[one-users] Problem Login/ssh into vm
Jens Hoffmann
jens.hoffmann at cuesoft.eu
Fri Dec 20 09:29:26 PST 2013
That "vmhost" ist setup with vmware containing "controller" and "nebula
host"? If so, perhaps you need to tell vmware to route between its vms?
I don't know vmware, but it might be that vmware won't do this setup by
default?
Does the routing table on the "vmhost" look as expected?
Jens
--
gpg --keyserver pgp.mit.edu --recv-keys 0xDB1CAFB5
On 12/20/2013 04:41 PM, Alexander Sibetheros wrote:
> I tried everything you suggested but nothing seems to work.
> The vmhost talks with its vm via virbr0 and the other way around(via
> ping), BUT when I run tcpdump -i virbr0 host 192.168.0.32(The vm) and
> ping from the vm to the controller, I get:
>
> 07:28:29.310158 ARP, Request who-has 192.168.0.20 tell 192.168.0.32,
> length 28
>
> If I ping google I get
> 07:28:29.310158 ARP, Request who-has 192.168.0.1 tell 192.168.0.32,
> length 28
>
> So It cant see my network..
>
> When I try from the controller to ping the vm I get:
> 7:36:50.675465 ARP, Request who-has 192.168.0.32 tell 192.168.0.20,
> length 46
> 07:36:50.679493 ARP, Reply 192.168.0.32 is-at 02:00:c0:a8:00:20 (oui
> Unknown), length 28
>
> I have enabled ip_forward with no difference.
>
> I also tried disabling the uwf, but didn't help.
>
> I am certain the problem exists in the vmhost, kvm is doing something
> wicked...
>
> Also, when I run a vm, a vnet0 is created on the vmhost, if I disable
> this then I can no longer ping vmhost <-->vm. But when I tcpdump the
> vnet0 its empty...
>
> Any other ideas I can try?
>
>
>
>
> On Thu, Dec 19, 2013 at 2:12 AM, Jens Hoffmann
> <jens.hoffmann at cuesoft.eu <mailto:jens.hoffmann at cuesoft.eu>> wrote:
>
> Clearly a routing problem. Your controller won't know how to route
> packages that are addressed to your vm instance. Start to use
> tcpdump -i <interface> in companion with ping on all the involved
> interfaces to actually see where the packages go (and where not).
> Read and understand your controllers routing table. You will
> probably find out that you need to add a route to the controller's
> routing table (probably with route add -net <host bridge ip>
> netmask <host bridge netmask> gw <host ip>). Then see how packages
> arrive at the host. If packages still don't arrive at the bridge,
> tell your hosts network stack to forward packages between its
> interfaces, i.e. with echo 1 > /proc/sys/net/ipv4/ip_forward (in
> debian; that setting will disappear after a reboot; make it
> persistent in /etc/sysctl.conf).
>
>
> Good luck!
>
>
>
> Jens
>
> --
> gpg --keyserver pgp.mit.edu <http://pgp.mit.edu> --recv-keys 0xDB1CAFB5
>
>
>
> On 12/18/2013 11:23 PM, Alexander Sibetheros wrote:
>> I'm am writing again to clarify I fixed the 1st problem.
>> I was trying to ssh from the root at node instead of
>> oneadmin at node(which I never used before). I can successfully ssh,
>> change root password :) Thank you very much for your ideas.
>>
>> I am not able to do such from oneadmin at controller
>> though(controller->vm, instead of host->vm). Ssh and ping both
>> fail and I don't understand how tcpdump works.
>> I did find that there is a problem with the way opennebula works
>> with ip/mac address of vm's and that a special script is needed
>> to correctly map them, but I don't really understand what is
>> going on.
>>
>> Specifically I found:
>> (1)
>> http://lists.opennebula.org/pipermail/users-opennebula.org/2011-December/007042.html
>>
>> "Using the CONTEXT cdrom, the init.sh script in executed at boot
>> time. You
>> can modify the init.sh script to set your broadcast address and
>> netmask.
