subject:"Re\: Virtual Router not accepting SSH connections from CloudStack Management server"

Re: Virtual Router not accepting SSH connections from CloudStack Management server

2018-10-09 Thread Rene Moser





On 10/09/2018 09:31 AM, Paul Angus wrote:
> Hi Cristian,
> 
> That is correct, ssh is only possible to system VMs on port 3922.  It is 
> passwordless, you must use the ssh keys which are stored on the management 
> server

I usually add the following ssh config to get a good user experience :)

# cat ~/.ssh/config
IdentityFile /var/cloudstack/management/.ssh/id_rsa
Port 3922
ControlPath ~/.ssh/master-%l-%r@%h:%p
ControlMaster auto

Host 10.100.10.*
  User root
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null



Regards
René

RE: Virtual Router not accepting SSH connections from CloudStack Management server

2018-10-09 Thread Paul Angus

Hi Cristian,

That is correct, ssh is only possible to system VMs on port 3922.  It is 
passwordless, you must use the ssh keys which are stored on the management 
server

paul.an...@shapeblue.com 
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue
  
 


-Original Message-
From: cristian.c@istream.today  
Sent: 08 October 2018 12:13
To: users@cloudstack.apache.org
Subject: RE: Virtual Router not accepting SSH connections from CloudStack 
Management server

VMware (on the end of this mail, you can see the full setup )

-Original Message-
From: Rafael Weingärtner 
Sent: Monday, October 8, 2018 1:20 PM
To: users 
Subject: Re: Virtual Router not accepting SSH connections from CloudStack 
Management server

What hypervisor do you use?

On Mon, Oct 8, 2018 at 4:53 AM  wrote:

> Hello folks,
>
>
>
>Like I told in my previous email, my virtual router 
> is not accepting SSH connection from management server.. or any other server.
> What I have found is that my default iptables rule looks incorrect for 
> me, accepting connection on 3922 only for eth1. :
>
>
>
>51  2408 ACCEPT tcp  --  eth0   *   0.0.0.0/0
> 158.69.17.226tcp dpt:53
>
> 403K   30M ACCEPT udp  --  eth0   *   0.0.0.0/0
> 158.69.17.226udp dpt:53
>
> 13473 4411K ACCEPT udp  --  eth0   *   0.0.0.0/0
> 0.0.0.0/0udp dpt:67
>
> 9421K  982M NETWORK_STATS  all  --  *  *   0.0.0.0/0
> 0.0.0.0/0
>
> 0 0 ACCEPT tcp  --  eth1   *   0.0.0.0/0
> 0.0.0.0/0tcp dpt:3922 state NEW,ESTABLISHED
>
> 0 0 ACCEPT all  --  *  *   0.0.0.0/0
> 224.0.0.18
>
> 0 0 ACCEPT all  --  *  *   0.0.0.0/0
> 225.0.0.50
>
> 7270K  821M ACCEPT all  --  eth0   *   0.0.0.0/0
> 0.0.0.0/0state RELATED,ESTABLISHED
>
> 396K   20M ACCEPT icmp --  *  *   0.0.0.0/0
> 0.0.0.0/0
>
> 0 0 ACCEPT all  --  lo *   0.0.0.0/0
> 0.0.0.0/0
>
>
>
> Router interface  :
>
>
>
> root@r-2055-VM:~# ip a
>
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
> group default qlen 1
>
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>
> inet 127.0.0.1/8 scope host lo
>
>valid_lft forever preferred_lft forever
>
> 2: eth0:  mtu 1500 qdisc pfifo_fast 
> state UP group default qlen 1000
>
> link/ether 1e:00:85:00:00:33 brd ff:ff:ff:ff:ff:ff
>
> inet 158.xx.xx.226/28 brd 158.69.17.239 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 167. xx.xx.246/28 brd 167.114.12.255 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 149. xx.xx.80/27 brd 149.56.173.95 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 192. xx.xx.79/26 brd 192.99.175.127 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 198. xx.xx.162/27 brd 198.50.180.191 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 149. xx.xx.99/27 brd 149.56.254.127 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 144. xx.xx.199/27 brd 144.217.38.223 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 144. xx.xx.177/27 brd 144.217.178.191 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 66. xx.xx.133/27 brd 66.70.150.159 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> 3: eth1:  mtu 1500 qdisc noop state DOWN group 
> default qlen 1000
>
> link/ether 02:00:06:0b:00:dc brd ff:ff:ff:ff:ff:ff
>
>
>
>
>
> After adding the following rule : iptables -A INPUT -p tcp --dport
> 3922 -j ACCEPT, everything works till next restart ( or reloading the 
> iptables ) is this a bug? Any suggestions?
>
>
>
>
>
>
>
> ===
>
> Additional  info from previous mail:
>
>
>
>
>
>  Current environment : CloudStack 4.11.1 (shapeblue) + VMware 
> 5.5, Local storage, Basic Networking.  ( this is an old environment, 4.5.2, .
> 4.9, 4.11.1 )
>
>
>
>  Right now I get the following error :  
> deployedCheckSshCommand)
> (logid:236afb1a) Could not connect to 149.xxx.xx.53 due to
> java.net.ConnectException: Connection timed out, my router is stuck in 
> starting mode.
>
>
>
>  After testing manually I saw that I'm not able to connect to 
> VR by using SSH (management -> virtual router ) I was able to ping, 
> telnet on 80 but not able to connect on 3922 . :
>
>
>
>

