Ask Your Question
1

Unable to SSH an instance from controller node

asked 2014-10-25 03:58:27 -0600

Andrea Meroni gravatar image

Hi all,

I have a 3 nodes Openstack setup (2 compute nodes and 1 controller/network node). When I launch a new VM on the controller I am able to SSH it, while I am not able to SSH any VM on the compute nodes. Moreover: I am able to ping every VM, and I am also able to SSH a VM on compute node 2 from inside a VM on compute node 1. But whenever I try to SSH from the controller a VM on a compute node, the connection stucks at

debug1: SSH2_MSG_KEXINIT

Honestly I have no idea of where is the problem, I checked the network configuration lots of time and everything seems to be ok. I guess the problem is on the controller, but I have no hints apart from this.

Andrea

edit retag flag offensive close merge delete

Comments

Please, post nova secgroup-list-rules default and ssh command exactly as you issue it on controller.

dbaxps gravatar imagedbaxps ( 2014-10-25 10:13:56 -0600 )edit

Regarding the secgroup rules I run

nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

Then about SSH I tried

sudo ip netns exec qdhcp-$internal_network_id sudo ssh -i ~/.ssh/id_rsa andrea@$IP
Andrea Meroni gravatar imageAndrea Meroni ( 2014-10-25 12:21:47 -0600 )edit

Right now I don't have access to the deployment, I hope you can find the explaination sufficiently clear

Andrea Meroni gravatar imageAndrea Meroni ( 2014-10-25 12:26:43 -0600 )edit

What OS is running your VM ( why default name is andrea ) ?
How you created ssh keypair and assign it to VM upon creation ?
What was the the nova boot ...... command ?

dbaxps gravatar imagedbaxps ( 2014-10-25 12:28:53 -0600 )edit

It's ubuntu-server 14.04 (where I created the user andrea).

By the way, I tried also with a Fedora 20 Cloud Image and I got the same exact error.

Yes, I have created the keypair with

nova keypair --add-public ~/.ssh/id_rsa.pub key
Andrea Meroni gravatar imageAndrea Meroni ( 2014-10-25 12:35:44 -0600 )edit
see more comments

3 answers

Sort by ยป oldest newest most voted
1

answered 2014-10-28 05:35:01 -0600

Andrea Meroni gravatar image 
sudo ip netns exec qdhcp-a9794e3f-9cb7-4e19-b057-5826f46b5643 sudo netstat -antp

gives the following output

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name 
tcp        0      0 192.168.200.3:53        0.0.0.0:*               LISTEN      5905/dnsmasq
tcp6       0      0 fe80::f816:3eff:fee3:53 :::*                    LISTEN      5905/dnsmasq

while instead

sudo ip netns exec qdhcp-a9794e3f-9cb7-4e19-b057-5826f46b5643 sudo iptables -S -t nat | grep 169.254

gives no output. Am I missing something? As you can notice I didn't create a router because I need just an internal network

edit flag offensive delete link more

Comments

Floating IPs are assigned via qrouter-namespace && metadata access also works via qrouter-namespace. Regarding Neutron L3 routing architecture
Please, view https://www.hastexo.com/system/files/...

dbaxps gravatar imagedbaxps ( 2014-10-28 05:48:35 -0600 )edit

Ok, got it. But is it normal that my iptables are still empty? I will try by adding a router, but I guess that the situation will be the same

Andrea Meroni gravatar imageAndrea Meroni ( 2014-10-28 05:58:29 -0600 )edit

What OS are running on nodes ? After creating router , run iptables -L

dbaxps gravatar imagedbaxps ( 2014-10-28 06:06:56 -0600 )edit

You were right, output of iptables:

-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
Andrea Meroni gravatar imageAndrea Meroni ( 2014-10-28 06:14:35 -0600 )edit

And this is the one of netstat 

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9697            0.0.0.0:*               LISTEN      5881/python
Andrea Meroni gravatar imageAndrea Meroni ( 2014-10-28 06:15:28 -0600 )edit
see more comments
0

answered 2014-10-25 13:20:49 -0600

dbaxps gravatar image

Forced to use answer field due to formatting options :-
Would try 

$ nova keypair-add oskey1 > oskey1.priv
$ chmod 600 oskey1.priv

Now create instance with oskey1 :-

$ nova boot --flavor 2 --key_name oskey1 --image ubuntu-glance-image-id \
    --availability-zone nova:compute1 --nic net-id=$net_id   ubuntu-guest1

Assign floating IP1 to ubuntu-guest1

Login from controller
$ ssh -i oskey1.priv  ubuntu@IP1   ( ubuntu default user name for ubuntu images)
edit flag offensive delete link more

Comments

I'll give it a try ASAP, thanks

Andrea Meroni gravatar imageAndrea Meroni ( 2014-10-25 14:04:30 -0600 )edit

Still not working. But with a CirrOS image everything works fine. I guess it is a metadata problem ... Other hints?

Andrea Meroni gravatar imageAndrea Meroni ( 2014-10-28 04:30:49 -0600 )edit

Did you try a fresh Ubuntu glance image or just old one ?

dbaxps gravatar imagedbaxps ( 2014-10-28 04:39:09 -0600 )edit

I used the one specified in docs.openstack.org/image-guide/content/ch_obtaining_images.html. Downloaded just 10 minutes ago and booted without any modification

Andrea Meroni gravatar imageAndrea Meroni ( 2014-10-28 04:40:55 -0600 )edit

Moreover, the Ubuntu image seems to be not able to contact 169.254.169.254 to get metadata ...

Andrea Meroni gravatar imageAndrea Meroni ( 2014-10-28 04:44:58 -0600 )edit
see more comments
0

answered 2014-10-28 10:30:02 -0600

XicoLoco gravatar image

you take a look to see if you mess up your firewall tables on controller ?

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-10-25 03:58:27 -0600

Seen: 2,188 times

Last updated: Oct 28 '14

Related questions

Failed to create instance Error: Can't find ext4 filesystem?

OpenStack on OpenStack deployment

Ceilometer-api critical error OpenStack-IceHouse Ubuntu 14.04

can't ping or ssh cirros vm floating ip

can't remove router, spanning tree

Offline migration without ssh key

SSH Access Permission denied

Can't connect to public ip address of local server

not able to ssh into vm in icehouse [closed]

nova doesn't find my private Key [closed]