[Openstack] [Sahara] Sahara can't SSH into instances - can'treadSSH protocol banner
Jeremy Freudberg
jfreud at bu.edu
Fri Jul 29 14:52:43 UTC 2016
I managed to solve my problem.
As suggested, I enabled rootwrap.
However, I also needed to set use_namespaces = false, and instead set
custom proxy_command.
This is because use_namespaces = true implies that proxy_command = 'ip
netns exec qrouter-{router_id} nc {host} {port}'.
In my two-controller environment, there must be issue with one
controller accessing the other's routers, but not the subnets...
So, I set DEFAULT/proxy_command ='ip netns exec qdhcp-{network_id} nc
{host} {port}'
Now everything works.
Thanks to everyone who offered advice.
Hopefully this is good information to someone.
On Thu, Jul 21, 2016 at 10:07 PM, fuguangping
<fuguangping at unitedstack.com> wrote:
>
> Using rootwrap solve my problem, can you show some more detail information like sahara config & error logs ?
>
>
> ------------------ Original ------------------
> From: "Jeremy Freudberg"<jfreud at bu.edu>;
> Date: Thu, Jul 21, 2016 11:26 PM
> To: "fuguangping"<fuguangping at unitedstack.com>;
> Cc: "openstack"<openstack at lists.openstack.org>;
> Subject: Re: [Openstack] [Sahara] Sahara can't SSH into instances - can'treadSSH protocol banner
>
> Hi there, I tried using rootwrap, but I must have configured it
> wrong... I followed the guide here
> http://docs.openstack.org/developer/sahara/userdoc/advanced.configuration.guide.html#non-root-users
> . I still get error. However, when I manually start
> openstack-sahara-all service as root, I get success. So you are right,
> it has to do with permissions of Sahara user. Have you successfully
> used Sahara rootwrap yourself with success? Any help is appreciated.
>
> Thanks so much,
> Jeremy Freudberg
>
> On Wed, Jul 20, 2016 at 9:58 PM, fuguangping
> <fuguangping at unitedstack.com> wrote:
> > Hi Jeremy,
> >
> >
> > Did you use rootwrap? If not, you can try
> > this:https://ask.openstack.org/en/question/87430/sahara-cant-login-to-nodes/
> > . Remember to reboot sahara-engine after update your configuration.
> >
> > ------------------ Original ------------------
> > From: "Jeremy Freudberg"<jfreud at bu.edu>;
> > Date: Thu, Jul 21, 2016 01:55 AM
> > To: "Nikita Konovalov"<nkonovalov at mirantis.com>;
> > Cc: "openstack"<openstack at lists.openstack.org>;
> > Subject: Re: [Openstack] [Sahara] Sahara can't SSH into instances -
> > can'tread SSH protocol banner
> >
> > Hi again, Nikita.
> >
> > Also note that I can SSH between instances as well, in addition to
> > doing so through ip netns on the Openstack controller node. So it must
> > not be an issue with SSH itself, or with TCP traffic in between
> > instances.
> >
> > Thanks for your help.
> > Jeremy
> >
> > On Wed, Jul 20, 2016 at 11:32 AM, Nikita Konovalov
> > <nkonovalov at mirantis.com> wrote:
> >> Hi, Jeremy.
> >>
> >> It looks like there might be a problem in instance to instance
> >> communication. Could you please check that the tcp traffic between
> >> instances
> >> is not blocked. Especially on port 22.
> >>
> >> Could you also send witch version of Sahara do you have and what versions
> >> of
> >> python dependencies are installed in your system.
> >>
> >> On Wed, Jul 20, 2016 at 6:20 PM, Jeremy Freudberg <jfreud at bu.edu> wrote:
> >>>
> >>> Hi all, I'm having an issue with Sahara accessing its instances. This
> >>> is over private IP, not public/floating. I have use_floating_ips =
> >>> false and use_namespaces = true in sahara.conf. My setup also uses
> >>> Neutron, so use_neutron = true as well.
> >>>
> >>> Here is an excerpt from the logs:
> >>>
> >>> DEBUG sahara.utils.ssh_remote
> >>> [req-ad9e16b1-176b-4283-92ea-e2032928e3a0 ] [instance:
> >>> f2145fd1-fa9e-4d45-9d61-653bb6d6dd6d, cluster:
> >>> 6493dfa9-4875-4844-abd4-d425b3312ee4] Returning neutron info: {'host':
> >>> u'192.168.201.23', 'tenant': u'jfreud at bu.edu', 'network':
> >>> u'433d83c0-1f7f-4fb7-b4a1-995b47344ac4'} get_neutron_info
> >>> /usr/lib/python2.7/site-packages/sahara/utils/ssh_remote.py:581
> >>>
> >>> DEBUG sahara.service.engine [req-ad9e16b1-176b-4283-92ea-e2032928e3a0
> >>> ] [instance: f2145fd1-fa9e-4d45-9d61-653bb6d6dd6d, cluster:
> >>> 6493dfa9-4875-4844-abd4-d425b3312ee4] Can't login to node, IP:
> >>> 192.168.201.23, reason SSHException: Error reading SSH protocol banner
> >>>
> >>> We would think this to be a networking issue, right? (Or maybe an SSH
> >>> issue...) However, when I perform the SSH command manually, I can
> >>> connect to my instances:
> >>>
> >>> ip netns exec qdhcp-433d83c0-1f7f-4fb7-b4a1-995b47344ac4 ssh -i
> >>> /path/to/private/key ubuntu at 192.168.201.23
> >>>
> >>> The above command executes successfully and SSH connects.
> >>>
> >>> Any help is greatly appreciated.
> >>>
> >>> Thanks,
> >>> Jeremy Freudberg
> >>>
> >>> _______________________________________________
> >>> Mailing list:
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>> Post to : openstack at lists.openstack.org
> >>> Unsubscribe :
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >>
> >>
> >>
> >>
> >> --
> >> Best Regards,
> >> Nikita Konovalov
> >> Mirantis, Inc
> >
> > _______________________________________________
> > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
More information about the Openstack
mailing list