[Openstack] [Sahara] Sahara can't SSH into instances - can'treadSSH protocol banner

Jeremy Freudberg jfreud at bu.edu
Fri Jul 22 14:03:53 UTC 2016


I have two Openstack environments, both configured in the same way.
(The main difference is one has one controller and one compute node,
and the other has two controllers and many compute nodes.) Rootwrap
fixes my problem in the small environment, but the error persists in
the big one. There isn't much in the logs, other than the same
not-very-helpful error about how Sahara can't read the SSH protocol
banner. The only other problem I notice is that if I keep an eye on
the running processes spawned by the sahara user, I do not see any
calls to "ip netns exec" in the problematic environment (only
_sahara-subprocess), while I do see these processes running in the
working environment. Even if I don't use rootwrap, and instead run
sahara-all process as root user directly, I still don't have success.
So many it is not rootwrap/permissions issue.

On Thu, Jul 21, 2016 at 10:07 PM, fuguangping
<fuguangping at unitedstack.com> wrote:
> Using rootwrap solve my problem, can you show some more detail information
> like sahara config & error logs ?
>
>
> ------------------ Original ------------------
> From:  "Jeremy Freudberg"<jfreud at bu.edu>;
> Date:  Thu, Jul 21, 2016 11:26 PM
> To:  "fuguangping"<fuguangping at unitedstack.com>;
> Cc:  "openstack"<openstack at lists.openstack.org>;
> Subject:  Re: [Openstack] [Sahara] Sahara can't SSH into instances -
> can'treadSSH protocol banner
>
> Hi there, I tried using rootwrap, but I must have configured it
> wrong... I followed the guide here
> http://docs.openstack.org/developer/sahara/userdoc/advanced.configuration.guide.html#non-root-users
> . I still get error. However, when I manually start
> openstack-sahara-all service as root, I get success. So you are right,
> it has to do with permissions of Sahara user. Have you successfully
> used Sahara rootwrap yourself with success? Any help is appreciated.
>
> Thanks so much,
> Jeremy Freudberg
>
> On Wed, Jul 20, 2016 at 9:58 PM, fuguangping
> <fuguangping at unitedstack.com> wrote:
>> Hi Jeremy,
>>
>>
>> Did you use rootwrap? If not, you can try
>>
>> this:https://ask.openstack.org/en/question/87430/sahara-cant-login-to-nodes/
>> . Remember to reboot sahara-engine after update your configuration.
>>
>> ------------------ Original ------------------
>> From:  "Jeremy Freudberg"<jfreud at bu.edu>;
>> Date:  Thu, Jul 21, 2016 01:55 AM
>> To:  "Nikita Konovalov"<nkonovalov at mirantis.com>;
>> Cc:  "openstack"<openstack at lists.openstack.org>;
>> Subject:  Re: [Openstack] [Sahara] Sahara can't SSH into instances -
>> can'tread SSH protocol banner
>>
>> Hi again, Nikita.
>>
>> Also note that I can SSH between instances as well, in addition to
>> doing so through ip netns on the Openstack controller node. So it must
>> not be an issue with SSH itself, or with TCP traffic in between
>> instances.
>>
>> Thanks for your help.
>> Jeremy
>>
>> On Wed, Jul 20, 2016 at 11:32 AM, Nikita Konovalov
>> <nkonovalov at mirantis.com> wrote:
>>> Hi, Jeremy.
>>>
>>> It looks like there might be a problem in instance to instance
>>> communication. Could you please check that the tcp traffic between
>>> instances
>>> is not blocked. Especially on port 22.
>>>
>>> Could you also send witch version of Sahara do you have and what versions
>>> of
>>> python dependencies are installed in your system.
>>>
>>> On Wed, Jul 20, 2016 at 6:20 PM, Jeremy Freudberg <jfreud at bu.edu> wrote:
>>>>
>>>> Hi all, I'm having an issue with Sahara accessing its instances. This
>>>> is over private IP, not public/floating. I have use_floating_ips =
>>>> false and use_namespaces = true in sahara.conf. My setup also uses
>>>> Neutron, so use_neutron = true as well.
>>>>
>>>> Here is an excerpt from the logs:
>>>>
>>>> DEBUG sahara.utils.ssh_remote
>>>> [req-ad9e16b1-176b-4283-92ea-e2032928e3a0 ] [instance:
>>>> f2145fd1-fa9e-4d45-9d61-653bb6d6dd6d, cluster:
>>>> 6493dfa9-4875-4844-abd4-d425b3312ee4] Returning neutron info: {'host':
>>>> u'192.168.201.23', 'tenant': u'jfreud at bu.edu', 'network':
>>>> u'433d83c0-1f7f-4fb7-b4a1-995b47344ac4'} get_neutron_info
>>>> /usr/lib/python2.7/site-packages/sahara/utils/ssh_remote.py:581
>>>>
>>>> DEBUG sahara.service.engine [req-ad9e16b1-176b-4283-92ea-e2032928e3a0
>>>> ] [instance: f2145fd1-fa9e-4d45-9d61-653bb6d6dd6d, cluster:
>>>> 6493dfa9-4875-4844-abd4-d425b3312ee4] Can't login to node, IP:
>>>> 192.168.201.23, reason SSHException: Error reading SSH protocol banner
>>>>
>>>> We would think this to be a networking issue, right? (Or maybe an SSH
>>>> issue...) However, when I perform the SSH command manually, I can
>>>> connect to my instances:
>>>>
>>>> ip netns exec qdhcp-433d83c0-1f7f-4fb7-b4a1-995b47344ac4 ssh -i
>>>> /path/to/private/key ubuntu at 192.168.201.23
>>>>
>>>> The above command executes successfully and SSH connects.
>>>>
>>>> Any help is greatly appreciated.
>>>>
>>>> Thanks,
>>>> Jeremy Freudberg
>>>>
>>>> _______________________________________________
>>>> Mailing list:
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> Post to     : openstack at lists.openstack.org
>>>> Unsubscribe :
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>>
>>>
>>>
>>> --
>>> Best Regards,
>>> Nikita Konovalov
>>> Mirantis, Inc
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack




More information about the Openstack mailing list