 to ssh in the devstack machine? Should I change some firewall rules (tried with no success) or change the routing rules? this is the localrc

[[local|localrc]]
FLOATING_RANGE=192.168.1.224/27
FIXED_RANGE=10.0.0.0/24
FIXED_NETWORK_SIZE=256
FLAT_INTERFACE=eth0

Answer 1

Try to add the host IP on your local.conf . For example:

HOST_IP=10.0.0.1

Answer 2

I even tried HOST_IP=10.0.0.1 in the devstack configuration file, but devstack was unable to start.

Since my problem was that guest instances couldn't rsync with the devstack instance, I just changed the rsync script in the images to rsync on another ip of the devstack instance that was easily accessible.

I suspect if one need to do what I asked in the first place should look in the neutron namespaces. But since i found the workardound I didn't tried.

Answer 3

No, it can't. And 10.0.0.1 dont look your devstack instance IP. I think your local.conf (old localrc) is not good. Try to use just:

[[local|localrc]]
...
IP_VERSION=4
HOST_IP=192.168.1.104
FLOATING_RANGE="192.168.1.224/27"
Q_FLOATING_ALLOCATION_POOL=start=192.168.1.226,end=192.168.1.254

Devstack will set up the rest. Only with that your guest instance should access the Devstack host.

But I think you'll want more than just that. Try this:

1. In Security Groups add ingress rules to ICMP, SSH and also HTTP and HTTPS;
2. In the private Network, edit private-subnet to add a DNS Name Servers (8.8.8.8, 1.1.1.1, etc);
3. Allocated some Floating IP's;
4. Launch some instances;
5. Associate a floating IP to each instance;
6. Set the proxy_arp and iptables (in the host Devstack).

How to expose the Devstack floating ip to the external world?