Allow SSH access
LB_ID=foo-lb01-prod AMPHORA_ID=$(openstack loadbalancer amphora list --loadbalancer ${LB_ID} --role MASTER -c id -f value) AMPHORA_COMPUTE_ID=$(openstack loadbalancer amphora show ${AMPHORA_ID} -c compute_id -f value) LB_NETWORK_IP=$(openstack loadbalancer amphora show ${AMPHORA_ID} -c lb_network_ip -f value) SECURITY_GROUP_ID=$(openstack port list --server ${AMPHORA_COMPUTE_ID} --fixed-ip "ip-address=${LB_NETWORK_IP}" -c security_group_ids -f value) # DEBUG: show ingress tcp rules openstack security group rule list --ingress --protocol tcp ${SECURITY_GROUP_ID} openstack security group rule create --protocol tcp --dst-port 22:22 --remote-ip 172.16.0.0/12 ${SECURITY_GROUP_ID} openstack loadbalancer amphora list --loadbalancer ${LB_ID} -c lb_network_ip -c role -f value openstack loadbalancer amphora list --loadbalancer ${LB_ID} -c lb_network_ip --role MASTER -f value # login to amphora VM from OpenStack control node ssh local@ctl1-dev.dev.i.example.com ssh -i ~/.ssh/id_rsa_octavia ubuntu@${AMPHORA_VM_IP}
Manuall SSH access
# Get loadbalancer ID openstack loadbalancer list | grep foo | aa3328bb-fbf8-4d3d-8bb3-99966b860006 | foo-lb01-prod | 6df9bd4956404f06bf169a382fe4035a | 192.168.248.6 | ACTIVE | amphora | # Get port ID LB_ID=aa3328bb-fbf8-4d3d-8bb3-99966b860006 openstack loadbalancer amphora list --loadbalancer ${LB_ID} +--------------------------------------+--------------------------------------+-----------+--------+---------------+---------------+ | id | loadbalancer_id | status | role | lb_network_ip | ha_ip | +--------------------------------------+--------------------------------------+-----------+--------+---------------+---------------+ | 0389bb5e-2e62-4be1-971e-2b897bf8366b | aa3328bb-fbf8-4d3d-8bb3-99966b860006 | ALLOCATED | BACKUP | 172.16.100.23 | 192.168.248.6 | | 5555fd70-bbbb-4760-8b02-999999999999 | aa3328bb-fbf8-4d3d-8bb3-99966b860006 | ALLOCATED | MASTER | 172.16.100.31 | 192.168.248.6 | +--------------------------------------+--------------------------------------+-----------+--------+---------------+---------------+ # Get Amphora VM ID AMPHORA_ID=5555fd70-bbbb-4760-8b02-999999999999 nova interface-list amphora-${AMPHORA_ID} | grep 172 | ACTIVE | 9a03e657-7743-4722-a518-b1ea38fb068a | ef82886a-1a24-4870-a5a2-d35cad85ead4 | 172.16.100.31 | fa:16:3e:39:05:06 | # Get security group ID PORT_ID=9a03e657-7743-4722-a518-b1ea38fb068a openstack port show ${PORT_ID} -c security_group_ids +--------------------+--------------------------------------+ | Field | Value | +--------------------+--------------------------------------+ | security_group_ids | d0e78d24-ead8-4392-985e-f495b818a83c | +--------------------+--------------------------------------+ # Alow SSH ingress from control nodes SECURITY_GROUP_ID=d0e78d24-ead8-4392-985e-f495b818a83c openstack security group rule create --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0 ${SECURITY_GROUP_ID} +-------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | created_at | 2019-09-06T13:27:00Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | b4e3e757-00ae-462d-a922-5f1daafa7502 | | location | Munch({'zone': None, 'project': Munch({'domain_name': 'Default', 'domain_id': None, 'id': 'a772e4ab888e4f039b3430d688f4559d', 'name': 'admin'}), 'cloud': '', 'region_name': 'ch-zh1'}) | | name | None | | port_range_max | 22 | | port_range_min | 22 | | project_id | a772e4ab888e4f039b3430d688f4559d | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 172.16.0.0/12 | | revision_number | 0 | | security_group_id | d0e78d24-ead8-4392-985e-f495b818a83c | | tags | [] | | updated_at | 2019-09-06T13:27:00Z | +-------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
SSH login to Amphora VM
#ssh -t -A -i /etc/kolla/config/foo/octavia_key control-node-1 ssh ubuntu@172.16.100.31 ssh -J control-node-1 ssh ubuntu@172.16.100.31
Remove role SSH access role
openstack security group show -c rules ${SECURITY_GROUP_ID} | grep 22 | | created_at='2019-09-06T13:27:00Z', direction='ingress', ethertype='IPv4', id='b4e3e757-00ae-462d-a922-5f1daafa7502', port_range_max='22', port_range_min='22', protocol='tcp', remote_ip_prefix='172.16.0.0/12', updated_at='2019-09-06T13:27:00Z' | SECURITY_GROUP_ROLE_ID=b4e3e757-00ae-462d-a922-5f1daafa7502 openstack security group rule delete ${SECURITY_GROUP_ROLE_ID} openstack security group show ${SECURITY_GROUP_ID}
Debug
# Get amphora VM console URL openstack console url show amphora-${AMPHORA_ID}