[one-users] Problem Login/ssh into vm

Alexander Sibetheros alexsibeth at gmail.com
Sat Dec 21 00:19:37 PST 2013


>From what I understand vmware has nothing to do with the problem right now.
I have a vmware vm(that connects to the internet) named vmhost, running
ubuntu12.4 and kvm, that spawns vm's that can talk to vmhost, but not to
the outside world and the other way around.

So from what I imagine, the problem exists in the vmhost and the way it
allows packets to go to and from its vm's.

I am an amateur in networking, but what I need shouldn't be too hard to do,
since vmhost see's the packets on its nic card, but doesn't do anything
with them.


The vmhost route table:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
default         192.168.0.1     0.0.0.0         UG    100    0        0
virbr0
192.168.0.0     *               255.255.255.0   U     0      0        0
virbr0

The vmhost's ip table:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24     state
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with
icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with
icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination










On Fri, Dec 20, 2013 at 7:29 PM, Jens Hoffmann <jens.hoffmann at cuesoft.eu>wrote:

>  That "vmhost" ist setup with vmware containing "controller" and "nebula
> host"? If so, perhaps you need to tell vmware to route between its vms? I
> don't know vmware, but it might be that vmware won't do this setup by
> default?
>
>
> Does the routing table on the "vmhost" look as expected?
>
>
>
>
> Jens
>
> --
> gpg --keyserver pgp.mit.edu --recv-keys 0xDB1CAFB5
>
>
>
>
>
> On 12/20/2013 04:41 PM, Alexander Sibetheros wrote:
>
>  I tried everything you suggested but nothing seems to work.
>  The vmhost talks with its vm via virbr0 and the other way around(via
> ping), BUT when I run tcpdump -i virbr0 host 192.168.0.32(The vm) and ping
> from the vm to the controller, I get:
>
> 07:28:29.310158 ARP, Request who-has 192.168.0.20 tell 192.168.0.32,
> length 28
>
>  If I ping google I get
> 07:28:29.310158 ARP, Request who-has 192.168.0.1 tell 192.168.0.32, length
> 28
>
>  So It cant see my network..
>
>  When I try from the controller to ping the vm I get:
> 7:36:50.675465 ARP, Request who-has 192.168.0.32 tell 192.168.0.20, length
> 46
> 07:36:50.679493 ARP, Reply 192.168.0.32 is-at 02:00:c0:a8:00:20 (oui
> Unknown), length 28
>
>  I have enabled ip_forward with no difference.
>
>  I also tried disabling the uwf, but didn't help.
>
>  I am certain the problem exists in the vmhost, kvm is doing something
> wicked...
>
>  Also, when I run a vm, a vnet0 is created on the vmhost, if I disable
> this then I can no longer ping vmhost <-->vm. But when I tcpdump the vnet0
> its empty...
>
>  Any other ideas I can try?
>
>
>
>
> On Thu, Dec 19, 2013 at 2:12 AM, Jens Hoffmann <jens.hoffmann at cuesoft.eu>wrote:
>
>>  Clearly a routing problem. Your controller won't know how to route
>> packages that are addressed to your vm instance. Start to use tcpdump -i
>> <interface> in companion with ping on all the involved interfaces to
>> actually see where the packages go (and where not). Read and understand
>> your controllers routing table. You will probably find out that you need to
>> add a route to the controller's routing table (probably with route add -net
>> <host bridge ip> netmask <host bridge netmask> gw <host ip>). Then see how
>> packages arrive at the host. If packages still don't arrive at the bridge,
>> tell your hosts network stack to forward packages between its interfaces,
>> i.e. with echo 1 > /proc/sys/net/ipv4/ip_forward (in debian; that setting
>> will disappear after a reboot; make it persistent in /etc/sysctl.conf).
>>
>>
>> Good luck!
>>
>>
>>
>> Jens
>>
>> --
>> gpg --keyserver pgp.mit.edu --recv-keys 0xDB1CAFB5
>>
>>
>>
>>   On 12/18/2013 11:23 PM, Alexander Sibetheros wrote:
>>
>>   I'm am writing again to clarify I fixed the 1st problem.
>>  I was trying to ssh from the root at node instead of oneadmin at node(which I
