cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Angus <paul.an...@shapeblue.com>
Subject Instances migrated in an advanced zone do not get security groups applied.
Date Tue, 10 Sep 2013 14:41:54 GMT
Hi,

I've been testing the security groups in advanced zones with 'UK's largest satellite broadcaster'.
We've found that migrated VMs do not get their security groups re-applied on the new host.

A error appears in the management log saying:

callHostPlugin failed for cmd: network_rules with args seqno: 10, vmIP: 10.79.128.229, deflated:
true, secIps: 0:, vmID: 6, vmMAC: 06:be:c6:00:00:e5, vmName: i-2-6-VM, rules: eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s,
signature: a30a3f964032bfbd44c86576a2ce0973,  due to There was a failure communicating with
the plugin.



2013-09-10 14:25:58,257 DEBUG [cloud.api.ApiServlet] (catalina-exec-4:null) ===START===  10.65.85.24
-- GET  command=authorizeSecurityGroupEgress&response=json&sessionkey=Xn7cUdk27lNRmWuhxSMDvVUcBMg%3D&securitygroupid=c667fdd1-561f-4d05-a5bd-8edf4af36e84&protocol=tcp&domainid=cff3401a-1a06-11e3-8a35-005056b93213&account=admin&startport=1&endport=1&cidrlist=1.1.1.1%2F32&_=1378819570842
2013-09-10 14:25:58,294 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-4:null) submit
async job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ], details: AsyncJobVO {id:33, userId:
2, accountId: 2, sessionKey: null, instanceType: SecurityGroup, instanceId: 3, cmd: org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd,
cmdOriginator: null, cmdInfo: {"sessionkey":"Xn7cUdk27lNRmWuhxSMDvVUcBMg\u003d","protocol":"tcp","cmdEventType":"SG.AUTH.EGRESS","ctxUserId":"2","securitygroupid":"c667fdd1-561f-4d05-a5bd-8edf4af36e84","httpmethod":"GET","startport":"1","domainid":"cff3401a-1a06-11e3-8a35-005056b93213","endport":"1","response":"json","account":"admin","cidrlist":"1.1.1.1/32","_":"1378819570842","ctxAccountId":"2","ctxStartEventId":"146"},
cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode:
0, result: null, initMsid: 345052351047, completeMsid: null, lastUpdated: null, lastPolled:
null, created: null}
2013-09-10 14:25:58,294 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-19:job-33 =
[ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Executing org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd
for job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]
2013-09-10 14:25:58,296 DEBUG [cloud.api.ApiServlet] (catalina-exec-4:null) ===END===  10.65.85.24
-- GET  command=authorizeSecurityGroupEgress&response=json&sessionkey=Xn7cUdk27lNRmWuhxSMDvVUcBMg%3D&securitygroupid=c667fdd1-561f-4d05-a5bd-8edf4af36e84&protocol=tcp&domainid=cff3401a-1a06-11e3-8a35-005056b93213&account=admin&startport=1&endport=1&cidrlist=1.1.1.1%2F32&_=1378819570842
2013-09-10 14:25:58,320 DEBUG [network.security.SecurityGroupManagerImpl] (Job-Executor-19:job-33
= [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Added 1 rules to security group TestSecurityGroup2
2013-09-10 14:25:58,326 DEBUG [network.security.SecurityGroupManagerImpl] (Job-Executor-19:job-33
= [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Security Group Mgr v2: scheduling ruleset updates
for 2 vms  (unique=2), current queue size=0
2013-09-10 14:25:58,330 DEBUG [network.security.SecurityGroupManagerImpl] (Job-Executor-19:job-33
= [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Security Group Mgr v2: done scheduling ruleset
updates for 2 vms: num new jobs=2 num rows insert or updated=2 time taken=4
2013-09-10 14:25:58,354 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-19:job-33 =
[ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Complete async job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721
], jobStatus: 1, resultCode: 0, result: org.apache.cloudstack.api.response.SecurityGroupResponse@e873b4bb
2013-09-10 14:25:58,355 DEBUG [network.security.SecurityGroupManagerImpl] (SecGrp-Worker-15:null)
SecurityGroupManager v2: sending ruleset update for vm i-2-7-VM:ingress num rules=3:egress
num rules=4 num cidrs=7 sig=a30a3f964032bfbd44c86576a2ce0973
2013-09-10 14:25:58,366 DEBUG [network.security.SecurityGroupManagerImpl] (SecGrp-Worker-16:null)
SecurityGroupManager v2: sending ruleset update for vm i-2-6-VM:ingress num rules=3:egress
num rules=4 num cidrs=7 sig=a30a3f964032bfbd44c86576a2ce0973
2013-09-10 14:25:58,371 DEBUG [agent.transport.Request] (SecGrp-Worker-15:null) Seq 5-717554011:
Sending  { Cmd , MgmtId: 345052351047, via: 5, Ver: v1, Flags: 100111, [{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.129.224","vmName":"i-2-7-VM","guestMac":"06:1a:66:00:01:da","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":2,"vmId":7,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
}
2013-09-10 14:25:58,371 DEBUG [agent.transport.Request] (SecGrp-Worker-15:null) Seq 5-717554011:
