OpenNebula OneKe 1.31 Service Appliance stuck at 2/3 Configuration step is in progress

We are deploying OpenNebula Service Appliances (OneKE 1.31) in a proxied environment. While VNF nodes showing complete configuration successfully, but master and worker remain stuck at from last one day:
2/3 Configuration step is in progress…

used Vnets for oneke

Public vnet = IP: 10.159.192.67 | 10.159.192.75
private vnet = IP: 192.168.200.2 | 192.168.200.101

oneadmin@abc06:~$ onevm list
ID USER GROUP NAME STAT CPU MEM HOST TIME
26 oneadmin oneadmin worker_0_(service_9) runn 2 3G localhost 0d 18h41
25 oneadmin oneadmin master_0_(service_9) runn 2 3G localhost 0d 18h41
24 oneadmin oneadmin vnf_0_(service_9) runn 1 512M localhost 0d 18h45

oneadmin@abc06:~$ oneflow list
ID USER GROUP NAME STARTTIME STAT
9 oneadmin oneadmin Service OneKE 1.31 07/31 12:01:59 RUNNING
oneadmin@abc06:~$

oneadmin@abc06:~$ ssh -A -J root@10.159.192.67 root@192.168.200.4
Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-126-generic x86_64)

• Documentation: https://help.ubuntu.com
• Management: https://landscape.canonical.com
• Support: https://ubuntu.com/pro

System information as of Fri Aug 1 06:49:24 UTC 2025

System load: 0.0 Processes: 98
Usage of /: 6.8% of 24.05GB Users logged in: 0
Memory usage: 5% IPv4 address for eth0: 192.168.200.4
Swap usage: 0%

Expanded Security Maintenance for Applications is not enabled.

72 updates can be applied immediately.
66 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

2 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at Ubuntu Expanded Security Maintenance | Security | Ubuntu

Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings

/ _ \ | '_ \ / _ \ OpenNebula Service Appliance
| () || | | || /
_/ || |_| ___|

2/3 Configuration step is in progress…

• PLEASE WAIT *

Last login: Fri Aug 1 06:15:10 2025 from 192.168.200.2
root@localhost:~#

VNF vm
oneadmin@abc06:~$ ssh root@10.159.192.67

/ _ \ | '_ \ / _ \ OpenNebula Service Appliance
| () || | | || /
_/ || |_| ___|

All set and ready to serve 8)

vrouter:~#

worker node

oneadmin@abc06:~$ ssh root@192.168.200.6
Expanded Security Maintenance for Applications is not enabled.

72 updates can be applied immediately.
66 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

1 additional security update can be applied with ESM Apps.
Learn more about enabling ESM Apps service at Ubuntu Expanded Security Maintenance | Security | Ubuntu

Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings

/ _ \ | '_ \ / _ \ OpenNebula Service Appliance
| () || | | || /
_/ || |_| ___|

2/3 Configuration step is in progress…

• PLEASE WAIT *

Last login: Fri Aug 1 06:44:34 2025 from 10.159.198.9
root@localhost:~#

Vnf node logs

oneadmin@abc06:~$ ssh root@10.159.192.67

/ _ \ | '_ \ / _ \ OpenNebula Service Appliance
| () || | | || /
_/ || |_| ___|

All set and ready to serve 8)

vrouter:~# cd /var/log/
vrouter:/var/log# ls
acpid.log dmesg messages one-appliance qemu-ga.log unbound wtmp
vrouter:/var/log# cd one-appliance/
vrouter:/var/log/one-appliance# ls
bootstrap.log configure.log install.log one-failover.err one-failover.log one-haproxy.log one-nat4.log one-router4.log
vrouter:/var/log/one-appliance# tail -f one-failover.err
from /etc/one-appliance/service.d/VRouter/Failover/execute.rb:96:in process_events' from /etc/one-appliance/service.d/VRouter/Failover/execute.rb:143:in execute’
from -e:1:in `’

