nova-manage vpn run is not working!

I'm not sure i totally understand the problem. Does the instance launch? Can you ping it? To use vpns, you should have the following two flags in your flag file
--use_project_ca
--cnt_vpn_clients=5 # or some other number greater than 0

The key that the vpn is launched with should be saved in the keys dir, so you should be able to use that to log in to the instance if you don't have another method. Then you can see what the problem is with openvpn starting.

Vish

On Apr 7, 2011, at 1:00 PM, Hyunsun Moon wrote:

> New question #152019 on OpenStack Compute (nova):
> https://answers.launchpad.net/nova/+question/152019
>
> Hi,
>
> I'm trying to run VPN. I made a cloudpipe image and add the image id to nova.conf with --vpn_image_id=xxx.
> Compute knows it is a cloudpipe image, because it assigns 10.0.0.2 address to the instance when I run the image with euca-run-instance command. But it will fail to run openvpn server without autorun.sh.
>
> Don't know why 'nova-manage vpn run'. It does not show any error messages or log. It just do nothing.
> Any idea?
>
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

Hi Vish,
I was almost in sleep as writing the confusing question :)

Anyway, I was mean that the vpn instance didn't success to run with 'nova-manage run vpn PROJECTID', but with 'euca-run-instance' for confirming there's no problem with the image itself.
The flags did not work for me. However, I found some bug in nova/crypto.py regarding ca_path reference reported Bug #757033.

I made some work around with the bug, but still get the following errors!

=================================================

2011-04-11 11:36:28,305 DEBUG nova.cloudpipe [-] Launching VPN for NOVAADMPRJ from (pid=31141) launch_vpn_instance /root/openstack/nova/nova/cloudpipe/pipelib.py:97
2011-04-11 11:36:28,414 DEBUG nova.utils [-] backend <module 'nova.db.sqlalchemy.api' from '/root/openstack/nova/nova/db/sqlalchemy/api.pyc'> from (pid=31141) __get_backend /root/openstack/nova/nova/utils.py:427
2011-04-11 11:36:28,499 DEBUG nova.utils [-] Running cmd (subprocess): sh /root/openstack/state/CA/geninter.sh NOVAADMPRJ /C=US/ST=California/L=MountainView/O=AnsoLabs/OU=NovaDev/CN=project-ca-NOVAADMPRJ-2011-04-11T02:36:28Z from (pid=31141) execute /root/openstack/nova/nova/utils.py:150
2011-04-11 11:36:28,576 DEBUG nova.utils [-] Result was 1 from (pid=31141) execute /root/openstack/nova/nova/utils.py:166
2011-04-11 11:36:28,577 CRITICAL nova [-] Unexpected error while running command.
Command: sh /root/openstack/state/CA/geninter.sh NOVAADMPRJ /C=US/ST=California/L=MountainView/O=AnsoLabs/OU=NovaDev/CN=project-ca-NOVAADMPRJ-2011-04-11T02:36:28Z
Exit code: 1
Stdout: ''
Stderr: "Generating a 1024 bit RSA private key\n...........................++++++\n...........++++++\nwriting new private key to 'private/cakey.pem'\n-----\nUsing configuration from ./openssl.cnf\nchown: invalid user: `nova:nogroup'\n"
(nova): TRACE: Traceback (most recent call last):
(nova): TRACE: File "/root/openstack/nova/bin/nova-manage", line 1122, in <module>
(nova): TRACE: main()
(nova): TRACE: File "/root/openstack/nova/bin/nova-manage", line 1111, in main
(nova): TRACE: fn(*argv)
(nova): TRACE: File "/root/openstack/nova/bin/nova-manage", line 170, in run
(nova): TRACE: self.pipe.launch_vpn_instance(project_id)
(nova): TRACE: File "/root/openstack/nova/nova/cloudpipe/pipelib.py", line 105, in launch_vpn_instance
(nova): TRACE: user_data=self.get_encoded_zip(project_id),
(nova): TRACE: File "/root/openstack/nova/nova/cloudpipe/pipelib.py", line 77, in get_encoded_zip
(nova): TRACE: crypto.generate_vpn_files(project_id)
(nova): TRACE: File "/root/openstack/nova/nova/crypto.py", line 236, in generate_vpn_files
(nova): TRACE: _ensure_project_folder(project_id)
(nova): TRACE: File "/root/openstack/nova/nova/crypto.py", line 223, in _ensure_project_folder
(nova): TRACE: _project_cert_subject(project_id))
(nova): TRACE: File "/root/openstack/nova/nova/utils.py", line 173, in execute
(nova): TRACE: cmd=' '.join(cmd))
(nova): TRACE: ProcessExecutionError: Unexpected error while running command.
(nova): TRACE: Command: sh /root/openstack/state/CA/geninter.sh NOVAADMPRJ /C=US/ST=California/L=MountainView/O=AnsoLabs/OU=NovaDev/CN=project-ca-NOVAADMPRJ-2011-04-11T02:36:28Z
(nova): TRACE: Exit code: 1
(nova): TRACE: Stdout: ''
(nova): TRACE: Stderr: "Generating a 1024 bit RSA private key\n...........................++++++\n...........++++++\nwriting new private key to 'private/cakey.pem'\n-----\nUsing configuration from ./openssl.cnf\nchown: invalid user: `nova:nogroup'\n"
(nova): TRACE:

FYI.
genvpn_sh_path refers to 'geninter.sh' instead of 'genvpn.sh' in nova/crypto.py.
Changing it to 'genvpn.sh', It is now working....

That is a bug. Reporting it.

On Apr 10, 2011, at 10:08 PM, Hyunsun Moon wrote:

> Question #152019 on OpenStack Compute (nova) changed:
> https://answers.launchpad.net/nova/+question/152019
>
> Status: Open => Solved
>
> Hyunsun Moon confirmed that the question is solved:
> FYI.
> genvpn_sh_path refers to 'geninter.sh' instead of 'genvpn.sh' in nova/crypto.py.
> Changing it to 'genvpn.sh', It is now working....
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).