cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jayapal Reddy Uradi <jayapalreddy.ur...@citrix.com>
Subject RE: Problems with Security Groups over CloudStack 4.0.1 with XenServer 6.0.2 and Basic Zone
Date Fri, 05 Apr 2013 05:33:37 GMT
Did you run the following command in xenserver as part of host setup ?
xe-switch-network-backend "bridge"

Thanks,
Jayapal
-----Original Message-----
From: Ignazio Cassano [mailto:ignaziocassano@gmail.com] 
Sent: Friday, 5 April 2013 5:35 AM
To: users@cloudstack.apache.org; Sergio Tonani
Subject: Re: Problems with Security Groups over CloudStack 4.0.1 with XenServer 6.0.2 and
Basic Zone

Ciao Sergio, I suggest using Advanced Zones instead of Basic.
I do not know very well CS4, but in previous versions Advanced zones have a lot of features.
Ciao
Ignazio
PS (fammi sapere come  questa nuova versione)


2013/4/4 Sergio Tonani <sergio.tonani@csi.it>

> Hi all, I am trying CloudStack 4.0.1 with XenServer 6.0.2 in a Basic 
> Zone...
> Security Groups does not work.
> I follow all the instructions of the manual. CSP is installed and host 
> network work in bridge mode.
> I have another cluster with KVM that work fine.
>
> On XenServer host, CS don't write any ebtable's rules neither 
> iptables. On KVM host ebtable and iptables rule are populated 
> correctly.
>
> Log file management-server.log show these messages when i create a new 
> instance in a security group:
>
> 2013-04-04 15:02:03,611 WARN [xen.resource.CitrixResourceBase]
> (DirectAgent-214:null) Host 10.102.90.3 cannot do bridge firewalling
> 2013-04-04 15:02:03,612 DEBUG [agent.manager.DirectAgentAttache]
> (DirectAgent-214:null) Seq 8-949355071: Response Received:
> 2013-04-04 15:02:03,612 DEBUG [agent.transport.Request]
> (DirectAgent-214:null)
> Seq 8-949355071: Processing: { Ans: , MgmtId: 218022145849384, via: 8,
> Ver: v1,
> Flags: 110,
>
> [{"SecurityGroupRuleAnswer":{"logSequenceNumber":1,"vmId":13,"reason":
> "CANNOT_BRIDGE_FIREWALL","result":false,"details":"Host
> 10.102.90.3 cannot do bridge firewalling","wait":0}}] }
> 2013-04-04 15:02:03,615 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Failed to program rule 
> com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host
> 10.102.90.3
> cannot do bridge firewalling and updated jobs
> 2013-04-04 15:02:03,615 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Not retrying security group rules for vm 13 on 
> failure since host 8 cannot do bridge firewalling
> 2013-04-04 15:02:03,617 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Failed to program rule 
> com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host
> 10.102.90.3
> cannot do bridge firewalling and updated jobs
> 2013-04-04 15:02:03,617 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Not retrying security group rules for vm 13 on 
> failure since host 8 cannot do bridge firewalling
>
> Where could I start to troubleshoot SecurityGroups on XenServer? Any 
> suggestions?
>
>  __________________________________________________________________
>  Sergio Tonani
>

Mime
View raw message