incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wido den Hollander (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-79) CloudStack 3.0.4: firewall rules not restored on KVM host
Date Tue, 11 Sep 2012 21:28:12 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-79?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453429#comment-13453429
] 

Wido den Hollander commented on CLOUDSTACK-79:
----------------------------------------------

Oh, sorry, I didn't make this really clear.

In CS 3.0.2 and the upcoming 4.0 release this isn't possible yet. What you could do is run
the security_group.py script by hand with the same parameters as the agent did. You can find
this in the agent.log if the loglevel is high enough.

The three options I proposed where actually development options which could be implemented.
                
> CloudStack 3.0.4: firewall rules not restored on KVM host
> ---------------------------------------------------------
>
>                 Key: CLOUDSTACK-79
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-79
>             Project: CloudStack
>          Issue Type: Bug
>          Components: KVM, Network Controller
>    Affects Versions: pre-4.0.0
>            Reporter: Vladimir Ostrovsky
>             Fix For: 4.1.0
>
>
> I have CloudStack 3.0.4 with a Basic Zone defined. The Zone includes several KVM hosts
and uses Security Groups (in other words, IPtables on the hosts) to isolate traffic between
VMs.
> The problem: if, for some reason, IPtables on the host are flushed or the iptables service
is restarted, the cloud-agent doesn't pull the correct rules from the management server and
doesn't synchronize the host with Security Groups definitions in CloudStack. Restart of the
cloud-agent service doesn't help as well.
> Shouldn't the agent do it?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message