Ask Your Question

Cant't ping my vm from controller node

asked 2013-04-03 14:18:30 -0500

nasser gravatar image

updated 2013-04-11 13:23:29 -0500

smaffulli gravatar image

I have installed opensatck on two servers with Ubuntu 12.04 LTS. Controller node has 2 NICs (eth0 eth0 internet and private):

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static

auto br100
iface br100 inet static
        bridge_ports eth1
        bridge_stp off
        bridge_maxwait 0
        bridge_fd 0

compute node : 1 NIC (eth0 privé)

auto br100
iface br100 inet static
     bridge_ports eth0
     bridge_stp off
     bridge_maxwait 0
     bridge_fd 0

nova.conf on controller node :

# Change my_ip to match each host
#Note the different pool, this will be used for instance range

default_floating_pool = ext_net
floating_range =
#auto_assign_floating_ip = True
quota_floating_ips = 50

#multi host


My problem is that I can't ping instances(vm) from the controller node or acces with ssh (I added the security rules) but I can acces to the vm from the vnc console. please help me

edit retag flag offensive close merge delete


Are you able to ping from an instance?

briancline gravatar imagebriancline ( 2013-04-10 10:18:49 -0500 )edit

Also, to make it easier for others to read the configurations you posted, try editing your post, highlighting the config blocks, and clicking the "101 010" button in the editor to prefix each of the lines with 4 spaces. Once you save, it causes the site to present these in a readable code block.

briancline gravatar imagebriancline ( 2013-04-10 10:20:07 -0500 )edit

2 answers

Sort by » oldest newest most voted

answered 2013-04-11 13:17:40 -0500

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

Sometimes a particular instance shows "pending" or you cannot SSH to it. Sometimes networking settings are the problem. Sometimes the image itself is the problem.

One of the most commonly missed configuration areas is not allowing the proper access to VMs. Use the 'euca-authorize' command to enable access. Below, you will find the commands to allow 'ping' and 'ssh' to your VMs::

euca-authorize -P icmp -t -1:-1 default
euca-authorize -P tcp -p 22 default

Another common issue is you cannot ping or SSH your instances after issuing the 'euca-authorize' commands. Something to look at is the amount of 'dnsmasq' processes that are running. If you have a running instance, check to see that TWO 'dnsmasq' processes are running. If not, perform the following::

killall dnsmasq
service nova-network restart

With recent builds of Nova, IPv6 configuration is allowed, but if you cannot SSH to an image, add --use_ipv6=false to your nova.conf.

For example, when using flat manager networking, you do not have a dhcp server, and an ami-tiny image doesn't support interface injection so you cannot connect to it. The fix for this type of problem is to use an Ubuntu image, which should obtain an IP address correctly with FlatManager network settings. To troubleshoot other possible problems with an instance, such as one that stays in a spawning state, first check your instances directory for i-ze0bnh1q dir to make sure it has the following files:

console.log (Once the instance actually starts you should see a console.log.)

Check the file sizes to see if they are reasonable. If any are missing/zero/very small then nova-compute has somehow not completed download of the images from objectstore.

Also check nova-compute.log for exceptions. Sometimes they don't show up in the console output.

Next, check the /var/log/libvirt/qemu/i-ze0bnh1q.log file to see if it exists and has any useful error messages in it.

Finally, from the instances/i-ze0bnh1q directory, try virsh create libvirt.xml and see if you get an error there.

Also, when setting up nodes in FlatManger, be sure to enable ipforward or none your node instances will be able to ping out.

Net ipv4 ip_forward = 1
edit flag offensive delete link more


This answer is very detailed, but the euca-authorize commands you gave only set up the security rules which masser said he already did. I am having the same problem. Where should we be making these checks and running these commands if we have all the services on separate machines?

ianrossi gravatar imageianrossi ( 2013-05-10 21:48:04 -0500 )edit

answered 2013-09-30 07:13:54 -0500

sngirame gravatar image

I am too facing the same problem. Ican create an instance with valid IP address although can not ping or SSH the instance neither from controller node nor from the outside. I have created rules for ICMP & SSH.

Also my ubuntu controller node does not euca-authorize tool..from where to get this?

edit flag offensive delete link more


When I searched over the internet I saw many folks facing the same problem, can anyone please explain what could be the root cause of the problem? (apart from missing rules for ICMP/SSH)

sngirame gravatar imagesngirame ( 2013-10-02 22:49:10 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2013-04-03 14:18:30 -0500

Seen: 4,554 times

Last updated: Sep 30 '13