ssh access to vm from public interface hangs using vlan, nova-network and folsom
I have two nodes: controller (all folsom services but nova-network and nova-compute) and compute1 (nova-network and nova-compute). I can ssh to the VM OK from compute1, I can ping public IP from outside OK but I cannot ssh from outside. ssh hangs when running from outside:
Replaced real IP with x.x.x.x
ssh -vvv -i user_onek.pem x.x.x.x -l ubuntu OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to x.x.x.x [x.x.x.x] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug3: Not a RSA1 key file user_onek.pem. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file user_onek.pem type -1
Hangs ...
Using same key and running from compute1 I can ssh OK: ssh -vvv -i user_onek.pem x.x.x.x -l ubuntu OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to x.x.x.x [x.x.x.x] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug3: Incorrect RSA1 identifier debug3: Could not load "user_onek.pem" as a RSA1 public key debug1: identity file user_onek.pem type -1 debug1: identity file user_onek.pem-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "x.x.x.x" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:4 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.... debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received more .... debug2: shell request accepted on channel 0 Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-35-virtual x86_64) OK
and the VM can access the internet OK
I have two NICs eth0 for management network and eth1 for public access. Here is my /etc/nova/nova.conf from compute1 [DEFAULT]
LOGS/STATE
logdir=/var/log/nova state_path=/var/lib/nova lock_path=/run/lock/nova verbose=True
RABBITMQ
rabbit_host=100.10.10.51
SCHEDULER
scheduler_driver=nova.scheduler.multi.MultiScheduler compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
APIS
s3_host=100.10.10.51 ec2_host=100.10.10.51 ec2_dmz_host=100.10.10.51 ec2_url=http://100.10.10.51:8773/services/Cloud rabbit_host=100.10.10.51 cc_host=100 ...