>> never used before). I can successfully ssh, change root password :) Thank
>> you very much for your ideas.
>>
>> I am not able to do such from oneadmin at controller though(controller->vm,
>> instead of host->vm). Ssh and ping both fail and I don't understand how
>> tcpdump works.
>> I did find that there is a problem with the way opennebula works with
>> ip/mac address of vm's and that a special script is needed to correctly map
>> them, but I don't really understand what is going on.
>>
>> Specifically I found:
>> (1)
>> http://lists.opennebula.org/pipermail/users-opennebula.org/2011-December/007042.html
>>
>> "Using the CONTEXT cdrom, the init.sh script in executed at boot time. You
>> can modify the init.sh script to set your broadcast address and netmask.
>> You can hardcode these values, or pass them as a CONTEXT sub-attribute;
>> take a look at the DNS example from the contextualization guide:
>> "
>> (2) http://opennebula.org/documentation:archives:rel3.0:cong
>> Using Virtual Network Leases within a Virtual Machine
>>
>> (3)
>> http://serverfault.com/questions/331145/bridging-virtual-networking-into-real-lan-on-a-opennebula-cluster
>> OpenNebula, by design, doesn't actually manage IP addresses even though
>> it maintains a pool of them and "leases" them out. What it's really
>> doing is assigning a MAC address to the virtual ethernet interface that
>> has the desired IP address encoded in the last 4 bytes of the MAC
>> address, and it's up to the OS to recognize that and assign an IP
>> appropriately.
>>
>>
>>
>>  On Wed, Dec 18, 2013 at 10:38 PM, Alexander Sibetheros <
>> alexsibeth at gmail.com> wrote:
>>
>>>  But that is exactly the problem. I can access the vm via vnc(from
>>> sunstone), but get login screen(local host login/password which I don't
>>> know). So, I can't check for daemons. I read online that for the images
>>> created for kvm/opennebula access is done via ssh(passwordless).
>>>
>>>  Because the image I am using is prebuilt for opennebula, I imagine
>>> something is wrong in my controller/node configuration, but do not know
>>> where to look.
>>>
>>>
>>>
>>> On Wed, Dec 18, 2013 at 10:21 PM, Jens Hoffmann <
>>> jens.hoffmann at cuesoft.eu> wrote:
>>>
>>>>  Can you login into your vms via vnc and investigate, i.e. if ssh
>>>> daemon is running and if ssh keys are correctly inserted into your
>>>> login-user's authorized_keys?
>>>>
>>>> The ping problem  may be a routing problem on your host. Check if the
>>>> host has ip_forwarding enabled such that the host forwards packages between
>>>> "eth0" and "br0", that is between the bridge and your host's physical nic.
>>>> If this does not help, investigate your routing tables and try to track
>>>> your ping's package flow with tcpdump.
>>>>
>>>>
>>>>
>>>>
>>>> Jens
>>>> -- gpg --keyserver pgp.mit.edu --recv-keys 0xDB1CAFB5
>>>>
>>>>
>>>>   On 12/18/2013 07:52 PM, Alexander Sibetheros wrote:
>>>>
>>>>  I would like to note that when I added tty-linux - kvm from the
>>>> marketplace, created a simple template(same as the centOS), and run it, I
>>>> was able to login and use the vm. So I know the host works, and my problem
>>>> most likely is in the way ssh works from the controller to vm's...
>>>>
>>>>  Also noteworthy, I cannot ping the vm's from the controller...only
>>>> from the host. Im not sure this is correct or not.
>>>>
>>>>
>>>>
>>>> On Wed, Dec 18, 2013 at 4:48 PM, Alexander Sibetheros <
>>>> alexsibeth at gmail.com> wrote:
>>>>
>>>>> I am following this tutorial, as closely as possible:
>>>>> http://www.opennebula.org/documentation:rel4.4:qs_ubuntu_kvm
>>>>>
>>>>> TEMPLATE 0
>>>>> INFORMATION
>>>>> ID             : 0
>>>>> NAME           : CentOS-6.4
>>>>> USER           : oneadmin
>>>>> GROUP          : oneadmin
>>>>> REGISTER TIME  : 12/16 13:44:54
>>>>>
>>>>> PERMISSIONS
>>>>>
>>>>> OWNER          : um-
>>>>> GROUP          : ---
>>>>> OTHER          : ---
>>>>>
>>>>> TEMPLATE
>>>>> CONTENTS
>>>>> CONTEXT=[
>>>>>   SSH_PUBLIC_KEY="$USER[SSH_PUBLIC_KEY]" ]
>>>>> CPU="1.0"
>>>>> DISK=[
>>>>>   IMAGE="CentOS-6.4_x86_64" ]
