部署devstack-rocky版本后网络,可以 Ping 通自己的 IP,但 Ping 不同网关,ping不通同网段主机,查看网卡和ovs信息如下
解决
第一步
按造网上教程,修改br-ex,ens33的配置文件
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
DEVICE=ens33
ONBOOT=yes
[root@localhost ~]#
br-ex
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-br-ex
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=br-ex
DEVICE=br-ex
ONBOOT=yes
IPADDR=192.168.163.199
NETMASK=255.255.255.0
GATEWAY=192.168.163.2
添加路由
ip route add default via 92.168.163.2/24 dev br-ex
重启网络,发现还是不行,
进行第二步排查
恢复快照,对比重启前和重启后的ovs流表信息
重启前
[root@localhost network-scripts]# ovs-ofctl dump-flows br-ex
cookie=0x4820e7ed3fd8443a, duration=2843.818s, table=0, n_packets=14, n_bytes=1012, priority=4,in_port="phy-br-ex",dl_vlan=2 actions=strip_vlan,NORMAL
cookie=0x4820e7ed3fd8443a, duration=2876.726s, table=0, n_packets=33, n_bytes=3710, priority=2,in_port="phy-br-ex" actions=drop
cookie=0x4820e7ed3fd8443a, duration=2876.755s, table=0, n_packets=2221, n_bytes=257360, priority=0 actions=NORMAL
重启后
[root@localhost network-scripts]# ovs-ofctl dump-flows br-ex
发现ovs重启后流表未下发
查看ovs数据库日志
vim /var/log/openvswitch/ovsdb-server.log
2019-09-29T02:25:46.301Z|00026|socket_util|ERR|6640:127.0.0.1: bind: Permission denied
2019-09-29T02:25:46.301Z|00027|ovsdb_jsonrpc_server|ERR|Dropped 568 log messages in last 59 seconds (most recently, 1 seconds ago) due to excessive rate
2019-09-29T02:25:46.301Z|00028|ovsdb_jsonrpc_server|ERR|ptcp:6640:127.0.0.1: listen failed: Permission denied
2019-09-29T02:26:46.678Z|00029|socket_util|ERR|Dropped 582 log messages in last 61 seconds (most recently, 2 seconds ago) due to excessive rate
2019-09-29T02:26:46.679Z|00030|socket_util|ERR|6640:127.0.0.1: bind: Permission denied
2019-09-29T02:26:46.679Z|00031|ovsdb_jsonrpc_server|ERR|Dropped 582 log messages in last 61 seconds (most recently, 2 seconds ago) due to excessive rate
2019-09-29T02:26:46.679Z|00032|ovsdb_jsonrpc_server|ERR|ptcp:6640:127.0.0.1: listen failed: Permission denied
2019-09-29T02:27:47.402Z|00033|socket_util|ERR|Dropped 581 log messages in last 60 seconds (most recently, 1 seconds ago) due to excessive rate
2019-09-29T02:27:47.402Z|00034|socket_util|ERR|6640:127.0.0.1: bind: Permission denied
2019-09-29T02:27:47.402Z|00035|ovsdb_jsonrpc_server|ERR|Dropped 581 log messages in last 60 seconds (most recently, 1 seconds ago) due to excessive rate
2019-09-29T02:27:47.402Z|00036|ovsdb_jsonrpc_server|ERR|ptcp:6640:127.0.0.1: listen failed: Permission denied
2019-09-29T02:28:46.257Z|00037|socket_util|ERR|Dropped 568 log messages in last 59 seconds (most recently, 0 seconds ago) due to excessive rate
2019-09-29T02:28:46.257Z|00038|socket_util|ERR|6640:127.0.0.1: bind: Permission denied
2019-09-29T02:28:46.257Z|00039|ovsdb_jsonrpc_server|ERR|Dropped 568 log messages in last 59 seconds (most recently, 0 seconds ago) due to excessive rate
2019-09-29T02:28:46.257Z|00040|ovsdb_jsonrpc_server|ERR|ptcp:6640:127.0.0.1: listen failed: Permission denied
2019-09-29T02:29:47.173Z|00041|socket_util|ERR|Dropped 580 log messages in last 61 seconds (most recently, 1 seconds ago) due to excessive rate
2019-09-29T02:29:47.173Z|00042|socket_util|ERR|6640:127.0.0.1: bind: Permission denied
解决办法
1.编辑vim /etc/selinux/config配置文件
2.修改 SELINUX=enforcing为SELINUX=disabled
3.关闭selinux防火墙 setenforce 0
4.重启 reboot
问题解决
小结两点经验,在 OpenStack 环境中:
- 无法 Ping 通同网段 IP,则检查自身 IP 地址设置。
- 无法 Ping 通公网,则检查自身 Route 表项设置。
- 能 Ping 通网关、但无法 Ping 通公网,则检查是否存在 ARP 欺诈。