Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Cannot connect to a running instance, even after the euca-authorize stuff

Hi !

I experience some difficulties do connect to the instances I've created with nova. I can neither ping nor ssh the instance, even if I perform the euca-authorize stuff.

I use FlatDHCPManager.

Any help would be greatly appreciated !

Here are some details about my config and the problem :

==== /etc/nova/nova.conf ==== --dhcpbridge_flagfile=/etc/nova/nova.conf --dhcpbridge=/usr/bin/nova-dhcpbridge --logdir=/var/log/nova --state_path=/var/lib/nova --lock_path=/var/lock/nova --verbose --libvirt_type=kvm --network_manager=nova.network.manager.FlatDHCPManager --flat_network_dhcp_start=138.96.126.200 --public_interface=eth0 --flat_injected=False

==== /etc/network/interfaces ====

The loopback network interface

auto lo iface lo inet loopback

Networking for OpenStack Compute

auto br100 iface br100 inet dhcp bridge_ports eth0 bridge_stp off bridge_maxwait 0 bridge_fd 0

==== /sbin/ifconfig ==== br100 Link encap:Ethernet HWaddr 00:22:19:9a:6c:20
inet addr:138.96.126.4 Bcast:138.96.126.255 Mask:255.255.255.0 inet6 addr: fe80::222:19ff:fe9a:6c20/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:73420 errors:0 dropped:0 overruns:0 frame:0 TX packets:23403 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:57123865 (57.1 MB) TX bytes:3052602 (3.0 MB)

eth0 Link encap:Ethernet HWaddr 00:22:19:9a:6c:20
inet6 addr: fe80::222:19ff:fe9a:6c20/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:115824 errors:0 dropped:0 overruns:0 frame:0 TX packets:24616 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:62186577 (62.1 MB) TX bytes:3385628 (3.3 MB) Interrupt:21 Memory:ea000000-ea012800

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:11291121 errors:0 dropped:0 overruns:0 frame:0 TX packets:11291121 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:783143897 (783.1 MB) TX bytes:783143897 (783.1 MB)

virbr0 Link encap:Ethernet HWaddr 26:dd:54:d5:85:df
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

vnet0 Link encap:Ethernet HWaddr fe:16:3e:1b:62:26
inet6 addr: fe80::fc16:3eff:fe1b:6226/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14 errors:0 dropped:0 overruns:0 frame:0 TX packets:822 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:2948 (2.9 KB) TX bytes:110929 (110.9 KB)

==== # brctl show bridge name bridge id STP enabled interfaces br100 8000.0022199a6c20 no eth0 vnet0 virbr0 8000.000000000000 yes

==== /var/log/libvirt/qemu/instance-00000019.log ==== 2011-04-22 12:25:16.405: starting up LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.14 -enable-kvm -m 512 -smp 1,sockets=1,cores=1,threads=1 -name instance-00000019 -uuid bbe7e8a5-39b8-5b1d-e853-e6fe25ce934c -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/instance-00000019.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=readline -rtc base=utc -boot c -kernel /var/lib/nova/instances/instance-00000019/kernel -append root=/dev/vda console=ttyS0 -drive file=/var/lib/nova/instances/instance-00000019/disk,if=none,id=drive-virtio-disk0,format=qcow2 -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,fd=17,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=02:16:3e:1b:62:26,bus=pci.0,addr=0x3 -chardev file,id=charserial0,path=/var/lib/nova/instances/instance-00000019/console.log -device isa-serial,chardev=charserial0,id=serial0 -chardev pty,id=charserial1 -device isa-serial,chardev=charserial1,id=serial1 -usb -vnc 0.0.0.0:0 -k en-us -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 char device redirected to /dev/pts/1

==== euca-get-console-output ==== <cut> 2011-04-22 10:26:20,267 - DataSourceEc2.py[WARNING]: waiting for metadata service at http:\/\/169.254.169.254\/2009-04-04\/meta-data\/instance-id 2011-04-22 10:26:20,269 - DataSourceEc2.py[WARNING]: 10:26:20 [ 1\/100]: url error [[Errno 101] Network is unreachable] </cut>

==== curl http://169.254.169.254:8773/ ==== 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04

==== $ nova list ==== +----+-----------+--------+-----------+----------------+ | ID | Name | Status | Public IP | Private IP | +----+-----------+--------+-----------+----------------+ | 25 | Server 25 | ACTIVE | | 138.96.126.201 | +----+-----------+--------+-----------+----------------+

==== $ nova diagnostics 25 ==== n/a (HTTP 404)

==== # iptables -n -L ==== Chain INPUT (policy ACCEPT) target prot opt source destination
nova-compute-INPUT all -- 0.0.0.0/0 0.0.0.0/0
nova-network-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67

Chain FORWARD (policy ACCEPT) target prot opt source destination
nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0
nova-compute-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
nova-network-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT) target prot opt source destination
nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0
nova-compute-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
nova-network-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain nova-compute-FORWARD (1 references) target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain nova-compute-INPUT (1 references) target prot opt source destination

