New to Openstack and trying to run a Single Host Node with Kolla-Ansible Openstack on a Ubuntu 24.04 server. able to deploy and build instance, but I'm not able to get my instance or any internal network ports outbound through the bridged external interface. I've been scouring through multiple forums and posts, but none seem to have helped in finding the solution. My build is very basic with 2 NIC interfaces names eth0 and eth1 the all-in-one deployment created the bridges under the docker container openvswitch-vswitchd & shows healthy with interfaces populating on the host-server as:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:01:fb:05 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.101/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet 10.0.0.200/32 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000
link/ether 00:15:5d:01:fb:06 brd ff:ff:ff:ff:ff:ff
4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 5a:34:68:aa:02:ab brd ff:ff:ff:ff:ff:ff
5: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether a6:ce:c2:45:c5:41 brd ff:ff:ff:ff:ff:ff
8: br-int: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
link/ether 7e:97:ee:92:c1:4a brd ff:ff:ff:ff:ff:ff
10: br-ex: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:15:5d:01:fb:06 brd ff:ff:ff:ff:ff:ff
/etc/netplan/50-cloud-ini.yml:
network:
version: 2
renderer: networkd
ethernets:
#Management/API Network Interface
eth0:
link-local: []
addresses:
- 10.0.0.101/24
routes:
- to: default
via: 10.0.0.1
nameservers:
addresses: [10.0.0.1,8.8.8.8,8.8.4.4]
set-name: eth0
match:
macaddress: 00:15:5d:01:fb:05
dhcp4: false
dhcp6: false
#External/Neutron Network Interface
eth1:
link-local: []
dhcp4: false
dhcp6: false
match:
macaddress: 00:15:5d:01:fb:06
set-name: eth1
-With my globals.yml specifying the interfaces for the kolla-ansible deployment:
workaround_ansible_issue_8743: yes
kolla_base_distro: "ubuntu"
kolla_internal_vip_address: "10.0.0.200"
network_interface: "eth0"
neutron_external_interface: "eth1"
neutron_bridge_name: "br-ex"
neutron_physical_networks: "physnet1"
enable_cinder: "yes"
enable_cinder_backend_nfs: "yes"
enable_neutron_provider_networks: "yes"
-My Openstack External Network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2025-06-11T08:11:14Z |
| description | |
| dns_domain | None |
| id | 807c0453-091a-4414-ab2c-72148179b56a |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_qinq | None |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | external-net |
| port_security_enabled | True |
| project_id | b87f328e261640fd9fd0625f9f549207 |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 6 |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | 9c2958e7-571e-4528-8487-b4d8352b12ed |
| tags | |
| updated_at | 2025-06-18T06:16:04Z |
+---------------------------+--------------------------------------+
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 10.0.0.109-10.0.0.189 |
| cidr | 10.0.0.0/24 |
| created_at | 2025-06-11T08:11:16Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | False |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | 9c2958e7-571e-4528-8487-b4d8352b12ed |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | external-subnet |
| network_id | 807c0453-091a-4414-ab2c-72148179b56a |
| project_id | b87f328e261640fd9fd0625f9f549207 |
| revision_number | 4 |
| router:external | True |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2025-06-18T06:16:27Z |
+----------------------+--------------------------------------+
-Openstack Router:
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2025-06-11T08:17:41Z |
| description | |
| distributed | False |
| enable_ndp_proxy | None |
| external_gateway_info | {"network_id": "807c0453-091a-4414-ab2c-72148179b56a", "external_fixed_ips": [{"subnet_id": |
| | "9c2958e7-571e-4528-8487-b4d8352b12ed", "ip_address": "10.0.0.163"}], "enable_snat": true} |
| flavor_id | None |
| ha | False |
| id | 78408fbb-9493-422a-b7ad-4e0922ff1fd7 |
| interfaces_info | [{"port_id": "15fca85a-1197-4221-829f-140882e17d03", "ip_address": "10.200.90.1", "subnet_id": |
| | "c9bb37ed-3939-4646-950e-57d83580ce84"}] |
| name | blue-router |
| project_id | f9a1d2ea934d41d591d7aa15e0e3acf3 |
| revision_number | 5 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2025-06-11T23:12:15Z |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------+