RE: Virtual Router not accepting SSH connections from CloudStack Management server

2018-10-08 Thread cristian.c

VMware (on the end of this mail, you can see the full setup )

-Original Message-
From: Rafael Weingärtner  
Sent: Monday, October 8, 2018 1:20 PM
To: users 
Subject: Re: Virtual Router not accepting SSH connections from CloudStack 
Management server

What hypervisor do you use?

On Mon, Oct 8, 2018 at 4:53 AM  wrote:

> Hello folks,
>
>
>
>Like I told in my previous email, my virtual router 
> is not accepting SSH connection from management server.. or any other server.
> What I have found is that my default iptables rule looks incorrect for 
> me, accepting connection on 3922 only for eth1. :
>
>
>
>51  2408 ACCEPT tcp  --  eth0   *   0.0.0.0/0
> 158.69.17.226tcp dpt:53
>
> 403K   30M ACCEPT udp  --  eth0   *   0.0.0.0/0
> 158.69.17.226udp dpt:53
>
> 13473 4411K ACCEPT udp  --  eth0   *   0.0.0.0/0
> 0.0.0.0/0udp dpt:67
>
> 9421K  982M NETWORK_STATS  all  --  *  *   0.0.0.0/0
> 0.0.0.0/0
>
> 0 0 ACCEPT tcp  --  eth1   *   0.0.0.0/0
> 0.0.0.0/0tcp dpt:3922 state NEW,ESTABLISHED
>
> 0 0 ACCEPT all  --  *  *   0.0.0.0/0
> 224.0.0.18
>
> 0 0 ACCEPT all  --  *  *   0.0.0.0/0
> 225.0.0.50
>
> 7270K  821M ACCEPT all  --  eth0   *   0.0.0.0/0
> 0.0.0.0/0state RELATED,ESTABLISHED
>
> 396K   20M ACCEPT icmp --  *  *   0.0.0.0/0
> 0.0.0.0/0
>
> 0 0 ACCEPT all  --  lo *   0.0.0.0/0
> 0.0.0.0/0
>
>
>
> Router interface  :
>
>
>
> root@r-2055-VM:~# ip a
>
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
> group default qlen 1
>
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>
> inet 127.0.0.1/8 scope host lo
>
>valid_lft forever preferred_lft forever
>
> 2: eth0:  mtu 1500 qdisc pfifo_fast 
> state UP group default qlen 1000
>
> link/ether 1e:00:85:00:00:33 brd ff:ff:ff:ff:ff:ff
>
> inet 158.xx.xx.226/28 brd 158.69.17.239 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 167. xx.xx.246/28 brd 167.114.12.255 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 149. xx.xx.80/27 brd 149.56.173.95 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 192. xx.xx.79/26 brd 192.99.175.127 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 198. xx.xx.162/27 brd 198.50.180.191 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 149. xx.xx.99/27 brd 149.56.254.127 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 144. xx.xx.199/27 brd 144.217.38.223 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 144. xx.xx.177/27 brd 144.217.178.191 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 66. xx.xx.133/27 brd 66.70.150.159 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> 3: eth1:  mtu 1500 qdisc noop state DOWN group 
> default qlen 1000
>
> link/ether 02:00:06:0b:00:dc brd ff:ff:ff:ff:ff:ff
>
>
>
>
>
> After adding the following rule : iptables -A INPUT -p tcp --dport 
> 3922 -j ACCEPT, everything works till next restart ( or reloading the 
> iptables ) is this a bug? Any suggestions?
>
>
>
>
>
>
>
> ===
>
> Additional  info from previous mail:
>
>
>
>
>
>  Current environment : CloudStack 4.11.1 (shapeblue) + VMware 
> 5.5, Local storage, Basic Networking.  ( this is an old environment, 4.5.2, .
> 4.9, 4.11.1 )
>
>
>
>  Right now I get the following error :  
> deployedCheckSshCommand)
> (logid:236afb1a) Could not connect to 149.xxx.xx.53 due to
> java.net.ConnectException: Connection timed out, my router is stuck in 
> starting mode.
>
>
>
>  After testing manually I saw that I'm not able to connect to 
> VR by using SSH (management -> virtual router ) I was able to ping, 
> telnet on 80 but not able to connect on 3922 . :
>
>
>
>  [root@cloud-emea ~]# ping 149.xxx.xx.53
>
> PING 149.xxx.xx.53 (149.xxx.xx.53) 56(84) bytes of data.
>
> 64 bytes from 149.xxx.xx.53: icmp_seq=1 ttl=63 time=1.83 ms
>
> ^C
>
> --- 149.xxx.xx.53ping statistics ---
>
> 1 packets transmitted, 1 received, 0% packet loss, time 932ms
>
> rtt min/avg/max/mdev = 1.832/1.832/1.832/0.000 ms
>
> [root@cloud-emea ~]# telnet 149.xxx.xx.5380
>
> Trying 149.xxx.xx.53...
>
> Connected to

Re: Virtual Router not accepting SSH connections from CloudStack Management server

2018-10-08 Thread Rafael Weingärtner

What hypervisor do you use?

On Mon, Oct 8, 2018 at 4:53 AM  wrote:

