Ask Your Question
1

Unable to SSH to instance, (openstack Juno on Centos 7)

asked 2015-02-22 08:43:08 -0600

vedsarkushwaha gravatar image

I'm trying to connect openstack instance from last couple of weeks, but still not successful.

I tried following link:

https://openstack.redhat.com/Neutron_with_existing_external_network (https://openstack.redhat.com/Neutron_...)

https://ask.openstack.org/en/question/52698/connecting-to-existing-network-with-rdo-juno-on-centos-7/ (https://ask.openstack.org/en/question...)

Here is my configuration:

ifconfig:

br-ex: flags=4163<up,broadcast,running,multicast> mtu 1500 inet 10.16.37.221 netmask 255.255.255.0 broadcast 10.16.37.255 inet6 fe80::58dc:cdff:fe3c:624a prefixlen 64 scopeid 0x20<link> ether b0:83:fe:75:95:9c txqueuelen 0 (Ethernet) RX packets 11160 bytes 18527350 (17.6 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 9751 bytes 1061798 (1.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

br-int: flags=4163<up,broadcast,running,multicast> mtu 1500 inet6 fe80::c071:edff:fe04:de44 prefixlen 64 scopeid 0x20<link> ether c2:71:ed:04:de:44 txqueuelen 0 (Ethernet) RX packets 42 bytes 4328 (4.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<up,loopback,running> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 504005 bytes 108257311 (103.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 504005 bytes 108257311 (103.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

p2p1: flags=4163<up,broadcast,running,multicast> mtu 1500 inet6 fe80::b283:feff:fe75:959c prefixlen 64 scopeid 0x20<link> ether b0:83:fe:75:95:9c txqueuelen 1000 (Ethernet) RX packets 356442 bytes 372192516 (354.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 157458 bytes 12175539 (11.6 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

nova secgroup-list-rules default:

+-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 22 | 22 | 0.0.0.0/0 | | | icmp | -1 | -1 | 0.0.0.0/0 | | | | | | | default | | | | | | default | +-------------+-----------+---------+-----------+--------------+

sudo ovs-vsctl show:

077937f9-cf9d-40ca-af2b-f435153595d5

Bridge br-int
    fail_mode: secure
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
    Port br-int
        Interface br-int
            type: internal
Bridge br-ex
    Port "p2p1"
        Interface "p2p1"
    Port br-ex
        Interface br-ex
            type: internal
Bridge br-tun
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
ovs_version: "2.1.3"

Please help..

edit retag flag offensive close merge delete

Comments

could you able to ping both the controller and external network. we should add the two rules from dashboard to access the VM's.

Saikiran Veeravarapu gravatar imageSaikiran Veeravarapu ( 2015-02-23 23:03:43 -0600 )edit

Everything is installed on one computer and I used --allinone installation. Yes, I'm able to ping to controller and external network (which are on same computer)

vedsarkushwaha gravatar imagevedsarkushwaha ( 2015-02-24 02:05:32 -0600 )edit

2 answers

Sort by » oldest newest most voted
0

answered 2015-02-23 22:53:42 -0600

pandiarajan.s gravatar image

Can you able to ping external network from instance ? if yes means you have to open firewall in openstack instance.

In project (the admin project) you have to configure your Security Groups under Compute—>Access & Security—>Security Groups. Once there click Manage Rules for the default security group. Delete what’s there. Add Ingress/Egress for ALL ICMP, ALL TCP, and ALL UDP accepting all other defaults on the form. This will open up your firewall completely.

edit flag offensive delete link more

Comments

yes, I'm able to ping outer network from openstack instance. I enabled ALL ICMP, ALL TCP, ALL UDP rules (both ingres/egress). But I'm still not able to ping from host computer to openstack instance which has floating IPs associated.

vedsarkushwaha gravatar imagevedsarkushwaha ( 2015-02-24 02:01:54 -0600 )edit

so on the rules..i had done so for default user group but not by ip. Once these rules were duplicated for 0.0.0.0/0, i was able to do communicate with the vm's. using 'ip net ns exec qdhcp-[network id] ping [internal ip]' i was able to confirm the rules were correct.

bbronstein gravatar imagebbronstein ( 2015-02-26 07:27:13 -0600 )edit
1

answered 2015-02-23 15:17:20 -0600

bbronstein gravatar image

literally just posted an identical issue (had not seen this first)....following

edit flag offensive delete link more

Comments

I am facing the same issue. I have controller/network node and a compte node. I have created instances on compute node. I have all the rules enabled. I can ping instances from controller/network node, but ssh fails. On compute node both ping and ssh faills. Did you get the solution for this??

Rakesh Sharma M gravatar imageRakesh Sharma M ( 2015-06-03 04:51:27 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2015-02-22 08:43:08 -0600

Seen: 722 times

Last updated: Feb 23 '15