Ask Your Question

SSH timeout to Controller Node [closed]

asked 2014-09-19 18:52:47 -0600

TheFueley gravatar image

Hello, I'm having trouble with my install. I've been following along the 3-node install guide for Fedora except that I've been using two physical hosts. Yes, I know I messed up. I didn't think there would be any issue by combining the Controller and Network nodes into the same box. So I get to the "Configure a Network Node" in chapter 7. Right after I add the bridge interfaces, then enable, and start the neutron-* services, I lose my shell into the box. I had to move to the local keyboard and try to figure out what was going on. Again, I used the same box for Network and Controller nodes. I have network access, meaning that it has IP's. I can ping it. But now it will no longer route and it won't accept SSH connections. It receives the initial SYN packet. I can see that with iptstate. It will not, however, go past that. Is there a way for me to recover from this? I looked at the iptables rulesets and don't see anything that would prevent SSH. In fact, it's wide open (ACCEPT policy by default). Can anybody help? Thanks in advance.

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by TheFueley
close date 2015-01-23 14:40:07.504252


the usual ssh troubleshooting perhaps? I.e. run a daemon with a different port number and debugging option, run the ssh client with debugging.

Bernd Bausch gravatar imageBernd Bausch ( 2014-09-20 22:27:17 -0600 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2015-01-23 14:38:16 -0600

TheFueley gravatar image

So it turns out my virtual router was dropping the return packets from the instance clients. I am not using the default router. I'm using a Vyatta vRouter. So the iptables rulesets were dropping packets that didn't match the MAC and IP on that interface. Frustrating. But that was the issue. So I created a little script that deletes the the DROP rule on that chain. It's easy to spot. It's a openvswi* named chain and has a RETURN rule with the MAC and IP and is followed by a DROP rule. Just delete the drop rule.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-09-19 18:52:47 -0600

Seen: 301 times

Last updated: Jan 23 '15