incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lu Heng <h...@anytimechinese.com>
Subject Re: Config public network without VLAN(error:no route to the host)
Date Wed, 13 Jun 2012 00:31:45 GMT
Hi

Thanks for reply. I just added an ISO with following URL

http://mirror.stanford.edu/yum/pub/centos/6.2/isos/x86_64/CentOS-6.2-x86_64-LiveDVD.iso

It still shows no route to host, and for the default template(centos 5.6),
I saw the download complete when I do the preparation for secondary storage.

On Wed, Jun 13, 2012 at 2:24 AM, Frank Zhang <Frank.Zhang@citrix.com> wrote:

> Sorry for misleading before. The "no route to host" means CloudStack fail
> to download template to secondary storage because it cannot access the URL
> of template.
>
>
> >>It does download successfully during the setup.
> So you have seen it's state in Ready sometimes before? And then it changed
> to "No route to host"?
> Emm this sounds weird to me. once the template is downloaded to secondary
> storage successfully, its state changes to Ready permanently in database.
> Is the centos template you mentioned the builtin template automatically
> downloaded by CloudStack after SSVM is running?
> Have you tried wget in SSVM?
>
> >>And I have pasted the traffic rule on last Email, the both port are open.
>
> And If I mount the secondary storage to the SSVM, and write on it, there
> is no error with "no route to host"
> On Wed, Jun 13, 2012 at 2:13 AM, Frank Zhang <Frank.Zhang@citrix.com>
> wrote:
> > Hi
> >
> > please refer to my reply
> >
> > "The first template(the centos template in which already downloaded
> during
> > preparation) is not even working, it also shows "no route to the host""
> No that means it didn't download successfully.  Login SSVM, try
> downloading the template you want by wget.
> You should face the problem of "no route to host", as aforementioned,
> there is some firewall rules blocking the traffic.
> Given the default centos failed to download, I suspect your 443 port or 80
> port to public network is blocked.
>
> >
> > On Wed, Jun 13, 2012 at 1:57 AM, Chiradeep Vittal <
> > Chiradeep.Vittal@citrix.com> wrote:
> >
> > > Because it results in the suppression of the initial ARP request to
> > > the gateway. This is how the Linux network stack reports an ARP issue.
> > >
> > > --
> > > Chiradeep
> > >
> > > On Jun 12, 2012, at 16:31, "David Nalley" <david@gnsa.us> wrote:
> > >
> > > >
> > > >
> > > >
> > > >
> > > > On Jun 12, 2012, at 7:09 PM, Chiradeep Vittal <
> > > Chiradeep.Vittal@citrix.com> wrote:
> > > >
> > > >> You might need to add the host ip of the web server where the
> > > >> templates are hosted to "secstorage.allowed.internal.sites" in the
> > > >> global configuration.
> > > >
> > > > Why would lack of this result in no route to host. Firewall issues
> > > > would
> > > die silently without that error. It isn't even trying.
> > > >
> > > >
> > > >>
> > > >> On 6/12/12 3:50 PM, "Lu Heng" <h.lu@anytimechinese.com> wrote:
> > > >>
> > > >>> Hi
> > > >>>
> > > >>> Thanks for reply
> > > >>>
> > > >>> First, the SSVM can mount the secondary storage, and the
> > > >>> ssvm-check.sh
> > > is
> > > >>> passed without error. the "no route to the host" problem still
> exsits.
> > > >>>
> > > >>> second, what should we fill in the vlan in the public network
> > > >>> setup
> > > while
> > > >>> the IP is simply in the access port?
> > > >>>
> > > >>> and the iptable rule on the ssvm host:
> > > >>> Chain INPUT (policy ACCEPT)
> > > >>> target     prot opt source               destination
> > > >>> ACCEPT     gre  --  anywhere             anywhere
> > > >>> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> > > >>>
> > > >>> Chain FORWARD (policy ACCEPT)
> > > >>> target     prot opt source               destination
> > > >>> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> > > >>>
> > > >>> Chain OUTPUT (policy ACCEPT)
> > > >>> target     prot opt source               destination
> > > >>>
> > > >>> Chain RH-Firewall-1-INPUT (2 references)
