cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Marshall <jms....@hotmail.co.uk>
Subject Re: Not able to access the vm from outside network
Date Thu, 28 Feb 2019 19:42:09 GMT
Is this after you migrated the VM to another compute node ?

It looks suspiciously like the issue I saw ie. I was using advanced networking with security
groups and the security policy for the VM was not migrated to the new compute node.

There is a bug filed for it and a workaround -

https://github.com/apache/cloudstack/issues/3088

the fix is in the comments but basically you need to need to edit this file - "/usr/share/cloudstack-common/scripts/vm/network/security_group.py"

and change line 490 from -

 if ips[0] == "0":

to -

if len(ips) == 0 or ips[0] == "0":

and that should fix it.

The will be included in CS v4.11.3

Jon


________________________________
From: soundar rajan <bsoundarajan@gmail.com>
Sent: 28 February 2019 13:52
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Not able to access the vm from outside network

Hi,

VM outbound is working fine. Inbound is not  not able to access from
outside network

Error Log
2019-02-28 18:12:25,112 - Failed to network rule !
Traceback (most recent call last):
  File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py",
line 995, in add_network_rules
    default_network_rules(vmName, vm_id, vm_ip, vm_ip6, vmMac, vif, brname,
sec_ips)
  File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py",
line 490, in default_network_rules
    if ips[0] == "0":
IndexError: list index out of range
2019-02-28 18:13:16,635 - Executing command: cleanup_rules
2019-02-28 18:13:16,645 -  Vms on the host : ['i-2-40-VM', 'i-2-90-VM',
'i-2-112-VM']
2019-02-28 18:13:16,645 - iptables-save | grep -P '^:(?!.*-(def|eg))' | awk
'{sub(/^:/, "", $1) ; print $1}' | sort | uniq
2019-02-28 18:13:16,671 -  iptables chains in the host :['BF-cloudbr0',
'BF-cloudbr0-IN', 'BF-cloudbr0-OUT', 'FORWARD', 'i-2-112-VM', 'i-2-40-VM',
'i-2-90-VM', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING', '']
2019-02-28 18:13:16,672 - grep -E '^ebtable_' /proc/modules | cut -f1 -d' '
| sed s/ebtable_//
2019-02-28 18:13:16,693 - ebtables -t nat -L | awk '/chain:/ {
gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
2019-02-28 18:13:16,716 - ebtables -t filter -L | awk '/chain:/ {
gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
2019-02-28 18:13:16,738 -  ebtables chains in the host: ['FORWARD,',
'INPUT,', 'OUTPUT,', '']
2019-02-28 18:13:16,739 - Cleaned up rules for 0 chains
2019-02-28 18:13:23,959 - Executing command: get_rule_logs_for_vms

It happens to particular vm

Please help..

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message