[SOLVED] Basic network problems/auth problems

Hi guys,

These are probably very simple questions, but I have googled to no avail.

I’ve got an installation of OpenNebula with a local instance of KVM.

There’s a single physical network interface, enp2s0, and a bridge set up at br0.

I’ve spun up a test VM through OpenNebula, and though I can open a vnc window from within the application, I can’t ssh/ping the VM from the host machine.

The local network is on 192.168.101.0 with the virtual network on 192.168.122.0.

When I ping 192.168.122.10 (the test VM) I see 192.168.122.1 reporting this as unreachable.

The firewall is currently disabled (this is a test box on my internal network).

Secondly, I am unable to log into the vnc session. The login prompt appears, but no known combination of user/pass works. I’ve tried specifying the relevant public key in the context (I assume this is the oneadmin one that lives in /var/lib/one/.ssh), but that’s not working either.

Not knowing the expected behaviour doesn’t help - should I be presented with a login prompt, or should this automatically log in using the specified key?

Any help would be much appreciated.

Thanks

Hello @thesockmonster

If you want to log in using the VNC, you need to specify the password for root in context section. You need to add PASSWORD=your password, you can find more information here.

If you want to login via SSH, first of all you need to add oneadmin’s ssh public key to OpenNebula, you can do this in Sunstone clicking on Oneadmin->Settings->Auth->Public SSH Key and paste the key there. Then instantiate a new VM and you should be able to login into it.

Hi Alejandro,

Thanks for that - one problem down :slight_smile:

Still struggling with the network though. Do I need to add some sort of routing?

192.168.122.1 is pingable from the host, but the guest (192.168.122.11) isn’t and has no network access (even with the assigned IP and the if up).
Thanks

Does the VM has an IP? Log into it with VNC and check that with ip a, if it doesn’t have it, maybe you forgot to enable the network contextualization, check this.

Indeed it has. 192.168.122.11 is assigned and the if is up

Then, check your Virtual Network configuration, it should have the correct gateway in context section, in this case the gateway should be 192.168.122.1.

That’s all set up. From the VM I can ping 127.0.0.1 and 192.168.122.10 but not 192.168.122.1 (which is showing in the ifcfg file as the gw)

Send me the output of onevm show <VM_ID> -x, onetemplate show <TEMPLATE_ID> -x and onevnet show <VNET_ID> -x.

