Ask Your Question
1

Can't access VMs via ping or ssh at all [closed]

asked 2014-07-24 14:16:36 -0500

1overcosc gravatar image

updated 2014-07-28 15:22:29 -0500

Added those two rules, and it did not fix the problem. Nothing changed.

I cannot for the life of me get nova-network configured properly. I've spent hours googling everything and trying every guide I've found but I still have this very frustrating problem:

I can spin up a node fine, and it gets assigned three IP addresses. But if I try to ping or ssh ANY of them, from any computer including the compute node itself, it fails, with 'Destination host unreachable'.

This is a test instance, so I have a single compute node that I'm running instances on. I've attempted ping & SSH from both the compute node as well as a another computer on the same local network, and both fail.

Output of nova secgroup-list

+----+---------+-------------+
| Id | Name    | Description |
+----+---------+-------------+
| 1  | default | default     |
+----+---------+-------------

Output of nova secgroup-list-rules default

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------

Output of nova network-list

+--------------------------------------+---------+-----------------+
| ID                                   | Label   | Cidr            |
+--------------------------------------+---------+-----------------+
| 27746160-ae5e-46eb-ae78-356111c6b729 | private | 192.168.4.32/27 |
| 95747f39-d565-4435-8dae-bc40ee8720b8 | private | 10.0.47.0/24    |
+--------------------------------------+---------+-----------------+

This is the content of my nova.conf file:

[DEFAULT]
verbose=True
debug=False
logdir=/var/log/nova
auth_strategy=keystone
state_path=/var/lib/nova
lock_path=/run/lock/nova
rootwrap_config=/etc/nova/rootwrap.conf
api_paste_config=/etc/nova/api-paste.ini
rabbit_host=10.117.231.101
rabbit_port=5672
rpc_backend = nova.openstack.common.rpc.impl_kombu
rabbit_userid=guest
rabbit_password=guest
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
network_manager=nova.network.manager.FlatDHCPManager
force_dhcp_release=True
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
my_ip=10.117.231.101
public_interface=br100
vlan_interface=eth0
flat_network_bridge=br100
flat_network_dhcp_start=192.168.4.33
flat_interface=eth0
dnsmasq_config_file=/etc/nova/dnsmasq-nova.conf
fixed_range=''
enable_ipv6=False
auto_assign_floating_ip=true
image_service=nova.image.glance.GlanceImageService
glance_api_servers=10.117.231.101:9292
glance_host=10.117.231.101
network_api_class = nova.network.api.API
security_group_api = nova
compute_manager=nova.compute.manager.ComputeManager
connection_type=libvirt
compute_driver=libvirt.LibvirtDriver
libvirt_type=kvm
libvirt_inject_key=false
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
remove_unused_base_images=true
remove_unused_resized_minimum_age_seconds=3600
remove_unused_original_minimum_age_seconds=3600
checksum_base_images=false
start_guests_on_host_boot=true
resume_guests_state_on_host_boot=true
volumes_path=/var/lib/nova/volumes
multi_host=true
quota_security_groups=50
quota_fixed_ips=40
quota_instances=20
force_config_drive=false
cpu_allocation_ratio=16.0
ram_allocation_ratio=1.5
my_ip=10.117.231.101
novnc_enabled=true
novncproxy_base_url=http://10.117.231.101:6080/vnc_auto.html
xvpvncproxy_base_url=http://10.117.231.101:6081/console
novncproxy_host=10.117.231.101
novncproxy_port=6080
vncserver_listen=10.117.231.101
vncserver_proxyclient_address=10.117.231.101
osapi_max_limit=1000
enabled_apis=ec2,osapi_compute,metadata
osapi_compute_extension = nova.api.openstack.compute.contrib.standard_extensions
ec2_workers=4
osapi_compute_workers=4
metadata_workers=4
osapi_volume_workers=4
osapi_compute_listen=10.117.231.101
osapi_compute_listen_port=8774
ec2_listen=10.117.231.101
ec2_listen_port=8773
ec2_host=10.117.231.101
ec2_private_dns_show_ip=True

[database]
connection = mysql://novadbadmin:novasecret@10.117.231.101/nova

[keystone_authtoken]
auth_uri = http://10.117.231.101:5000
auth_host = 10.117.231.101
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = (hidden in this post)

And this is my /etc/network ... (more)

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by koolhead17
close date 2014-08-10 17:11:19.066050

4 answers

Sort by ยป oldest newest most voted
0

answered 2014-07-29 15:14:39 -0500

1overcosc gravatar image

Issue now resolved. Was caused by issues relating to our highly complex network security system.

edit flag offensive delete link more
1

answered 2014-07-25 00:12:25 -0500

Anand TS gravatar image

Hi ,

If you aren't able to reach your instances via the floating IP address, make sure the default security group is configured properly that allows ICMP (ping) and SSH (port 22), so that you can reach the instances.

Also how you are getting three IP's for an instance. what does $nova network-list gives? . Where does 10.0.47.2 IP come from?

It is better to start troubleshooting by looking in to logs. Give more information about how you configured and regarding the setup, so that we can help you.

Thanks, Anand

edit flag offensive delete link more

Comments

what is the output of command : nova secgroup-list nova secgroup-list-rules <default>

Ping & SSH is possible if you have the accept rule for the ICMP & SSH.

vasanth-rajasekaran gravatar imagevasanth-rajasekaran ( 2014-07-25 05:12:52 -0500 )edit
0

answered 2014-07-25 10:36:27 -0500

rgroten gravatar image

I think you need to add rules to allow ICMP and SSH:

ICMP: nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

SSH: nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

edit flag offensive delete link more
0

answered 2014-07-29 09:21:48 -0500

1overcosc gravatar image

Already did that, and I verified via nova secgroup-list-rules that it worked, and still can't ping or SSH.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2014-07-24 14:16:36 -0500

Seen: 595 times

Last updated: Jul 29 '14