openstack中ping不通vm
2015-11-25 17:13
351 查看
ping不通vm的问题解决
ping不通vm,首先应考虑安全组规则的问题,查看安全组中是否有ICMP规则。
Even pinging the instance is not possible without an ICMP rule configured.
1 查看安全组及其规则
[root@-ctl ~]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id | Name | Description |
+--------------------------------------+---------+------------------------+
| 262b13a5-5c70-448f-9bfe-6f0c397feaff | default | Default security group |
+--------------------------------------+---------+------------------------+
[root@-ctl ~]# . zzz/openrc_user1
[root@-ctl ~]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 9903 | 9903 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 5813 | 5813 | 0.0.0.0/0 | |
| | | | | default |
| | | | | default |
+-------------+-----------+---------+-----------+--------------+可看出规则中没有ICMP规则
2 添加ICMP规则
[root@-ctl ~]# nova help secgroup-add-rule
usage: nova secgroup-add-rule <secgroup> <ip-proto> <from-port> <to-port>
<cidr>
Add a rule to a security group.
Positional arguments:
<secgroup> ID or name of security group.
<ip-proto> IP protocol (icmp, tcp, udp).
<from-port> Port at start of range.
<to-port> Port at end of range.
<cidr> CIDR for address range.
[root@-ctl ~]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
[root@-ctl ~]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 9903 | 9903 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 5813 | 5813 | 0.0.0.0/0 | |
| | | | | default |
| | | | | default |
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ICMP规则已经添加进default安全组
3 ping虚拟机
[root@-ctl ~]# ping 172.21.0.65
PING 172.21.0.65 (172.21.0.65) 56(84) bytes of data.
64 bytes from 172.21.0.65: icmp_seq=1 ttl=63 time=18.9 ms
64 bytes from 172.21.0.65: icmp_seq=2 ttl=63 time=1.26 ms
^C
--- 172.21.0.65 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.261/10.080/18.900/8.820 ms
ping不通vm,首先应考虑安全组规则的问题,查看安全组中是否有ICMP规则。
Even pinging the instance is not possible without an ICMP rule configured.
1 查看安全组及其规则
[root@-ctl ~]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id | Name | Description |
+--------------------------------------+---------+------------------------+
| 262b13a5-5c70-448f-9bfe-6f0c397feaff | default | Default security group |
+--------------------------------------+---------+------------------------+
[root@-ctl ~]# . zzz/openrc_user1
[root@-ctl ~]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 9903 | 9903 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 5813 | 5813 | 0.0.0.0/0 | |
| | | | | default |
| | | | | default |
+-------------+-----------+---------+-----------+--------------+可看出规则中没有ICMP规则
2 添加ICMP规则
[root@-ctl ~]# nova help secgroup-add-rule
usage: nova secgroup-add-rule <secgroup> <ip-proto> <from-port> <to-port>
<cidr>
Add a rule to a security group.
Positional arguments:
<secgroup> ID or name of security group.
<ip-proto> IP protocol (icmp, tcp, udp).
<from-port> Port at start of range.
<to-port> Port at end of range.
<cidr> CIDR for address range.
[root@-ctl ~]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
[root@-ctl ~]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 9903 | 9903 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 5813 | 5813 | 0.0.0.0/0 | |
| | | | | default |
| | | | | default |
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ICMP规则已经添加进default安全组
3 ping虚拟机
[root@-ctl ~]# ping 172.21.0.65
PING 172.21.0.65 (172.21.0.65) 56(84) bytes of data.
64 bytes from 172.21.0.65: icmp_seq=1 ttl=63 time=18.9 ms
64 bytes from 172.21.0.65: icmp_seq=2 ttl=63 time=1.26 ms
^C
--- 172.21.0.65 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.261/10.080/18.900/8.820 ms
相关文章推荐
- Nginx初探
- CentOS安装Subversion 1.9.*版本客户端
- Hadoop教程(二)Hadoop伪集群环境安装
- Linux中只列出目录
- 可选型(optional)
- Linux下查看文件和文件夹大小
- Linux系统设置定时任务
- VIM入门配置
- CentOS 6 安装epel源
- 虚拟机linux与主机时间同步
- 27-SVN commit error: “'.' is not a working copy”
- Linux下修改Mysql的用户(root)的密码
- PYTHON多进程并发WEB服务器(利用LINUX的FORK)
- pop回到之前的某一个页面
- Linux下发包处理
- linux下 查看外网IP命令
- hadoop安装
- CentOS下修复grub引导程序
- linux shell实现随机数多种方法(date,random,uuid)
- Legolas工业自动化平台案例 —— 水源地自动化监控系统