>>>>> GRAPHICS=[
>>>>>   LISTEN="0.0.0.0",
>>>>>   TYPE="vnc" ]
>>>>> MEMORY="512"
>>>>> NIC=[
>>>>>   NETWORK="private" ]
>>>>> OS=[
>>>>>   ARCH="x86_64" ]
>>>>> VCPU="1"
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Dec 18, 2013 at 4:35 PM, Carlos Martín Sánchez <
>>>>> cmartin at opennebula.org> wrote:
>>>>>
>>>>>>  Hi Alexander,
>>>>>>
>>>>>>  On Wed, Dec 18, 2013 at 3:28 PM, Alexander Sibetheros <
>>>>>> alexsibeth at gmail.com> wrote:
>>>>>>
>>>>>>  I'll give the docs you sent a look but my configurations where the
>>>>>>> default in the tutorial:
>>>>>>>
>>>>>>> $ oneimage create --name "CentOS-6.4_x86_64" \
>>>>>>>     --path "http://us.cloud.centos.org/i/one/c6-x86_64-20130910-1.qcow2.bz2" \
>>>>>>>     --driver qcow2 \
>>>>>>>     --datastore default
>>>>>>>
>>>>>>> $ onetemplate create --name "CentOS-6.4" --cpu 1 --vcpu 1 --memory 512 \
>>>>>>>     --arch x86_64 --disk "CentOS-6.4_x86_64" --nic "private" --vnc \
>>>>>>>     --ssh
>>>>>>>
>>>>>>>
>>>>>>> Before creating the vm I added the ssh parameters to the user:
>>>>>>>
>>>>>>> """$ EDITOR=vi oneuser update oneadmin
>>>>>>> Add a new line like the following to the template:
>>>>>>> SSH_PUBLIC_KEY="ssh-dss AAAAB3NzaC1kc3MAAACBANBWTQmm4Gt..."
>>>>>>> Substitute the value above with the output of cat ~/.ssh/id_dsa.pub."""
>>>>>>>
>>>>>>> $ onetemplate instantiate "CentOS-6.4" --name "My Scratch VM"
>>>>>>>
>>>>>>>
>>>>>>  Which tutorial are you following?
>>>>>>  And could you paste the output of onetemplate show <id>?
>>>>>>
>>>>>>  Regards
>>>>>>   --
>>>>>> Carlos Martín, MSc
>>>>>> Project Engineer
>>>>>> OpenNebula - Flexible Enterprise Cloud Made Simple
>>>>>> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<http://twitter.com/opennebula>
>>>>>>
>>>>>>
>>>>>>   On Wed, Dec 18, 2013 at 3:28 PM, Alexander Sibetheros <
>>>>>> alexsibeth at gmail.com> wrote:
>>>>>>
>>>>>>> I'll give the docs you sent a look but my configurations where the
>>>>>>> default in the tutorial:
>>>>>>>
>>>>>>> $ oneimage create --name "CentOS-6.4_x86_64" \
>>>>>>>     --path "http://us.cloud.centos.org/i/one/c6-x86_64-20130910-1.qcow2.bz2" \
>>>>>>>     --driver qcow2 \
>>>>>>>     --datastore default
>>>>>>>
>>>>>>> $ onetemplate create --name "CentOS-6.4" --cpu 1 --vcpu 1 --memory 512 \
>>>>>>>     --arch x86_64 --disk "CentOS-6.4_x86_64" --nic "private" --vnc \
>>>>>>>     --ssh
>>>>>>>
>>>>>>>
>>>>>>> Before creating the vm I added the ssh parameters to the user:
>>>>>>>
>>>>>>> """$ EDITOR=vi oneuser update oneadmin
>>>>>>> Add a new line like the following to the template:
>>>>>>> SSH_PUBLIC_KEY="ssh-dss AAAAB3NzaC1kc3MAAACBANBWTQmm4Gt..."
>>>>>>> Substitute the value above with the output of cat ~/.ssh/id_dsa.pub."""
>>>>>>>
>>>>>>> $ onetemplate instantiate "CentOS-6.4" --name "My Scratch VM"
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Dec 18, 2013 at 2:05 PM, Carlos Martín Sánchez <
>>>>>>> cmartin at opennebula.org> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>>  On Wed, Dec 18, 2013 at 12:03 PM, Alexander Sibetheros <
>>>>>>>> alexsibeth at gmail.com> wrote:
>>>>>>>>
>>>>>>>>>  I checked the marketplace.. all vms for xen/vmware bases have
>>>>>>>>> default username/passwords.
>>>>>>>>>  KVM on the otherhand writes: Add `SSH_PUBLIC_KEY` to
>>>>>>>>> contextualization to set root credentials.
>>>>>>>>>
>>>>>>>>
>>>>>>>>  I assume you are using this image from the marketplace:
>>>>>>>>
>>>>>>>> http://docs.opennebula.org/stable/administration/references/schg.html#configuration
>>>>>>>>
>>>>>>>>  Maybe the problem is a wrong syntax in the VM template. Can you
>>>>>>>> paste its contents?
>>>>>>>> It should follow the syntax described here:
>>>>>>>>
>>>>>>>> http://docs.opennebula.org/stable/user/references/template.html?highlight=context#context-section
>>>>>>>>
>>>>>>>>  You can read more about the contextualization mechanism here:
>>>>>>>>
>>>>>>>> http://docs.opennebula.org/stable/user/virtual_machine_setup/context_overview.html
>>>>>>>>
>>>>>>>>  Regards
>>>>>>>>
>>>>>>>>  --
>>>>>>>> Carlos Martín, MSc