-Openstack Internal Network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2025-06-11T08:17:30Z |
| description | |
| dns_domain | None |
| id | d20e2938-3dc5-4512-a7f1-43bafdefaa36 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_qinq | None |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | blue-net |
| port_security_enabled | True |
| project_id | f9a1d2ea934d41d591d7aa15e0e3acf3 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 844 |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | c9bb37ed-3939-4646-950e-57d83580ce84 |
| tags | |
| updated_at | 2025-06-11T08:17:30Z |
+---------------------------+--------------------------------------+
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 10.200.90.109-10.200.90.189 |
| cidr | 10.200.90.0/24 |
| created_at | 2025-06-11T08:17:30Z |
| description | |
| dns_nameservers | 8.8.8.8, 8.8.4.4 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 10.200.90.1 |
| host_routes | |
| id | c9bb37ed-3939-4646-950e-57d83580ce84 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | blue-subnet |
| network_id | d20e2938-3dc5-4512-a7f1-43bafdefaa36 |
| project_id | f9a1d2ea934d41d591d7aa15e0e3acf3 |
| revision_number | 0 |
| router:external | False |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2025-06-11T08:17:30Z |
+----------------------+--------------------------------------+
-Docker Container with OpenvSwitch-vswitchd:
(openvswitch-vswitchd)[root@BCCS-OS /]$ ovs-vsctl show
f807886d-fff7-4d11-9b81-1e987945c61e
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-ex
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
datapath_type: system
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port br-ex
Interface br-ex
type: internal
Port eth1
Interface eth1
Bridge br-tun
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
datapath_type: system
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
Bridge br-int
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
datapath_type: system
Port tap263bffed-24
tag: 2
Interface tap263bffed-24
type: internal
Port qr-15fca85a-11
tag: 2
Interface qr-15fca85a-11
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port qvoc826aa7c-e0
tag: 2
Interface qvoc826aa7c-e0
Port br-int
Interface br-int
type: internal
Port qg-6075ed33-7b
tag: 1
Interface qg-6075ed33-7b
type: internal
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
(openvswitch-vswitchd)[root@BCCS-OS /]$ ovs-vsctl list-ports br-ex
eth1
phy-br-ex
(openvswitch-vswitchd)[root@BCCS-OS /]$ ovs-vsctl list-ports br-int
int-br-ex
patch-tun
qg-6075ed33-7b
qr-15fca85a-11
qvoc826aa7c-e0
tap263bffed-24
(openvswitch-vswitchd)[root@BCCS-OS /]$ ovs-vsctl list-ports br-tun
patch-int
-Neutron Server files:
ML2_conf.ini:
[ml2_type_flat]
flat_networks = physnet1
openvswitch_agent.ini:
[ovs]
bridge_mappings = physnet1:br-ex
datapath_type = system
ovsdb_connection = tcp:127.0.0.1:6640
ovsdb_timeout = 10
local_ip = 10.0.0.101
-OpenStack Project and Security Groups/Rule:
(venv) kaosu@BCCS-OS:/openstack/kaos$ openstack project list
+----------------------------------+--------------+
| ID | Name |
+----------------------------------+--------------+
| b87f328e261640fd9fd0625f9f549207 | admin |
| f74a7ab215aa4dd59b43429fc159ad8e | service |
| f9a1d2ea934d41d591d7aa15e0e3acf3 | blue-project |
+----------------------------------+--------------+
####Openstack Security Group:
(venv) kaosu@BCCS-OS:/openstack/kaos$ openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| 0c6d91bf-aaef-4115-bcfa-9ee26be4a1d2 | default | Default security group | b87f328e261640fd9fd0625f9f549207 | [] |#admin
| 9a6ab357-6381-4049-991e-31784c2f2f7c | default | Default security group | f74a7ab215aa4dd59b43429fc159ad8e | [] |#service
| d8dddd3d-efe0-45e8-9849-e7279a15b1a6 | default | Default security group | f9a1d2ea934d41d591d7aa15e0e3acf3 | [] |#blue-project
+--------------------------------------+---------+------------------------+----------------------------------+------+
###Openstack Security Rules:
(venv) kaosu@BCCS-OS:/openstack/kaos$ openstack security group rule list
+----------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+-----------------------+--------------+
| ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group | Security Group |Project |
+----------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+-----------------------+--------------+
