Can't Access To Instances Use SSH
yyoungtao at gmail.com
yyoungtao at gmail.com
Thu Jan 14 18:03:07 UTC 2016
Hello James
I know it is hard to access the instance with only one external IP address.
But I think there is a way to route the traffic to get there right?
Here is my configuration:
The host has a one interface can access external network.
Neutron is in a kvm deployed on the host and has two virtual network interfaces:
onr for tunnel-network 10.0.0.x and one for external-network(I want to forward the traffic from it to outside network).
I am using Legacy with Open vSwitch.(I think it's the juju default config)
my neutron bridge table:
092c9e99-25bb-4bec-8cfc-8c0af7f9aa79
Bridge br-data
Port phy-br-data
Interface phy-br-data
Port br-data
Interface br-data
type: internal
Bridge br-tun
Port "gre-0a00002e"
Interface "gre-0a00002e"
type: gre
options: {in_key=flow, local_ip="10.0.0.44", out_key=flow, remote_ip="10.0.0.46"}
Port "gre-0a000020"
Interface "gre-0a000020"
type: gre
options: {in_key=flow, local_ip="10.0.0.44", out_key=flow, remote_ip="10.0.0.32"}
Port "gre-0a000016"
Interface "gre-0a000016"
type: gre
options: {in_key=flow, local_ip="10.0.0.44", out_key=flow, remote_ip="10.0.0.22"}
Port "gre-0a000027"
Interface "gre-0a000027"
type: gre
options: {in_key=flow, local_ip="10.0.0.44", out_key=flow, remote_ip="10.0.0.39"}
Port "gre-0a00002b"
Interface "gre-0a00002b"
type: gre
options: {in_key=flow, local_ip="10.0.0.44", out_key=flow, remote_ip="10.0.0.43"}
Port "gre-0a000018"
Interface "gre-0a000018"
type: gre
options: {in_key=flow, local_ip="10.0.0.44", out_key=flow, remote_ip="10.0.0.24"}
Port br-tun
Interface br-tun
type: internal
Port "gre-0a00002d"
Interface "gre-0a00002d"
type: gre
options: {in_key=flow, local_ip="10.0.0.44", out_key=flow, remote_ip="10.0.0.45"}
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port "gre-0a000023"
Interface "gre-0a000023"
type: gre
options: {in_key=flow, local_ip="10.0.0.44", out_key=flow, remote_ip="10.0.0.35"}
Port "gre-0a00002a"
Interface "gre-0a00002a"
type: gre
options: {in_key=flow, local_ip="10.0.0.44", out_key=flow, remote_ip="10.0.0.42"}
Bridge br-int
fail_mode: secure
Port "tap5881c2ce-1a"
tag: 1
Interface "tap5881c2ce-1a"
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port "tap156e2b2a-aa"
tag: 2
Interface "tap156e2b2a-aa"
Port "tap2228fe49-74"
tag: 1
Interface "tap2228fe49-74"
Port int-br-data
Interface int-br-data
Port br-int
Interface br-int
type: internal
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port "em2"
Interface "em2"
Port "tapaa55b086-57"
Interface "tapaa55b086-57"
Port "eth1"
Interface "eth1"
ovs_version: "2.0.2"
em2 is the host external network interface and eth1 is the neutron kvm interface I
want to do the surgery.
The problem is the br-ex, instances will go through it to access the outside network.
So how can I route the traffic from br-ex to external network?
Can the kvm and host share the same ip or can the host's ip act as a router to the kvm?
thank you for help!!!
Yanyang Tao
Student, Integrated Computing PhD Program
Dept of Computer Science, College of EIT, UALR
Tel: +1 501 909‐2599
E-mail:yyoungtao at gmail.com
From: James Page
Date: 2016-01-13 23:40
To: yyoungtao at gmail.com
CC: Juju?email?list
Subject: Re: Can't Access To Instances Use SSH
Hello
On Wed, Jan 13, 2016 at 10:59 PM, yyoungtao at gmail.com <yyoungtao at gmail.com> wrote:
I deployed Openstack manually with JUJU and MAAS.
Here is my distribution:
Keystone, Neutron, Mysql, Rabbitmq, Dashboard, nova-cloud-controller, Glance, Cinder each deployed on one VM(which is kvm) on one physical server.
nova-compute has 9 nodes each deployed on one physical nodes.
My external network is one fixed IP like x.x.x.x. I can only get one available IP address from our community.
This will make accessing instances very hard; at least two IP addresses would be needed - one of the virtual router that is created to provide north/south traffic routing to the internal network, and one for a floating ip address for the instance you want to access.
My internal network which use 10.0.0.0/24 used for the communication for openstack services.
I finished the deploy. Right now I am struggling with accessing the instances, I create one public network(as floating ip) and one private network(as fixed ip) through dashboard for the instance, and I can access the instance from the dashboard, but unfortunately I can't login into it due to there is no username and password(I want to deploy hadoop on the instances).
I also can't ssh to the instance with ssh root at floating ip -i {keypair}.pem, it seems like the two networks I created in dashboard has no use,
My intuition is the network config of Neutron has some problem, and I attached the Neutron network config. So do you have any ideas about it, any response will be appreciated. Thank you!
I'd suggest a read through the post deployment configuration steps in the official OpenStack bundle:
https://jujucharms.com/openstack-base/
This includes details on how to configure external and private networks, how to enable appropriate security rules and how to access instances using floating ip addresses.
Hopefully this will get you rolling on accessing instances, but your limitation on a single external IP address will be blocker for an effective cloud.
Hope that helps
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20160114/81a21507/attachment.html>
More information about the Juju
mailing list