Hello!
I ran multiple installations of the latest sunbeam based microstack setup on Ubuntu 22.04 .
The setup works nicely and I can access new instances in my stack via tunneling through the host.
But there’s no outgoing connection from the VMs possible which makes the whole setup largely useless. DNS lookup works inside the instances but trying to access anything outside the host is not possible. Pinging can be done down to the host itself but not the next external router/switch.
I was unable to find information about this in the installation guides (e.g. MicroStack - Single-node guided), these talk either about accessing the VMs from other hosts or not about external network access at all.
Questions:
- Should this work out of the box (accessing arbitrary hosts from inside a new VM)?
- If not, which setup is required? The same as for “remote VM access” ? I’m not sure if working outgoing traffic from the VM has the same setup required as for traffic accessing the VM from other hosts?
You should have configured an interface to use for outside access, during setup. This is a second interface, used exclusively by OVN go go outside. It has it’s own gateway and it’s own network. It can be the same network as the control plane if you plan IP separation carefully (and bridge both interfaces to the same vlan outside of the machine) but you still need two interfaces since OVN will grab one for itself and kernel will not be able to use it.
Apart from this, everything shoud work normally, you can have FIPs, routers, etc. The example VM create at the end of the tutorial already adds a FIP for you to be able to ssh in. Even without a FIP it should be able to go out, nat’ted by the router’s ip.
There is a know bug in the current stable version of the openstack-hypervisor snap which means egress from instances to the outside world when using ‘local’ networking mode does not work.
We have a fix in the pipeline - the candidate channel current has this in it:
sudo snap refresh --channel 2023.1/candidate openstack-hypervisor
should resolve the issue for you.
Thanks for the hints, I’ll test the rc with local networking first.
Could you throw in a pointer to the bug in question pls?
