cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ignazio Cassano <ignaziocass...@gmail.com>
Subject Re: Problems with Security Groups over CloudStack 4.0.1 with XenServer 6.0.2 and Basic Zone
Date Fri, 05 Apr 2013 00:04:51 GMT
Ciao Sergio, I suggest using Advanced Zones instead of Basic.
I do not know very well CS4, but in previous versions Advanced zones have a
lot of features.
Ciao
Ignazio
PS (fammi sapere come  questa nuova versione)


2013/4/4 Sergio Tonani <sergio.tonani@csi.it>

> Hi all, I am trying CloudStack 4.0.1 with XenServer 6.0.2 in a Basic
> Zone...
> Security Groups does not work.
> I follow all the instructions of the manual. CSP is installed and host
> network
> work in bridge mode.
> I have another cluster with KVM that work fine.
>
> On XenServer host, CS don't write any ebtable's rules neither iptables. On
> KVM
> host ebtable and iptables rule are populated correctly.
>
> Log file management-server.log show these messages when i create a new
> instance
> in a security group:
>
> 2013-04-04 15:02:03,611 WARN [xen.resource.CitrixResourceBase]
> (DirectAgent-214:null) Host 10.102.90.3 cannot do bridge firewalling
> 2013-04-04 15:02:03,612 DEBUG [agent.manager.DirectAgentAttache]
> (DirectAgent-214:null) Seq 8-949355071: Response Received:
> 2013-04-04 15:02:03,612 DEBUG [agent.transport.Request]
> (DirectAgent-214:null)
> Seq 8-949355071: Processing: { Ans: , MgmtId: 218022145849384, via: 8,
> Ver: v1,
> Flags: 110,
>
> [{"SecurityGroupRuleAnswer":{"logSequenceNumber":1,"vmId":13,"reason":"CANNOT_BRIDGE_FIREWALL","result":false,"details":"Host
> 10.102.90.3 cannot do bridge firewalling","wait":0}}] }
> 2013-04-04 15:02:03,615 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Failed to program rule
> com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host
> 10.102.90.3
> cannot do bridge firewalling and updated jobs
> 2013-04-04 15:02:03,615 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Not retrying security group rules for vm 13 on
> failure
> since host 8 cannot do bridge firewalling
> 2013-04-04 15:02:03,617 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Failed to program rule
> com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host
> 10.102.90.3
> cannot do bridge firewalling and updated jobs
> 2013-04-04 15:02:03,617 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Not retrying security group rules for vm 13 on
> failure
> since host 8 cannot do bridge firewalling
>
> Where could I start to troubleshoot SecurityGroups on XenServer? Any
> suggestions?
>
>  __________________________________________________________________
>  Sergio Tonani
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message