Ask Your Question
2

Unable to Ping or SSH after installing RDO

asked 2013-07-01 08:23:35 -0500

PT_C gravatar image

updated 2013-07-05 08:21:08 -0500

smaffulli gravatar image

I can successfully create an instance using a pre-made image and have no trouble associating IPs to it. I created a floating IP pool for a set number of IPs and associated one to the instance (Internal-1 network------- xxx.xxx.x.x, x.xx.xx.xxx). The instance itself is connected to both the Internal and External networks along with a floating IP (hence the three addreses). However when I go to ping it nothing shows up and its the same with ssh-ing.

Here's my problem:

[root@xxxxxx ~(keystone_admin)]# nova show Test-2

| status____________________________________________| ACTIVE
| updated__________________________________________| 2013-07-01T12:04:18Z
| OS-EXT-STS:task_state__________________________| None
| OS-EXT-SRV-ATTR:host_________________________| xxxxxx.com
| key_name_________________________________________| mykey
| image ____________________________________________ | Install (c931ba0a-36a1-4121-81d2-d353253cf673)
| Internal-1 network______________________________| xxx.xxx.x.x, x.xx.xx.xxx
| hostId____________________________________________| 4aca2a14005b1a51bb6ad862985f8d18e03eb150786531a246c97dc8 | | OS-EXT-STS:vm_state___________________________| active
| OS-EXT-SRV-ATTR:instance_name_____________|instance-00000009
| OS-EXT-SRV-ATTR:hypervisor_hostname______| xxxxxx.com
| flavor_____________________________________________|m1.tiny (1)
| id__________________________________________________ | 31f20c28-fabb-4b50-8ed9-0ec16f476905
| security_groups___________________________________| [{u'name': u'default'}, {u'name': u'default'}]
| user_id_____________________________________________| 3c1aa3cbf4cf401f830e90fb924bca50
| name______________________________________________| Test-2
| created____________________________________________| 2013-06-28T19:27:37Z
| tenant_id__________________________________________| 6e4aa065b45a43d8b75f652b140e0cee
| External-1 network_______________________________| xx.xx.xx.186
| OS-DCF:diskConfig_______________________________| MANUAL
| metadata___________________________________________| {}
| accessIPv4_________________________________________|
| accessIPv6_________________________________________|
| progress___________________________________________ | 0
| OS-EXT-STS:power_state _________________________|1
| OS-EXT-AZ:availability_zone _____________________| nova
| config_drive ________________________________________|

[xxxxxx ~(keystone_admin)]# ping xx.xx.xx.186
PING xx.xx.xx.186 (xx.xx.xx.186) 56(84) bytes of data.    
From xx.xx.xx.170 icmp_seq=2 Destination Host Unreachable    
From xx.xx.xx.170 icmp_seq=3 Destination Host Unreachable    
From xx.xx.xx.170 icmp_seq=4 Destination Host Unreachable

[rootxxxxxx ~(keystone_admin)]# nova ssh Test-2
ERROR: No public addresses found for 'Test-2'.
[rootxxxxxx ~(keystone_admin)]#

These are my networks:

|--ID----------------------------------------------------|--Label-------|--CIDR---|
| 51e10dd6-6574-43c0-a25a-a74eb27e6449 |-Internal-1--|-None----|    
| fe699d52-f375-4fc5-85e9-c17fa5cee108----|-External-1-|-None----|
|---------------------------------------------------------|----------------|------------|

I'm Using an RDO install with packstack on a RHEL 6.4 OS. Both the TCP 22 22 0.0.0.0/0 and the ICMP -1 -1 0.0.0.0/0 are present in the default security settings

edit retag flag offensive close merge delete

Comments

Did you directly map the external network to the instance instead of creating floating IP and associating the same?

Ashokb gravatar imageAshokb ( 2013-07-01 08:31:23 -0500 )edit

I created a floating IP pool for a set number of IPs and associated one to the instance (Internal-1 network------- xxx.xxx.x.x, x.xx.xx.xxx). The instance itself is connected to both the Internal and External networks along with a floating IP (hence the three addreses) P.S. I'm pretty new at this

PT_C gravatar imagePT_C ( 2013-07-01 09:35:14 -0500 )edit

External network is not intended to directly map to the VM's . Instead you should create floating IP's and associate to the VM's private nic. Can you check the VM console logs and let me know whether the private IP address assignment is happening properly?

