Ask Your Question
0

Sahara can't login to nodes

asked 2016-01-13 10:12:37 -0500

fgaudet gravatar image

Hi all

I'm using a full working openstack kilo release and I'm facing a strange thing. Sahara is able to instanciate a cluster but is stuck in 'Waiting' state. Seems it can't SSH to nodes :

 [root@net000 ~]# grep 10.0.0.91 /var/log/messages
Jan 13 16:06:32 net000 sahara-all: 2016-01-13 16:06:32.693 62723 DEBUG sahara.service.engine [-] Can't login to node cl1-ngt1-vanilla-hadoop-worker-001 10.0.0.91, reason SSHException: Error reading SSH protocol banner _is_accessible /usr/lib/python2.7/site-packages/sahara/service/engine.py:128

But I successfully run this from the network node (which owns the namespaces and the sahara server)

ip netns exec qrouter-26422538-e7ee-428d-b3b8-ed3b57e1e1d6 nc 10.0.0.91 22

I manually connect to the VM and ran tcpdump in the hadoop VM (10.0.0.91) : no SSH packet comes here (I have filtered my own SSH session)

    [root@net000 ~]# ip netns exec qrouter-26422538-e7ee-428d-b3b8-ed3b57e1e1d6 ssh -i id_rsa.priv cloud-user@10.0.0.91
    Warning: Permanently added '10.0.0.91' (RSA) to the list of known hosts.
    [cloud-user@fdssd-ngt-vanilla-hadoop-master-001 ~]$ tcpdump -i eth0 port 22 and not port 35571
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

-------nothing there------

So it seems sahara doesn't use the namespace benefits to connect to the VM, or what ?

Any idea to go further ???

Thanks

My sahara conf, I'm using neutron :

[DEFAULT]
use_neutron = true
use_namespaces = True
use_floating_ips = False
enable_notifications = False
notification_driver = messaging
rpc_backend = rabbit
infrastructure_engine = direct
edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-01-20 10:14:39 -0500

fgaudet gravatar image

Reply to myself :

Solved this issue. It turns out the run_subprocess wasn't spawing any command like it has no right to do so... That's rang a bell :) Check the processes : the sahara server runs as a user called 'sahara'.

I activated the rootwrap config, and now sahara can launch commands on VM :

if [ ! -f /etc/sudoers.d/sahara ]; then
cat  > /etc/sudoers.d/sahara << EOF
Defaults:sahara !requiretty

sahara ALL = (root) NOPASSWD: /usr/bin/sahara-rootwrap /etc/sahara/rootwrap.conf *
EOF
fi
openstack-config --set /etc/sahara/sahara.conf DEFAULT use_rootwrap True
openstack-config --set /etc/sahara/sahara.conf DEFAULT rootwrap_command "sudo sahara-rootwrap /etc/sahara/rootwrap.conf"
systemctl restart openstack-sahara-all
edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-01-13 10:12:37 -0500

Seen: 528 times

Last updated: Jan 20 '16

Related questions

Kilo - cannot create VM: failed to notify nova on events [closed]

Openstack Kilo integration with Opendaylight

How to connect the VM to the internet

quantum admin plugin for horizon

unable to add neutron service to devstack

no disk drive was detected

Kilo, lbaas, permission denied

OpenStack Newbie [closed]

SR-IOV and policy enforcement with a firewall

Why TAP-interface (qr-) not created by OVS-agent? [closed]