Ask Your Question
-1

Kashyap Setup (Controller+Compute) on F20 is almost reproduced. SSH issue ?‏

asked 2014-01-21 05:20:24 -0500

dbaxps gravatar image

updated 2014-01-21 08:43:54 -0500

larsks gravatar image

I am pretty close. I can load Cirros instance on Compute, log in via VNC and run nslookup inside it. Everything is fine with IP's and routing. However , i cannot connect via ssh to both Cirros and Fedora 19 instances. Might it be gre tunnelling problem ?

Details :-

On Controller :-

# neutron security-group-rule-create --protocol tcp \
    --port-range-min 22 --port-range-max 22 \
    --direction ingress --remote-ip-prefix 0.0.0.0/0 default

Multiple security_group matches found for name 'default', use an ID to be more specific.

# neutron security-group-list
+--------------------------------------+---------+-------------+
| id                                   | name    | description |
+--------------------------------------+---------+-------------+
| a085748d-92c0-40e0-a4c1-bc86935ec0ee | default | default     |
| b6203882-561d-4f7b-9e2e-441c57e83419 | default | default     |
| c70b80d3-f060-4002-af22-6603c745a6cf | default | default     |
+--------------------------------------+---------+-------------+

# neutron security-group-rule-create --protocol tcp   --port-range-min 22 --port-range-max 22   --direction ingress --remote-ip-prefix 0.0.0.0/0  a085748d-92c0-40e0-a4c1-bc86935ec0ee
409-{u'NeutronError': {u'message': u'Security group rule already exists. Group id is 6d15d6cc-ed13-4c26-89ff-7ff10e6c4656.', u'type': u'SecurityGroupRuleExists', u'detail': u''}}
# neutron security-group-rule-create --protocol tcp   --port-range-min 22 --port-range-max 22   --direction ingress --remote-ip-prefix 0.0.0.0/0  b6203882-561d-4f7b-9e2e-441c57e83419
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | 97232fb3-6ba1-46a3-a8e3-2f25ba0c70dc |
| port_range_max    | 22                                   |
| port_range_min    | 22                                   |
| protocol          | tcp                                  |
| remote_group_id   |                                      |
| remote_ip_prefix  | 0.0.0.0/0                            |
| security_group_id | b6203882-561d-4f7b-9e2e-441c57e83419 |
| tenant_id         | 751cda6ede504ccd9562edd233b32b34     |
+-------------------+--------------------------------------+

# neutron floatingip-show \
  3d40ed62-ad78-4042-8342-9f76c419c8c1

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    | 10.0.0.2                             |
| floating_ip_address | 192.169.142.105                      |
| floating_network_id | 8e2df372-544d-4921-ad58-e164e5128410 |
| id                  | 3d40ed62-ad78-4042-8342-9f76c419c8c1 |
| port_id             | 41da6b37-dfd8-49a2-8dae-45d9a99ef7d7 |
| router_id           | ba157037-747e-4a44-84d5-13d7d30e88ac |
| tenant_id           | 751cda6ede504ccd9562edd233b32b34     |
+---------------------+--------------------------------------+

I can ping from Controller 192.169.142.105

# ssh -l fedora -i oskey1.priv 192.169.142.105

Hangs

I double checked iptables on compute node . It's OK

edit retag flag offensive close merge delete

Comments

-A INPUT -p gre -j ACCEPT -A OUTPUT -p gre -j ACCEPT are In filter section /etc/sysconfig/iptables on both nodes

dbaxps gravatar imagedbaxps ( 2014-01-21 09:58:05 -0500 )edit

1 answer

Sort by » oldest newest most voted
0

answered 2014-01-22 11:27:23 -0500

dbaxps gravatar image

updated 2014-01-30 11:06:05 -0500

Workaround

Well .. I can live with that due to blog of Sandro Mathys

cat ./myfile.txt
#cloud-config
password: mysecret
chpasswd: { expire: False }
ssh_pwauth: True

