incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Shevel (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CLOUDSTACK-938) s2s VPN trouble
Date Thu, 17 Jan 2013 21:10:12 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13556573#comment-13556573
] 

Richard Shevel edited comment on CLOUDSTACK-938 at 1/17/13 9:10 PM:
--------------------------------------------------------------------

my env:

2x server  for KVM host
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
libvirt-0.9.10-21.el6_3.6.x86_64
qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64
cloud-agent-libs-4.0.1-0.13.el6.4.0.1.x86_64
cloud-scripts-4.0.1-0.13.el6.4.0.1.x86_64
cloud-utils-4.0.1-0.13.el6.4.0.1.x86_64
cloud-deps-4.0.1-0.13.el6.4.0.1.x86_64
cloud-python-4.0.1-0.13.el6.4.0.1.x86_64
cloud-core-4.0.1-0.13.el6.4.0.1.x86_64
cloud-agent-4.0.1-0.13.el6.4.0.1.x86_64


Network: 
bridge name       bridge id               STP enabled     interfaces
cloud0                     8000.fe00a9fe008f       no              vnet0
cloudVirBr50             8000.707be8f0d200       no              bond2.50
cloudbr0                8000.fc48ef2fbd38       no              bond1  - private
cloudbr1                8000.707be8f0d200       no              bond2  -public
cloudbrm                8000.fc48ef2fbd38       no              bond1.40 -managment

BONDING_OPTS="miimon=100 mode=balance-tlb"

primary storage - CLVM (over iSCSI)


chkconfig --list
atop            0:off   1:off   2:off   3:off   4:off   5:off   6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
cgconfig        0:off   1:off   2:on    3:on    4:on    5:on    6:off
cgred           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cloud-agent     0:off   1:off   2:on    3:on    4:on    5:on    6:off
clvmd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cman            0:off   1:off   2:on    3:on    4:on    5:on    6:off
corosync        0:off   1:off   2:off   3:off   4:off   5:off   6:off
dnsmasq         0:off   1:off   2:off   3:off   4:off   5:off   6:off
ebtables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
fcoe            0:off   1:off   2:off   3:off   4:off   5:off   6:off
gfs2            0:off   1:off   2:off   3:off   4:off   5:off   6:off
haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off
ipmievd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
iscsi           0:off   1:off   2:on    3:on    4:off   5:off   6:off
iscsid          0:off   1:off   2:on    3:on    4:on    5:on    6:off
ksm             0:off   1:off   2:off   3:on    4:on    5:on    6:off
ksmtuned        0:off   1:off   2:off   3:on    4:on    5:on    6:off
libvirt-guests  0:off   1:off   2:on    3:on    4:on    5:on    6:off
libvirtd        0:off   1:off   2:off   3:on    4:on    5:on    6:off
lldpad          0:off   1:off   2:on    3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:on    3:on    4:on    5:on    6:off
modclusterd     0:off   1:off   2:on    3:on    4:on    5:on    6:off
multipathd      0:off   1:off   2:on    3:on    4:on    5:on    6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfslock         0:off   1:off   2:off   3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpdate         0:off   1:off   2:off   3:off   4:off   5:off   6:off
numad           0:off   1:off   2:off   3:off   4:off   5:off   6:off
oddjobd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
quota_nld       0:off   1:off   2:off   3:off   4:off   5:off   6:off
radvd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
restorecond     0:off   1:off   2:off   3:off   4:off   5:off   6:off
rgmanager       0:off   1:off   2:on    3:on    4:on    5:on    6:off
ricci           0:off   1:off   2:on    3:on    4:on    5:on    6:off
rpcbind         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rpcgssd         0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcidmapd       0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcsvcgssd      0:off   1:off   2:off   3:off   4:off   5:off   6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
udev-post       0:off   1:on    2:on    3:on    4:on    5:on    6:off



VLAN-50 (public)
VLAN-500-1000 (private)
VLAN-40 - mgmnt

1x CS host
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
cloud-aws-api-4.0.1-0.13.el6.4.0.1.x86_64
cloud-scripts-4.0.1-0.13.el6.4.0.1.x86_64
cloud-deps-4.0.1-0.13.el6.4.0.1.x86_64
cloud-server-4.0.1-0.13.el6.4.0.1.x86_64
cloud-client-ui-4.0.1-0.13.el6.4.0.1.x86_64
cloud-utils-4.0.1-0.13.el6.4.0.1.x86_64
cloud-python-4.0.1-0.13.el6.4.0.1.x86_64
cloud-client-4.0.1-0.13.el6.4.0.1.x86_64
cloud-core-4.0.1-0.13.el6.4.0.1.x86_64
cloud-setup-4.0.1-0.13.el6.4.0.1.x86_64
cloud-usage-4.0.1-0.13.el6.4.0.1.x86_64