| 138f29a7-83cc-478a- | None | IPv4 | 0.0.0.0/0 | | ingress | 9a6ab357-6381-4049- | None | 9a6ab357-6381-4049- |#service
| 979a-98a4f95a19cc | | | | | | 991e-31784c2f2f7c | | 991e-31784c2f2f7c |
| 1f5e1166-bb65-4937- | None | IPv4 | 0.0.0.0/0 | | egress | None | None | d8dddd3d-efe0-45e8- |#blue-project
| 90cf-8ffca414388d | | | | | | | | 9849-e7279a15b1a6 |
| 2744c9d2-fa79-4d3f- | icmp | IPv4 | 0.0.0.0/0 | | ingress | d8dddd3d-efe0-45e8- | None | d8dddd3d-efe0-45e8- |#blue-project
| 8bd2-313bb7bc121a | | | | | | 9849-e7279a15b1a6 | | 9849-e7279a15b1a6 |
| 2d414eb9-61b6-44e3- | None | IPv4 | 0.0.0.0/0 | | ingress | d8dddd3d-efe0-45e8- | None | d8dddd3d-efe0-45e8- |#blue-project
| 840f-6fd435bb405d | | | | | | 9849-e7279a15b1a6 | | 9849-e7279a15b1a6 |
| 2e10dea6-03de-4ec2- | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None | d8dddd3d-efe0-45e8- |#blue-project
| bc71-99b549bdd895 | | | | | | | | 9849-e7279a15b1a6 |
| 356c0b88-6d3f-4d27- | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None | 0c6d91bf-aaef-4115- |#admin
| 9961-905294e908b8 | | | | | | | | bcfa-9ee26be4a1d2 |
| 38367a09-6643-4cbb- | None | IPv4 | 0.0.0.0/0 | | egress | None | None | 0c6d91bf-aaef-4115- |#admin
| 9f4a-ffecae10884b | | | | | | | | bcfa-9ee26be4a1d2 |
| 429eca7e-b489-49d2- | None | IPv4 | 0.0.0.0/0 | | egress | None | None | 9a6ab357-6381-4049- |#service
| b005-d9d164205aa9 | | | | | | | | 991e-31784c2f2f7c |
| 4378eee5-c22c-47a4- | icmp | IPv4 | 0.0.0.0/0 | | ingress | None | None | d8dddd3d-efe0-45e8- |#blue-project
| bd71-597a055a8ffb | | | | | | | | 9849-e7279a15b1a6 |
| 4dfa36cc-817e-4f11- | None | IPv6 | ::/0 | | ingress | 9a6ab357-6381-4049- | None | 9a6ab357-6381-4049- |#service
| aa5b-ce90df083918 | | | | | | 991e-31784c2f2f7c | | 991e-31784c2f2f7c |
| 5ec1140d-36c0-4191- | None | IPv6 | ::/0 | | ingress | d8dddd3d-efe0-45e8- | None | d8dddd3d-efe0-45e8- |#blue-project
| bcfe-2b1732f3d9c1 | | | | | | 9849-e7279a15b1a6 | | 9849-e7279a15b1a6 |
| 633aaa40-7321-4e7d- | icmp | IPv4 | 0.0.0.0/0 | | ingress | None | None | 0c6d91bf-aaef-4115- |#admin
| 9494-0785d5d1b365 | | | | | | | | bcfa-9ee26be4a1d2 |
| 65e49fdd-e8a6-4379- | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | d8dddd3d-efe0-45e8- | None | d8dddd3d-efe0-45e8- |#blue-project
| 971c-78b76b561b2a | | | | | | 9849-e7279a15b1a6 | | 9849-e7279a15b1a6 |
| 94742b4d-5741-4e87- | icmp | IPv4 | 0.0.0.0/0 | | egress | d8dddd3d-efe0-45e8- | None | d8dddd3d-efe0-45e8- |#blue-project
| 8fa5-8ea7c2a18f3d | | | | | | 9849-e7279a15b1a6 | | 9849-e7279a15b1a6 |
| a3c201c7-2552-420b- | udp | IPv4 | 0.0.0.0/0 | | egress | d8dddd3d-efe0-45e8- | None | d8dddd3d-efe0-45e8- |#blue-project
| 815c-da74f6ba1d5c | | | | | | 9849-e7279a15b1a6 | | 9849-e7279a15b1a6 |
| a58cdb39-a8b6-45e5- | None | IPv6 | ::/0 | | ingress | 0c6d91bf-aaef-4115- | None | 0c6d91bf-aaef-4115- |#admin
| 8a16-c846dd4c1678 | | | | | | bcfa-9ee26be4a1d2 | | bcfa-9ee26be4a1d2 |
| af1bcafb-da1d-4cf1- | None | IPv4 | 0.0.0.0/0 | | ingress | 0c6d91bf-aaef-4115- | None | 0c6d91bf-aaef-4115- |#admin
| 9391-704adf4d7c3a | | | | | | bcfa-9ee26be4a1d2 | | bcfa-9ee26be4a1d2 |
| e1be7b09-cc56-4de9- | None | IPv6 | ::/0 | | egress | None | None | 0c6d91bf-aaef-4115- |#admin
| 8c93-39d2205cafca | | | | | | | | bcfa-9ee26be4a1d2 |
| e72e007b-923f-410d- | None | IPv6 | ::/0 | | egress | None | None | d8dddd3d-efe0-45e8- |#blue-project
| bfc1-591dc9dc6f6e | | | | | | | | 9849-e7279a15b1a6 |
| f6782600-5bbf-4c52- | None | IPv6 | ::/0 | | egress | None | None | 9a6ab357-6381-4049- |#service
| 9fea-267eb8412cb6 | | | | | | | | 991e-31784c2f2f7c |
| fd89b3b2-0a20-4e0d- | tcp | IPv4 | 0.0.0.0/0 | | egress | d8dddd3d-efe0-45e8- | None | d8dddd3d-efe0-45e8- |#blue-project
| 9cfd-aa8c3e38bab9 | | | | | | 9849-e7279a15b1a6 | | 9849-e7279a15b1a6 |
+----------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+-----------------------
In my testing: External Network I'm able to ping Host=10.0.0.101 and Kolla-Ansible_VIP=10.0.0.200 from external devices but any external devices including Host IP not able to reach any IPs under the Openstack Network I.E Router-IP:10.0.0.163 and Instance-IP=10.0.0.113 DHCPport-IP:10.0.0.109 Internal Network using the ip netns exec commands was able to verify I can ping from the router the Instance-IP and DHCPport-IP but can not reach any external IPs.
What else can I troubleshoot to resolve this issue and get internet to my instance? Appreciate any tips or help