>> You can hardcode these values, or pass them as a CONTEXT
>> sub-attribute;
>> take a look at the DNS example from the contextualization guide:
>> "
>> (2) http://opennebula.org/documentation:archives:rel3.0:cong
>> Using Virtual Network Leases within a Virtual Machine
>>
>> (3)http://serverfault.com/questions/331145/bridging-virtual-networking-into-real-lan-on-a-opennebula-cluster
>> OpenNebula, by design, doesn't actually manage IP addresses even
>> though
>> it maintains a pool of them and "leases" them out. What it's really
>> doing is assigning a MAC address to the virtual ethernet
>> interface that
>> has the desired IP address encoded in the last 4 bytes of the MAC
>> address, and it's up to the OS to recognize that and assign an IP
>> appropriately.
>>
>>
>>
>> On Wed, Dec 18, 2013 at 10:38 PM, Alexander Sibetheros
>> <alexsibeth at gmail.com <mailto:alexsibeth at gmail.com>> wrote:
>>
>> But that is exactly the problem. I can access the vm via
>> vnc(from sunstone), but get login screen(local host
>> login/password which I don't know). So, I can't check for
>> daemons. I read online that for the images created for
>> kvm/opennebula access is done via ssh(passwordless).
>>
>> Because the image I am using is prebuilt for opennebula, I
>> imagine something is wrong in my controller/node
>> configuration, but do not know where to look.
>>
>>
>>
>> On Wed, Dec 18, 2013 at 10:21 PM, Jens Hoffmann
>> <jens.hoffmann at cuesoft.eu <mailto:jens.hoffmann at cuesoft.eu>>
>> wrote:
>>
>> Can you login into your vms via vnc and investigate, i.e.
>> if ssh daemon is running and if ssh keys are correctly
>> inserted into your login-user's authorized_keys?
>>
>> The ping problem may be a routing problem on your host.
>> Check if the host has ip_forwarding enabled such that the
>> host forwards packages between "eth0" and "br0", that is
>> between the bridge and your host's physical nic. If this
>> does not help, investigate your routing tables and try to
>> track your ping's package flow with tcpdump.
>>
>>
>>
>>
>> Jens
>> -- gpg --keyserver pgp.mit.edu <http://pgp.mit.edu>
>> --recv-keys 0xDB1CAFB5
>>
>>
>> On 12/18/2013 07:52 PM, Alexander Sibetheros wrote:
>>> I would like to note that when I added tty-linux - kvm
>>> from the marketplace, created a simple template(same as
>>> the centOS), and run it, I was able to login and use the
>>> vm. So I know the host works, and my problem most likely
>>> is in the way ssh works from the controller to vm's...
>>>
>>> Also noteworthy, I cannot ping the vm's from the
>>> controller...only from the host. Im not sure this is
>>> correct or not.
>>>
>>>
>>>
>>> On Wed, Dec 18, 2013 at 4:48 PM, Alexander Sibetheros
>>> <alexsibeth at gmail.com <mailto:alexsibeth at gmail.com>> wrote:
>>>
>>> I am following this tutorial, as closely as
>>> possible:
>>> http://www.opennebula.org/documentation:rel4.4:qs_ubuntu_kvm
>>>
>>> TEMPLATE 0
>>> INFORMATION
>>>
>>> ID : 0
>>> NAME : CentOS-6.4
>>> USER : oneadmin
>>> GROUP : oneadmin
>>> REGISTER TIME : 12/16 13:44:54
>>>
>>> PERMISSIONS
>>>
>>> OWNER : um-
>>> GROUP : ---
>>> OTHER : ---
>>>
>>> TEMPLATE
>>> CONTENTS
>>>
>>> CONTEXT=[
>>> SSH_PUBLIC_KEY="$USER[SSH_PUBLIC_KEY]" ]
>>> CPU="1.0"
>>> DISK=[
>>> IMAGE="CentOS-6.4_x86_64" ]
>>> GRAPHICS=[
>>> LISTEN="0.0.0.0",
>>> TYPE="vnc" ]
>>> MEMORY="512"
>>> NIC=[
>>> NETWORK="private" ]
>>> OS=[
>>> ARCH="x86_64" ]
>>> VCPU="1"
>>>
>>>
>>>
>>> On Wed, Dec 18, 2013 at 4:35 PM, Carlos Martín
>>> Sánchez <cmartin at opennebula.org
>>> <mailto:cmartin at opennebula.org>> wrote:
>>>
>>> Hi Alexander,
>>>
>>> On Wed, Dec 18, 2013 at 3:28 PM, Alexander
>>> Sibetheros <alexsibeth at gmail.com
>>> <mailto:alexsibeth at gmail.com>> wrote:
>>>
>>> I'll give the docs you sent a look but my
>>> configurations where the default in the
>>> tutorial:
>>>
>>> $ oneimage create --name "CentOS-6.4_x86_64" \
>>> --path "http://us.cloud.centos.org/i/one/c6-x86_64-20130910-1.qcow2.bz2" \
>>> --driver qcow2 \
>>> --datastore default
>>>
>>> $ onetemplate create --name "CentOS-6.4" --cpu 1 --vcpu 1 --memory 512 \
>>> --arch x86_64 --disk "CentOS-6.4_x86_64" --nic "private" --vnc \
>>> --ssh
>>>
>>> Before creating the vm I added the ssh parameters to the user:
>>> """$ EDITOR=vi oneuser update oneadmin Add a
>>> new line like the following to the template:
>>> SSH_PUBLIC_KEY="ssh-dss
>>> AAAAB3NzaC1kc3MAAACBANBWTQmm4Gt..."
