cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Axel Irriger" <irriger.a...@web.de>
Subject Cloudstack 4.0.1 single host installation -> no networking?
Date Sat, 13 Apr 2013 18:09:38 GMT
Hi everybody

 

I try to install CloudStack on Ubuntu 12.04 on a single host (as a test
installation) and I'm a bit stuck on networking.

 

Here's my setup:

                HP n40l

                1 NIC, DHCP'ed to 192.168.2.199

                Gateway and DNS 192.168.2.1 (my router)

A basic zone with the following IP ranges configured:

Guest IP ranges 192.168.2.60-192.168.2.70

Management IP range 192.168.2.50 - 192.168.2.59

Virtual router config is empty

Security groups setup is:
Ingress TCP 1-1024, UDP 1-1026, ICMP -1 -1. All with CIDR 0/0

 

I configured networking like this:

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

auto eth0

iface eth0 inet dhcp

# Public network

auto cloudbr0

iface cloudbr0 inet manual

    bridge_ports eth0.200

    bridge_fd 5

    bridge_stp off

    bridge_maxwait 1

# Private network

auto cloudbr1

iface cloudbr1 inet manual

    bridge_ports eth0.300

    bridge_fd 5

    bridge_stp off

    bridge_maxwait 1

 

My cloud agent configuration does look like this:

#Storage

#Wed Apr 10 18:18:19 CEST 2013

guest.network.device=cloudbr0

workers=5

private.network.device=cloudbr1

port=8250

resource=com.cloud.hypervisor.kvm.resource.LibvirtComputingResource

pod=1

zone=1

guid=b06aff50-b93c-3479-8f5c-16c2e621e197

public.network.device=cloudbr0

cluster=1

local.storage.uuid=98afc039-4cd8-4be1-b1eb-1d8a2d747753

domr.scripts.dir=scripts/network/domr/kvm

LibvirtComputingResource.id=5

host=192.168.2.199

 

Initially, with only the management server running, my iptables does look
like this:

 

Chain INPUT (policy ACCEPT 13259 packets, 1942K bytes)

pkts bytes target     prot opt in     out     source
destination

    0     0 ACCEPT     udp  --  virbr0 any     anywhere             anywhere
udp dpt:domain

    0     0 ACCEPT     tcp  --  virbr0 any     anywhere             anywhere
tcp dpt:domain

    0     0 ACCEPT     udp  --  virbr0 any     anywhere             anywhere
udp dpt:bootps

    0     0 ACCEPT     tcp  --  virbr0 any     anywhere             anywhere
tcp dpt:bootps

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target     prot opt in     out     source
destination

    0     0 ACCEPT     all  --  any    virbr0  anywhere
192.168.122.0/24     state RELATED,ESTABLISHED

    0     0 ACCEPT     all  --  virbr0 any     192.168.122.0/24     anywhere

    0     0 ACCEPT     all  --  virbr0 virbr0  anywhere             anywhere

    0     0 REJECT     all  --  any    virbr0  anywhere             anywhere
reject-with icmp-port-unreachable

    0     0 REJECT     all  --  virbr0 any     anywhere             anywhere
reject-with icmp-port-unreachable

 

Chain OUTPUT (policy ACCEPT 13141 packets, 1962K bytes)

pkts bytes target     prot opt in     out     source
destination

 

My ebtables config:

Bridge table: filter

 

Bridge chain: INPUT, entries: 0, policy: ACCEPT

 

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

 

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

 

Then, I start the cloud-agent. This leads to a zone getting enabled and two
system VMs being started. Now, ebtables still is completely empty.

Though, iptables now looks like this:

 

Chain INPUT (policy ACCEPT 23083 packets, 72M bytes)

pkts bytes target     prot opt in     out     source
destination

    0     0 ACCEPT     udp  --  virbr0 any     anywhere             anywhere
udp dpt:domain

    0     0 ACCEPT     tcp  --  virbr0 any     anywhere             anywhere
tcp dpt:domain

    0     0 ACCEPT     udp  --  virbr0 any     anywhere             anywhere
udp dpt:bootps

    0     0 ACCEPT     tcp  --  virbr0 any     anywhere             anywhere
tcp dpt:bootps

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target     prot opt in     out     source
destination

    0     0 BF-cloudbr0  all  --  any    cloudbr0  anywhere
anywhere             PHYSDEV match --physdev-is-bridged

    0     0 BF-cloudbr0  all  --  cloudbr0 any     anywhere
anywhere             PHYSDEV match --physdev-is-bridged

    0     0 DROP       all  --  any    cloudbr0  anywhere
anywhere

    0     0 DROP       all  --  cloudbr0 any     anywhere
anywhere

    0     0 BF-cloudbr1  all  --  any    cloudbr1  anywhere
anywhere             PHYSDEV match --physdev-is-bridged