fedora's password will be "mysecret" via VNC connection

[root@ip-192-169-142-57 ~(keystone_admin)]$ nova boot --flavor 2  --user-data=./myfile.txt  \
--image fae71063-3ddb-4771-b464-7c8facae3e95 VF19QW
+--------------------------------------+--------------------------------------+
| Property                             | Value                                |
+--------------------------------------+--------------------------------------+
| OS-EXT-STS:task_state                | scheduling                           |
| image                                | Fedora 19 x86_64                     |
| OS-EXT-STS:vm_state                  | building                             |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000016                    |
| OS-SRV-USG:launched_at               | None                                 |
| flavor                               | m1.small                             |
| id                                   | 58da990b-a5c2-48fc-a1e9-09e4f5fa8529 |
| security_groups                      | [{u'name': u'default'}]              |
| user_id                              | ae5d131493904e89b6175940af592b34     |
| OS-DCF:diskConfig                    | MANUAL                               |
| accessIPv4                           |                                      |
| accessIPv6                           |                                      |
| progress                             | 0                                    |
| OS-EXT-STS:power_state               | 0                                    |
| OS-EXT-AZ:availability_zone          | nova                                 |
| config_drive                         |                                      |
| status                               | BUILD                                |
| updated                              | 2014-01-22T16:00:04Z                 |
| hostId                               |                                      |
| OS-EXT-SRV-ATTR:host                 | None                                 |
| OS-SRV-USG:terminated_at             | None                                 |
| key_name                             | None                                 |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | None                                 |
| name                                 | VF19QW                               |
| adminPass                            | bmi3iX4AHCM2                         |
| tenant_id                            | 751cda6ede504ccd9562edd233b32b34     |
| created                              | 2014-01-22T16:00:04Z                 |
| os-extended-volumes:volumes_attached | []                                   |
| metadata                             | {}                                   |
+--------------------------------------+--------------------------------------+

[root@ip-192-169-142-57 ~(keystone_admin)]$ nova list

+--------------------------------------+-----------+-----------+------------+-------------+---------------------------------+
    | ID                                   | Name      | Status    | Task State | Power State | Networks                        |
    +--------------------------------------+-----------+-----------+------------+-------------+---------------------------------+
    | 1155abf9-365b-4d2b-8655-f27bb5989f84 | Cirros311 | SUSPENDED | None       | Shutdown    | int01=10.0.0.2, 192.169.142.107 |
    | abe6528c-fe1a-47d6-96b5-deb61164c833 | Cirros315 | ACTIVE    | None       | Running     | int01=10.0.0.5, 192.169.142.106 |
    | 58da990b-a5c2-48fc-a1e9-09e4f5fa8529 | VF19QW    | ACTIVE    | None       | Running     | int01=10.0.0.4                  |
    +--------------------------------------+-----------+-----------+------------+-------------+---------------------------------

+

 [root@ip-192-169-142-57 ~(keystone_admin)]$ neutron port-list --device-id 58da990b-a5c2-48fc-a1e9-09e4f5fa8529

  +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
        | id                                   | name | mac_address       | fixed_ips                                                                       |
        +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
        | 6554364f-64f2-4fa1-8343-61ffbf2715d3 |      | fa:16:3e:40:0e:3a | {"subnet_id": "0342ee64-e844-48ce-88cb-cd721ef8664a", "ip_address": "10.0.0.4"} |
        +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
[root@ip-192-169-142-57 ~(keystone_admin)]$ neutron floatingip-create ext
Created a new floatingip:

![+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    |                                      |
| floating_ip_address | 192.169.142.108                      |
| floating_network_id | 8e2df372-544d-4921-ad58-e164e5128410 |
| id                  | 8f9fdc2b-00b6-42e3-9e72-4bac099d3ce2 |
| port_id             |                                      |
| router_id           |                                      |
| tenant_id           | 751cda6ede504ccd9562edd233b32b34     |
+---------------------+--------------------------------------+](/upfiles/13904115425867835.png)

[root@ip-192-169-142-57 ~(keystone_admin)]$ neutron floatingip-associate 8f9fdc2b-00b6-42e3-9e72-4bac099d3ce2 6554364f-64f2-4fa1-8343-61ffbf2715d3

Associated floatingip 8f9fdc2b-00b6-42e3-9e72-4bac099d3ce2

[root@ip-192-169-142-57 ~(keystone_admin)]$ ping 192.169.142.108

PING 192.169.142.108 (192.169.142.108) 56(84) bytes of data.
64 bytes from 192.169.142.108: icmp_seq=1 ttl=63 time=19.5 ms

Solution to make ssh working from Controller to instance running on Compute (192.168.1.108) :-

On cloud instance issue as root :-
$ ifconfig eth0 mtu 1400 up

Then from Controller (192.168.1.127)

[root@dfw02 ~(keystone_admin)]$ ssh fedora@192.168.1.108
fedora@192.168.1.108's password: 
Last login: Tue Jan 30 10:53:22 2014 from 192.168.1.127
[fedora@vf19vlgl ~]$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet 10.0.0.6  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::f816:3eff:fe4b:9790  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:4b:97:90  txqueuelen 1000  (Ethernet)
        RX packets 15986  bytes 19358438 (18.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4907  bytes 490901 (479.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 14  bytes 1400 (1.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14  bytes 1400 (1.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1 ...
(more)
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-01-21 05:20:24 -0500

Seen: 249 times

Last updated: Jan 30 '14