Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DB022180B2 for ; Thu, 28 Jan 2016 02:55:18 +0000 (UTC) Received: (qmail 41300 invoked by uid 500); 28 Jan 2016 02:55:17 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 41248 invoked by uid 500); 28 Jan 2016 02:55:17 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 41236 invoked by uid 99); 28 Jan 2016 02:55:16 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Jan 2016 02:55:16 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 4EF341A006A for ; Thu, 28 Jan 2016 02:55:16 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.346 X-Spam-Level: ** X-Spam-Status: No, score=2.346 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, RP_MATCHES_RCVD=-0.554, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=163.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id Lezb8EPNFtnL for ; Thu, 28 Jan 2016 02:55:03 +0000 (UTC) Received: from m50-135.163.com (m50-135.163.com [123.125.50.135]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTP id 0E04F20977 for ; Thu, 28 Jan 2016 02:54:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=x8HC3 e9TKt+gGC0HML8x2qLG7XTDEIrlOlyvHudHEB4=; b=X0Mq34CzeQc0ifT7gQhh3 cHDJgIPY2Zn51xEd8JxTZrdZOulernAHsm8U1a8U+bdPZttZGg1BqYuhif4+uMj4 8MvEGfQhLP/GzPz8DC0Az9RCmGC9W5xKrn03QTriOlRoySlb8XakP1aVKT5ou2JO 07gPyEDwN91psPGOdswhpk= Received: from MaorDesktop (unknown [114.252.41.228]) by smtp5 (Coremail) with SMTP id D9GowACHkgDWgqlWcw8rAQ--.6681S2; Thu, 28 Jan 2016 10:54:15 +0800 (CST) From: "Rui Mao" To: Subject: Cannot see second storage, might be iptable issue inside Secondary Storage VM? Date: Thu, 28 Jan 2016 10:46:38 +0800 Message-ID: <023401d15976$1d21c360$57654a20$@163.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0235_01D159B9.2B4A81A0" X-Mailer: Microsoft Outlook 15.0 Thread-Index: AdFZdgsd1m28oUPTS4qpGGz+P5uuEA== Content-Language: zh-cn X-CM-TRANSID: D9GowACHkgDWgqlWcw8rAQ--.6681S2 X-Coremail-Antispam: 1Uf129KBjvJXoW3XrW8Xr17JFWUKryfCw4xCrg_yoWfCw43pF Z8GF1Iyr1093yvqr4rJ3s8JFsxWw1Sqws8XFyaqa45AFZ0gF4rZr1YkFZrArZxKayjyry7 CF15ArWxAwn3W3JanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jnBM_UUUUU= X-Originating-IP: [114.252.41.228] X-CM-SenderInfo: xpdr23vlsnqiywtou0bp/1tbiRRn9zlWBOpuaDgAAsO ------=_NextPart_000_0235_01D159B9.2B4A81A0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, Initially after I installed a very basic CloudStack 4.7 setup with CentOS 7. I could see the secondary storage with capacity. But after a while which I'm not sure how long, I couldn't see it. I tried ssh into the Secondary Storage VM, used ssvm_check.sh to check status, and found DNS resolve was not working. I also checked iptable rules, and it seemed not right here. And more the list was increasing with time. I'm not sure if this is the root cause of secondary storage failure, but it definitely not right. root@s-2-VM:~# /usr/local/cloud/systemvm/ssvm-check.sh ================================================ First DNS server is 10.1.0.11 PING 10.1.0.11 (10.1.0.11): 48 data bytes 56 bytes from 10.1.0.11: icmp_seq=0 ttl=127 time=91.364 ms 56 bytes from 10.1.0.11: icmp_seq=1 ttl=127 time=0.694 ms --- 10.1.0.11 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.694/46.029/91.364/45.335 ms Good: Can ping DNS server ================================================ ERROR: DNS not resolving download.cloud.com resolv.conf follows nameserver 10.1.0.11 nameserver 10.1.0.16 nameserver 10.1.0.11 nameserver 10.1.0.16 root@s-2-VM:~# iptables --list Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere tcp dpt:10086 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP icmp -- anywhere anywhere icmp timestamp-request ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable Chain HTTP (0 references) target prot opt source destination Best regards, Rui Mao ------=_NextPart_000_0235_01D159B9.2B4A81A0--