>>>>>>>> Project Engineer
>>>>>>>> OpenNebula - Flexible Enterprise Cloud Made Simple
>>>>>>>> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<http://twitter.com/opennebula>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Dec 18, 2013 at 12:03 PM, Alexander Sibetheros <
>>>>>>>> alexsibeth at gmail.com> wrote:
>>>>>>>>
>>>>>>>>>   Unfortunately no..
>>>>>>>>> I checked the marketplace.. all vms for xen/vmware bases have
>>>>>>>>> default username/passwords.
>>>>>>>>>  KVM on the otherhand writes: Add `SSH_PUBLIC_KEY` to
>>>>>>>>> contextualization to set root credentials.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Dec 18, 2013 at 12:47 PM, Jens Hoffmann <
>>>>>>>>> jens.hoffmann at cuesoft.eu> wrote:
>>>>>>>>>
>>>>>>>>>> Does this link provide correct credentials for your image:
>>>>>>>>>>
>>>>>>>>>> http://opennebula.org/cloud:sandbox:kvm#what_are_the_users_and_the_passwords
>>>>>>>>>> ?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Jens
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> gpg --keyserver pgp.mit.edu --recv-keys 0xDB1CAFB5
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 12/18/2013 11:31 AM, Alexander Sibetheros wrote:
>>>>>>>>>> > I recently set up a simple 2 node opennebula(ubuntu/kvm) (using
>>>>>>>>>> vmware
>>>>>>>>>> > vm's), following the tutorial.
>>>>>>>>>> >
>>>>>>>>>> > I got a centOS vm to run, but cannot log in.
>>>>>>>>>> > I read on other sites that login in is done via ssh and not
>>>>>>>>>> vnc, but
>>>>>>>>>> > whenever I ssh root at ..vm_ip... I get prompted for password
>>>>>>>>>> which I
>>>>>>>>>> > dont have.
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > I followed this step from the tutorial(before running I ran
>>>>>>>>>> ssh-keygen
>>>>>>>>>> > -t dsa, because the id_dsa.pub file did not exist):
>>>>>>>>>> >
>>>>>>>>>> > """In order to dynamically add ssh keys to Virtual Machines we
>>>>>>>>>> must
>>>>>>>>>> > add our ssh key to the user template, by editing the user
>>>>>>>>>> template:
>>>>>>>>>> >
>>>>>>>>>> > $ EDITOR=vi oneuser update oneadmin
>>>>>>>>>> >
>>>>>>>>>> > Add a new line like the following to the template:
>>>>>>>>>> >
>>>>>>>>>> > SSH_PUBLIC_KEY="ssh-dss AAAAB3NzaC1kc3MAAACBANBWTQmm4Gt..."
>>>>>>>>>> >
>>>>>>>>>> > Substitute the value above with the output of |cat
>>>>>>>>>> ~/.ssh/id_dsa.pub|."""
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > --
>>>>>>>>>> > Alexander Sibetheros
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>>  > _______________________________________________
>>>>>>>>>> > Users mailing list
>>>>>>>>>> > Users at lists.opennebula.org
>>>>>>>>>> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Users mailing list
>>>>>>>>>> Users at lists.opennebula.org
>>>>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  --
>>>>>>>>>   Alexander Sibetheros
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Users mailing list
>>>>>>>>> Users at lists.opennebula.org
>>>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>  --
>>>>>>>   Alexander Sibetheros
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>  --
>>>>>   Alexander Sibetheros
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>   Alexander Sibetheros
>>>>  Student at University of Athens,
>>>> Department of Informatics and Telecommunications
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>>   Alexander Sibetheros
>>>  Student at University of Athens,
>>> Department of Informatics and Telecommunications
>>>
>>
>>
>>
>> --
>>   Alexander Sibetheros
>>  Student at University of Athens,
>> Department of Informatics and Telecommunications
>>
>>
>>
>> --
>> gpg --keyserver pgp.mit.edu --recv-keys 0xDB1CAFB5
>>
>>
>
>
> --
>   Alexander Sibetheros
>  Student at University of Athens,
> Department of Informatics and Telecommunications
>
>
>


-- 
Alexander Sibetheros
Student at University of Athens,
Department of Informatics and Telecommunications
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131221/253ecaaa/attachment-0002.htm>


More information about the Users mailing list