> > > >>> target     prot opt source               destination
> > > >>> ACCEPT     tcp  --  anywhere             anywhere            tcp
> > > >>> dpts:5900:6099
> > > >>> ACCEPT     all  --  anywhere             anywhere
> > > >>> ACCEPT     icmp --  anywhere             anywhere            icmp
> any
> > > >>> ACCEPT     esp  --  anywhere             anywhere
> > > >>> ACCEPT     ah   --  anywhere             anywhere
> > > >>> ACCEPT     udp  --  anywhere             224.0.0.251         udp
> > > dpt:mdns
> > > >>> ACCEPT     udp  --  anywhere             anywhere            udp
> > > dpt:ipp
> > > >>> ACCEPT     tcp  --  anywhere             anywhere            tcp
> > > dpt:ipp
> > > >>> ACCEPT     udp  --  anywhere             anywhere            udp
> > > >>> dpt:bootps
> > > >>> ACCEPT     all  --  anywhere             anywhere            state
> > > >>> RELATED,ESTABLISHED
> > > >>> ACCEPT     udp  --  anywhere             anywhere            state
> NEW
> > > udp
> > > >>> dpt:ha-cluster
> > > >>> ACCEPT     tcp  --  anywhere             anywhere            state
> NEW
> > > tcp
> > > >>> dpt:ssh
> > > >>> ACCEPT     tcp  --  anywhere             anywhere            state
> NEW
> > > tcp
> > > >>> dpt:http
> > > >>> ACCEPT     tcp  --  anywhere             anywhere            state
> NEW
> > > tcp
> > > >>> dpt:https
> > > >>> REJECT     all  --  anywhere             anywhere
> > >  reject-with
> > > >>> icmp-host-prohibited
> > > >>>
> > > >>> Output of ip route on ssvm:
> > > >>>
> > > >>> 204.13.152.2 via 46.136.128.1 dev eth1
> > > >>> 10.2.0.0/24 dev eth3  proto kernel  scope link  src 10.2.0.189
> > > >>> 123.123.123.0/24 dev eth1  proto kernel  scope link  src
> > > >>> 123.123.123.9
> > > >>> 111.111.111.0/24 dev eth2  proto kernel  scope link  src
> > > 111.111.111.18
> > > >>> 169.254.0.0/16 dev eth0  proto kernel  scope link  src
> > > >>> 169.254.2.83 default via 46.136.132.1 dev eth2
> > > >>>
> > > >>> On Wed, Jun 13, 2012 at 12:42 AM, Frank Zhang
> > > >>> <Frank.Zhang@citrix.com>wrote:
> > > >>>
> > > >>>>
> > > >>>>
> > > >>>>> Hi
> > > >>>>>
> > > >>>>> We have following setup
> > > >>>>>
> > > >>>>> management network(public IP range, 123.123.123.0/24)
storage
> > > >>>>> network(private IP range 10.2.0.0/24) public network(public
IP
> > > >>>>> range
> > > >>>>> 111.111.111.0/24)
> > > >>>>>
> > > >>>>> 1 CP
> > > >>>>> 1 Nic on management network
> > > >>>>> 1 Nic on storage network
> > > >>>>>
> > > >>>>> 2*Host
> > > >>>>> 1 Nic on management network
> > > >>>>> 1 Nic on storage network
> > > >>>>> 1 Nic on public network
> > > >>>>>
> > > >>>>> 1 storage
> > > >>>>> 1 Nic on management network
> > > >>>>> 1 nic on storage network
> > > >>>>>
> > > >>>>> Management server has an NFS share which mounted on the
> > storage
> > > >>>>> network as secondary storage.
> > > >>>>>
> > > >>>>> So two questions:
> > > >>>>>
> > > >>>>> 1. for the public network, there is no vlan setup, the
IP is
> > > >>>>> direct
> > > >>>> routed to
> > > >>>>> both host server(they are on access point), the question
is,
> > > >>>>> while I
> > > >>>> config the
> > > >>>>> public network and guest network, it always ask for vlan
number,
> > > >>>> which we
> > > >>>>> don't have.
> > > >>>>
> > > >>>> When you create zone, the vlan of public network is optional
you
> > > should
> > > >>>> be
> > > >>>> able to
> > > >>>> Safely ignore it. What's exact error you suffered?
> > > >>>>
> > > >>>>>
> > > >>>>> 2. We saw "no route to the host" error in all the template,
> > > >>>>> ISOs, in
> > > >>>> which we
> > > >>>>> can not create any instance on.
> > > >>>>>
> > > >>>>> Please, if any one have good suggestion in this network
setup,
> > > >>>>> how
> > > >>>> can we
> > > >>>>> do it.
> > > >>>>
> > > >>>> Do this:
> > > >>>> 1. login your SSVM
> > > >>>>      1.a go to the host where the SSVM is running
> > > >>>>      1.b ssh -i  /root/.ssh/ id_rsa.cloud  -p 30922
> > > >>>> link_local_ip_address
> > > >>>>             The link local ip address can be grabbed from
SSVM
