[英]Cannot access running instance from client - Eucalyptus
I have set up a private cloud under ubuntu 10.04 server through eucalyptus packages (v 1.6.1) Here are my configurations CLC,CC,WS3, SC (Frontend) - 10.XX29 NC - 10.XX30 我已经通过eucalyptus软件包(v 1.6.1)在ubuntu 10.04服务器下设置了私有云。这是我的配置CLC,CC,WS3,SC(前端)-10.XX29 NC-10.XX30
NTP Configured NTP已配置
Hwinfo - Intel quadcore (Q8300), 500GB, 4GB RAM, VT-x enabled in both the systems 硬件信息-英特尔四核(Q8300),500GB,4GB RAM,两个系统均已启用VT-x
I bundled,uploaded & registered the images which were given under eucalyptus website. 我捆绑,上传并注册了在桉树网站上提供的图像。 ( ubuntu 9.04 x86-64bit ) ( ubuntu 9.04 x86-64bit )
My query is .. I can access (ping & ssh) my running instance only in my frontend. 我的查询是..我只能在前端访问(ping和ssh)我正在运行的实例。 I cannot ping or ssh my instances from my client, but i can see the console output from client nd see the status of my running state vm thro' elastic fox. 我无法从客户端ping或ssh我的实例,但是我可以看到客户端的控制台输出,也可以看到弹性狐狸的运行状态vm的状态。
euca-describe-images >
IMAGE eri-16D9191E ubuntu-ramdisk-bucket/initrd.img-2.6.28-11-generic.manifest.xml admin available public x86_64 ramdisk instance-store
IMAGE emi-39711602 ubuntu-image-bucket/ubuntu.9-04.x86-64.img.manifest.xmladmin available public x86_64 machine eki-AE6117D9 eri-16D9191E instance-store
IMAGE eki-AE6117D9 ubuntu-kernel-bucket/vmlinuz-2.6.28-11-generic.manifest.xml admin available public x86_64 kernel instance-store
euca-describe-instances >
RESERVATION r-45CA0852 admin default
INSTANCE i-463407D1 emi-39711602 192.168.0.100 172.19.1.2 running key1 0 m1.large 2011-12-09T14:33:44.348Z cluster1 eki-AE6117D9 eri-16D9191E
I can access my instance from the cloud controller. 我可以从云控制器访问我的实例。 I could not access (ping or ssh) the instances anywhere from the network. 我无法从网络上的任何地方访问(ping或ssh)实例。 The VM is not getting exposed in the network. VM没有暴露在网络中。 There is some networking problem associated with the instances, frontend and my client which i couldn't figure out. 与实例,前端和我的客户端相关联的一些网络问题我无法解决。
Here are my configuration files ..! 这是我的配置文件..!
Eucalyptus.conf
/eucalyptus/eucalyptus.conf
EUCALYPTUS="/"
EUCA_USER="eucalyptus"
DISABLE_DNS="Y"
DISABLE_ISCSI="Y"
JVM_MEM="512m"
ENABLE_WS_SECURITY="Y"
LOGLEVEL="DEBUG"
VNET_PUBINTERFACE="eth0"
VNET_PRIVINTERFACE="eth0"
VNET_MODE="MANAGED-NOVLAN"
CC_PORT="8774"
SCHEDPOLICY="ROUNDROBIN"
POWER_IDLETHRESH="300"
POWER_WAKETHRESH="300"
NC_SERVICE="axis2/services/EucalyptusNC"
VNET_DHCPDAEMON="/usr/sbin/dhcpd3"
VNET_DHCPUSER="dhcpd"
NODES="10.X.X.30"
VNET_ADDRSPERNET="32"
NC_PORT="8775"
HYPERVISOR="kvm"
MANUAL_INSTANCES_CLEANUP=0
VNET_BRIDGE="br0"
INSTANCE_PATH="/var/lib/eucalyptus/instances/"
eucalyptus.local.conf eucalyptus.local.conf
VNET_MODE="MANAGED-NOVLAN"
VNET_SUBNET="172.19.0.0"
VNET_NETMASK="255.255.0.0"
VNET_DNS="10.X.X.1"
VNET_ADDRSPERNET="32"
VNET_PUBLICIPS="192.168.0.100-192.168.0.150"
Even after giving authorizations through euca-authorize -P tcp -p 22 -s 0.0.0.0/0 default from my client (end user) ..! 即使在通过euca-authorize -P tcp -p 22 -s 0.0.0.0/0从我的客户端(最终用户)获得默认授权之后。 I could not access (even ping or ssh) my instance from client ! 我无法从客户端访问(甚至ping或ssh)我的实例! but i can access the VM in the front end (SSH is working) 但是我可以在前端访问虚拟机(SSH正在工作)
euca-describe-groups >
GROUP logskish default default group
GROUP admin eucagroup sample group
GROUP admin default default group
PERMISSION admin default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION admin default ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
How to over come this problem. 如何克服这个问题。
Thanks 谢谢
Logs 日志
Answer : Dear one yes you have done everything ok: now just check your cloud machine's iptable 回答:亲爱的,是的,您一切都很好:现在只需检查您的云机的iptable
#iptables -L
and you can get DROP Policy in Forward chain just remove drop policy and activate forwarding in /etc/sysctl.conf 并且您可以在Forward链中获得DROP Policy,只需删除放置策略并在/etc/sysctl.conf中激活转发
you can ping and access your vm machines from client side 您可以从客户端ping并访问您的虚拟机
# iptables -t filter -P FORWARD ACCEPT
now you can ping and ssh your vm from client side 现在您可以从客户端ping和ssh虚拟机
I would make sure I run the following: 我将确保运行以下命令:
euca-authorize -P icmp -t -1:-1 default euca-authorize -P tcp -p 22 default euca-authorize -P icmp -t -1:-1默认值euca-authorize -P tcp -p 22默认值
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.