>>> Substitute the value above with the output
>>> of cat ~/.ssh/id_dsa.pub."""
>>>
>>> $ onetemplate instantiate "CentOS-6.4" --name "My Scratch VM"
>>>
>>>
>>> Which tutorial are you following?
>>> And could you paste the output of onetemplate
>>> show <id>?
>>>
>>> Regards
>>> --
>>> Carlos Martín, MSc
>>> Project Engineer
>>> OpenNebula - Flexible Enterprise Cloud Made Simple
>>> www.OpenNebula.org <http://www.OpenNebula.org> |
>>> cmartin at opennebula.org
>>> <mailto:cmartin at opennebula.org> | @OpenNebula
>>> <http://twitter.com/opennebula>
>>>
>>>
>>> On Wed, Dec 18, 2013 at 3:28 PM, Alexander
>>> Sibetheros <alexsibeth at gmail.com
>>> <mailto:alexsibeth at gmail.com>> wrote:
>>>
>>> I'll give the docs you sent a look but my
>>> configurations where the default in the
>>> tutorial:
>>>
>>> $ oneimage create --name "CentOS-6.4_x86_64" \
>>> --path "http://us.cloud.centos.org/i/one/c6-x86_64-20130910-1.qcow2.bz2" \
>>> --driver qcow2 \
>>> --datastore default
>>>
>>> $ onetemplate create --name "CentOS-6.4" --cpu 1 --vcpu 1 --memory 512 \
>>> --arch x86_64 --disk "CentOS-6.4_x86_64" --nic "private" --vnc \
>>> --ssh
>>>
>>> Before creating the vm I added the ssh parameters to the user:
>>> """$ EDITOR=vi oneuser update oneadmin Add a
>>> new line like the following to the template:
>>> SSH_PUBLIC_KEY="ssh-dss
>>> AAAAB3NzaC1kc3MAAACBANBWTQmm4Gt..."
>>> Substitute the value above with the output
>>> of cat ~/.ssh/id_dsa.pub."""
>>>
>>> $ onetemplate instantiate "CentOS-6.4" --name "My Scratch VM"
>>>
>>>
>>>
>>>
>>> On Wed, Dec 18, 2013 at 2:05 PM, Carlos
>>> Martín Sánchez <cmartin at opennebula.org
>>> <mailto:cmartin at opennebula.org>> wrote:
>>>
>>> Hi,
>>>
>>> On Wed, Dec 18, 2013 at 12:03 PM,
>>> Alexander
>>> Sibetheros <alexsibeth at gmail.com
>>> <mailto:alexsibeth at gmail.com>> wrote:
>>>
>>> I checked the marketplace.. all vms
>>> for xen/vmware bases have default
>>> username/passwords.
>>> KVM on the otherhand writes: Add
>>> `SSH_PUBLIC_KEY` to
>>> contextualization to set root
>>> credentials.
>>>
>>>
>>> I assume you are using this image from
>>> the marketplace:
>>> http://docs.opennebula.org/stable/administration/references/schg.html#configuration
>>>
>>> Maybe the problem is a wrong syntax in
>>> the VM template. Can you paste its contents?