> > > >>>> page on UI which starts with 169
> > > >>>>      1.c try to mount your secondary storage to somewhere
in your
> > SSVM
> > > >>>>      1.d if 1.c won't work, check if you can mount secondary
> > > >>>> storage on the host where SSVM running. If failed, then it's
your
> > > >>>> network issue
> > > >>>>      1.e. if it works on your host, try to figure out any
ip
> > > >>>> table rules in host blocking NFS traffic
> > > >>>>      1.h check routes of SSVM by 'ip route', the traffic to
> > > >>>> secondary storage should go thru storage network which is
> > > >>>> (private IP range
> > > >>>> 10.2.0.0/24) in you case
> > > >>>>
> > > >>>>>
> > > >>>>> --
> > > >>>>> --
> > > >>>>> Kind regards.
> > > >>>>> Lu
> > > >>>>>
> > > >>>>> This transmission is intended solely for the addressee(s)
shown
> > > above.
> > > >>>>> It may contain information that is privileged, confidential
or
> > > >>>> otherwise
> > > >>>>> protected from disclosure. Any review, dissemination or
use of
> > > >>>>> this transmission or its contents by persons other than
the
> > > >>>>> intended
> > > >>>> addressee(s)
> > > >>>>> is strictly prohibited. If you have received this transmission
> > > >>>>> in
> > > >>>> error,
> > > >>>> please
> > > >>>>> notify this office immediately and e-mail the original
at the
> > > sender's
> > > >>>> address
> > > >>>>> above by replying to this message and including the text
of the
> > > >>>> transmission
> > > >>>>> received.
> > > >>>>
> > > >>>
> > > >>>
> > > >>>
> > > >>> --
> > > >>> --
> > > >>> Kind regards.
> > > >>> Lu
> > > >>>
> > > >>> This transmission is intended solely for the addressee(s) shown
> above.
> > > >>> It may contain information that is privileged, confidential or
> > > >>> otherwise protected from disclosure. Any review, dissemination
or
> > > >>> use of this transmission or its contents by persons other than
the
> > > >>> intended addressee(s) is strictly prohibited. If you have received
> > > >>> this transmission in error, please notify this office immediately
> > > >>> and e-mail the original at the sender's address above by replying
> > > >>> to this message and including the text of the transmission
> received.
> > > >>
> > >
> >
> >
> >
> > --
> > --
> > Kind regards.
> > Lu
> >
> > This transmission is intended solely for the addressee(s) shown above.
> > It may contain information that is privileged, confidential or otherwise
> > protected from disclosure. Any review, dissemination or use of this
> > transmission or its contents by persons other than the intended
> addressee(s)
> > is strictly prohibited. If you have received this transmission in error,
> please
> > notify this office immediately and e-mail the original at the sender's
> address
> > above by replying to this message and including the text of the
> transmission
> > received.
>
>
>
>
> --
> --
> Kind regards.
> Lu
>
> This transmission is intended solely for the addressee(s) shown above.
> It may contain information that is privileged, confidential or
> otherwise protected from disclosure. Any review, dissemination or use
> of this transmission or its contents by persons other than the
> intended addressee(s) is strictly prohibited. If you have received
> this transmission in error, please notify this office immediately and
> e-mail the original at the sender's address above by replying to this
> message and including the text of the transmission received.
>



-- 
--
Kind regards.
Lu

This transmission is intended solely for the addressee(s) shown above.
It may contain information that is privileged, confidential or
otherwise protected from disclosure. Any review, dissemination or use
of this transmission or its contents by persons other than the
intended addressee(s) is strictly prohibited. If you have received
this transmission in error, please notify this office immediately and
e-mail the original at the sender's address above by replying to this
message and including the text of the transmission received.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message