ping不通vm的问题解决
ping不通vm,首先应考虑安全组规则的问题,查看安全组中是否有ICMP规则。
Even pinging the instance is not possible without an ICMP rule configured.
1 查看安全组及其规则
[root@-ctl ~]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id | Name | Description |
+--------------------------------------+---------+------------------------+
| 262b13a5-5c70-448f-9bfe-6f0c397feaff | default | Default security group |
+--------------------------------------+---------+------------------------+
[root@-ctl ~]# . zzz/openrc_user1
[root@-ctl ~]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 9903 | 9903 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 5813 | 5813 | 0.0.0.0/0 | |
| | | | | default |
| | | | | default |
+-------------+-----------+---------+-----------+--------------+
可看出规则中没有ICMP规则
2 添加ICMP规则
[root@-ctl ~]# nova help secgroup-add-rule
usage: nova secgroup-add-rule <secgroup> <ip-proto> <from-port> <to-port>
<cidr>
Add a rule to a security group.
Positional arguments:
<secgroup> ID or name of security group.
<ip-proto> IP protocol (icmp, tcp, udp).
<from-port> Port at start of range.
<to-port> Port at end of range.
<cidr> CIDR for address range.
[root@-ctl ~]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
[root@-ctl ~]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 9903 | 9903 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 5813 | 5813 | 0.0.0.0/0 | |
| | | | | default |
| | | | | default |
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
ICMP规则已经添加进default安全组
3 ping虚拟机
[root@-ctl ~]# ping 172.21.0.65
PING 172.21.0.65 (172.21.0.65) 56(84) bytes of data.
64 bytes from 172.21.0.65: icmp_seq=1 ttl=63 time=18.9 ms
64 bytes from 172.21.0.65: icmp_seq=2 ttl=63 time=1.26 ms
^C
--- 172.21.0.65 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.261/10.080/18.900/8.820 ms