cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <chirade...@gmail.com>
Subject Re: Accessing Virtual Instances from other systems on the same subnet
Date Thu, 06 Apr 2017 20:44:10 GMT
If you are using basic zone then you have to add rules to your security
groups to allow traffic between VMs. Everything is denied by default.
http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.9/networking/security_groups.html

On Thu, Apr 6, 2017 at 1:25 PM, Rafael Weingärtner <
rafaelweingartner@gmail.com> wrote:

> Unless I am mistaken, ACS should be configuring these things.
> I have never played much with KVM, so maybe some other guys can jump in as
> well.
>
> Do you have a user in ACS slack channel? You may find more prompt answers
> there
>
> On Thu, Apr 6, 2017 at 4:22 PM, Muhammad Adeel Zahid <16030053@lums.edu.pk
> >
> wrote:
>
> > Bingo! When I turn off the firewall of the "host" carrying the VM, I can
> > ping and ssh into the VM. It means I will have to add some rules to the
> > iptables but I don't know exactly what those rules would look like. Can
> you
> > please help me
> >
> > ________________________________
> > From: Muhammad Adeel Zahid
> > Sent: Friday, April 7, 2017 1:18:06 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: Accessing Virtual Instances from other systems on the same
> > subnet
> >
> >
> > One more thing. The default template just downloaded. But the same
> result.
> > I can ping my instance VM's from the "host" they are running on but not
> > from any other machine. I will repeat the steps you told and will get
> back
> > to you.
> >
> > ________________________________
> > From: Rafael Weingärtner <rafaelweingartner@gmail.com>
> > Sent: Friday, April 7, 2017 1:08:47 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: Accessing Virtual Instances from other systems on the same
> > subnet
> >
> > Well, if that is the case, I would do the following while pinging from
> the
> > outside world:
> >
> >    - tcpdump inside these problematic VMs to check if they can see ping
> >    packets;
> >    - If they cannot, I would check iptables rules (iptables -L) on both
> VMs
> >    and hosts;
> >    - Then, I would check the tcpdump also on a host where the VMs are
> >    running to see if the packets are at least getting into the host.
> >    - I would also check the arp table of your client PC (just in case)
> >
> >
> > On Thu, Apr 6, 2017 at 4:02 PM, Muhammad Adeel Zahid <
> 16030053@lums.edu.pk
> > >
> > wrote:
> >
> > > I tried it both way. I ran VMs on the same systems and I also ran VMs
> on
> > a
> > > system different than system VMs but the result is same.
> > >
> > > ________________________________
> > > From: Rafael Weingärtner <rafaelweingartner@gmail.com>
> > > Sent: Friday, April 7, 2017 12:58:33 AM
> > > To: users@cloudstack.apache.org
> > > Subject: Re: Accessing Virtual Instances from other systems on the same
> > > subnet
> > >
> > > Are these users VMs running on the same server as the system vms?
> > >
> > > On Thu, Apr 6, 2017 at 3:54 PM, Muhammad Adeel Zahid <
> > 16030053@lums.edu.pk
> > > >
> > > wrote:
> > >
> > > > ah, my bad, I meant one server running both cloudstack-management and
> > kvm
> > > > and another server running kvm alone. Both are physical machines.
> > > >
> > > > ________________________________
> > > > From: Rafael Weingärtner <rafaelweingartner@gmail.com>
> > > > Sent: Friday, April 7, 2017 12:51:42 AM
> > > > To: users@cloudstack.apache.org
> > > > Subject: Re: Accessing Virtual Instances from other systems on the
> same
> > > > subnet
> > > >
> > > > I did not understand what you mean by "a server running management
> > studio
> > > > and KVM"
> > > >
> > > > On Thu, Apr 6, 2017 at 3:48 PM, Muhammad Adeel Zahid <
> > > 16030053@lums.edu.pk
> > > > >
> > > > wrote:
> > > >
> > > > > Yes, I added the basic zone. I have one server running the
> management
> > > > > studio and KVM both and another machine running kvm alone.