D, [2025-08-01T06:10:38.437635 #3603] DEBUG – : {:event=>{:type=>“INSTANCE”, :name=>“ETH1”, :state=>“BACKUP”, :priority=>“100”}, :from=>“BACKUP”, :to=>“BACKUP”, :direction=>:stay, :ignored=>true}
D, [2025-08-01T06:10:38.437863 #3603] DEBUG – : :STAY (pid = 3603)
D, [2025-08-01T06:10:38.437987 #3603] DEBUG – : {:event=>{:type=>“INSTANCE”, :name=>“ETH1”, :state=>“MASTER”, :priority=>“100”}, :from=>“BACKUP”, :to=>“MASTER”, :direction=>:stay, :ignored=>true}
D, [2025-08-01T06:10:38.438044 #3603] DEBUG – : :STAY (pid = 3603)
D, [2025-08-01T06:10:38.438246 #3603] DEBUG – : {:event=>{:type=>“GROUP”, :name=>“VRouter”, :state=>“MASTER”, :priority=>“0”}, :from=>“BACKUP”, :to=>“MASTER”, :direction=>:up, :ignored=>false}
D, [2025-08-01T06:10:38.438350 #3603] DEBUG – : :UP (pid = 3603)
^C
vrouter:/var/log/one-appliance# tail -f one-failover.log

I, [2025-08-01T06:10:40.635616 #3603] INFO – : one-dns(:enabled)

• Checking /etc/unbound/unbound.conf … [ ok ]
• Starting unbound daemon … [ ok ]
  I, [2025-08-01T06:10:40.911556 #3603] INFO – : one-dhcp4v2(:disabled)

I, [2025-08-01T06:10:40.925063 #3603] INFO – : coredhcp(:disabled)

I, [2025-08-01T06:10:40.945698 #3603] INFO – : one-wg(:disabled)

^C
vrouter:/var/log/one-appliance# tail -f configure.log
I, [2025-08-01T06:10:32.872891 #3514] INFO – : SDNAT4::configure
I, [2025-08-01T06:10:32.872953 #3514] INFO – : SDNAT4::toggle([:stop])

I, [2025-08-01T06:10:32.884283 #3514] INFO – : SDNAT4::toggle([:disable])

I, [2025-08-01T06:10:32.896955 #3514] INFO – : WireGuard::configure
I, [2025-08-01T06:10:32.897002 #3514] INFO – : WireGuard::toggle([:stop])

I, [2025-08-01T06:10:32.913996 #3514] INFO – : WireGuard::toggle([:disable])

^C
vrouter:/var/log/one-appliance# tail -f one-haproxy.log
from /etc/one-appliance/service.d/VRouter/vrouter.rb:45:in service_show' from /etc/one-appliance/service.d/VRouter/vrouter.rb:392:in get_service_vms’
from /etc/one-appliance/service.d/VRouter/HAProxy/execute.rb:71:in call' from /etc/one-appliance/service.d/VRouter/HAProxy/execute.rb:71:in block in execute’
from internal:kernel:187:in loop' from /etc/one-appliance/service.d/VRouter/HAProxy/execute.rb:70:in execute’
from -e:1:in `’

• Reloading haproxy …
• Checking /etc/haproxy … [ ok ]
  [ ok ]
  ^C
  vrouter:/var/log/one-appliance# tail -f one-nat4.log
• Checking rules … [ ok ]
• Flushing firewall … [ ok ]
• Loading iptables state and starting firewall … [ ok ]
  I, [2025-08-01T06:10:39.384147 #4200] INFO – : NAT4::execute
  I, [2025-08-01T06:10:39.568242 #4200] INFO – : NAT4::toggle([:save])
• Saving iptables state … [ ok ]
  I, [2025-08-01T06:10:39.613021 #4200] INFO – : NAT4::toggle([:reload])
• Checking rules … [ ok ]
• Flushing firewall … [ ok ]
• Loading iptables state and starting firewall … [ ok ]
  ^C
  vrouter:/var/log/one-appliance# tail -f one-router4.log
  fs.protected_hardlinks = 1
  fs.protected_symlinks = 1
  kernel.unprivileged_bpf_disabled = 1
  net.ipv4.ip_forward = 0
  net.ipv4.conf.all.forwarding = 0
  net.ipv4.conf.default.forwarding = 0
  net.ipv4.conf.eth0.forwarding = 1
  net.ipv4.conf.eth1.forwarding = 1
  net.ipv4.conf.eth2.forwarding = 0
  net.ipv4.conf.eth3.forwarding = 0

Welcome, praveenbhatia3122

Have you checked if oneKE workers and master have internet access?
Can they access to oneflow server? You can check that with a onegate vm show in the VM

If they don’t it may be because their networks are isolated from the network where OpenNebula is running. A safe way to configure it without networking issues is to configure transparent proxies (Transparent Proxies |) and after they are configured, modify the ONEGATE_ENDPOINT in the configuration file

Thank you

Hi Brunorro

Proxies are already injected in Vrouter node, master, workers nodes and checked its working.

