I have a working single-node centos Openstack instance which is working in most regards nicely, except for one problem which has me tearing my hair out.
The problem is this: when I create new VM instances, I am unable to ping/ssh them from the controller machine. So, when the VM comes up on the 10.0.1.x network, I cannot directly access it from the controller. I can access the machine from the Horizon Console app - which baffles me, since horizon is running on the controller. If I add a floating IP to the machine, I can access it no problem both from the controller as well as from any system on the LAN.
I have already confirmed that security groups are properly set up and opened to allow access to both ssh and icmp. Here's the security group settings:
ALLOW IPv6 to ::/0
ALLOW IPv4 to 0.0.0.0/0
ALLOW IPv4 from default
ALLOW IPv6 from default
ALLOW IPv4 22/tcp from 0.0.0.0/0
ALLOW IPv4 icmp from 0.0.0.0/0
And here's various other settings which might help identify the problem:
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.200 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::dacb:8aff:fea4:471 prefixlen 64 scopeid 0x20<link>
ether d8:cb:8a:a4:04:71 txqueuelen 0 (Ethernet)
RX packets 418591 bytes 66744430 (63.6 MiB)
RX errors 0 dropped 51 overruns 0 frame 0
TX packets 217891 bytes 165063129 (157.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[liz@openstack-controlle ~(keystone_admin)]$ neutron net-list
+--------------------------------------+---------------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------------+-----------------------------------------------------+
| a1ab7093-2884-4032-8511-003e89fcb81e | external | c184b9ef-f16d-4aad-9c7b-5d2f5e49ce58 192.168.1.0/24 |
| bb3da742-1223-4859-83f1-d03bda84ff2d | intenal-saidi | 160b1f41-de0a-40e0-9d3d-9a6630347e0e 10.0.1.0/24 |
+--------------------------------------+---------------+-----------------------------------------------------+
[liz@openstack-controlle ~(keystone_admin)]$ neutron router-list
+--------------------------------------+--------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| id | name | external_gateway_info | distributed | ha |
+--------------------------------------+--------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| 9cd5d292-a7bb-4dcf-969d-f174e397b949 | router-saidi | {"network_id": "a1ab7093-2884-4032-8511-003e89fcb81e", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "c184b9ef-f16d-4aad-9c7b-5d2f5e49ce58", "ip_address": "192.168.1.201"}]} | False | False |
+--------------------------------------+--------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+