    <VM>
      <ID>5</ID>
      <UID>0</UID>
      <GID>0</GID>
      <UNAME>oneadmin</UNAME>
      <GNAME>oneadmin</GNAME>
      <NAME>2</NAME>
      <PERMISSIONS>
        <OWNER_U>1</OWNER_U>
        <OWNER_M>1</OWNER_M>
        <OWNER_A>0</OWNER_A>
        <GROUP_U>0</GROUP_U>
        <GROUP_M>0</GROUP_M>
        <GROUP_A>0</GROUP_A>
        <OTHER_U>0</OTHER_U>
        <OTHER_M>0</OTHER_M>
        <OTHER_A>0</OTHER_A>
      </PERMISSIONS>
      <LAST_POLL>1575980086</LAST_POLL>
      <STATE>3</STATE>
      <LCM_STATE>3</LCM_STATE>
      <PREV_STATE>3</PREV_STATE>
      <PREV_LCM_STATE>3</PREV_LCM_STATE>
      <RESCHED>0</RESCHED>
      <STIME>1575977703</STIME>
      <ETIME>0</ETIME>
      <DEPLOY_ID>one-5</DEPLOY_ID>
      <MONITORING>
        <CPU><![CDATA[0.0]]></CPU>
        <DISKRDBYTES><![CDATA[143074844]]></DISKRDBYTES>
        <DISKRDIOPS><![CDATA[6780]]></DISKRDIOPS>
        <DISKWRBYTES><![CDATA[17442816]]></DISKWRBYTES>
        <DISKWRIOPS><![CDATA[501]]></DISKWRIOPS>
        <DISK_SIZE>
          <ID><![CDATA[0]]></ID>
          <SIZE><![CDATA[529]]></SIZE>
        </DISK_SIZE>
        <DISK_SIZE>
          <ID><![CDATA[1]]></ID>
          <SIZE><![CDATA[1]]></SIZE>
        </DISK_SIZE>
        <MEMORY><![CDATA[375352]]></MEMORY>
        <NETRX><![CDATA[132183]]></NETRX>
        <NETTX><![CDATA[14584]]></NETTX>
        <STATE><![CDATA[a]]></STATE>
      </MONITORING>
      <TEMPLATE>
        <AUTOMATIC_DS_REQUIREMENTS><![CDATA[("CLUSTERS/ID" @> 0)]]></AUTOMATIC_DS_RE                            QUIREMENTS>
        <AUTOMATIC_NIC_REQUIREMENTS><![CDATA[("CLUSTERS/ID" @> 0)]]></AUTOMATIC_NIC_                            REQUIREMENTS>
        <AUTOMATIC_REQUIREMENTS><![CDATA[(CLUSTER_ID = 0) & !(PUBLIC_CLOUD = YES) &                             !(PIN_POLICY = PINNED)]]></AUTOMATIC_REQUIREMENTS>
        <CONTEXT>
          <CONTEXT><![CDATA[true]]></CONTEXT>
          <DISK_ID><![CDATA[1]]></DISK_ID>
          <ETH0_CONTEXT_FORCE_IPV4><![CDATA[]]></ETH0_CONTEXT_FORCE_IPV4>
          <ETH0_DNS><![CDATA[8.8.8.8]]></ETH0_DNS>
          <ETH0_EXTERNAL><![CDATA[]]></ETH0_EXTERNAL>
          <ETH0_GATEWAY><![CDATA[192.168.122.1]]></ETH0_GATEWAY>
          <ETH0_GATEWAY6><![CDATA[]]></ETH0_GATEWAY6>
          <ETH0_IP><![CDATA[192.168.122.10]]></ETH0_IP>
          <ETH0_IP6><![CDATA[]]></ETH0_IP6>
          <ETH0_IP6_PREFIX_LENGTH><![CDATA[]]></ETH0_IP6_PREFIX_LENGTH>
          <ETH0_IP6_ULA><![CDATA[]]></ETH0_IP6_ULA>
          <ETH0_MAC><![CDATA[02:00:c0:a8:7a:0a]]></ETH0_MAC>
          <ETH0_MASK><![CDATA[255.255.255.0]]></ETH0_MASK>
          <ETH0_MTU><![CDATA[]]></ETH0_MTU>
          <ETH0_NETWORK><![CDATA[192.168.122.0]]></ETH0_NETWORK>
          <ETH0_SEARCH_DOMAIN><![CDATA[]]></ETH0_SEARCH_DOMAIN>
          <ETH0_VLAN_ID><![CDATA[]]></ETH0_VLAN_ID>
          <ETH0_VROUTER_IP><![CDATA[]]></ETH0_VROUTER_IP>
          <ETH0_VROUTER_IP6><![CDATA[]]></ETH0_VROUTER_IP6>
          <ETH0_VROUTER_MANAGEMENT><![CDATA[]]></ETH0_VROUTER_MANAGEMENT>
