cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edward Valencia <edwa...@redapt.com>
Subject Host cannot do bridge firewalling
Date Fri, 25 Jan 2013 22:46:49 GMT

Hi all, 

Im seeing the following problem in my CloudStack deployment with SecurityGroup pushes to XenServer
when a new virtual instance is created. Here is the software stack that I'm running:

CloudPlatform: cloud-server-3.0.5-2
XenServer:  XenServer release 6.0.2-53456p (xenenterprise)
Patches Installed: XS602E001 - XS602E008

root@node-00 rules.d]# cat /etc/xensource/network.conf 
bridge


Here is the output from the management-server.log on CloudPlatform, any ideas would be helpful,
thanks in advanced!

2013-01-25 14:43:57,871 DEBUG [cloud.vm.VirtualMachineManagerImpl] (Job-Executor-6:job-86)
Start completed for VM VM[User|alrt-tst]
2013-01-25 14:43:57,878 DEBUG [network.security.SecurityGroupManagerImpl] (SecGrp-Worker-2:null)
SecurityGroupManager v2: sending ruleset update for vm i-2-29-VM:ingress num rules=2:egress
num rules=0 num cidrs=3 sig=bb788361bdf82b82661a293c02898435
2013-01-25 14:43:57,880 DEBUG [agent.transport.Request] (SecGrp-Worker-2:null) Seq 1-279511732:
Sending  { Cmd , MgmtId: 29020505352127, via: 1, Ver: v1, Flags: 100111, [{"SecurityGroupRulesCmd":{"guestIp":"10.4.103.237","vmName":"i-2-29-VM","guestMac":"06:ed:4c:00:04:21","signature":"bb788361bdf82b82661a293c02898435","seqNum":2,"vmId":29,"msId":29020505352127,"ingressRuleSet":[{"proto":"tcp","startPort":3306,"endPort":3306},{"proto":"tcp","startPort":4000,"endPort":4000}],"egressRuleSet":[],"wait":0}}]
}
2013-01-25 14:43:57,880 DEBUG [agent.transport.Request] (SecGrp-Worker-2:null) Seq 1-279511732:
Executing:  { Cmd , MgmtId: 29020505352127, via: 1, Ver: v1, Flags: 100111, [{"SecurityGroupRulesCmd":{"guestIp":"10.4.103.237","vmName":"i-2-29-VM","guestMac":"06:ed:4c:00:04:21","signature":"bb788361bdf82b82661a293c02898435","seqNum":2,"vmId":29,"msId":29020505352127,"ingressRuleSet":[{"proto":"tcp","startPort":3306,"endPort":3306},{"proto":"tcp","startPort":4000,"endPort":4000}],"egressRuleSet":[],"wait":0}}]
}
2013-01-25 14:43:57,880 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-23:null) Seq
1-279511732: Executing request
2013-01-25 14:43:57,890 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-6:job-86) Complete
async job-86, jobStatus: 1, resultCode: 0, result: com.cloud.api.response.UserVmResponse@5fc68827
2013-01-25 14:43:57,912 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-6:job-86) Done
executing com.cloud.api.commands.StartVMCmd for job-86
2013-01-25 14:43:57,966 WARN  [xen.resource.CitrixResourceBase] (DirectAgent-23:null) Host
10.1.100.16 cannot do bridge firewalling
2013-01-25 14:43:57,966 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-23:null) Seq
1-279511732: Response Received: 
2013-01-25 14:43:57,966 DEBUG [agent.transport.Request] (DirectAgent-23:null) Seq 1-279511732:
Processing:  { Ans: , MgmtId: 29020505352127, via: 1, Ver: v1, Flags: 110, [{"SecurityGroupRuleAnswer":{"logSequenceNumber":2,"vmId":29,"reason":"CANNOT_BRIDGE_FIREWALL","result":false,"details":"Host
10.1.100.16 cannot do bridge firewalling","wait":0}}] }
2013-01-25 14:43:57,968 DEBUG [network.security.SecurityGroupListener] (DirectAgent-23:null)
Failed to program rule com.cloud.agent.api.SecurityGroupRuleAnswer into host 1 due to Host
10.1.100.16 cannot do bridge firewalling and updated  jobs
2013-01-25 14:43:57,968 DEBUG [network.security.SecurityGroupListener] (DirectAgent-23:null)
Not retrying security group rules for vm 29 on failure since host 1 cannot do bridge firewalling
2013-01-25 14:43:57,970 DEBUG [network.security.SecurityGroupListener] (DirectAgent-23:null)
Failed to program rule com.cloud.agent.api.SecurityGroupRuleAnswer into host 1 due to Host
10.1.100.16 cannot do bridge firewalling and updated  jobs
2013-01-25 14:43:57,970 DEBUG [network.security.SecurityGroupListener] (DirectAgent-23:null)
Not retrying security group rules for vm 29 on failure since host 1 cannot do bridge firewalling
2013-01-25 14:43:57,970 DEBUG [agent.manager.AgentAttache] (DirectAgent-23:null) Seq 1-279511732:
No more commands found


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message