Ask Your Question

snowman4839's profile - activity

2018-07-25 02:19:24 -0600 received badge  Notable Question (source)
2018-07-14 17:08:10 -0600 received badge  Popular Question (source)
2018-07-10 16:54:23 -0600 asked a question Cannot Change VNC URL Successfully

I'm trying to change the url for VNC from x.x.x.x:6080/vnc_lite.html to x.x.x.x:6080/vnc.html so I can use the full featured NoVNC client. The vnc_lite.html client gives me double typed characters whenever I type mildly fast but this doesn't seem to happen with vnc.html. I can see a session with vnc_lite.html and then change the url to vnc.html without a problem but whenever I set openstack ansible to use nova_novncproxy_base_url: "{{ nova_novncproxy_base_uri }}/vnc.html" instead of nova_novncproxy_base_url: "{{ nova_novncproxy_base_uri }}/vnc_lite.html", I can never get a session to open and it always give that the connection failed.

I looked into it further and saw that nova-consoleauth is giving handler exception: The token 'xxx-xx-x-xxx' is invalid or has expired. Is console auth tied specifically to vnc_lite.html somewhere? Is there anywhere I can set this in openstack ansible? vnc_lite.html continues to work if I manually type it in to the URL but vnc.html never works unless I validate a token first with vnc_lite.html

2018-03-20 09:02:21 -0600 received badge  Notable Question (source)
2018-03-20 09:02:21 -0600 received badge  Famous Question (source)
2018-03-20 09:02:21 -0600 received badge  Notable Question (source)
2018-03-20 09:02:21 -0600 received badge  Famous Question (source)
2017-08-30 01:20:22 -0600 received badge  Popular Question (source)
2017-08-16 14:09:35 -0600 received badge  Enthusiast
2017-08-11 09:50:23 -0600 commented answer Instance receiving traffic but not responding?

I meant it has the ability to route to the internet from the private subnet. It needs a floating IP for me to be able to ssh into it from the outside network.

2017-08-09 20:52:17 -0600 answered a question Instance receiving traffic but not responding?

Well I feel incredibly stupid but it turned out the default security group wouldn't allow external connections. I misunderstood the default security group rule from packstack. It stated that in the default security group, it would allow ingress from any IPv4 or IPv6 address from other VMs in the same security group.

This means that you have to make a separate security group to allow external connections from 0.0.0.0/0 or your other given CIDR IP range for external connections

2017-08-09 20:52:17 -0600 asked a question Instance receiving traffic but not responding?

I ran a packstack install of Openstack Ocata on a fresh install of CentOS 7. I used neutron to link my external network (192.168.2.0/24) gateway of 192.168.2.1 which is my work computer to my openstack internal network (10.0.0.0/24) which has a dhcp range of 10.0.0.50-100. My openstack server's physical connection is assigned 192.168.2.2.

It looks like...

192.168.2.1 (work computer)

192.168.2.2 (br-ex on openstack server)

192.168.2.51 (virtual router between external and internal networks in openstack)

10.0.0.* (private IPs for virtual openstack instances)

I can create an instance of cirros and it got an IP of 10.0.0.11 and it can connect to the internet fine and can ping everything through the network back to 192.168.2.1. However, after assigning a floating IP to that instance of 192.168.2.56, I cannot connect to it the other way from my work computer (192.168.2.1).

My security group is default and permits all IPV4 traffic on all ports inbound to the cirros instance.

Here is my nat table for the router. With my limited knowledge of iptables, it looks like my PREROUTING table is correct to accept any packets intended for 192.168.2.56 and DNAT to 10.0.0.11.

[root@localhost ~(keystone_admin)]# ip netns exec qrouter-2aafaf25-0a31-4ae9-9347-0cd70f6ac3b1 iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 643 packets, 72024 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  668 73640 neutron-l3-agent-PREROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 37 packets, 7604 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 4 packets, 284 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   284 neutron-l3-agent-OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 9 packets, 656 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   13   940 neutron-l3-agent-POSTROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   13   940 neutron-postrouting-bottom  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain neutron-l3-agent-OUTPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       all  --  *      *       0.0.0.0/0            192.168.2.56         to:10.0.0.11

Chain neutron-l3-agent-POSTROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  !qg-a8c35605-51 !qg-a8c35605-51  0.0.0.0/0            0.0.0.0/0            ! ctstate DNAT

Chain neutron-l3-agent-PREROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    9   656 DNAT       all  --  *      *       0.0.0.0/0            192.168.2.56         to:10.0.0.11
   16   960 REDIRECT   tcp  --  qr-+   *       0.0.0.0/0            169.254.169.254      tcp dpt:80 redir ports 9697

Chain neutron-l3-agent-float-snat (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SNAT       all ...
(more)