          <IMAGE><![CDATA[Context]]></IMAGE>
          <NETWORK><![CDATA[YES]]></NETWORK>
          <PASSWORD><![CDATA[password]]></PASSWORD>
          <SSH_PUBLIC_KEY><![CDATA[ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOV6Wqu7bmr                            BBlk1pEUGyiyZJYwgWIGQq5RU26tjAg1gEXZJ3GAWjvL9r4rjG3CftlJ9ijUVC1AUTWG4YJVli8Gr3hx                            DdRu7nVeu5SLnr20qN8SJSR2W3izWR52t8u2Nx1p7E/HCIs1SubsDB3Qub/I1cZoYc5fVaa1n5XD9Cbp                            SwKSac8H+wIYQTgj/a75qSuw6b4fU87l/WCq1pCIbT08HWxbl+Iar7eikCEEguwixgO1NHUywFzc4xBR                            woqvJOel9SAICKnpmAWgHLIFT+pjCINIexvNDAYpD6YpNXiofPcIsQr15ClLgTN/aT1vtkwg++HRe7Gi                            cx5OG9sskBv
          <TARGET><![CDATA[hda]]></TARGET>
        </CONTEXT>
        <CPU><![CDATA[1]]></CPU>
        <DISK>
          <ALLOW_ORPHANS><![CDATA[NO]]></ALLOW_ORPHANS>
          <CLONE><![CDATA[YES]]></CLONE>
          <CLONE_TARGET><![CDATA[SYSTEM]]></CLONE_TARGET>
          <CLUSTER_ID><![CDATA[0]]></CLUSTER_ID>
          <DATASTORE><![CDATA[default]]></DATASTORE>
          <DATASTORE_ID><![CDATA[1]]></DATASTORE_ID>
          <DEV_PREFIX><![CDATA[vd]]></DEV_PREFIX>
          <DISK_ID><![CDATA[0]]></DISK_ID>
          <DISK_SNAPSHOT_TOTAL_SIZE><![CDATA[0]]></DISK_SNAPSHOT_TOTAL_SIZE>
          <DISK_TYPE><![CDATA[FILE]]></DISK_TYPE>
          <DRIVER><![CDATA[qcow2]]></DRIVER>
          <IMAGE><![CDATA[CentOS 7 - KVM]]></IMAGE>
          <IMAGE_ID><![CDATA[0]]></IMAGE_ID>
          <IMAGE_STATE><![CDATA[2]]></IMAGE_STATE>
          <LN_TARGET><![CDATA[SYSTEM]]></LN_TARGET>
          <ORIGINAL_SIZE><![CDATA[8192]]></ORIGINAL_SIZE>
          <READONLY><![CDATA[NO]]></READONLY>
          <SAVE><![CDATA[NO]]></SAVE>
          <SIZE><![CDATA[8192]]></SIZE>
          <SOURCE><![CDATA[/var/lib/one//datastores/1/19e46510f461842ee6a2f6f43d2a56                            99]]></SOURCE>
          <TARGET><![CDATA[vda]]></TARGET>
          <TM_MAD><![CDATA[ssh]]></TM_MAD>
          <TYPE><![CDATA[FILE]]></TYPE>
        </DISK>
        <GRAPHICS>
          <LISTEN><![CDATA[0.0.0.0]]></LISTEN>
          <PORT><![CDATA[5905]]></PORT>
          <TYPE><![CDATA[VNC]]></TYPE>
        </GRAPHICS>
        <MEMORY><![CDATA[768]]></MEMORY>
        <NIC>
          <AR_ID><![CDATA[0]]></AR_ID>
          <BRIDGE><![CDATA[br0]]></BRIDGE>
          <BRIDGE_TYPE><![CDATA[linux]]></BRIDGE_TYPE>
          <CLUSTER_ID><![CDATA[0]]></CLUSTER_ID>
          <IP><![CDATA[192.168.122.10]]></IP>
          <MAC><![CDATA[02:00:c0:a8:7a:0a]]></MAC>
          <NAME><![CDATA[NIC0]]></NAME>
          <NETWORK><![CDATA[default]]></NETWORK>
          <NETWORK_ID><![CDATA[2]]></NETWORK_ID>
          <NIC_ID><![CDATA[0]]></NIC_ID>
          <PHYDEV><![CDATA[enp2s0]]></PHYDEV>
          <SECURITY_GROUPS><![CDATA[0]]></SECURITY_GROUPS>
          <TARGET><![CDATA[one-5-0]]></TARGET>
          <VN_MAD><![CDATA[fw]]></VN_MAD>
        </NIC>
        <OS>
          <ARCH><![CDATA[x86_64]]></ARCH>
          <BOOT><![CDATA[]]></BOOT>
        </OS>
