Page MenuHomePhabricator
Create Task
Maniphest T242594

Unable to access codfw1-dev VMs via ssh
Closed, ResolvedPublic
Actions

Description

In theory we now have publicly-accessible public floating IPs available in codfw1-dev. I've added one to a VM and am attempting to access it from my local laptop -- I get 'connection refused.'

I've confirmed that ssh-server is running on that host (I can connect locally), and that vm has a security group of 'ALLOW IPv4 22/tcp from 0.0.0.0/0'

So... not sure if this is a networking thing or a config issue in openstack or on the VM. The fact that it's a connection refused and not a timeout suggests that ssh is actively rejecting the connection but I'm out of ideas.

Related Objects

Event Timeline

Andrew created this task.Jan 13 2020, 12:13 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 13 2020, 12:13 PM
Andrew added a comment.Jan 13 2020, 12:16 PM

The VM I'm testing with is:

+--------------------------------------+----------------------------------------------------------+
| Field                                | Value                                                    |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig                    | AUTO                                                     |
| OS-EXT-AZ:availability_zone          | nova                                                     |
| OS-EXT-SRV-ATTR:host                 | cloudvirt2001-dev                                        |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | cloudvirt2001-dev.codfw.wmnet                            |
| OS-EXT-SRV-ATTR:instance_name        | i-00000461                                               |
| OS-EXT-STS:power_state               | Running                                                  |
| OS-EXT-STS:task_state                | None                                                     |
| OS-EXT-STS:vm_state                  | active                                                   |
| OS-SRV-USG:launched_at               | 2020-01-03T09:41:06.000000                               |
| OS-SRV-USG:terminated_at             | None                                                     |
| accessIPv4                           |                                                          |
| accessIPv6                           |                                                          |
| addresses                            | lan-flat-cloudinstances2b=172.16.128.32, 208.80.153.186  |
| config_drive                         |                                                          |
| created                              | 2020-01-03T09:40:50Z                                     |
| flavor                               | m1.small (2)                                             |
| hostId                               | 8fdf14da370a65315e7c4fb8496e87c196aa81afe6dce16d73bf0c99 |
| id                                   | ec7d86b2-5bb1-4755-b50c-aceecc444bfa                     |
| image                                | d1b2ea32-10ca-40a5-a3fc-babc3956f049                     |
| key_name                             | None                                                     |
| name                                 | pike-test-01                                             |
| os-extended-volumes:volumes_attached | []                                                       |
| progress                             | 0                                                        |
| project_id                           | devtest                                                  |
| properties                           |                                                          |
| security_groups                      | [{u'name': u'external_ssh'}, {u'name': u'default'}]      |
| status                               | ACTIVE                                                   |
| updated                              | 2020-01-03T09:41:06Z                                     |
| user_id                              | labtestandrew                                            |
+--------------------------------------+----------------------------------------------------------+
Stashbot added a comment.Jan 13 2020, 1:34 PM

Mentioned in SAL (#wikimedia-cloud) [2020-01-13T13:34:38Z] <arturo> [¢odfw1dev] prevent neutron from allocating floating IPs from the wrong subnet by doing neutron subnet-update --allocation-pool start=208.80.153.190,end=208.80.153.190 cloud-instances-transport1-b-codfw (T242594)

Aklapper added a project: Cloud-Services.Jan 13 2020, 1:41 PM
aborrero closed this task as Resolved.Jan 13 2020, 1:53 PM

@Andrew reports via IRC this is working now.

Issue is that neutron was allocating a floating IP from the wrong subnet. This is fixed by reducing the transport allocation pool to just the IP in use in the neutron end (the other end is the core router).

More info on this:

Please reopen if required.

aborrero mentioned this in T271867: Broken transit/filtering for wmcs floating IP range 185.15.56.240/29.Jan 13 2021, 9:57 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL