Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-LAB-HELP
-
Labels:None
-
Sender Email:
-
HD-Node:Spain
Description
From bernie@anysolution.eu
PROBLEM WITH ORION.
I have been trying to create an instance of Orion GE for some time now.
Everything goes fine until I am required to Allocate and Floating IP address.
I want to allocate "public-ext-net-01" but on the drop down list I also have "federation-ext-net-01".
I only have one floating IP available for this project and so consequently when I allocate public-ext-net-01 I get the following error message.
"ERROR: You exceeded the limit of floating IPs"
See the image attached.
My question is how do I get rid of the "federation-ext-net-01" because without a valid floating IP I obviously cannot connect to the instance I have created.
END OF PROBLEM SUMMARY.
________________________________
Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.
The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.
Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
Please, send your messages using the new domain (Fiware-lab-help@lists.fiware.org) instead of the old one.
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fiware.org
https://lists.fiware.org/listinfo/fiware-lab-help
[Created via e-mail received from: SERGIO GARCIA GOMEZ <sergio.garciagomez@telefonica.com>]
Activity
Thank you for that Sergio.
Could you just clarify one thing for me please.
When you talk about "orionlock" and "orionlock2" VMs are you actually
referring to the Orion instances "smartlockorion" and "smartlockorion2"
that I have created in Fiware Lab?
With Kind Regards
Bernie
Yes, that's it, I made a mistake with the names.
Best Regards,
Sergio.
----Mensaje original----
De: bernie@anysolution.eu bernie@anysolution.eu
Enviado el: 03 December 2015 20:12
Para: jira-help-desk@fi-ware.org
CC: JOSE IGNACIO CARRETERO GUARDE; SERGIO GARCIA GOMEZ
Asunto: Re: [FI-WARE-JIRA] (HELP-5453) [Fiware-lab-help] RV: Problem installing Fiware Orion Enabler.
Thank you for that Sergio.
Could you just clarify one thing for me please.
When you talk about "orionlock" and "orionlock2" VMs are you actually referring to the Orion instances "smartlockorion" and "smartlockorion2"
that I have created in Fiware Lab?
With Kind Regards
Bernie
________________________________
Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.
The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.
Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
Hi Sergio,
1. I have eliminated Orion instance 'smartlockorion2' and now have only
one instance of Orion in Fiware Lab. This instance in 'smartlockorion'.
2. 'smartlockorion' has the following Floating IP details:
IP Address: 130.206.123.131
Fixed Address: 192.168.220.216
Floating IP Pool: public-ext-net-01
3. The instance displays the following information:
Instance Name: smartlockorion
IP Address: 192.168.220.216
130.206.123.131
Size: 2048 MB RAM | 1 VCPU | 20GB Disk
Keypair: smartlock_orion
Status: ACTIVE
Task: None
Power State: RUNNING
Could you please please be more specific regarding defining the firewall
rules (security groups). I didn't find the link
http://joseignaciocarretero.blogspot.com.es/2014/09/fiware-lab-only-one-single-ip-per-user.html
to be very helpful at this stage.
When I go to Security->Security Groups
Select my security group 'smartlock_orion
Then choose Actions → Edit Rules, the Edit Security Group Rules window
opens.
I then have the following options to add a rule.
a) IP Protocol: TCP or UDP or ICPM Which of these is the relevant
Protocol?
b) From Port: What 'From Port' do I have to enter here?
c) To Port: What 'To Port' do I have to enter here?
d) Source Group: Here I am only given the option of choosing 'default':
smartlock_orion security group does not appear on the drop-down list.
e) CIDR pre set to: 0.0.0.0/0: Do I set this to my floating IP
130.206.123.131?
I have tried various combinations for setting the rules, but each time I
open a terminal and enter:
ssh -i smartlock_orion.pem root@130.206.123.131
I get the following response:
Warning: Identity file smartlock_orion.pem not accessible: No such file
or directory.
I have until 22 February 2016 to complete this Soul-Fi project. That is
10 weeks or realistically 8 weeks taking into account the Christmas and
New Years holiday periods. If have to spend a large proportion of that
time trying to set up not only Orion but also the other enables I need
then I will not have enough time to develop the hardware and software to
complete the project.
Could you please suggest a definitive solution to this problem?
and
Is there a concise operating manual that provides simple setting up
instruction for enabler instances that has all the required information
in one place?
With Kind Regards
Bernie.
I'm transcribing the private mail I sent you ---- This is the answer
a..d) IP Protocol: TCP or UDP or ICPM Which of these is the relevant Protocol? ...
- The relevant protocol for Orion is TCP and From Port 1026 To Port 1026.
- You'll also need TCP port 22 in order to be able to access SSH.
.... Maybe some more
e) CIDR pre set to: 0.0.0.0/0: Do I set this to my floating IP 130.206.123.131?
CIDR means the name of the network. 0.0.0.0/0 means "From everywhere". So if you set this value to the default value, your Orion will be accesible from the whole internet. This may have some security concerns.
The message "Warning: Identity file smartlock_orion.pem not accessible: No such file or directory." means that the file you once downloaded (smartlock_orion.pem) is not found in your laptop. That file is a precondition to access you VM, it is the way your Virtual Machine can identify that you are who you claim to be (a legal user to that Virtual machine). We DO NOT keep any track of that file in our systems because that would be a security concern (we could login your VM pretending to be you). Anyway, this message has nothing to do with the security groups configuration.
— The most permisive Security Group combination is (all these 3 rules at the same time):
- TCP from port 1 to port 65535 and CIDR 0.0.0.0/0
- UDP from port 1 to port 65535 and CIDR 0.0.0.0/0
- ICMP from port 0 to port 8 and CIDR 0.0.0.0/0
Regards,
José Ignacio
Dear Bernie,
Jose Ignacio (cc) has checked your Lab account finding that:
1. you already have an public IP allocated for "orionlock" VM. You can't access that machine because you haven't defined or change the firewall rules (secury groups) and all your ports are closed. You should change that and open 22 (ssh) and/or 1027 (ngsi) to access it.
2. you don't have to rid of the "federation-ext-net-01". Just don't use it, it's for other purposes.
3. You can't allocate more public IPs to the other VMs (e.g. orionlock2), because you have just one (1) public IP assigned. You can follow these instructions
http://joseignaciocarretero.blogspot.com.es/2014/09/fiware-lab-only-one-single-ip-per-user.html
to work with just one public IP.
Best Regards,
Sergio.