ubuntu instances refuse ssh

asked 2014-07-01 19:18:20 -0500

Xentinel gravatar image

updated 2014-07-02 13:19:09 -0500

I've followed the ubuntu OpenStack setup to setup a test environment using the 3 node architecture with neutron-networking.

I've made the correct rules in the security group, and I'm able to ssh into a CirrOS instance, but the Ubuntu cloud instances refuse the connection.

I'm using the trusty-server-cloudimg-amd64-disk1.img from here


I gave the Fedora 20 cloud image a try, and it revealed a lot of errors from cloud-init in the console log. I've attached it here (forgive me for removing the rsa-key)

What flavour do you use for Ubuntu VM ?

dbaxps gravatar imagedbaxps ( 2014-07-01 22:48:09 -0500 )edit

I'm using a custom flavor based on the m1.tiny. It has 8GB of root disk space.

Xentinel gravatar imageXentinel ( 2014-07-02 04:36:13 -0500 )edit

Try :- flavor 2 | m1.small | 2048 | 20
Seems to be known issue.

dbaxps gravatar imagedbaxps ( 2014-07-02 04:45:20 -0500 )edit

I gave m1.small a try, didn't make any difference.

Xentinel gravatar imageXentinel ( 2014-07-02 12:41:15 -0500 )edit

You wrote : I'm able to ssh into a CirrOS instance
1. What reports ifconfig after login ?
2. ping
3. curl

dbaxps gravatar imagedbaxps ( 2014-07-02 13:04:01 -0500 )edit

answered 2014-07-02 14:01:17 -0500

dbaxps gravatar image

updated 2014-07-02 14:03:46 -0500

On CirrOS instance you get :-

$ curl

  <title>500 Internal Server Error</title>
  <h1>500 Internal Server Error</h1>
  Remote metadata server experienced an internal server error.<br /><br />

It's a fair . Your system doesn't have proper access to metadata configured. Any VM is affected and CirrOS as well. Regararding troubleshooting steps view
Metadata access verification

Fresh RDO AIO install has been just done on CentOS 6.5 . You may view results AIO Neutron ML2&OVS&VXLAN setup on CentOS 6.5

dbaxps gravatar imagedbaxps ( 2014-07-03 11:48:22 -0500 )edit

answered 2014-07-02 10:30:48 -0500

alexk gravatar image

Pop open a console from Horizon to your Ubuntu instance. Modify /etc/ssh/sshd_config and set your PermitRootLogin to "yes". Kill -HUP your sshd service. Now you should be able to login.

I would do that, but there isn't a tty to log into with the ubuntu cloud image. All the console shows is the same as the log.

Xentinel gravatar imageXentinel ( 2014-07-02 12:44:47 -0500 )edit

answered 2014-08-11 08:40:14 -0500

Napo Mokoetle gravatar image

This worked for me too. You're a star! Thank you very much.

answered 2014-07-02 14:56:17 -0500

Xentinel gravatar image

updated 2014-07-23 07:48:38 -0500

Ok, I've been going through the commands you run in that blogpost dbaxps.

I'm missing this line of the first command "iptables-save | grep 8775"

-A INPUT -p tcp -m multiport --dports 8773,8774,8775 -m comment --comment "001 novaapi incoming" -j ACCEPT

Other than that, I'm missing the routes to on all nodes, which I guess is the major problem. Did you set a static IP somewhere for that subnet?


So digging further into this, I've found out that the metadata service on my network node is throwing all sorts of python errors.

I've included the log here. I start up an instance at 14.44 and that's when the errors begin.

No , I didn't . Doing multi-node Neutron ML2&OVS&VLAN (GRE) setup on RH's system I write answer-file.txt and invoke packstack --answer-file=./answer-file.txt Sample for GRE in mentioned blog, for VLAN in . Manual setup may be seen here

dbaxps gravatar imagedbaxps ( 2014-07-02 15:11:56 -0500 )edit

You wrote : Other than that, I'm missing the routes to on all nodes, which I guess is the major problem. Did you set a static IP somewhere for that subnet?
Answer is No.

dbaxps gravatar imagedbaxps ( 2014-07-23 08:02:56 -0500 )edit

No I didn't set a static IP for it anywhere. Like I wrote, I've just been following the guide. Where should I set the static IP?

Xentinel gravatar imageXentinel ( 2014-07-23 08:11:59 -0500 )edit

You are not supposed to do that. You are supposed to setup properly access to metadata from within VMs . View

dbaxps gravatar imagedbaxps ( 2014-07-23 08:25:50 -0500 )edit

Very well, but I have no idea how I'm supposed to do that, and your link doesn't help. If anyone can explain it in a different way, I would really appreciate it.

Xentinel gravatar imageXentinel ( 2014-07-23 11:52:38 -0500 )edit

answered 2014-07-23 10:19:04 -0500

MCo gravatar image

updated 2014-07-23 11:55:17 -0500

This is not an answer, it's a contribution for trying to understand what's happening here.

I'm experimenting the same problem:

  • same 3 node configuration
  • openstack IceHouse version
  • I can ping and ssh cirros (either from inside and from outside the cloud, when I associate a floating IP)
  • I can ping ubuntu either from inside and from outside the cloud BUT I cannot ssh ubuntu from outside the cloud
  • The funny thing is that I can ssh ubuntu from inside the cloud. Please note that I'm 1000% sure that the security group is fine. In fact, I can SSH cirros!

In conclusion, it seems like ubuntu does not permit SSH from outside the cloud. I repeat, security group is fine, I checked that several times with some help from colleagues

One more piece of information: ubuntu is able to access the metadata server.

seems latest ubuntu is hardened, can you try older version of ubuntu.

SGPJ gravatar imageSGPJ ( 2014-07-23 12:50:24 -0500 )edit

Thanks for the suggestion but I've got some news. I noticed that even the SSH connection from a cirros to a client outside the cloud gives problems. They do not pop-up immediately; you can connect to cirros successfully. You experiment problems when you do something that "loads" the communication between cirros and the client outside the cloud (maybe cat-ting a long file). In such a case the communication hangs

MCo gravatar imageMCo ( 2014-07-24 04:51:36 -0500 )edit

Found the solution, at last! My real problem is the one reported (here). It appeared as an SSH connection problem because, very likely, Ubuntu delivers "too large" MTUs when a client connects, while cirros doesn't. The indications given in the post I reported fixes the problem. Hope it helps.

MCo gravatar imageMCo ( 2014-07-24 05:21:24 -0500 )edit

