Can Ping but Cannot SSH to Openstack VM Instance

ssh juju maas openstack
6,685

Solution 1

In our multi-node environment, problem ended up being packet fragmentation. The work around for is to increase mtu to 1700 on management nics of both compute and neutron nodes, e.g., ifconfig ethxxx mtu 1700

Solution 2

In my 3 node openstack instance (ML2 - OpenVSwitch - GRE tunnel) I had to set MTU to 1400. The default MTU was 1500. Experiment with various MTU sizes.

Share:
6,685

Related videos on Youtube

Nastooh
Author by

Nastooh

Updated on September 18, 2022

Comments

  • Nastooh
    Nastooh over 1 year

    Have a multi-node MAAS-JUJU-Openstack setup, i.e., nova-cloud-controller, nova-compute, and quantum/neutron gateway are on separate hosts. In this setup, MAAS and openstack share 10.0.0.0/24 as their management network, while Quantum charm is connected via eth0 to public network 10.0.10.0. I am able to spawn instances, and assign floating ip addresses to them. I can also ping to and from public network. Furthermore, the 2 cirros instances, which are on the same subnet, can ssh each other. However, am not able to ssh to instances either through router namespace, i.e., ip netns exec qr-xxxx ssh -i <full path to key> cirros@privateipaddr, or from outside. I've generated key-pairs both through dashboard and nova, with similar results. Also tried chmod 0600 key, ssh-add key to no avail. A sample output is shown here http://pastebin.ubuntu.com/7676660/, which eventually times out. Connecting via vnc to cirros image shows, under /var/log messages, the following:

    Jun20 14:29:21 cir3 authpriv.info dropbear[364]: Child connection from GatewayPrivateIp:32818
Jun20 14:29:21 cir3 authpriv.info dropbear[364]: Exit before auth: Timeout before auth

    Similar logs are observed, when ssh-ing from public network. In case of public network access, wireshark shows repeated retransmission of ssh ACK from source to VM's public address, with ARP calls asking who owns either the source or VM's ip address, and finally, VM sending [FIN, ACK] and closing the connection.

    I have set up the meta-data server and followed the 2nd method as noted in Cloud instances in OpenStack can't import public SSH key, and am seeing the following during boot up, http://pastebin.ubuntu.com/7676789/. (Not sure if these are significant: failed to get http://169.254.169.254/2009-04-04/user-data warning: no ec2 metadata for user-data) To isolate testing, I've created a new security group that allows all tcp ranges in both ingress and egress directions. Seems to me that this is not a firewall or policy issue as connection to port 22 is possible, I am wondering if wrong meta-data is being generated during boot up. Any and all suggestions are appreciated. Cheers,

  • Anon
    Anon over 9 years
    Try to expand your answer a little bit, so the answer you are providing is more clear to the question he is asking.
  • Daniel Bidwell
    Daniel Bidwell over 8 years
    Do you accomplish this by setting network-device-mtu to 1700 in neutron-api and nova-compute?
  • Daniel Bidwell
    Daniel Bidwell over 8 years
    Did you do this in addition to the mtu settings above or instead of them? Did you set instance-mtu to 1400 in neutron-gateway?
  • Nastooh
    Nastooh over 8 years
    Either command line or in /etc/network/interfaces - I am running on Ubuntu.
  • Daniel Bidwell
    Daniel Bidwell over 8 years
    I did a juju set neutron-gateway instance-mtu=1400 and rebooted my vm. When it came up I was able to communicate with it, both inbound and outbound.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I install Openstack Grizzly using Juju and MAAS?
Is there a way for MaaS to Commission a Raspberry Pi 3B?
Architecture diagram explaining the Ubuntu Cloud Infrastructure with MAAS / Openstack architecture?
Install and test OpenStack in 14.04 in only one computer using maas and juju
MAAS Invalid SSH key
Is Autopilot Openstack 16.04 available?
JUJU and ERROR environment has no access-key or secret-key
What username/password does MAAS assign to nodes?
juju error: hook failed: "config-changed"
"psycopg2.OperationalError: could not connect to server: Connection refused" error when bootstrapping