Chain nova-compute-OUTPUT (1 references) target prot opt source destination

Chain nova-compute-inst-25 (1 references) target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT udp -- 138.96.126.1 0.0.0.0/0 udp spt:67 dpt:68 ACCEPT all -- 138.96.126.0/24 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 nova-compute-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0

Chain nova-compute-local (1 references) target prot opt source destination
nova-compute-inst-25 all -- 0.0.0.0/0 138.96.126.201

Chain nova-compute-sg-fallback (1 references) target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain nova-filter-top (2 references) target prot opt source destination
nova-compute-local all -- 0.0.0.0/0 0.0.0.0/0
nova-network-local all -- 0.0.0.0/0 0.0.0.0/0

Chain nova-network-FORWARD (1 references) target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain nova-network-INPUT (1 references) target prot opt source destination

Chain nova-network-OUTPUT (1 references) target prot opt source destination

Chain nova-network-local (1 references) target prot opt source destination

==== # iptables-save ====

Generated by iptables-save v1.4.10 on Fri Apr 22 12:53:16 2011

*mangle :PREROUTING ACCEPT [11541338:853725355] :INPUT ACCEPT [11537840:853174453] :FORWARD ACCEPT [1640:305695] :OUTPUT ACCEPT [11513629:800152874] :POSTROUTING ACCEPT [11515269:800458569] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT

Completed on Fri Apr 22 12:53:16 2011

Generated by iptables-save v1.4.10 on Fri Apr 22 12:53:16 2011

*nat :PREROUTING ACCEPT [301:54406] :INPUT ACCEPT [2:96] :OUTPUT ACCEPT [42:2919] :POSTROUTING ACCEPT [135:15997] :nova-compute-OUTPUT - [0:0] :nova-compute-POSTROUTING - [0:0] :nova-compute-PREROUTING - [0:0] :nova-compute-floating-snat - [0:0] :nova-compute-snat - [0:0] :nova-network-OUTPUT - [0:0] :nova-network-POSTROUTING - [0:0] :nova-network-PREROUTING - [0:0] :nova-network-floating-snat - [0:0] :nova-network-snat - [0:0] :nova-postrouting-bottom - [0:0] -A PREROUTING -j nova-compute-PREROUTING -A PREROUTING -j nova-network-PREROUTING -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-network-OUTPUT -A POSTROUTING -j nova-compute-POSTROUTING -A POSTROUTING -j nova-network-POSTROUTING -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -A POSTROUTING -j nova-postrouting-bottom -A nova-compute-snat -j nova-compute-floating-snat -A nova-network-POSTROUTING -s 10.0.0.0/8 -d 10.128.0.0/24 -j ACCEPT -A nova-network-POSTROUTING -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT -A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 138.96.126.4:8773 -A nova-network-snat -j nova-network-floating-snat -A nova-network-snat -s 10.0.0.0/8 -j SNAT --to-source 138.96.126.4 -A nova-postrouting-bottom -j nova-compute-snat -A nova-postrouting-bottom -j nova-network-snat COMMIT

Completed on Fri Apr 22 12:53:16 2011

Generated by iptables-save v1.4.10 on Fri Apr 22 12:53:16 2011

*filter :INPUT ACCEPT [449576:31640365] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [449045:31666556] :nova-compute-FORWARD - [0:0] :nova-compute-INPUT - [0:0] :nova-compute-OUTPUT - [0:0] :nova-compute-inst-25 - [0:0] :nova-compute-local - [0:0] :nova-compute-sg-fallback - [0:0] :nova-filter-top - [0:0] :nova-network-FORWARD - [0:0] :nova-network-INPUT - [0:0] :nova-network-OUTPUT - [0:0] :nova-network-local - [0:0] -A INPUT -j nova-compute-INPUT -A INPUT -j nova-network-INPUT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -j nova-filter-top -A FORWARD -j nova-compute-FORWARD -A FORWARD -j nova-network-FORWARD -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -j nova-filter-top -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-network-OUTPUT -A nova-compute-FORWARD -i br100 -j ACCEPT -A nova-compute-FORWARD -o br100 -j ACCEPT -A nova-compute-inst-25 -m state --state INVALID -j DROP -A nova-compute-inst-25 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-25 -s 138.96.126.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-25 -s 138.96.126.0/24 -j ACCEPT -A nova-compute-inst-25 -p icmp -j ACCEPT -A nova-compute-inst-25 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-25 -j nova-compute-sg-fallback -A nova-compute-local -d 138.96.126.201/32 -j nova-compute-inst-25 -A nova-compute-sg-fallback -j DROP -A nova-filter-top -j nova-compute-local -A nova-filter-top -j nova-network-local -A nova-network-FORWARD -i br100 -j ACCEPT -A nova-network-FORWARD -o br100 -j ACCEPT COMMIT

Completed on Fri Apr 22 12:53:16 2011