Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 345E7200D22 for ; Sat, 21 Oct 2017 17:17:54 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 32CC7160BD5; Sat, 21 Oct 2017 15:17:54 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 249661609DF for ; Sat, 21 Oct 2017 17:17:52 +0200 (CEST) Received: (qmail 27357 invoked by uid 500); 21 Oct 2017 15:17:52 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 27346 invoked by uid 99); 21 Oct 2017 15:17:51 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Oct 2017 15:17:51 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id EE02718080A for ; Sat, 21 Oct 2017 15:17:50 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -2.302 X-Spam-Level: X-Spam-Status: No, score=-2.302 tagged_above=-999 required=6.31 tests=[RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id meMS9YnkFjQO for ; Sat, 21 Oct 2017 15:17:47 +0000 (UTC) Received: from mx2.heinlein-support.de (mx2.heinlein-support.de [91.198.250.20]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 025165FAC9 for ; Sat, 21 Oct 2017 15:17:46 +0000 (UTC) Received: from spamfilter02.heinlein-hosting.de (spamfilter02.heinlein-hosting.de [80.241.56.116]) by mx2.heinlein-support.de (Postfix) with ESMTP id 9C2B02FECE for ; Sat, 21 Oct 2017 17:17:40 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from mx2.heinlein-support.de ([91.198.250.20]) by spamfilter02.heinlein-hosting.de (spamfilter02.heinlein-hosting.de [91.198.250.170]) (amavisd-new, port 10024) with ESMTP id TF-TE85ZjOnS for ; Sat, 21 Oct 2017 17:17:38 +0200 (CEST) Received: from marchiv.heinlein-support.de (marchiv.heinlein-support.de [91.198.250.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.heinlein-support.de (Postfix) with ESMTPS for ; Sat, 21 Oct 2017 17:17:38 +0200 (CEST) Received: from MailAppDispatcher (localhost.localdomain [127.0.0.1]) by marchiv.heinlein-support.de (Postfix) with ESMTP id B70124814B for ; Sat, 21 Oct 2017 17:17:38 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by marchiv.heinlein-support.de (Postfix) with ESMTP id 76C1948151 for ; Sat, 21 Oct 2017 17:17:38 +0200 (CEST) X-Virus-Scanned: Heinlein Anti-Spam at mail-archiv Received: from marchiv.heinlein-support.de ([127.0.0.1]) by localhost (marchiv.heinlein-support.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YtQW_4WLpzip for ; Sat, 21 Oct 2017 17:17:37 +0200 (CEST) Received: from plasma6.jpberlin.de (plasma6.jpberlin.de [80.241.56.68]) by marchiv.heinlein-support.de (Postfix) with ESMTPS for ; Sat, 21 Oct 2017 17:17:37 +0200 (CEST) Received: from [10.0.40.150] (unknown [10.0.40.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: m.desaive@heinlein-support.de) by plasma.jpberlin.de (Postfix) with ESMTPSA id CB7E2B462E for ; Sat, 21 Oct 2017 17:17:36 +0200 (CEST) To: users@cloudstack.apache.org From: Melanie Desaive Subject: Redundant router looses VRRP service IP Message-ID: Date: Sat, 21 Oct 2017 17:17:35 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3uGGTvIIIU02qLAKtL85tTajPwhtGgT6N" X-Mailarchiv-ID: 3730767 archived-at: Sat, 21 Oct 2017 15:17:54 -0000 --3uGGTvIIIU02qLAKtL85tTajPwhtGgT6N Content-Type: multipart/mixed; boundary="XcRWsusTAONG2bJVk5uMEHHnDkhdUObUx"; protected-headers="v1" From: Melanie Desaive To: users@cloudstack.apache.org Message-ID: Subject: Redundant router looses VRRP service IP --XcRWsusTAONG2bJVk5uMEHHnDkhdUObUx Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi all, I am currently trying to set up an isolated Networks with redundant routers in CloudStack 4.9.2, but fail to solve a problem: Any time I start a virtual machine on the isolated network the virtual router in the master role looses its service IP on the internal network. A simple "service keepalived restart" fixes the IP setup. /var/log/cloud.log on the respective router shows messages, that suggest the IP is removed on purpose by the script "/opt/cloud/bin/cs/CsAddress.p= y". The portion in the log is: 2017-10-21 10:40:44,253 CsHelper.py execute:184 Executing: ip addr show dev eth0 2017-10-21 10:40:44,265 