Executing:  { Cmd , MgmtId: 345052351047, via: 5, Ver: v1, Flags: 100111, [{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.129.224","vmName":"i-2-7-VM","guestMac":"06:1a:66:00:01:da","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":2,"vmId":7,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
}
2013-09-10 14:25:58,371 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-158:null) Seq
5-717554011: Executing request
2013-09-10 14:25:58,377 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-19:job-33 =
[ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Done executing org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd
for job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]
2013-09-10 14:25:58,380 DEBUG [agent.transport.Request] (SecGrp-Worker-16:null) Seq 9-521535511:
Sending  { Cmd , MgmtId: 345052351047, via: 9, Ver: v1, Flags: 100111, [{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.128.229","vmName":"i-2-6-VM","guestMac":"06:be:c6:00:00:e5","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":10,"vmId":6,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
}
2013-09-10 14:25:58,380 DEBUG [agent.transport.Request] (SecGrp-Worker-16:null) Seq 9-521535511:
Executing:  { Cmd , MgmtId: 345052351047, via: 9, Ver: v1, Flags: 100111, [{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.128.229","vmName":"i-2-6-VM","guestMac":"06:be:c6:00:00:e5","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":10,"vmId":6,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
}
2013-09-10 14:25:58,380 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-293:null) Seq
9-521535511: Executing request
2013-09-10 14:25:58,913 WARN  [xen.resource.CitrixResourceBase] (DirectAgent-293:null) callHostPlugin
failed for cmd: network_rules with args seqno: 10, vmIP: 10.79.128.229, deflated: true, secIps:
0:, vmID: 6, vmMAC: 06:be:c6:00:00:e5, vmName: i-2-6-VM, rules: eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s,
signature: a30a3f964032bfbd44c86576a2ce0973,  due to There was a failure communicating with
the plugin.
2013-09-10 14:25:58,914 WARN  [agent.manager.DirectAgentAttache] (DirectAgent-293:null) Seq
9-521535511: Exception Caught while executing command
com.cloud.utils.exception.CloudRuntimeException: callHostPlugin failed for cmd: network_rules
with args seqno: 10, vmIP: 10.79.128.229, deflated: true, secIps: 0:, vmID: 6, vmMAC: 06:be:c6:00:00:e5,
vmName: i-2-6-VM, rules: eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s,
signature: a30a3f964032bfbd44c86576a2ce0973,  due to There was a failure communicating with
the plugin.
       at com.cloud.hypervisor.xen.resource.CitrixResourceBase.callHostPlugin(CitrixResourceBase.java:4199)
       at com.cloud.hypervisor.xen.resource.CitrixResourceBase.execute(CitrixResourceBase.java:5787)
       at com.cloud.hypervisor.xen.resource.CitrixResourceBase.executeRequest(CitrixResourceBase.java:565)
       at com.cloud.hypervisor.xen.resource.XenServer56Resource.executeRequest(XenServer56Resource.java:73)
       at com.cloud.hypervisor.xen.resource.XenServer610Resource.executeRequest(XenServer610Resource.java:104)
       at com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
       at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
       at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
       at java.util.concurrent.FutureTask.run(FutureTask.java:166)
       at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
       at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
       at java.lang.Thread.run(Thread.java:679)




Regards,

Paul Angus
Senior Consultant / Cloud Architect
[cid:image003.png@01CEAE3C.4D48A3C0]

S: +44 20 3603 0540<tel:+442036030540> | M: +4<tel:+447968161581>47711418784 |
T: CloudyAngus
paul.angus@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com> | www.shapeblue.com
| Twitter:@shapeblue<https://twitter.com/>
ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS

Apache CloudStack Bootcamp training courses
21/22 August, London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
18/19 September, Bangalore<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
02/03 October, London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
13/14 November, London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
27/28 November, Bangalore<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
08/09 January 2014, London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd or related companies.
If you are not the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender if you believe
you have received this email in error. Shape Blue Ltd is a company incorporated in England
& Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue
is a registered trademark.

Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message