> > > > >
> > > > > ________________________________
> > > > > From: Rafael Weingärtner <rafaelweingartner@gmail.com>
> > > > > Sent: Friday, April 7, 2017 12:23:50 AM
> > > > > To: users@cloudstack.apache.org
> > > > > Subject: Re: Accessing Virtual Instances from other systems on the
> > same
> > > > > subnet
> > > > >
> > > > > Hmm, it should not be a problem just because you are using a ISO
> > based
> > > > VM.
> > > > > Have you tried to instantiate the VM using the CentOS template that
> > > comes
> > > > > with ACS?
> > > > > These KVM servers you are using, are they real servers or VMs?
> > > > >
> > > > > If you followed (
> > > > > http://docs.cloudstack.apache.org/projects/cloudstack-
> > > > > installation/en/4.9/qig.html),
> > > > > then you have deployed a basic zone.
> > > > >
> > > > > On Thu, Apr 6, 2017 at 3:16 PM, Muhammad Adeel Zahid <
> > > > 16030053@lums.edu.pk
> > > > > >
> > > > > wrote:
> > > > >
> > > > > > Hi Rafael,
> > > > > >
> > > > > >
> > > > > > Thanks for reaching out. I am not sure about traffic labeling
and
> > > rest
> > > > of
> > > > > > the stuff. I have just setup the basic installation using this
> > > tutorial
> > > > > > http://docs.cloudstack.apache.org/projects/cloudstack-
> > > > > > installation/en/4.9/qig.html and haven't explicitly set anything
> > that
> > > > is
> > > > > > not in the tutorial. About the IP addresses of VM's. Yes, they
> seem
> > > to
> > > > > have
> > > > > > a single IP (ifconfig). Please note that I am creating VM's
from
> > > cenots
> > > > > 6.8
> > > > > > minimal ISO image that I intend to use later as template. Does
> that
> > > > > create
> > > > > > the problem?
> > > > > >
> > > > > >
> > > > > > Adeel
> > > > > >
> > > > > >
> > > > > > ________________________________
> > > > > > From: Rafael Weingärtner <rafaelweingartner@gmail.com>
> > > > > > Sent: Friday, April 7, 2017 12:05:15 AM
> > > > > > To: users@cloudstack.apache.org
> > > > > > Subject: Re: Accessing Virtual Instances from other systems
on
> the
> > > same
> > > > > > subnet
> > > > > >
> > > > > > I asked a clarification because anything is a VM/instance (system
> > and
> > > > > > users), I wanted to know if the VMs without access were either
a
> > > system
> > > > > VM
> > > > > > (VR, SSVM, CVM or others) or a user VM.
> > > > > > Well, what is your setup? Are you using basic network where
the
> > > public
> > > > IP
> > > > > > is assigned directly to users VMs?
> > > > > >
> > > > > > I asked you about the traffic label you are using for the public
> > > > network.
> > > > > > System VMs get IPs on management and public networks. The SSVM
> has
> > > also
> > > > > an
> > > > > > IP on storage network. So, it seems that everything is fine
with
> > your
> > > > > > public networks, not so sure about the rest.VMs get an IP on
> Guest
> > > > > network.
> > > > > > The basic zone setup you will set the Guest IP as the public
> > network
> > > > > (with
> > > > > > external access). Do these VMs have only a single IP?
> > > > > >
> > > > > > On Thu, Apr 6, 2017 at 2:57 PM, Muhammad Adeel Zahid <
> > > > > 16030053@lums.edu.pk
> > > > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > Specifically, by instances I mean the following
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > I think, you people call it instance VM's or just VM's.
 You
> can
> > > see
> > > > > that
> > > > > > > my instance VM's has addressed 10.0.0.124 & 10.0.0.141
> > > respectively.
> > > > I
> > > > > > can
> > > > > > > access or ping them from the host they are running on but
I
> > cannot
> > > > > access
> > > > > > > or ping them from any other machine on the same network
i.e
> > > > > 10.0.0.0/24.