> Hello folks,
>
>
>
>Like I told in my previous email, my virtual router is
> not accepting SSH connection from management server.. or any other server.
> What I have found is that my default iptables rule looks incorrect for me,
> accepting connection on 3922 only for eth1. :
>
>
>
>51  2408 ACCEPT tcp  --  eth0   *   0.0.0.0/0
> 158.69.17.226tcp dpt:53
>
> 403K   30M ACCEPT udp  --  eth0   *   0.0.0.0/0
> 158.69.17.226udp dpt:53
>
> 13473 4411K ACCEPT udp  --  eth0   *   0.0.0.0/0
> 0.0.0.0/0udp dpt:67
>
> 9421K  982M NETWORK_STATS  all  --  *  *   0.0.0.0/0
> 0.0.0.0/0
>
> 0 0 ACCEPT tcp  --  eth1   *   0.0.0.0/0
> 0.0.0.0/0tcp dpt:3922 state NEW,ESTABLISHED
>
> 0 0 ACCEPT all  --  *  *   0.0.0.0/0
> 224.0.0.18
>
> 0 0 ACCEPT all  --  *  *   0.0.0.0/0
> 225.0.0.50
>
> 7270K  821M ACCEPT all  --  eth0   *   0.0.0.0/0
> 0.0.0.0/0state RELATED,ESTABLISHED
>
> 396K   20M ACCEPT icmp --  *  *   0.0.0.0/0
> 0.0.0.0/0
>
> 0 0 ACCEPT all  --  lo *   0.0.0.0/0
> 0.0.0.0/0
>
>
>
> Router interface  :
>
>
>
> root@r-2055-VM:~# ip a
>
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1
>
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>
> inet 127.0.0.1/8 scope host lo
>
>valid_lft forever preferred_lft forever
>
> 2: eth0:  mtu 1500 qdisc pfifo_fast state
> UP group default qlen 1000
>
> link/ether 1e:00:85:00:00:33 brd ff:ff:ff:ff:ff:ff
>
> inet 158.xx.xx.226/28 brd 158.69.17.239 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 167. xx.xx.246/28 brd 167.114.12.255 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 149. xx.xx.80/27 brd 149.56.173.95 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 192. xx.xx.79/26 brd 192.99.175.127 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 198. xx.xx.162/27 brd 198.50.180.191 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 149. xx.xx.99/27 brd 149.56.254.127 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 144. xx.xx.199/27 brd 144.217.38.223 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 144. xx.xx.177/27 brd 144.217.178.191 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> inet 66. xx.xx.133/27 brd 66.70.150.159 scope global eth0
>
>valid_lft forever preferred_lft forever
>
> 3: eth1:  mtu 1500 qdisc noop state DOWN group default
> qlen 1000
>