2x DB host
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
Percona-Server-shared-55-5.5.28-rel29.1.335.rhel6.x86_64
Percona-Server-shared-compat-5.5.28-rel29.1.335.rhel6.x86_64
Percona-Server-client-55-5.5.28-rel29.1.335.rhel6.x86_64
Percona-Server-server-55-5.5.28-rel29.1.335.rhel6.x86_64

replication type: Master-Master

1x nfs host
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
nfs-utils-1.2.3-26.el6.x86_64

1x Cluster host (RHCS) 
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
cman-3.0.12.1-32.el6_3.2.x86_64

1x DNS
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
bind-9.8.2-0.10.rc1.el6_3.5.x86_64

                
      was (Author: sunrash):
    my env:

2x server  for KVM host
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
libvirt-0.9.10-21.el6_3.6.x86_64
qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64
cloud-agent-libs-4.0.1-0.13.el6.4.0.1.x86_64
cloud-scripts-4.0.1-0.13.el6.4.0.1.x86_64
cloud-utils-4.0.1-0.13.el6.4.0.1.x86_64
cloud-deps-4.0.1-0.13.el6.4.0.1.x86_64
cloud-python-4.0.1-0.13.el6.4.0.1.x86_64
cloud-core-4.0.1-0.13.el6.4.0.1.x86_64
cloud-agent-4.0.1-0.13.el6.4.0.1.x86_64


Network: 
bridge name       bridge id               STP enabled     interfaces
cloud0                     8000.fe00a9fe008f       no              vnet0
cloudVirBr50             8000.707be8f0d200       no              bond2.50
cloudbr0                8000.fc48ef2fbd38       no              bond1  - private
cloudbr1                8000.707be8f0d200       no              bond2  -public
cloudbrm                8000.fc48ef2fbd38       no              bond1.40 -managment

BONDING_OPTS="miimon=100 mode=balance-tlb"

primary storage - CLVM (over iSCSI)

VLAN-50 (public)
VLAN-500-1000 (private)
VLAN-40 - mgmnt

1x CS host
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
cloud-aws-api-4.0.1-0.13.el6.4.0.1.x86_64
cloud-scripts-4.0.1-0.13.el6.4.0.1.x86_64
cloud-deps-4.0.1-0.13.el6.4.0.1.x86_64
cloud-server-4.0.1-0.13.el6.4.0.1.x86_64
cloud-client-ui-4.0.1-0.13.el6.4.0.1.x86_64
cloud-utils-4.0.1-0.13.el6.4.0.1.x86_64
cloud-python-4.0.1-0.13.el6.4.0.1.x86_64
cloud-client-4.0.1-0.13.el6.4.0.1.x86_64
cloud-core-4.0.1-0.13.el6.4.0.1.x86_64
cloud-setup-4.0.1-0.13.el6.4.0.1.x86_64
cloud-usage-4.0.1-0.13.el6.4.0.1.x86_64


2x DB host
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
Percona-Server-shared-55-5.5.28-rel29.1.335.rhel6.x86_64
Percona-Server-shared-compat-5.5.28-rel29.1.335.rhel6.x86_64
Percona-Server-client-55-5.5.28-rel29.1.335.rhel6.x86_64
Percona-Server-server-55-5.5.28-rel29.1.335.rhel6.x86_64

replication type: Master-Master

1x nfs host
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
nfs-utils-1.2.3-26.el6.x86_64

1x Cluster host (RHCS) 
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
cman-3.0.12.1-32.el6_3.2.x86_64

1x DNS
CentOS 6.3 (Kernel-2.6.32-279.14.1.el6.x86_64)
bind-9.8.2-0.10.rc1.el6_3.5.x86_64

