cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-2933) [VPC][VMware]Unable to login to VM using the LB configured public IP.
Date Thu, 25 Jul 2013 12:21:50 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-2933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13719567#comment-13719567
] 

ASF subversion and git services commented on CLOUDSTACK-2933:
-------------------------------------------------------------

Commit 34f75b0a5d020f8f21d8b53c39d3d584efda047c in branch refs/heads/4.2 from [~jayapal]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=34f75b0 ]

CLOUDSTACK-2933 Added vpc load balancing changes for vmware

                
>  [VPC][VMware]Unable to login to VM using the LB configured public IP.
> ----------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2933
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2933
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.0
>            Reporter: manasaveloori
>            Assignee: Jayapal Reddy
>            Priority: Critical
>             Fix For: 4.2.0
>
>
> Steps:
> 1.	Have a CS with advanced zone and VMware host.
> 2.	Create a VPC and a tier.
> 3.	Deploy a VM on the tier .
> 4.	Apply  allow_all ACL to the tier network
> 5.	Acquire a public Ip and define a LB rule on port 22.
> 6.	SSH to the VM using the public IP on which LB is defined.
> Observations:
> Unable to do SSH to VM:
> The LB rule is configured in the router under /etc/haproxy/haproxy.cfg.	
> root@r-3-VM:/var/log# vi /etc/haproxy/haproxy.cfg
> global
>         log 127.0.0.1:3914   local0 warning
>         maxconn 4096
>         chroot /var/lib/haproxy
>         user haproxy
>         group haproxy
>         daemon
> defaults
>         log     global
>         mode    tcp
>         option  dontlognull
>         retries 3
>         option redispatch
>         option forwardfor
>         option forceclose
>         timeout connect    5000
>         timeout client     50000
>         timeout server     50000
> listen stats_on_public 10.147.47.5:8081
>         mode http
>         option httpclose
>         stats enable
>         stats uri     /admin?stats
>         stats realm   Haproxy\ Statistics
>         stats auth    admin1:AdMiN123
> listen 10_147_47_60-22 10.147.47.60:22
>         balance roundrobin
>         server 10_147_47_60-22_0 10.0.1.249:22 check
> root@r-3-VM:~# iptables -L -nv
> Chain INPUT (policy DROP 73 packets, 6206 bytes)
>  pkts bytes target     prot opt in     out     source               destination
>    15   872 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:22 LOG flags 0 level 4 prefix "**********************swamy**"
>  6127  446K NETWORK_STATS  all  --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.18
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            225.0.0.50
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
>     0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
>    41  2460 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0       
    state NEW tcp dpt:3922
>  5996  436K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0       
    state RELATED,ESTABLISHED
>     0     0 ACCEPT     udp  --  eth2   *       0.0.0.0/0            0.0.0.0/0       
    udp dpt:67
>    11   809 ACCEPT     udp  --  eth2   *       0.0.0.0/0            10.0.1.1        
    udp dpt:53
>     0     0 ACCEPT     tcp  --  eth2   *       0.0.0.0/0            10.0.1.1        
    tcp dpt:53
>     0     0 ACCEPT     tcp  --  eth2   *       0.0.0.0/0            10.0.1.1        
    state NEW tcp dpt:80
>     0     0 ACCEPT     tcp  --  eth2   *       0.0.0.0/0            10.0.1.1        
    state NEW tcp dpt:8080
>     0     0 ACCEPT     udp  --  eth3   *       0.0.0.0/0            0.0.0.0/0       
    udp dpt:67
>     6   456 ACCEPT     udp  --  eth3   *       0.0.0.0/0            10.0.2.1        
    udp dpt:53
>     0     0 ACCEPT     tcp  --  eth3   *       0.0.0.0/0            10.0.2.1        
    tcp dpt:53
>     0     0 ACCEPT     tcp  --  eth3   *       0.0.0.0/0            10.0.2.1        
    state NEW tcp dpt:80
>     0     0 ACCEPT     tcp  --  eth3   *       0.0.0.0/0            10.0.2.1        
    state NEW tcp dpt:8080
>     0     0 load_balancer_eth0  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
>     0     0 load_balancer_eth2  tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0
>     0     0 load_balancer_eth3  tcp  --  eth3   *       0.0.0.0/0            0.0.0.0/0
>    15   872 lb_stats   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination
>   118 28242 NETWORK_STATS_eth1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
>   118 28242 NETWORK_STATS  all  --  *      *       0.0.0.0/0            0.0.0.0/0
>   113 27942 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0       
    state RELATED,ESTABLISHED
>     4   240 ACCEPT     all  --  *      *       10.0.0.0/16         !10.0.0.0/16
>     0     0 ACL_INBOUND_eth3  all  --  *      eth3    0.0.0.0/0            10.0.2.0/24
>     1    60 ACL_INBOUND_eth2  all  --  *      eth2    0.0.0.0/0            10.0.1.0/24
> Chain OUTPUT (policy ACCEPT 7639 packets, 575K bytes)
>  pkts bytes target     prot opt in     out     source               destination
>  7639  575K NETWORK_STATS  all  --  *      *       0.0.0.0/0            0.0.0.0/0
> Chain ACL_INBOUND_eth2 (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0       
    tcp dpts:1:65535
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
> Chain ACL_INBOUND_eth3 (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
> Chain NETWORK_STATS (3 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0            all  --  eth0   eth2    0.0.0.0/0            0.0.0.0/0
>     0     0            all  --  eth2   eth0    0.0.0.0/0            0.0.0.0/0
>  6108  321K            tcp  --  !eth0  eth2    0.0.0.0/0            0.0.0.0/0
>  4593  284K            tcp  --  eth2   !eth0   0.0.0.0/0            0.0.0.0/0
> Chain NETWORK_STATS_eth1 (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>    63  7041            all  --  *      eth1    10.0.0.0/16          0.0.0.0/0
>    55 21201            all  --  eth1   *       0.0.0.0/0            10.0.0.0/16
> Chain lb_stats (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.147.47.5     
    state NEW tcp dpt:8081
> Chain load_balancer_eth0 (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.147.47.60    
    tcp dpt:22
> Chain load_balancer_eth2 (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.147.47.60    
    tcp dpt:22
> Chain load_balancer_eth3 (1 references)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.147.47.60    
    tcp dpt:22

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message