Openstack – Cannot connect to instance

SUMMARY

Admin/User has successfully created an instance, however, they are unable to gain access to the instance via SSH or RDP.

 

HOW TO DETERMINE ROOT CAUSE AND SOLVE THE PROBLEM

Generally, this problem comes as a result of misconfiguration of the security group the instance the customer launched is associated with or if the customer is trying to access the instance remotely without having a floating IP assigned. The first thing to do in this case would be to verify that a floating IP has been assigned to the instance if the instance is to be accessed remotely. You can verify this on the instances menu on Horizon. If you do not see a floating IP assigned please proceed to adding one by selecting the actions column drop down menu and selecting “Associate Floating IP”.

Once a floating IP has been verified the next step will be to verify that the security group associated to the instance(s) has the following security group rules within in it:

Additionally, if the instance is Linux based you will want to make sure you have port 22 for SSH open. Additionally, if the the instance is Windows based you will want to open port 3389 for RDP. For example:

If these two rules are open and the connectivity issues persists the suggestion at this point would be to verify if the instance requires a key pair for access. You can check if that is the case by going to the instances pace and checking the Key Pair field to see if it is populated. For example:

If the Key Pair is populated (as it is in this case) you will need to access your instance using a special SSH flag when you execute the SSH command on the command line:

 

root@pandy-dev: ~# ssh -i test.pem root@<server IP/Hostname>

Note that the test.pem file is named exactly like the populated field in the example image above. You must use the same key pair otherwise you will encounter authentication issues with the instance.

If at this point the issue persists, there are a number of things that might be causing this issue. At this point it would be best for you to submit a support ticket and provide us the output of the following from all of your controller nodes:

#pcs status

#nova service-list

#neutron agent-list

#rabbitmqctl status

#nova show <INSTANCE ID>

#nova console-log <INSTANCE ID>

#rabbitmqctl list_queues | grep -v “0$”

#/var/log/nova-all.log

#/var/log/neutron-all.log

#/var/log/rabbitmq/rabbit@node-x.log

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s