Ask Your Question
1

ubuntu instances refuse ssh

asked 2014-07-01 19:18:20 -0500

Xentinel gravatar image

updated 2014-07-02 13:19:09 -0500

I've followed the ubuntu OpenStack setup to setup a test environment using the 3 node architecture with neutron-networking.

I've made the correct rules in the security group, and I'm able to ssh into a CirrOS instance, but the Ubuntu cloud instances refuse the connection.

I'm using the trusty-server-cloudimg-amd64-disk1.img from here

[EDIT]

I gave the Fedora 20 cloud image a try, and it revealed a lot of errors from cloud-init in the console log. I've attached it here (forgive me for removing the rsa-key)

edit retag flag offensive close merge delete

Comments

What flavour do you use for Ubuntu VM ?

dbaxps gravatar imagedbaxps ( 2014-07-01 22:48:09 -0500 )edit

I'm using a custom flavor based on the m1.tiny. It has 8GB of root disk space.

Xentinel gravatar imageXentinel ( 2014-07-02 04:36:13 -0500 )edit

Try :- flavor 2 | m1.small | 2048 | 20
Seems to be known issue.

dbaxps gravatar imagedbaxps ( 2014-07-02 04:45:20 -0500 )edit

I gave m1.small a try, didn't make any difference.

Xentinel gravatar imageXentinel ( 2014-07-02 12:41:15 -0500 )edit
1

You wrote : I'm able to ssh into a CirrOS instance
1. What reports ifconfig after login ?
2. ping 8.8.8.8
3. curl http://169.254.169.254/latest/meta-da...

dbaxps gravatar imagedbaxps ( 2014-07-02 13:04:01 -0500 )edit

5 answers

Sort by ยป oldest newest most voted
1

answered 2014-07-02 14:01:17 -0500

dbaxps gravatar image

updated 2014-07-02 14:03:46 -0500

On CirrOS instance you get :-

$ curl http://169.254.169.254/latest/meta-da...

<html>
 <head>
  <title>500 Internal Server Error</title>
 </head>
 <body>
  <h1>500 Internal Server Error</h1>
  Remote metadata server experienced an internal server error.<br /><br />

It's a fair . Your system doesn't have proper access to metadata configured. Any VM is affected and CirrOS as well. Regararding troubleshooting steps view http://bderzhavets.blogspot.com/2014/...
Metadata access verification

edit flag offensive delete link more

Comments

Fresh RDO AIO install has been just done on CentOS 6.5 . You may view results AIO Neutron ML2&OVS&VXLAN setup on CentOS 6.5

dbaxps gravatar imagedbaxps ( 2014-07-03 11:48:22 -0500 )edit
0

answered 2014-07-02 10:30:48 -0500

alexk gravatar image

Pop open a console from Horizon to your Ubuntu instance. Modify /etc/ssh/sshd_config and set your PermitRootLogin to "yes". Kill -HUP your sshd service. Now you should be able to login.

edit flag offensive delete link more

Comments

I would do that, but there isn't a tty to log into with the ubuntu cloud image. All the console shows is the same as the log.

Xentinel gravatar imageXentinel ( 2014-07-02 12:44:47 -0500 )edit
0

answered 2014-08-11 08:40:14 -0500

Napo Mokoetle gravatar image

This worked for me too. You're a star! Thank you very much.

edit flag offensive delete link more
0

answered 2014-07-02 14:56:17 -0500

Xentinel gravatar image

updated 2014-07-23 07:48:38 -0500

Ok, I've been going through the commands you run in that blogpost dbaxps.

I'm missing this line of the first command "iptables-save | grep 8775"

-A INPUT -p tcp -m multiport --dports 8773,8774,8775 -m comment --comment "001 novaapi incoming" -j ACCEPT

Other than that, I'm missing the routes to 169.254.0.0/16 on all nodes, which I guess is the major problem. Did you set a static IP somewhere for that subnet?

[UPDATE]

So digging further into this, I've found out that the metadata service on my network node is throwing all sorts of python errors.

I've included the log here. I start up an instance at 14.44 and that's when the errors begin.

edit flag offensive delete link more

Comments

No , I didn't . Doing multi-node Neutron ML2&OVS&VLAN (GRE) setup on RH's system I write answer-file.txt and invoke packstack --answer-file=./answer-file.txt Sample for GRE in mentioned blog, for VLAN in http://bderzhavets.blogspot.com/2014/... . Manual setup may be seen here
[1] http://kashyapc.fedorapeople.org/virt...
[2] http://kashyapc.fedorapeople.org/virt...

dbaxps gravatar imagedbaxps ( 2014-07-02 15:11:56 -0500 )edit

You wrote : Other than that, I'm missing the routes to 169.254.0.0/16 on all nodes, which I guess is the major problem. Did you set a static IP somewhere for that subnet?
Answer is No.

dbaxps gravatar imagedbaxps ( 2014-07-23 08:02:56 -0500 )edit

No I didn't set a static IP for it anywhere. Like I wrote, I've just been following the guide. Where should I set the static IP?

Xentinel gravatar imageXentinel ( 2014-07-23 08:11:59 -0500 )edit

You are not supposed to do that. You are supposed to setup properly access to metadata from within VMs . View http://bderzhavets.blogspot.ru/2014/0...

dbaxps gravatar imagedbaxps ( 2014-07-23 08:25:50 -0500 )edit

Very well, but I have no idea how I'm supposed to do that, and your link doesn't help. If anyone can explain it in a different way, I would really appreciate it.

Xentinel gravatar imageXentinel ( 2014-07-23 11:52:38 -0500 )edit
0

answered 2014-07-23 10:19:04 -0500

MCo gravatar image

updated 2014-07-23 11:55:17 -0500

This is not an answer, it's a contribution for trying to understand what's happening here.

I'm experimenting the same problem:

  • same 3 node configuration
  • openstack IceHouse version
  • I can ping and ssh cirros (either from inside and from outside the cloud, when I associate a floating IP)
  • I can ping ubuntu either from inside and from outside the cloud BUT I cannot ssh ubuntu from outside the cloud
  • The funny thing is that I can ssh ubuntu from inside the cloud. Please note that I'm 1000% sure that the security group is fine. In fact, I can SSH cirros!

In conclusion, it seems like ubuntu does not permit SSH from outside the cloud. I repeat, security group is fine, I checked that several times with some help from colleagues

One more piece of information: ubuntu is able to access the metadata server.

edit flag offensive delete link more

Comments

seems latest ubuntu is hardened, can you try older version of ubuntu.

SGPJ gravatar imageSGPJ ( 2014-07-23 12:50:24 -0500 )edit

Thanks for the suggestion but I've got some news. I noticed that even the SSH connection from a cirros to a client outside the cloud gives problems. They do not pop-up immediately; you can connect to cirros successfully. You experiment problems when you do something that "loads" the communication between cirros and the client outside the cloud (maybe cat-ting a long file). In such a case the communication hangs

MCo gravatar imageMCo ( 2014-07-24 04:51:36 -0500 )edit

Found the solution, at last! My real problem is the one reported https://ask.openstack.org/en/question/7156/text-editors-vim-nano-emacs-freezes-my-ssh-session-in-ubuntu-instances-1310-1304-and-12042-server/ (here). It appeared as an SSH connection problem because, very likely, Ubuntu delivers "too large" MTUs when a client connects, while cirros doesn't. The indications given in the post I reported fixes the problem. Hope it helps.

MCo gravatar imageMCo ( 2014-07-24 05:21:24 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2014-07-01 19:18:20 -0500

Seen: 4,517 times

Last updated: Jul 23 '14