Ask Your Question
0

Sahara can't login to nodes

asked 2016-01-13 10:12:37 -0500

fgaudet gravatar image

Hi all

I'm using a full working openstack kilo release and I'm facing a strange thing. Sahara is able to instanciate a cluster but is stuck in 'Waiting' state. Seems it can't SSH to nodes :

 [root@net000 ~]# grep 10.0.0.91 /var/log/messages
Jan 13 16:06:32 net000 sahara-all: 2016-01-13 16:06:32.693 62723 DEBUG sahara.service.engine [-] Can't login to node cl1-ngt1-vanilla-hadoop-worker-001 10.0.0.91, reason SSHException: Error reading SSH protocol banner _is_accessible /usr/lib/python2.7/site-packages/sahara/service/engine.py:128

But I successfully run this from the network node (which owns the namespaces and the sahara server)

ip netns exec qrouter-26422538-e7ee-428d-b3b8-ed3b57e1e1d6 nc 10.0.0.91 22

I manually connect to the VM and ran tcpdump in the hadoop VM (10.0.0.91) : no SSH packet comes here (I have filtered my own SSH session)

    [root@net000 ~]# ip netns exec qrouter-26422538-e7ee-428d-b3b8-ed3b57e1e1d6 ssh -i id_rsa.priv cloud-user@10.0.0.91
    Warning: Permanently added '10.0.0.91' (RSA) to the list of known hosts.
    [cloud-user@fdssd-ngt-vanilla-hadoop-master-001 ~]$ tcpdump -i eth0 port 22 and not port 35571
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

-------nothing there------

So it seems sahara doesn't use the namespace benefits to connect to the VM, or what ?

Any idea to go further ???

Thanks

My sahara conf, I'm using neutron :

[DEFAULT]
use_neutron = true
use_namespaces = True
use_floating_ips = False
enable_notifications = False
notification_driver = messaging
rpc_backend = rabbit
infrastructure_engine = direct
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-01-20 10:14:39 -0500

fgaudet gravatar image

Reply to myself :

Solved this issue. It turns out the run_subprocess wasn't spawing any command like it has no right to do so... That's rang a bell :) Check the processes : the sahara server runs as a user called 'sahara'.

I activated the rootwrap config, and now sahara can launch commands on VM :

if [ ! -f /etc/sudoers.d/sahara ]; then
cat  > /etc/sudoers.d/sahara << EOF
Defaults:sahara !requiretty

sahara ALL = (root) NOPASSWD: /usr/bin/sahara-rootwrap /etc/sahara/rootwrap.conf *
EOF
fi
openstack-config --set /etc/sahara/sahara.conf DEFAULT use_rootwrap True
openstack-config --set /etc/sahara/sahara.conf DEFAULT rootwrap_command "sudo sahara-rootwrap /etc/sahara/rootwrap.conf"
systemctl restart openstack-sahara-all
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-01-13 10:12:37 -0500

Seen: 508 times

Last updated: Jan 20 '16