incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wido den Hollander (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-79) CloudStack 3.0.4: firewall rules not restored on KVM host
Date Tue, 11 Sep 2012 21:28:12 GMT


Wido den Hollander commented on CLOUDSTACK-79:

Oh, sorry, I didn't make this really clear.

In CS 3.0.2 and the upcoming 4.0 release this isn't possible yet. What you could do is run
the script by hand with the same parameters as the agent did. You can find
this in the agent.log if the loglevel is high enough.

The three options I proposed where actually development options which could be implemented.
> CloudStack 3.0.4: firewall rules not restored on KVM host
> ---------------------------------------------------------
>                 Key: CLOUDSTACK-79
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>          Components: KVM, Network Controller
>    Affects Versions: pre-4.0.0
>            Reporter: Vladimir Ostrovsky
>             Fix For: 4.1.0
> I have CloudStack 3.0.4 with a Basic Zone defined. The Zone includes several KVM hosts
and uses Security Groups (in other words, IPtables on the hosts) to isolate traffic between
> The problem: if, for some reason, IPtables on the host are flushed or the iptables service
is restarted, the cloud-agent doesn't pull the correct rules from the management server and
doesn't synchronize the host with Security Groups definitions in CloudStack. Restart of the
cloud-agent service doesn't help as well.
> Shouldn't the agent do it?

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message