Set up Floating IPs with OpenStack
Make sure that nova is configured with the correct public network interface.
$> ifconfig em1 em1: flags=... $> sudo openstack-config-set /etc/nova/nova.conf DEFAULT public_interface em1 $> sudo systemctl restart openstack-nova-network.service
Ensure that ICMP (ping) and SSH are allowed to your instances.
$> euca-authorize -P icmp -t -1:-1 default $> euca-authorize -P tcp -p 22 default
How to test
If you've followed all of the test cases, the private network used for OpenStack instances is 10.0.0.0/24. The purpose of this functionality is to be able to assign a pool of floating public IP addresses to instances, as well.
The details of this test case are a bit specific to the environment you are using to test. For this documentation, we're going to assume that the the OpenStack server's public interface is on the 172.31.0.0/24 subnet. We are going to take an unused address range (172.31.0.241-172.31.0.254) from this subnet and define it as a floating IP address range to be used by OpenStack.
$> sudo nova-manage floating create 172.31.0.240/28 $> sudo nova-manage floating list None 172.31.0.241 None nova em1 None 172.31.0.242 None nova em1 ...
Allocate an address to use for an instance:
$> euca-allocate-address ADDRESS 172.31.0.241
Associate the allocated address with a running instance:
$> euca-associate-address -i i-00000001 172.31.0.241 ADDRESS 172.31.0.241 i-00000001
Verify that the public IP address got assigned to your public network interface on the OpenStack server.
$> ip addr ... 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:13:20:f5:f9:8d brd ff:ff:ff:ff:ff:ff inet 172.31.0.107/24 brd 172.31.0.255 scope global em1 inet 172.31.0.241/32 scope global em1 inet6 fe80::213:20ff:fef5:f98d/64 scope link valid_lft forever preferred_lft forever
Verify that you can now ssh into the instance using the newly assigned address:
$> cd ~/novacreds $> ssh -i nova_key.priv -o UserKnownHostsFile=/dev/null firstname.lastname@example.org
Check for new errors in the logs:
$> grep -i error /var/log/nova/*.log
If you would like, you can now disassociate and release the address assigned for testing.
$> euca-disassociate-address 172.31.0.241 ADDRESS 172.31.0.241 $> euca-release-address 172.31.0.241 ADDRESS 172.31.0.241