    0     0 BF-cloudbr1  all  --  cloudbr1 any     anywhere
anywhere             PHYSDEV match --physdev-is-bridged

    0     0 DROP       all  --  any    cloudbr1  anywhere
anywhere

    0     0 DROP       all  --  cloudbr1 any     anywhere
anywhere

    0     0 ACCEPT     all  --  any    virbr0  anywhere
192.168.122.0/24     state RELATED,ESTABLISHED

    0     0 ACCEPT     all  --  virbr0 any     192.168.122.0/24     anywhere

    0     0 ACCEPT     all  --  virbr0 virbr0  anywhere             anywhere

    0     0 REJECT     all  --  any    virbr0  anywhere             anywhere
reject-with icmp-port-unreachable

    0     0 REJECT     all  --  virbr0 any     anywhere             anywhere
reject-with icmp-port-unreachable

 

Chain OUTPUT (policy ACCEPT 22646 packets, 75M bytes)

pkts bytes target     prot opt in     out     source
destination

 

Chain BF-cloudbr0 (2 references)

pkts bytes target     prot opt in     out     source
destination

    0     0 ACCEPT     all  --  any    any     anywhere             anywhere
state RELATED,ESTABLISHED

    0     0 BF-cloudbr0-IN  all  --  any    any     anywhere
anywhere             PHYSDEV match --physdev-is-in --physdev-is-bridged

    0     0 BF-cloudbr0-OUT  all  --  any    any     anywhere
anywhere             PHYSDEV match --physdev-is-out --physdev-is-bridged

    0     0 ACCEPT     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-out eth0.200 --physdev-is-bridged

 

Chain BF-cloudbr0-IN (1 references)

pkts bytes target     prot opt in     out     source
destination

    0     0 v-2-VM     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-in vnet2 --physdev-is-bridged

    0     0 s-1-VM     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-in vnet5 --physdev-is-bridged

 

Chain BF-cloudbr0-OUT (1 references)

pkts bytes target     prot opt in     out     source
destination

    0     0 v-2-VM     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-out vnet2 --physdev-is-bridged

    0     0 s-1-VM     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-out vnet5 --physdev-is-bridged

 

Chain BF-cloudbr1 (2 references)

pkts bytes target     prot opt in     out     source
destination

    0     0 ACCEPT     all  --  any    any     anywhere             anywhere
state RELATED,ESTABLISHED

    0     0 BF-cloudbr1-IN  all  --  any    any     anywhere
anywhere             PHYSDEV match --physdev-is-in --physdev-is-bridged

    0     0 BF-cloudbr1-OUT  all  --  any    any     anywhere
anywhere             PHYSDEV match --physdev-is-out --physdev-is-bridged

    0     0 ACCEPT     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-out eth0.300 --physdev-is-bridged

 

Chain BF-cloudbr1-IN (1 references)

pkts bytes target     prot opt in     out     source
destination

    0     0 v-2-VM     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-in vnet1 --physdev-is-bridged

    0     0 s-1-VM     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-in vnet4 --physdev-is-bridged

    0     0 s-1-VM     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-in vnet6 --physdev-is-bridged

 

Chain BF-cloudbr1-OUT (1 references)

pkts bytes target     prot opt in     out     source
destination

    0     0 v-2-VM     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-out vnet1 --physdev-is-bridged

    0     0 s-1-VM     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-out vnet4 --physdev-is-bridged

    0     0 s-1-VM     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-out vnet6 --physdev-is-bridged

 

Chain s-1-VM (6 references)

pkts bytes target     prot opt in     out     source
destination

    0     0 RETURN     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-in vnet4 --physdev-is-bridged

    0     0 RETURN     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-in vnet6 --physdev-is-bridged

    0     0 RETURN     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-in vnet5 --physdev-is-bridged

    0     0 ACCEPT     all  --  any    any     anywhere             anywhere

 

Chain v-2-VM (4 references)

pkts bytes target     prot opt in     out     source
destination

    0     0 RETURN     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-in vnet1 --physdev-is-bridged

    0     0 RETURN     all  --  any    any     anywhere             anywhere
PHYSDEV match --physdev-in vnet2 --physdev-is-bridged

    0     0 ACCEPT     all  --  any    any     anywhere             anywhere

 

If I check the system VMs in the dashboard, the secondary storage VM is
configured like this:

Public IP Address            

192.168.2.60

Private IP Address          

192.168.2.50

Link Local IP Adddress   

169.254.0.234

Host      

n40l

Gateway             

192.168.2.1

 

The console proxy vm is configured like this:

Public IP Address            

192.168.2.61

Private IP Address          

192.168.2.56

Link Local IP Adddress   

169.254.1.46

Host      

n40l

Gateway             

192.168.2.1

 

I can reach both VMs using link local IP address, but besides that the VMs
are completely isolated and can't talk to anything on the net or the host.

 

What am I doing wrong?

 

Best regards and thanks for your help,

 

Axel

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message