CsAddress.py is_guest_gateway:657 Checking if cidr is a gateway for rVPC. IP =3D=3D> 10.1.2.1/32 / device =3D=3D> eth0 2017-10-21 10:40:44,266 CsAddress.py is_guest_gateway:660 Interface has the following gateway =3D=3D> None 2017-10-21 10:40:44,277 CsAddress.py delete:676 Removed address 10.1.2.1/32 from device eth0 2017-10-21 10:40:44,278 CsAddress.py post_config_change:558 Not able to setup source-nat for a regular router yet After looking into CsAddress.py I have the impression, that the service IP is not in the pool of expected IPs for the machine and therefore deleted. Maybe I missed some configuration parameter, to let CloudStack know, that it should not remove the service IP? Can someone give some advice? Greetings, Melanie ----- Below some data from my configuration that might be helpful: The network from the API: melaniedesaive@HS-X201-03 [2001] $ cloudmonkey -p ocl-admin -d json list networks id=3D68198cf0-f61f-4dac-9d74-bfa21764717c projectid=3Dce960375-6fd2-4e00-add2-9c8a644a24b9 listall=3Dtrue { "count": 1, "network": [ { "acltype": "Account", "broadcastdomaintype": "Vlan", "broadcasturi": "vlan://580", "canusefordeploy": true, "cidr": "10.1.2.0/24", "displaynetwork": true, "displaytext": "Netz mit finalem Offering HA expliziter Gateway 2",= "dns1": "192.168.100.1", "dns2": "192.168.100.1", "domain": "Temp", "domainid": "0a092d9b-b055-4c2f-82e5-4bbd21706273", "gateway": "10.1.2.1", "id": "68198cf0-f61f-4dac-9d74-bfa21764717c", "ispersistent": false, "issystem": false, "name": "Netz mit finalem Offering HA expliziter Gateway 2", "netmask": "255.255.255.0", "networkdomain": "meltest.heinlein-intern.de", "networkofferingavailability": "Optional", "networkofferingconservemode": true, "networkofferingdisplaytext": "Offering for Isolated networks with Source Nat service enabled HA With redundant Routers", "networkofferingid": "4aa7e796-d3f0-4696-89ad-708b956ce9c5", "networkofferingname": "DefaultIsolatedNetworkOfferingWithSourceNatServiceHA", "physicalnetworkid": "f7a3527c-b5a9-4e04-9d15-5d22fe3c71f9", "project": "Mel Diverses", "projectid": "ce960375-6fd2-4e00-add2-9c8a644a24b9", "related": "68198cf0-f61f-4dac-9d74-bfa21764717c", "restartrequired": false, "service": [ { "capability": [ { "canchooseservicecapability": false, "name": "RedundantRouter", "value": "true" }, { "canchooseservicecapability": false, "name": "SupportedSourceNatTypes", "value": "peraccount" } ], "name": "SourceNat" }, { "name": "PortForwarding" }, { "capability": [ { "canchooseservicecapability": false, "name": "AllowDnsSuffixModification", "value": "true" } ], "name": "Dns" }, { "name": "StaticNat" }, { "name": "UserData" }, { "capability": [ { "canchooseservicecapability": false, "name": "VpnTypes", "value": "removeaccessvpn" }, { "canchooseservicecapability": false, "name": "SupportedVpnTypes", "value": "pptp,l2tp,ipsec" } ], "name": "Vpn" }, { "capability": [ { "canchooseservicecapability": false, "name": "MultipleIps", "value": "true" }, { "canchooseservicecapability": false, "name": "SupportedTrafficDirection", "value": "ingress, egress" }, { "canchooseservicecapability": false, "name": "SupportedProtocols", "value": "tcp,udp,icmp" }, { "canchooseservicecapability": false, "name": "TrafficStatistics", "value": "per public ip" }, { "canchooseservicecapability": false, "name": "SupportedEgressProtocols", "value": "tcp,udp,icmp, all" } ], "name": "Firewall" }, { "capability": [ { "canchooseservicecapability": false, "name": "SupportedStickinessMethods", "value": "[{\"methodname\":\"LbCookie\",\"paramlist\":[{\"paramname\":\"cookie-nam= e\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"descrip= tion\":\" \"},{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"descr= iption\":\" \"},{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"desc= ription\":\" \"},{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"desc= ription\":\" \"},{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,\"descr= iption\":\" \"}],\"description\":\"This is loadbalancer cookie based stickiness method.