[openstack-dev] [Openstack-operators] Password less SSH to ubuntu VM
Shyam Goud
shyam.todeti at oneconvergence.com
Thu Jan 31 09:21:39 UTC 2013
Hi,
Please find nova.conf and iptables
Thanks,
+++++++++++++++++++
/home/os-controller# cat /etc/nova/nova.conf
[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/run/lock/nova
verbose=True
api_paste_config=/etc/nova/api-paste.ini
scheduler_driver=nova.scheduler.simple.SimpleScheduler
s3_host=10.2.112.4
ec2_host=10.2.112.4
ec2_dmz_host=10.2.112.4
rabbit_host=10.2.112.4
cc_host=10.2.112.4
metadata_host=10.2.112.4
metadata_listen=0.0.0.0
nova_url=http://10.2.112.4:8774/v1.1/
sql_connection=mysql://novaUser:novaPass@10.2.112.4/nova
ec2_url=http://10.2.112.4:8773/services/Cloud
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
# Auth
use_deprecated_auth=false
auth_strategy=keystone
keystone_ec2_url=http://10.2.112.4:5000/v2.0/ec2tokens
# Imaging service
glance_api_servers=10.2.112.4:9292
image_service=nova.image.glance.GlanceImageService
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://10.2.112.4:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=10.2.112.4
vncserver_listen=0.0.0.0
# Network settings
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://10.2.112.4:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=service_pass
quantum_admin_auth_url=http://10.2.112.4:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
# Compute #
compute_driver=libvirt.LibvirtDriver
# Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
root at oscontroller-desktop:/home/os-controller#
+++++++++++++++++++++++++++++++++++++++++
/home/os-controller# iptables -t nat -n -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
nova-compute-PREROUTING all -- 0.0.0.0/0 0.0.0.0/0
nova-api-PREROUTING all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
nova-compute-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
nova-api-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
nova-compute-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
nova-api-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
nova-postrouting-bottom all -- 0.0.0.0/0 0.0.0.0/0
Chain nova-api-OUTPUT (1 references)
target prot opt source destination
Chain nova-api-POSTROUTING (1 references)
target prot opt source destination
Chain nova-api-PREROUTING (1 references)
target prot opt source destination
Chain nova-api-float-snat (1 references)
target prot opt source destination
Chain nova-api-snat (1 references)
target prot opt source destination
nova-api-float-snat all -- 0.0.0.0/0 0.0.0.0/0
Chain nova-compute-OUTPUT (1 references)
target prot opt source destination
Chain nova-compute-POSTROUTING (1 references)
target prot opt source destination
Chain nova-compute-PREROUTING (1 references)
target prot opt source destination
Chain nova-compute-float-snat (1 references)
target prot opt source destination
Chain nova-compute-snat (1 references)
target prot opt source destination
nova-compute-float-snat all -- 0.0.0.0/0 0.0.0.0/0
Chain nova-postrouting-bottom (1 references)
target prot opt source destination
nova-compute-snat all -- 0.0.0.0/0 0.0.0.0/0
nova-api-snat all -- 0.0.0.0/0 0.0.0.0/0
root at oscontroller-desktop:/home/os-controller#
On Thursday 31 January 2013 01:54 PM, Razique Mahroua wrote:
> Hi,
> looks like the instances has not been able to reach the metadata server.
> Can you paste your nova.conf and iptables rules ?
> $ iptables -L nv - nat
>
> thanks !
>
>
> *Razique Mahroua** - **Nuage & Co*
> razique.mahroua at gmail.com <mailto:razique.mahroua at gmail.com>
> Tel : +33 9 72 37 94 15
>
>
> Le 31 janv. 2013 à 07:32, Shyam Goud <shyam.todeti at oneconvergence.com
> <mailto:shyam.todeti at oneconvergence.com>> a écrit :
>
>> Hello,
>>
>> I imported my ssh pub-key to openstack via Horizon web interface's
>> access&security option. And launched VM with it. But haven't
>> succeeded ssh to the VM.
>>
>> Is the ubuntu cloud image has user name "ubuntu" or "root" ? Plz let
>> me know what I am missing here.
>>
>> +++++++++++++++++++
>> /
>> #nova keypair-list/
>> /+---------------------+-------------------------------------------------+//
>> //| Name | Fingerprint |//
>> //+---------------------+-------------------------------------------------+//
>> //| shyam |
>> e7:57:1c:d1:76:26:84:50:67:a9:70:41:69:4f:6a:8b |//
>> //+---------------------+-------------------------------------------------+/
>>
>> /sgoud at ibuntu:~/.ssh$ ssh ubuntu at 10.2.113.133 -v//
>> //OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012//
>> //debug1: Reading configuration data /etc/ssh/ssh_config//
>> //debug1: /etc/ssh/ssh_config line 19: Applying options for *//
>> //debug1: Connecting to 10.2.113.133 [10.2.113.133] port 22.//
>> //debug1: Connection established.//
>> //debug1: identity file /home/sgoud/.ssh/id_rsa type 1//
>> //debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048//
>> //debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048//
>> //debug1: identity file /home/sgoud/.ssh/id_rsa-cert type -1//
>> //debug1: identity file /home/sgoud/.ssh/id_dsa type -1//
>> //debug1: identity file /home/sgoud/.ssh/id_dsa-cert type -1//
>> //debug1: identity file /home/sgoud/.ssh/id_ecdsa type -1//
>> //debug1: identity file /home/sgoud/.ssh/id_ecdsa-cert type -1//
>> //debug1: Remote protocol version 2.0, remote software version
>> OpenSSH_5.9p1 Debian-5ubuntu1//
>> //debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5*//
>> //debug1: Enabling compatibility mode for protocol 2.0//
>> //debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1//
>> //debug1: SSH2_MSG_KEXINIT sent//
>> //Connection closed by 10.2.113.133/
>> +++++++++++++++++++
>>
>> Thanks,
>> Shyam.
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> <mailto:OpenStack-operators at lists.openstack.org>
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130131/0f6e4eae/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 9524 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130131/0f6e4eae/attachment.gif>
More information about the OpenStack-dev
mailing list