> link/ether 02:00:06:0b:00:dc brd ff:ff:ff:ff:ff:ff
>
>
>
>
>
> After adding the following rule : iptables -A INPUT -p tcp --dport 3922 -j
> ACCEPT, everything works till next restart ( or reloading the iptables )
> is
> this a bug? Any suggestions?
>
>
>
>
>
>
>
> ===
>
> Additional  info from previous mail:
>
>
>
>
>
>  Current environment : CloudStack 4.11.1 (shapeblue) + VMware 5.5,
> Local storage, Basic Networking.  ( this is an old environment, 4.5.2, .
> 4.9, 4.11.1 )
>
>
>
>  Right now I get the following error :  deployedCheckSshCommand)
> (logid:236afb1a) Could not connect to 149.xxx.xx.53 due to
> java.net.ConnectException: Connection timed out, my router is stuck in
> starting mode.
>
>
>
>  After testing manually I saw that I'm not able to connect to VR by
> using SSH (management -> virtual router ) I was able to ping, telnet on 80
> but not able to connect on 3922 . :
>
>
>
>  [root@cloud-emea ~]# ping 149.xxx.xx.53
>
> PING 149.xxx.xx.53 (149.xxx.xx.53) 56(84) bytes of data.
>
> 64 bytes from 149.xxx.xx.53: icmp_seq=1 ttl=63 time=1.83 ms
>
> ^C
>
> --- 149.xxx.xx.53ping statistics ---
>
> 1 packets transmitted, 1 received, 0% packet loss, time 932ms
>
> rtt min/avg/max/mdev = 1.832/1.832/1.832/0.000 ms
>
> [root@cloud-emea ~]# telnet 149.xxx.xx.5380
>
> Trying 149.xxx.xx.53...
>
> Connected to 149.xxx.xx.53.
>
> Escape character is '^]'.
>
> ^]
>
> telnet> quit
>
> Connection closed.
>
> [root@cloud-emea ~]# telnet 149.xxx.xx.53 3922
>
> Trying 149.xxx.xx.53...
>
>
>
>
>
> I come with the idea connect on VR by using console and add the
> following firewall rule : iptables -A INPUT -p tcp -m state --state NEW
> --dport 3922 -j ACCEPT, my problem was "fixed" but after sometime I have
> the
> same issue again, for example in case of my router is destroyed.
>
>
>
>
>
> Thank you!
>
> Cristian
>
>
>
>
>
>

-- 
Rafael Weingärtner

Re: Virtual Router not accepting SSH connections from CloudStack Management server

RE: Virtual Router not accepting SSH connections from CloudStack Management server

RE: Virtual Router not accepting SSH connections from CloudStack Management server

Re: Virtual Router not accepting SSH connections from CloudStack Management server

4 matches

Site Navigation

Mail list logo

Footer information