        <SECURITY_GROUP_RULE>
          <PROTOCOL><![CDATA[ALL]]></PROTOCOL>
          <RULE_TYPE><![CDATA[OUTBOUND]]></RULE_TYPE>
          <SECURITY_GROUP_ID><![CDATA[0]]></SECURITY_GROUP_ID>
          <SECURITY_GROUP_NAME><![CDATA[default]]></SECURITY_GROUP_NAME>
        </SECURITY_GROUP_RULE>
        <SECURITY_GROUP_RULE>
          <PROTOCOL><![CDATA[ALL]]></PROTOCOL>
          <RULE_TYPE><![CDATA[INBOUND]]></RULE_TYPE>
          <SECURITY_GROUP_ID><![CDATA[0]]></SECURITY_GROUP_ID>
          <SECURITY_GROUP_NAME><![CDATA[default]]></SECURITY_GROUP_NAME>
        </SECURITY_GROUP_RULE>
        <TEMPLATE_ID><![CDATA[0]]></TEMPLATE_ID>
        <TM_MAD_SYSTEM><![CDATA[ssh]]></TM_MAD_SYSTEM>
        <VMID><![CDATA[5]]></VMID>
      </TEMPLATE>
      <USER_TEMPLATE>
        <INPUTS_ORDER><![CDATA[]]></INPUTS_ORDER>
        <LOGO><![CDATA[images/logos/centos.png]]></LOGO>
        <MEMORY_UNIT_COST><![CDATA[MB]]></MEMORY_UNIT_COST>
      </USER_TEMPLATE>
      <HISTORY_RECORDS>
        <HISTORY>
          <OID>5</OID>
          <SEQ>0</SEQ>
          <HOSTNAME>127.0.0.1</HOSTNAME>
          <HID>0</HID>
          <CID>0</CID>
          <STIME>1575977706</STIME>
          <ETIME>0</ETIME>
          <VM_MAD><![CDATA[kvm]]></VM_MAD>
          <TM_MAD><![CDATA[ssh]]></TM_MAD>
          <DS_ID>0</DS_ID>
          <PSTIME>1575977706</PSTIME>
          <PETIME>1575977714</PETIME>
          <RSTIME>1575977714</RSTIME>
          <RETIME>0</RETIME>
          <ESTIME>0</ESTIME>
          <EETIME>0</EETIME>
          <ACTION>0</ACTION>
          <UID>-1</UID>
          <GID>-1</GID>
          <REQUEST_ID>-1</REQUEST_ID>
        </HISTORY>
      </HISTORY_RECORDS>
    </VM>
    <VMTEMPLATE>
      <ID>0</ID>
      <UID>0</UID>
      <GID>0</GID>
      <UNAME>oneadmin</UNAME>
      <GNAME>oneadmin</GNAME>
      <NAME>CentOS 7 - KVM</NAME>
      <PERMISSIONS>
        <OWNER_U>1</OWNER_U>
        <OWNER_M>1</OWNER_M>
        <OWNER_A>0</OWNER_A>
        <GROUP_U>0</GROUP_U>
        <GROUP_M>0</GROUP_M>
        <GROUP_A>0</GROUP_A>
        <OTHER_U>0</OTHER_U>
        <OTHER_M>0</OTHER_M>
        <OTHER_A>0</OTHER_A>
      </PERMISSIONS>
      <REGTIME>1575920357</REGTIME>
      <TEMPLATE>
        <CONTEXT>
          <NETWORK><![CDATA[YES]]></NETWORK>
          <PASSWORD><![CDATA[password]]></PASSWORD>
          <SSH_PUBLIC_KEY><![CDATA[$USER[SSH_PUBLIC_KEY]]]></SSH_PUBLIC_KEY>
        </CONTEXT>
        <CPU><![CDATA[1]]></CPU>
        <DISK>
          <IMAGE_ID><![CDATA[0]]></IMAGE_ID>
        </DISK>
        <GRAPHICS>
          <LISTEN><![CDATA[0.0.0.0]]></LISTEN>
          <TYPE><![CDATA[VNC]]></TYPE>
        </GRAPHICS>
        <INPUTS_ORDER><![CDATA[]]></INPUTS_ORDER>
        <LOGO><![CDATA[images/logos/centos.png]]></LOGO>
        <MEMORY><![CDATA[768]]></MEMORY>
        <MEMORY_UNIT_COST><![CDATA[MB]]></MEMORY_UNIT_COST>
        <OS>
          <ARCH><![CDATA[x86_64]]></ARCH>
          <BOOT><![CDATA[]]></BOOT>
        </OS>
      </TEMPLATE>
    </VMTEMPLATE>
    <VNET>
      <ID>2</ID>
