cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rui Mao" <maoru...@163.com>
Subject Cannot see second storage, might be iptable issue inside Secondary Storage VM?
Date Thu, 28 Jan 2016 02:46:38 GMT
Hi,

 

Initially after I installed a very basic CloudStack 4.7 setup with CentOS 7.
I could see the secondary storage with capacity. But after a while which I'm
not sure how long, I couldn't see it. I tried ssh into the Secondary Storage
VM, used ssvm_check.sh to check status, and found DNS resolve was not
working. I also checked iptable rules, and it seemed not right here. And
more the list was increasing with time.

 

I'm not sure if this is the root cause of secondary storage failure, but it
definitely not right.

 

root@s-2-VM:~# /usr/local/cloud/systemvm/ssvm-check.sh

================================================

First DNS server is  10.1.0.11

PING 10.1.0.11 (10.1.0.11): 48 data bytes

56 bytes from 10.1.0.11: icmp_seq=0 ttl=127 time=91.364 ms

56 bytes from 10.1.0.11: icmp_seq=1 ttl=127 time=0.694 ms

--- 10.1.0.11 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.694/46.029/91.364/45.335 ms

Good: Can ping DNS server

================================================

ERROR: DNS not resolving download.cloud.com

resolv.conf follows

nameserver 10.1.0.11

nameserver 10.1.0.16

nameserver 10.1.0.11

nameserver 10.1.0.16

 

root@s-2-VM:~# iptables --list

Chain INPUT (policy DROP)

target     prot opt source               destination         

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10086

ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere            

DROP       icmp --  anywhere             anywhere             icmp
timestamp-request

ACCEPT     icmp --  anywhere             anywhere            

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:3922

 

Chain FORWARD (policy DROP)

target     prot opt source               destination         

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:http reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere             state NEW tcp
dpt:https reject-with icmp-port-unreachable

 

Chain HTTP (0 references)

target     prot opt source               destination         

 

 

 

Best regards,

Rui Mao

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message