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[{\"paramname\":\"= cookie-name\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"descr= iption\":\" \"},{\"paramname\":\"holdtime\",\"required\":false,\"isflag\":false,\"des= cription\":\" \"},{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\= "description\":\" \"},{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"descri= ption\":\" \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"descrip= tion\":\" \"}],\"description\":\"This is App session based sticky method. Define session stickiness on an existing application cookie. It can be used only for a specific http traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[{\"paramname\":= \"tablesize\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"descr= iption\":\" \"}],\"description\":\"This is source based Stickiness method, it can be used for any type of protocol.\"}]" }, { "canchooseservicecapability": false, "name": "SupportedLbAlgorithms", "value": "roundrobin,leastconn,source" }, { "canchooseservicecapability": false, "name": "SupportedProtocols", "value": "tcp, udp, tcp-proxy" }, { "canchooseservicecapability": false, "name": "SupportedLBIsolation", "value": "dedicated" }, { "canchooseservicecapability": false, "name": "LbSchemes", "value": "Public" }, { "canchooseservicecapability": false, "name": "AutoScaleCounters", "value": "[{\"methodname\":\"cpu\",\"paramlist\":[]},{\"methodname\":\"memory\",\"= paramlist\":[]}]" } ], "name": "Lb" }, { "capability": [ { "canchooseservicecapability": false, "name": "DhcpAccrossMultipleSubnets", "value": "true" } ], "name": "Dhcp" } ], "specifyipranges": false, "state": "Implemented", "strechedl2subnet": false, "tags": [], "traffictype": "Guest", "type": "Isolated", "vlan": "580", "zoneid": "cefbe74a-c906-43b8-8f2e-511cf1a6751d", "zonename": "Office" } ] } The network in the database: mysql> select * from networks where name =3D "Netz mit finalem Offering H= A expliziter Gateway 2"\G; *************************** 1. row *************************** id: 264 name: Netz mit finalem Offering HA expliziter Gateway 2 uuid: 68198cf0-f61f-4dac-9d74-bfa21764717c display_text: Netz mit finalem Offering HA expliziter Gateway 2 traffic_type: Guest broadcast_domain_type: Vlan broadcast_uri: vlan://580 gateway: 10.1.2.1 cidr: 10.1.2.0/24 mode: Dhcp network_offering_id: 34 physical_network_id: 200 data_center_id: 1 guru_name: ExternalGuestNetworkGuru state: Implemented related: 264 domain_id: 3 account_id: 202 dns1: NULL dns2: NULL guru_data: NULL set_fields: 0 acl_type: Account network_domain: meltest.heinlein-intern.de reservation_id: a85287c5-fe6a-4027-9033-58e02374660d guest_type: Isolated restart_required: 0 created: 2017-10-21 11:20:10 removed: NULL specify_ip_ranges: 0 vpc_id: NULL ip6_gateway: NULL ip6_cidr: NULL network_cidr: NULL display_network: 1 network_acl_id: NULL streched_l2: 0 redundant: 1 1 row in set (0.00 sec) --=20 -- Heinlein Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. =C2=A735a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch=C3=A4ftsf=C3=BChrer: Peer Heinlein -- Sitz: Berlin --XcRWsusTAONG2bJVk5uMEHHnDkhdUObUx-- --3uGGTvIIIU02qLAKtL85tTajPwhtGgT6N Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ62UPAAoJECGMWoZ8sSF4TQwP/AikoU8ElpGrnhzz1sRtEWcG 1PA+86V2BQqlE1ES6CZMAg1UIfEHC3VF5Xu3DCfFlIp6erFsJcsCNvYC3Zna3mqq R7UouNS7ejikLpz26vw+W6XsF++QU2Emdg8yOzWKjnf6+5OJ/LeAeFv7016/csQi /QwwtoliMdrJDR9U3ZQPxg3fIJ3Ebj7xsjqnk58qM1Rb82vk1M7D2m+kABWLVGS7 1kW8igddgzwWZ/ECKgoOaldR3Fym1CTuxmnwxTP9CKkw3i6alPsVHRdqoif2wtYu Rfax1XBLS6rrokmDTk1cgVaIzANbcTlZZkI/jAZz9NllsplDgmr0bTzO4/Q+f1po giFwnRG3h07hs4kSMdlEawbRFlBAqgbaY4SRiscOrmkDomgmm2yW00UQVpBI8Dtw qMQLi9h8AJvtMi04dIN8QGaLf2A6/vXGWuS3/JJQ84qfaJG65CKuRJ3+0V/veeeU iQNWVmKZeUgmOwNxB793sGtPbhGLETPZpLGhxGOyEKfcIPP/dhwANgShxWHcN6dU 1Hnmqu/jPKVJleG/XbLkvC7IaEtYF1Eik2vUJOnmyd/RsUCAK2Cv/1PkOnZ31F4j tsdKPI8kNgHlZuN32JGN8sGaDa6qeufoy60f6u3gaZUqhRK1OuXOeNcT9SEjCnIM oNz0+5sPgGPVdC7PpHmB =dxcl -----END PGP SIGNATURE----- --3uGGTvIIIU02qLAKtL85tTajPwhtGgT6N--