OpenStack Compute (nova)

No vnc on second compute node

Asked by Christoph L

Hello
I set up an Openstack Havana environment with this guide: http://docs.openstack.org/havana/install-guide/install/yum/content/

Everything runs smoothly, now I have:
1x Controller Node (controller)
2x Compute Nodes (compute1, compute2)

The only problem I have is, that vnc in the dashboard is only working with Instances which running on compute1. Instances running on compute2 I get "Failed to connect to server (code: 1006)".

I already checked the logs but there is nothing at all regarding this.
What I noticed is that there is no "nova-consoleauth" running, at no point in the guide I have to set it up, could this cause the problem?

nova.conf on controller
[DEFAULT]
rpc_backend = nova.openstack.common.rpc.impl_qpid
qpid_hostname = controller
auth_strategy = keystone
my_ip = 10.121.33.31
vncserver_listen = 10.121.33.31
vncserver_proxyclient_address = 10.121.33.31

nova.conf on compute1
[DEFAULT]
auth_strategy = keystone
rpc_backend = nova.openstack.common.rpc.impl_qpid
qpid_hostname = controller
glance_host = controller
network_manager = nova.network.manager.FlatDHCPManager
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
network_size = 14
allow_same_net_traffic = False
multi_host = True
send_arp_for_ha = True
share_dhcp_address = True
force_dhcp_release = True
flat_interface = eth1
flat_network_bridge = br100
public_interface = eth1
my_ip = 10.121.33.32
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.121.33.32
novncproxy_base_url = http://controller:6080/vnc_auto.html

nova.conf on compute2
[DEFAULT]
auth_strategy = keystone
rpc_backend = nova.openstack.common.rpc.impl_qpid
qpid_hostname = controller
glance_host = controller
network_manager = nova.network.manager.FlatDHCPManager
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
network_size = 14
allow_same_net_traffic = False
multi_host = True
send_arp_for_ha = True
share_dhcp_address = True
force_dhcp_release = True
flat_interface = eth1
flat_network_bridge = br100
public_interface = eth1
my_ip = 10.121.33.33
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.121.33.33
novncproxy_base_url = http://controller:6080/vnc_auto.html

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Solved by:
Christoph L
Solved:
Last query:
Last reply:
Revision history for this message
LiangChen (hs-chen) said : 		#1

   Hi,Christoph L
   Nova-consoleauth manage token authentication.This service must be running for either proxy to work.
   Please use "service openstack-nova-consoleauth start" to set it up.

Revision history for this message
Christoph L (schlafenistluxus) said : 		#2

Hello
Thanks for your answer!

Unfortunately "openstack-nova-consoleauth" is already running.
So no change here.

I started "nova-novncproxy" manually with the debug parameter. The first part of the debug output is an instance running on compute1, I can connect to it via vnc on the dashboard. The second part is an instance running on compute2, when i try to connect i get the "Failed to connect to server (code: 1006)" and error messages at the debug output.

 nova-novncproxy --debug --web /usr/share/novnc/
WARNING: no 'numpy' module, HyBi protocol will be slower
WebSocket server settings:
  - Listen on 0.0.0.0:6080
  - Flash security policy server
  - Web server. Web root: /usr/share/novnc
  - No SSL/TLS support (no cert file)
  - proxying from 0.0.0.0:6080 to ignore:ignore

  1: 10.120.9.73: new handler Process
  1: 10.120.9.73: "GET /vnc_auto.html?token=8321e981-986f-458a-8edd-c0524b32d889&title=test-a794714d-1cf4-4d7a-af42-807da07e8d54(a794714d-1cf4-4d7a-af42-807da07e8d54) HTTP/1.1" 200 -
  2: 10.120.9.73: new handler Process
  2: 10.120.9.73: Plain non-SSL (ws://) WebSocket connection
  2: 10.120.9.73: Version hybi-13, base64: 'True'
  2: 10.120.9.73: Path: '/websockify'
  2: connecting to: 10.121.33.32:5901

Traffic Legend:
    } - Client receive
    }. - Client receive partial
    { - Target receive

    > - Target send
    >. - Target send partial
    < - Client send
    <. - Client send partial

{<}>{<}>{<}>{<}>{{<<{}><}>}>}>}>}>{{<<}>}>}>}>}>}>}>}>}>{<}>}>{<}>}>}> 2: ignore:ignore: Client closed connection
  2: 10.121.33.32:5901: Target closed
  3: 10.120.9.73: new handler Process
  3: 10.120.9.73: "GET /vnc_auto.html?token=176adc84-83ca-420a-9911-ca912fba51ed&title=test-88b0da66-1b5f-48bd-8ab3-71ef247fc149(88b0da66-1b5f-48bd-8ab3-71ef247fc149) HTTP/1.1" 200 -
  4: 10.120.9.73: new handler Process
  4: 10.120.9.73: Plain non-SSL (ws://) WebSocket connection
  4: 10.120.9.73: Version hybi-13, base64: 'True'
  4: 10.120.9.73: Path: '/websockify'
  4: connecting to: 10.121.33.33:5903
  4: handler exception: [Errno 113] EHOSTUNREACH
  4: Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line 711, in top_new_client
    self.new_client()
  File "/usr/lib/python2.6/site-packages/nova/console/websocketproxy.py", line 68, in new_client
    tsock = self.socket(host, port, connect=True)
  File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line 188, in socket
    sock.connect(addrs[0][4])
  File "/usr/lib/python2.6/site-packages/eventlet/greenio.py", line 169, in connect
    socket_checkerr(fd)
  File "/usr/lib/python2.6/site-packages/eventlet/greenio.py", line 43, in socket_checkerr
    raise socket.error(err, errno.errorcode[err])
error: [Errno 113] EHOSTUNREACH

Revision history for this message
Christoph L (schlafenistluxus) said : 		#3

Hello
so I figured it out by myself. It was related to this bug: https://bugs.launchpad.net/nova/+bug/1260118

Revision history for this message
rapchaz (florianchazal) said : 		#4

In my case the following iptables rule was blocking the handshake :

 -A INPUT -j REJECT --reject-with icmp-host-prohibited

So a simple

 iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited

fixed the issue