                  
> s2s VPN trouble
> ---------------
>
>                 Key: CLOUDSTACK-938
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-938
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.0.0, 4.0.1
>         Environment: CentOS 6.3 x86_64
> CS - 4.0.1-0.11
>            Reporter: Richard Shevel
>             Fix For: 4.0.2, 4.1.0
>
>         Attachments: after_restart_VPC.zip, auth.log, catalina.zip, management-server_afer_upgrade2.zip,
management-server_after_upgrade.zip, management-server.zip, messages, r-292-vm_log.tar.gz
>
>
> Dear colleagues, the problem is clearly a bug:
> I created a VPC
> Further, in my VPN Customer Gateway to the settings
> Gateway 217.70.20.213
> CIDR list 192.168.10.0/24
> IPsec Preshared-Key blablablablablabla
> IKE Encryption 3des
> IKE Hash md5
> IKE DH None
> ESP Encryption 3des
> ESP Hash md5
> Perfect Forward Secrecy None
> IKE lifetime (second) 86 400
> ESP Lifetime (second) 28 800
> Dead Peer Detection Yes
> In the setting of VPC I create VPN Gateway
> When creating a VPN Connection get the error:
> Resource [Site2SiteVpnConnection:15] is unreachable: Failed to apply site-to-site VPN
> catalina.out:
> WARN  [cloud.api.ApiDispatcher] (Job-Executor-11:job-463) class com.cloud.api.ServerApiException
: Resource [Site2SiteVpnConnection:15] is unreachable: Failed to apply site-to-site VPN
> WARN  [cloud.async.AsyncJobManagerImpl] (Job-Executor-11:job-463) Unable to unregister
active job 463 from JMX monitoring
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable
to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable
to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable
to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable
to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable
to update router r-288-VM's VPN connection status
> management-server.log:
> 2013-01-09 21:27:54,587 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-4:null)
Ping from 5
> 2013-01-09 21:27:54,623 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-2:null)
Ping from 3
> 2013-01-09 21:28:17,546 DEBUG [storage.secondary.SecondaryStorageManagerImpl] (secstorage-1:null)
Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:17,656 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl] (consoleproxy-1:null)
Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:18,306 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null)
Found 3 routers.
> 2013-01-09 21:28:18,316 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null)
Seq 5-223284290: Sending  { Cmd , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 100111, [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}]
}
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request] (AgentManager-Handler-3:null)
Seq 5-223284290: Processing:  { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand
failed","result":false,"wait":0}}] }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentAttache] (AgentManager-Handler-3:null)
Seq 5-223284290: No more commands found
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null)
Seq 5-223284290: Received:  { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer
} }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentManagerImpl] (RouterStatusMonitor-1:null)
Details from executing class com.cloud.agent.api.CheckS2SVpnConnectionsCommand: CheckS2SVpnConneciontsCommand
failed
> 2013-01-09 21:28:18,458 WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null)
Unable to update router r-288-VM's VPN connection status
> 2013-01-09 21:28:43,063 DEBUG [cloud.server.StatsCollector] (StatsCollector-2:null) StorageCollector
is running...
> 2013-01-09 21:28:43,117 DEBUG [agent.transport.Request] (StatsCollector-2:null) Seq 17-292881626:
Received:  { Ans: , MgmtId: 52239887788, via: 17, Ver: v1, Flags: 10, { GetStorageStatsAnswer
} }
> 2013-01-09 21:28:45,185 DEBUG [agent.transport.Request] (StatsCollector-2:null) Seq 3-1166872144:
Received:  { Ans: , MgmtId: 52239887788, via: 3, Ver: v1, Flags: 10, { GetStorageStatsAnswer
} }
> 2013-01-09 21:28:47,545 DEBUG [storage.secondary.SecondaryStorageManagerImpl] (secstorage-1:null)
Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:47,655 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl] (consoleproxy-1:null)
Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:48,305 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null)
Found 3 routers.
> 2013-01-09 21:28:48,328 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null)
Seq 5-223284291: Sending  { Cmd , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 100111, [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}]
}
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request] (AgentManager-Handler-9:null)
Seq 5-223284291: Processing:  { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand
failed","result":false,"wait":0}}] }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentAttache] (AgentManager-Handler-9:null)
Seq 5-223284291: No more commands found
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null)
Seq 5-223284291: Received:  { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer
} }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentManagerImpl] (RouterStatusMonitor-1:null)
Details from executing class com.cloud.agent.api.CheckS2SVpnConnectionsCommand: CheckS2SVpnConneciontsCommand
failed
> 2013-01-09 21:28:48,430 WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null)
Unable to update router r-288-VM's VPN connection status
> 2013-01-09 21:28:49,298 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-7:null)
Ping from 11
> 2013-01-09 21:28:49,299 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-6:null)
Ping from 17
> 2013-01-09 21:28:51,594 DEBUG [cloud.server.StatsCollector] (StatsCollector-3:null) HostStatsCollector
is running...

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message