> > > > > > >
> > > > > > > On the other hand there are system VMs like Primary storage
and
> > > > > secondary
> > > > > > > storage VM's as shown in figure below.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > I can access or ping these VM's using their public IP address
> > from
> > > > any
> > > > > of
> > > > > > > the systems on the same subnet (be they part of cloudstack
> > > > installation
> > > > > > or
> > > > > > > not). Now my question is, how I can access/ping my instance
> VM's
> > > from
> > > > > any
> > > > > > > system in the same subnet i.e 10.0.0.0/24?
> > > > > > >
> > > > > > >
> > > > > > > Hope that clarifies the question
> > > > > > >
> > > > > > >
> > > > > > > ------------------------------
> > > > > > > *From:* Muhammad Adeel Zahid <16030053@lums.edu.pk>
> > > > > > > *Sent:* Thursday, April 6, 2017 6:05:57 PM
> > > > > > >
> > > > > > > *To:* users@cloudstack.apache.org
> > > > > > > *Subject:* Re: Accessing Virtual Instances from other systems
> on
> > > the
> > > > > same
> > > > > > > subnet
> > > > > > >
> > > > > > > by instances I mean what cloudstack management server calls
> > > > instances.
> > > > > I
> > > > > > > have followed the sample guide to install cloudstack management
> > and
> > > > KVM
> > > > > > on
> > > > > > > two separate machines and got no error during the installation.
> > > > > > >
> > > > > > > ________________________________
> > > > > > > From: Rafael Weingärtner <rafaelweingartner@gmail.com>
> > > > > > > Sent: Thursday, April 6, 2017 5:21:53 PM
> > > > > > > To: users@cloudstack.apache.org
> > > > > > > Subject: Re: Accessing Virtual Instances from other systems
on
> > the
> > > > same
> > > > > > > subnet
> > > > > > >
> > > > > > > What is your setup?
> > > > > > > What do you mean by instances? User VMs?
> > > > > > > I am assuming you are talking about the public IP. Did
you set
> > the
> > > > name
> > > > > > of
> > > > > > > the public bridge properly (interface where the public
traffic
> > > goes)?
> > > > > > >
> > > > > > > On Thu, Apr 6, 2017 at 6:44 AM, Muhammad Adeel Zahid <
> > > > > > 16030053@lums.edu.pk
> > > > > > > >
> > > > > > > wrote:
> > > > > > >
> > > > > > > > Hi Guys,
> > > > > > > >
> > > > > > > >
> > > > > > > > I have setup cloudstack management and hpyervisor
(KVM) on
> > > machine
> > > > 1
> > > > > > and
> > > > > > > > machine 2 respectively. I am successfully able to
ping the
> > > > instances
> > > > > > from
> > > > > > > > hypervisor machine (machine 2) but I can't ping it
from any
> of
> > > the
> > > > > > other
> > > > > > > > machines on the same subnet. Why is that?  How can
I make it
> > > work?
> > > > > > > >
> > > > > > > >
> > > > > > > > Another observation is that I can ping secondary storage
and
> > > > primary
> > > > > > > > storage vm's from any system on the same subnet without
any
> > extra
> > > > > > > > configuration. Can I have similar configuration-free
setup
> from
> > > > > virtual
> > > > > > > > instances? If not, what else I have to do to ping/access
> > virtual
> > > > > > > instances
> > > > > > > > from other machines in the same subnet.
> > > > > > > >
> > > > > > > >
> > > > > > > > Regards
> > > > > > > >
> > > > > > > > Adeel
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Rafael Weingärtner
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Rafael Weingärtner
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Rafael Weingärtner
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Rafael Weingärtner
> > > >
> > >
> > >
> > >
> > > --
> > > Rafael Weingärtner
> > >
> >
> >
> >
> > --
> > Rafael Weingärtner
> >
>
>
>
> --
> Rafael Weingärtner
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message