Inject Proxy Settings into Marketplace Monitor
sudo vim /etc/one/oned.conf

also edit
sudo systemctl edit opennebula

in starting of file i added this

[Service]
Environment="http_proxy=****************
Environment="https_proxy=******************
++++++++++++++++++++++++++++++++++++++++++++++++
oneadmin@abc06:~$ oneflow list
ID USER GROUP NAME STARTTIME STAT
9 oneadmin oneadmin Service OneKE 1.31 07/31 12:01:59 RUNNING

oneadmin@abc06:~$ onevm list
ID USER GROUP NAME STAT CPU MEM HOST TIME
26 oneadmin oneadmin worker_0_(service_9) runn 2 3G localhost 13d 18h09
25 oneadmin oneadmin master_0_(service_9) runn 2 3G localhost 13d 18h09
24 oneadmin oneadmin vnf_0_(service_9) runn 1 512M localhost 13d 18h12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
oneadmin@abc06:~$ onegate vm show
/usr/lib/ruby/3.0.0/uri/rfc3986_parser.rb:18:in rescue in split': bad URI(is not URI?): nil (URI::InvalidURIError) from /usr/lib/ruby/3.0.0/uri/rfc3986_parser.rb:15:in split’
from /usr/lib/ruby/3.0.0/uri/rfc3986_parser.rb:72:in parse' from /usr/lib/ruby/3.0.0/uri/common.rb:171:in parse’
from /usr/bin/onegate.rb:284:in initialize' from /usr/bin/onegate.rb:455:in new’
from /usr/bin/onegate.rb:455:in <main>' /usr/lib/ruby/3.0.0/uri/rfc3986_parser.rb:16:in split’: undefined method to_str' for nil:NilClass (NoMethodError) from /usr/lib/ruby/3.0.0/uri/rfc3986_parser.rb:72:in parse’
from /usr/lib/ruby/3.0.0/uri/common.rb:171:in parse' from /usr/bin/onegate.rb:284:in initialize’
from /usr/bin/onegate.rb:455:in new' from /usr/bin/onegate.rb:455:in ’
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

oneadmin@abc06:~$ sudo systemctl status opennebula-gate
● opennebula-gate.service - OpenNebula Gate Service
Loaded: loaded (/lib/systemd/system/opennebula-gate.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2025-07-31 12:37:10 UTC; 1 week 6 days ago
Main PID: 4058033 (ruby)
Tasks: 5 (limit: 463862)
Memory: 42.5M
CPU: 2min 10.392s
CGroup: /system.slice/opennebula-gate.service
└─4058033 “puma 6.6.0 (tcp://0.0.0.0:5030) [/]” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “” “”

Jul 31 12:37:11 abc06 opennebula-gate[4058033]: == Sinatra (v4.1.1) has taken the stage on 5030 for development with backup from Puma
Jul 31 12:37:11 abc06 opennebula-gate[4058033]: Puma starting in single mode…
Jul 31 12:37:11 abc06 opennebula-gate[4058033]: * Puma version: 6.6.0 (“Return to Forever”)
Jul 31 12:37:11 abc06 opennebula-gate[4058033]: * Ruby version: ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux-gnu]
Jul 31 12:37:11 abc06 opennebula-gate[4058033]: * Min threads: 0
Jul 31 12:37:11 abc06 opennebula-gate[4058033]: * Max threads: 5
Jul 31 12:37:11 abc06 opennebula-gate[4058033]: * Environment: development
Jul 31 12:37:11 abc06 opennebula-gate[4058033]: * PID: 4058033
Jul 31 12:37:11 abc06 opennebula-gate[4058033]: * Listening on http://0.0.0.0:5030
Jul 31 12:37:11 abc06 opennebula-gate[4058033]: Use Ctrl-C to stop

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.