>>> It should follow the syntax described here:
>>> http://docs.opennebula.org/stable/user/references/template.html?highlight=context#context-section
>>>
>>> You can read more about the
>>> contextualization mechanism here:
>>> http://docs.opennebula.org/stable/user/virtual_machine_setup/context_overview.html
>>>
>>> Regards
>>>
>>> --
>>> Carlos Martín, MSc
>>> Project Engineer
>>> OpenNebula - Flexible Enterprise Cloud
>>> Made Simple
>>> www.OpenNebula.org
>>> <http://www.OpenNebula.org> |
>>> cmartin at opennebula.org
>>> <mailto:cmartin at opennebula.org> |
>>> @OpenNebula <http://twitter.com/opennebula>
>>>
>>>
>>> On Wed, Dec 18, 2013 at 12:03 PM,
>>> Alexander Sibetheros
>>> <alexsibeth at gmail.com
>>> <mailto:alexsibeth at gmail.com>> wrote:
>>>
>>> Unfortunately no..
>>> I checked the marketplace.. all vms
>>> for xen/vmware bases have default
>>> username/passwords.
>>> KVM on the otherhand writes: Add
>>> `SSH_PUBLIC_KEY` to
>>> contextualization to set root
>>> credentials.
>>>
>>>
>>>
>>>
>>> On Wed, Dec 18, 2013 at 12:47 PM,
>>> Jens Hoffmann
>>> <jens.hoffmann at cuesoft.eu
>>> <mailto:jens.hoffmann at cuesoft.eu>>
>>> wrote:
>>>
>>> Does this link provide correct
>>> credentials for your image:
>>> http://opennebula.org/cloud:sandbox:kvm#what_are_the_users_and_the_passwords?
>>>
>>>
>>> Jens
>>>
>>> --
>>> gpg --keyserver pgp.mit.edu
>>> <http://pgp.mit.edu> --recv-keys
>>> 0xDB1CAFB5
>>>
>>>
>>>
>>>
>>> On 12/18/2013 11:31 AM,
>>> Alexander Sibetheros wrote:
>>> > I recently set up a simple 2
>>> node opennebula(ubuntu/kvm)
>>> (using vmware
>>> > vm's), following the tutorial.
>>> >
>>> > I got a centOS vm to run, but
>>> cannot log in.
>>> > I read on other sites that
>>> login in is done via ssh and not
>>> vnc, but
>>> > whenever I ssh root at ..vm_ip
>>> <mailto:root at ..vm_ip>... I get
>>> prompted for password which I
>>> > dont have.
>>> >
>>> >
>>> > I followed this step from the
>>> tutorial(before running I ran
>>> ssh-keygen
>>> > -t dsa, because the id_dsa.pub
>>> file did not exist):
>>> >
>>> > """In order to dynamically add
>>> ssh keys to Virtual Machines we must
>>> > add our ssh key to the user
>>> template, by editing the user
>>> template:
>>> >
>>> > $ EDITOR=vi oneuser update
>>> oneadmin
>>> >
>>> > Add a new line like the
>>> following to the template:
>>> >
>>> > SSH_PUBLIC_KEY="ssh-dss
>>> AAAAB3NzaC1kc3MAAACBANBWTQmm4Gt..."
>>> >
>>> > Substitute the value above
>>> with the output of |cat
>>> ~/.ssh/id_dsa.pub|."""
>>> >
>>> >
>>> >
>>> > --
>>> > Alexander Sibetheros
>>> >
>>> >
>>> >
>>> _______________________________________________
>>> > Users mailing list
>>> > Users at lists.opennebula.org
>>> <mailto:Users at lists.opennebula.org>
>>> >
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> <mailto:Users at lists.opennebula.org>
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>>
>>>
>>> --
>>> Alexander Sibetheros
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> <mailto:Users at lists.opennebula.org>
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Alexander Sibetheros
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Alexander Sibetheros
>>>
>>>
>>>
>>>
>>> --
>>> Alexander Sibetheros
>>> Student at University of Athens,
>>> Department of Informatics and Telecommunications
>>
>>
>>
>>
>>
>> --
>> Alexander Sibetheros
>> Student at University of Athens,
>> Department of Informatics and Telecommunications
>>
>>
>>
>>
>> --
>> Alexander Sibetheros
>> Student at University of Athens,
>> Department of Informatics and Telecommunications
>
>
> --
> gpg --keyserver pgp.mit.edu <http://pgp.mit.edu> --recv-keys 0xDB1CAFB5
>
>
>
>
> --
> Alexander Sibetheros
> Student at University of Athens,
> Department of Informatics and Telecommunications
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131220/b7888894/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131220/b7888894/attachment-0002.pgp>
More information about the Users
mailing list