Ask Your Question
0

Cant't ping my vm from controller node

asked 2013-04-03 14:18:30 -0500

nasser gravatar image

updated 2013-04-11 13:23:29 -0500

smaffulli gravatar image

I have installed opensatck on two servers with Ubuntu 12.04 LTS. Controller node has 2 NICs (eth0 eth0 internet and private):

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
        address  10.23.0.128
        netmask 255.255.255.0
        gateway 10.23.0.254
        dns-nameservers 10.23.0.254

auto br100
iface br100 inet static
        address 172.16.1.201
        netmask 255.255.255.0
        network 172.16.1.0
        broadcast 172.16.1.255
        bridge_ports eth1
        bridge_stp off
        bridge_maxwait 0
        bridge_fd 0

compute node : 1 NIC (eth0 privé)

auto br100
iface br100 inet static
     address 172.16.1.202
     netmask 255.255.255.0
     network 172.16.1.0
     broadcast 172.16.1.255
     gateway 172.16.1.201
     bridge_ports eth0
     bridge_stp off
     bridge_maxwait 0
     bridge_fd 0

nova.conf on controller node :

# NETWORK
network_manager=nova.network.manager.FlatDHCPManager
force_dhcp_release=True
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
# Change my_ip to match each host
my_ip=172.16.1.201
public_interface=br100
vlan_interface=eth1
flat_network_bridge=br100
flat_interface=eth1
#Note the different pool, this will be used for instance range
fixed_range=10.33.14.0/24

default_floating_pool = ext_net
floating_range = 192.168.1.128/25
#auto_assign_floating_ip = True
quota_floating_ips = 50

#multi host

multi_host=True
send_arp_for_ha=true
enabled_apis=ec2,osapi_compute,osapi_volume,metadata

My problem is that I can't ping instances(vm) from the controller node or acces with ssh (I added the security rules) but I can acces to the vm from the vnc console. please help me

edit retag flag offensive close merge delete

Comments

Are you able to ping 172.16.1.201 from an instance?

briancline gravatar imagebriancline ( 2013-04-10 10:18:49 -0500 )edit

Also, to make it easier for others to read the configurations you posted, try editing your post, highlighting the config blocks, and clicking the "101 010" button in the editor to prefix each of the lines with 4 spaces. Once you save, it causes the site to present these in a readable code block.

briancline gravatar imagebriancline ( 2013-04-10 10:20:07 -0500 )edit

2 answers

Sort by » oldest newest most voted
4

answered 2013-04-11 13:17:40 -0500

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

Sometimes a particular instance shows "pending" or you cannot SSH to it. Sometimes networking settings are the problem. Sometimes the image itself is the problem.

One of the most commonly missed configuration areas is not allowing the proper access to VMs. Use the 'euca-authorize' command to enable access. Below, you will find the commands to allow 'ping' and 'ssh' to your VMs::

euca-authorize -P icmp -t -1:-1 default
euca-authorize -P tcp -p 22 default

Another common issue is you cannot ping or SSH your instances after issuing the 'euca-authorize' commands. Something to look at is the amount of 'dnsmasq' processes that are running. If you have a running instance, check to see that TWO 'dnsmasq' processes are running. If not, perform the following::

killall dnsmasq
service nova-network restart

With recent builds of Nova, IPv6 configuration is allowed, but if you cannot SSH to an image, add --use_ipv6=false to your nova.conf.

For example, when using flat manager networking, you do not have a dhcp server, and an ami-tiny image doesn't support interface injection so you cannot connect to it. The fix for this type of problem is to use an Ubuntu image, which should obtain an IP address correctly with FlatManager network settings. To troubleshoot other possible problems with an instance, such as one that stays in a spawning state, first check your instances directory for i-ze0bnh1q dir to make sure it has the following files:

libvirt.xml
disk
disk-raw
kernel
ramdisk
console.log (Once the instance actually starts you should see a console.log.)

Check the file sizes to see if they are reasonable. If any are missing/zero/very small then nova-compute has somehow not completed download of the images from objectstore.

Also check nova-compute.log for exceptions. Sometimes they don't show up in the console output.

Next, check the /var/log/libvirt/qemu/i-ze0bnh1q.log file to see if it exists and has any useful error messages in it.

Finally, from the instances/i-ze0bnh1q directory, try virsh create libvirt.xml and see if you get an error there.

Also, when setting up nodes in FlatManger, be sure to enable ipforward or none your node instances will be able to ping out.

/etc/sysctl.conf
Net ipv4 ip_forward = 1
edit flag offensive delete link more

Comments

This answer is very detailed, but the euca-authorize commands you gave only set up the security rules which masser said he already did. I am having the same problem. Where should we be making these checks and running these commands if we have all the services on separate machines?

ianrossi gravatar imageianrossi ( 2013-05-10 21:48:04 -0500 )edit
-1

answered 2013-09-30 07:13:54 -0500

sngirame gravatar image

I am too facing the same problem. Ican create an instance with valid IP address although can not ping or SSH the instance neither from controller node nor from the outside. I have created rules for ICMP & SSH.

Also my ubuntu controller node does not euca-authorize tool..from where to get this?

edit flag offensive delete link more

Comments

When I searched over the internet I saw many folks facing the same problem, can anyone please explain what could be the root cause of the problem? (apart from missing rules for ICMP/SSH)

sngirame gravatar imagesngirame ( 2013-10-02 22:49:10 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2013-04-03 14:18:30 -0500

Seen: 4,316 times

Last updated: Sep 30 '13