Ashokb gravatar imageAshokb ( 2013-07-02 04:47:02 -0500 )edit

4 answers

Sort by ยป oldest newest most voted
3

answered 2014-04-10 07:07:31 -0500

Henk gravatar image

updated 2014-04-23 15:13:36 -0500

I had the same kind of problem on a Rackspace Private Cloud-box (OpenStack-based, with Neutron).

root@RACKSPACE-SANDBOX:~# ping -c2 172.16.24.100
PING 172.16.24.100 (172.16.24.100) 56(84) bytes of data.
^C
--- 172.16.24.100 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1007ms

100% packet loss...
This is in the MOTD of the host, so I should have known:

Remember! That this system is using Neutron. To gain access to an instance via the command line you MUST execute commands within in the namespace.
Example, "ip netns exec NAME_SPACE_ID bash".

Turns out you have to use the "ip"-command.
Here is what I did:

root@RACKSPACE-SANDBOX:~# ip netns list
qrouter-c4df4062-8484-41dc-a096-05bc78cd052f
qdhcp-ee33f63f-9863-4a08-8bdd-55293503dc0a

Use the qrouter network namespace to see if I can PING:

root@RACKSPACE-SANDBOX:~# ip netns exec qrouter-c4df4062-8484-41dc-a096-05bc78cd052f ping -c2 172.16.24.100
PING 172.16.24.100 (172.16.24.100) 56(84) bytes of data.
64 bytes from 172.16.24.100: icmp_req=1 ttl=64 time=6.38 ms
64 bytes from 172.16.24.100: icmp_req=2 ttl=64 time=0.924 ms

--- 172.16.24.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.924/3.652/6.381/2.729 ms

Success! Ok, let's try and fire up a shell in the qrouter:

root@RACKSPACE-SANDBOX:~# ip netns exec qrouter-c4df4062-8484-41dc-a096-05bc78cd052f bash

So, can I PING that address from here?

root@RACKSPACE-SANDBOX:~# ping -c2 172.16.24.100
PING 172.16.24.100 (172.16.24.100) 56(84) bytes of data.
64 bytes from 172.16.24.100: icmp_req=1 ttl=64 time=1.19 ms
64 bytes from 172.16.24.100: icmp_req=2 ttl=64 time=0.555 ms

--- 172.16.24.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.555/0.877/1.199/0.322 ms

I sure can!
And SSH-ing into the host from there works too.

Hope this solved your or anyone else's issue.

edit flag offensive delete link more

Comments

Yes, this works. However how to disable mac-spoofing and set no rules in eb tables?

SGPJ gravatar imageSGPJ ( 2014-04-10 13:36:03 -0500 )edit
0

answered 2013-07-01 09:23:27 -0500

Marin gravatar image

Did you allow ping/ssh in the security group? You can see what's enabled with nova secgroup-list and nova secgroup-list-rules (http://docs.openstack.org/grizzly/openstack-compute/admin/content/instance-networking.html).

edit flag offensive delete link more

Comments

Both the TCP 22 22 0.0.0.0/0 and the ICMP -1 -1 0.0.0.0/0 are present in the default security settings

PT_C gravatar imagePT_C ( 2013-07-01 09:29:37 -0500 )edit

When I run the 'get-vnc-console' command it returns a url but it doesn't connect to anything.

PT_C gravatar imagePT_C ( 2013-07-02 07:28:41 -0500 )edit
0

answered 2013-07-01 15:34:27 -0500

james.shimer gravatar image

updated 2013-07-01 15:36:21 -0500

I suggest using the cirros debug image and novnc to debug the issue. My hunch would be that the security settings are not being pushed to the VM because there is an issue w/ the VM accessing the metadata services. Use:

nova list

nova get-vnc-console <> novnc

and point the url to controller

edit flag offensive delete link more
0

answered 2013-07-01 13:38:21 -0500

bryanjimenez gravatar image

updated 2013-07-05 08:16:12 -0500

smaffulli gravatar image

I was getting no ssh or pings also and after finding this was able to get it working. The host was Ubuntu 12.04. This adds a rule to the iptables that modifies outgoing packets from the host.

https://wiki.ubuntu.com/SecurityTeam/TestingOpenStack#Making_OpenStack_available_to_the_LAN

 sudo /sbin/iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill
edit flag offensive delete link more

Comments

I'm not using Ubuntu, I'm using RHEL6.4

PT_C gravatar imagePT_C ( 2013-07-01 13:55:22 -0500 )edit

Do you get this message in the log for the instance? https://lists.launchpad.net/openstack/msg22660.html

bryanjimenez gravatar imagebryanjimenez ( 2013-07-01 14:19:01 -0500 )edit

My log is blank there's nothing there

PT_C gravatar imagePT_C ( 2013-07-01 15:02:00 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-07-01 08:23:35 -0500

Seen: 6,058 times

Last updated: Apr 23 '14