Ask Your Question

Accessing instances from another computer

asked 2015-11-29 08:31:33 -0500

bhuvanakrishna gravatar image

updated 2015-11-29 08:32:45 -0500

I have installed openstack liberty on centos vm using RDO. I have created a cirros instance. If i associate a floating ip to that instance, can i access it from another system which is connected to internet through another network?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2015-11-30 01:32:44 -0500

Prateek K gravatar image

updated 2015-11-30 01:34:55 -0500

If you are sure that you have added the security rule to allow SSH on VM's then I guess there can be a configuration issue as well.

If we try to go under the hood then when we add the security rules then internally a new rule is added to the iptables of the compute node.

Steps to debug:-

  1. Double check if there is security group rule added for SSH.

  2. Run the following command on compute node( iptables -S), and paste the output. In the output you can see that there would be an entry like '-A -p 22 <instance_ip>', something similar to this. If you have this kind of entry then from the networking side everything is fine. If not then it means that there is a configuration issue in the neutron files.

In case it falls under configuration issue problem which would you would probably get to know after following point 2 then we need to do the following. 1. There is a plugin.ini or m2_conf_ini file which is used by neutron as a config file. Open that file and see if there is an option by the name of security firewall. There will be an entry which sates that it is using iptables. The entry will be something like this 'security_group=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'

  1. There is a strong chance that this config will be missing or incorrect. Add this line and then restart neutron-server and neutorn openvswitch agent. This has to be done in neutron node as well as compute node, In case its an all in one setup then its just one node.

I hope it will solve the problem.

edit flag offensive delete link more


@Prateek K. Thank you for your reply. I am a beginner in openstack and cloud environment. I didn't understand your answer properly. But anyway I have installed all the components on a single machine. Can I use iptables command in my machine?

bhuvanakrishna gravatar imagebhuvanakrishna ( 2015-11-30 03:26:57 -0500 )edit

In case its a single machine still iptables will be there, So you can check that the iptables got updated or not after adding the security group rule. In case its not updated then you can check the files for configuration issues.

Prateek K gravatar imagePrateek K ( 2015-11-30 05:34:11 -0500 )edit

answered 2015-11-30 02:46:18 -0500


it depends on your flat network ( floating Ip address network ) . if those are public IP's then you can access your instances from anywhere.

If you want to check your floating IP is public or private, please refer below link.

Let me know if you have any question.

edit flag offensive delete link more


While assigning floating ips its says no ports available. Is that a problem? and also in my network topology I can see only public network (a globe) in the centre unlike the ones I saw in some tutorials which had various topologies. Do I need to do anything extra like setting up a network?

bhuvanakrishna gravatar imagebhuvanakrishna ( 2015-11-30 03:28:55 -0500 )edit

answered 2015-11-29 21:50:12 -0500

Bipin gravatar image


Yes, of course. What you need is to add appropriate rules in the security group. If you want to access it through port 22 (Assuming the destination machine is a linux box) add rule like this

Project --> Access & Security --> Security Groups --> default -- Manage Rules --> Add Rule --> Rule (Choose SSH) and click Add


edit flag offensive delete link more


I have done it. But when I try to access it I am getting request timed out error. I am trying to ping it from command prompt. Do I need to do anything extra.

bhuvanakrishna gravatar imagebhuvanakrishna ( 2015-11-29 21:55:32 -0500 )edit

can you please provide the output of following ?

nova secgroup-list-rules default {default is your security group}


Bipin gravatar imageBipin ( 2015-11-29 22:01:19 -0500 )edit

I am currently outside @Bipin. Thank you for your reply. Can those instances be accessed from anywhere in the world, like if the other computer is connected to some other network?

bhuvanakrishna gravatar imagebhuvanakrishna ( 2015-11-29 22:15:17 -0500 )edit

One more thing is that the dashboard is too slow. It is taking minutes to load next page. I have searched for it and found that tokens should be removed from the database. I have done it but still no use. Any idea?

bhuvanakrishna gravatar imagebhuvanakrishna ( 2015-11-29 22:19:55 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2015-11-29 08:31:33 -0500

Seen: 1,157 times

Last updated: Nov 30 '15