      <UID>0</UID>
      <GID>0</GID>
      <UNAME>oneadmin</UNAME>
      <GNAME>oneadmin</GNAME>
      <NAME>default</NAME>
      <PERMISSIONS>
        <OWNER_U>1</OWNER_U>
        <OWNER_M>1</OWNER_M>
        <OWNER_A>0</OWNER_A>
        <GROUP_U>0</GROUP_U>
        <GROUP_M>0</GROUP_M>
        <GROUP_A>0</GROUP_A>
        <OTHER_U>0</OTHER_U>
        <OTHER_M>0</OTHER_M>
        <OTHER_A>0</OTHER_A>
      </PERMISSIONS>
      <CLUSTERS>
        <ID>0</ID>
      </CLUSTERS>
      <BRIDGE><![CDATA[br0]]></BRIDGE>
      <BRIDGE_TYPE><![CDATA[linux]]></BRIDGE_TYPE>
      <PARENT_NETWORK_ID/>
      <VN_MAD><![CDATA[fw]]></VN_MAD>
      <PHYDEV><![CDATA[enp2s0]]></PHYDEV>
      <VLAN_ID/>
      <OUTER_VLAN_ID/>
      <VLAN_ID_AUTOMATIC>0</VLAN_ID_AUTOMATIC>
      <OUTER_VLAN_ID_AUTOMATIC>0</OUTER_VLAN_ID_AUTOMATIC>
      <USED_LEASES>1</USED_LEASES>
      <VROUTERS>
        <ID>0</ID>
      </VROUTERS>
      <TEMPLATE>
        <BRIDGE><![CDATA[br0]]></BRIDGE>
        <BRIDGE_TYPE><![CDATA[linux]]></BRIDGE_TYPE>
        <DNS><![CDATA[8.8.8.8]]></DNS>
        <GATEWAY><![CDATA[192.168.122.1]]></GATEWAY>
        <NETWORK_ADDRESS><![CDATA[192.168.122.0]]></NETWORK_ADDRESS>
        <NETWORK_MASK><![CDATA[255.255.255.0]]></NETWORK_MASK>
        <PHYDEV><![CDATA[enp2s0]]></PHYDEV>
        <SECURITY_GROUPS><![CDATA[0]]></SECURITY_GROUPS>
        <VN_MAD><![CDATA[fw]]></VN_MAD>
      </TEMPLATE>
      <AR_POOL>
        <AR>
          <AR_ID><![CDATA[0]]></AR_ID>
          <IP><![CDATA[192.168.122.10]]></IP>
          <MAC><![CDATA[02:00:c0:a8:7a:0a]]></MAC>
          <SIZE><![CDATA[32]]></SIZE>
          <TYPE><![CDATA[IP4]]></TYPE>
          <MAC_END><![CDATA[02:00:c0:a8:7a:29]]></MAC_END>
          <IP_END><![CDATA[192.168.122.41]]></IP_END>
          <USED_LEASES>1</USED_LEASES>
          <LEASES>
            <LEASE>
              <IP><![CDATA[192.168.122.10]]></IP>
              <MAC><![CDATA[02:00:c0:a8:7a:0a]]></MAC>
              <VM><![CDATA[5]]></VM>
            </LEASE>
          </LEASES>
        </AR>
      </AR_POOL>
    </VNET>

Try to remove the phydev from your vnet and leave it blank.

This should work ootb if you change the vnet subnetting to your LAN’s subnet, (assuming your guest centos is configured correctly)

What is 192.168.122.1?

Specifying a gateway for your vnetwork doesn’t actually create one for you, it is just the contextualization that is passed to your guests.
You need a virtual router with 2 interfaces so you can route between subnets and eventually to your LAN’s gateway.
Pfsense is super easy to set up.

Nope, no change unfortunately

@IowaOrganics the 192.168.122.1 is the IP of virbr0. I’ll try using the lan IP range and see if that works as expected.

Will also look into pfsense

Thanks

Delete virbr0, it is not br0.

will do, ta

Virbr0 is the default bridge created with libvirtd

https://www.centos.org/forums/viewtopic.php?t=56198

…and we have network.

Thanks for you help with this, guys.

Yeah :smiley: thanks a lot @IowaOrganics!!