SSH / SCP to VM failed using NAMESPACE while IP is assigned by Horizon

All nodes full log files.

Assigning to Yao Le to investigate as he looked at this the last time

Marking as stx.3.0 until further investigation. This is failing a regression TC which passed in stx.2.0

Following the steps described on this bug, i was able to ping instance from compute in a 2+2 configuration and duplex as well. the problem seems to be related to the port 22, having the following message
#ssh -i /home/sysadmin/.ssh/id_rsa.pub cirros@192.168.101.156
Unable to negotiate with 192.168.101.156 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1.

My WA so far should be add the cipher specifying the algorithm.

#ssh -i /home/sysadmin/.ssh/id_rsa.pub -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc cirros@192.168.101.156
The authenticity of host '192.168.101.156 (192.168.101.156)' can't be established.
RSA key fingerprint is SHA256:Xxc2OEVpKJbPNY7JdodXPnF7Avk8f30xL7T62wRzaq0.
RSA key fingerprint is MD5:25:a1:4f:51:9c:63:86:47:e1:2a:a5:7a:87:7d:a1:b4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.101.156' (RSA) to the list of known hosts.
$

Thanks to Elio's help, we have found a Work Around for the External configuration. Here are the steps:

Note: Avoid to use m1.tiny flavor, this flavor isn't working properly

1.- Follow the steps described here to set up a Duplex Configuration:
https://wiki.openstack.org/w/index.php?title=StarlingX/Containers/InstallationOnStandardStorage&oldid=171102

2.- Login into each one of the computes and create an SSH Keypair:
ssh-keygen -b 4096
with no passphrase, and no password, just the simple version (we haven't tried with passphrase or password).

3.- Copy the file located at each one of your computes at ~/.ssh/id_rsa.pub to your controller-0 (or the active one from where you will launch your VMs)

4.- Create a Keypair in your controller-0 (or the active one), using each one of the files that you already copied from your controllers, like:
controller-0:~# openstack keypair create --private-key /home/sysadmin/id_rsa_compute_0.pub richo_key_c0
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | c8:01:93:a5:4b:a6:ea:c5:2e:6e:d1:31:59:a5:39:d0 |
| name | richo_key_c0 |
| user_id | 76813b4fa2bd497d9c3069487993d51e |
+-------------+-------------------------------------------------+
controller-0:~# openstack keypair create --private-key /home/sysadmin/id_rsa_compute_1.pub richo_key_c1
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 65:e7:c2:f5:a9:71:e9:ca:38:4e:4f:7e:0b:fc:ae:b4 |
| name | richo_key_c1 |
| user_id | 76813b4fa2bd497d9c3069487993d51e |
+-------------+-------------------------------------------------+

5.- Add the following property to the flavor that you are going to use to create VMs. Use any flavor different that m1.tiny:
openstack flavor list
openstack flavor show <Specifc_Flavor_for_VM_Creation>
openstack flavor set <Flavor_ID> --property hw:mem_page_size=large

6.- Create an image
openstack mage create --container-format bare --disk-format qcow2 --file cirros-0.4.0-x86_64-disk.img cirros

7.- Create a security group
openstack security group create security1
openstack security group rule create --ingress --protocol icmp --remote-ip 0.0.0.0/0 security1
openstack security group rule create --ingress --protocol tcp --remote-ip 0.0.0.0/0 security1
openstack security group rule create --ingress --protocol udp --remote-ip 0.0.0.0/0 security1

8.- Create a VM
controller-0:~# openstack server create --image cirros --flavor m1.tiny --network public-net0 --security-group security1 --key-name richo_key_c0 richo
+-------------------------------------+------------------------------------------------+
| Field | Value |
+-------------------------------------+------------------------------------------------+
| OS-DCF:diskConfig ...

With the following iso , IP's are not inside the instance as well, no matter the WA.

###
### StarlingX
### Built from master
###

OS="centos"
SW_VERSION="19.09"
BUILD_TARGET="Host Installer"
BUILD_TYPE="Formal"
BUILD_ID="20191101T013000Z"

JOB="STX_build_master_master"
<email address hidden>"
BUILD_NUMBER="303"
BUILD_HOST="starlingx_mirror"

All the configs has the same problem now

@Elio, I believe your issue had been resolved by https://bugs.launchpad.net/starlingx/+bug/1851414

@Ricardo Perez, with the workaround (under Elio's help), do you think this is still an issue for you? Thanks!

@Huifeng, it's still an issue, because, besides Horizon shows you an IP assigned to the VM, you should go inside the VM and add it manually.

After that, you might be able to do the ping / ssh / scp. However I believe this is a broken funcitonality, because I don't believe that the end user should go by each one of the created VM's to assign manually the IP shown by Horizon.

@Ricardo Perez

Hi, are you using ovs-dpdk in your starlingX?

Could you catch some logs:
ip netns
ip netns exec $DHCP_NAMESPACE ifconfig
Run below command in VM:
dhclient $INTERFACE

@Ricardo Perez, as discussed in network team meeting, it is agreed that it is expected behavior that ssh connection is fail so this issue can be closed. Elio will work with you to refine the test case. thanks!