incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Shevel (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CLOUDSTACK-938) s2s VPN trouble
Date Thu, 17 Jan 2013 22:10:13 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13556645#comment-13556645
] 

Richard Shevel edited comment on CLOUDSTACK-938 at 1/17/13 10:09 PM:
---------------------------------------------------------------------

when i restarted VPC i see this in agent.log:

2013-01-18 02:04:52,823 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:52,824 DEBUG [cloud.agent.Agent] (agentRequest-Handler-2:null) Processing
command: com.cloud.agent.api.PlugNicCommand
2013-01-18 02:04:52,892 DEBUG [kvm.resource.BridgeVifDriver] (agentRequest-Handler-2:null)
nic=[Nic:Public-77.95.133.142-vlan://50]
2013-01-18 02:04:52,892 DEBUG [kvm.resource.BridgeVifDriver] (agentRequest-Handler-2:null)
Executing: /usr/lib64/cloud/common/scripts/vm/network/vnet/modifyvlan.sh -v 50 -p bond2 -o
add
2013-01-18 02:04:52,922 DEBUG [kvm.resource.BridgeVifDriver] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:52,922 DEBUG [kvm.resource.BridgeVifDriver] (agentRequest-Handler-2:null)
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config

2013-01-18 02:04:53,084 DEBUG [cloud.agent.Agent] (agentRequest-Handler-2:null) Processing
command: com.cloud.agent.api.routing.IpAssocVpcCommand
2013-01-18 02:04:53,145 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Executing: /bin/bash -c vlanid=$(brctl show |grep cloudVirBr50 |awk '{print $4}' | cut -s
-d. -f 2);echo $vlanid
2013-01-18 02:04:53,161 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:53,162 DEBUG [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null)
Executing: /usr/lib64/cloud/common/scripts/network/domr/router_proxy.sh vpc_ipassoc.sh 169.254.2.223
 -A  -l 77.95.133.142 -c ethnull -g 77.95.133.129 -m 26 -n 77.95.133.128
2013-01-18 02:04:53,298 DEBUG [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:53,298 DEBUG [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null)
Device "ethnull" does not exist.
Cannot find device "ethnull"
Error: argument "Table_ethnull" is wrong: "table" value is invalid

Error: argument "Table_ethnull" is wrong: "table" value is invalid

RTNETLINK answers: No such process

2013-01-18 02:04:53,299 DEBUG [cloud.agent.Agent] (agentRequest-Handler-2:null) Processing
command: com.cloud.agent.api.routing.SetSourceNatCommand
2013-01-18 02:04:53,366 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Executing: /bin/bash -c vlanid=$(brctl show |grep cloud0 |awk '{print $4}' | cut -s -d. -f
2);echo $vlanid
2013-01-18 02:04:53,383 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:53,383 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Executing: /bin/bash -c vlanid=$(brctl show |grep cloudVirBr50 |awk '{print $4}' | cut -s
-d. -f 2);echo $vlanid
2013-01-18 02:04:53,398 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:53,399 DEBUG [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null)
Executing: /usr/lib64/cloud/common/scripts/network/domr/router_proxy.sh vpc_snat.sh 169.254.2.223
 -A  -l 77.95.133.142 -c eth2
2013-01-18 02:04:53,517 DEBUG [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:53,517 DEBUG [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null)
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.

2013-01-18 02:04:53,518 DEBUG [cloud.agent.Agent] (agentRequest-Handler-2:null) Processing
command: com.cloud.agent.api.NetworkUsageCommand
2013-01-18 02:04:53,518 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Executing: /usr/lib64/cloud/common/scripts/network/domr/router_proxy.sh netusage.sh 169.254.2.223
-c


                
      was (Author: sunrash):
    when i restarted VPC i see this in agent.log:

2013-01-18 02:04:52,823 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:52,824 DEBUG [cloud.agent.Agent] (agentRequest-Handler-2:null) Processing
command: com.cloud.agent.api.PlugNicCommand
2013-01-18 02:04:52,892 DEBUG [kvm.resource.BridgeVifDriver] (agentRequest-Handler-2:null)
nic=[Nic:Public-77.95.133.142-vlan://50]
2013-01-18 02:04:52,892 DEBUG [kvm.resource.BridgeVifDriver] (agentRequest-Handler-2:null)
Executing: /usr/lib64/cloud/common/scripts/vm/network/vnet/modifyvlan.sh -v 50 -p bond2 -o
add
2013-01-18 02:04:52,922 DEBUG [kvm.resource.BridgeVifDriver] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:52,922 DEBUG [kvm.resource.BridgeVifDriver] (agentRequest-Handler-2:null)
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config

2013-01-18 02:04:53,084 DEBUG [cloud.agent.Agent] (agentRequest-Handler-2:null) Processing
command: com.cloud.agent.api.routing.IpAssocVpcCommand
2013-01-18 02:04:53,145 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Executing: /bin/bash -c vlanid=$(brctl show |grep cloudVirBr50 |awk '{print $4}' | cut -s
-d. -f 2);echo $vlanid
2013-01-18 02:04:53,161 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:53,162 DEBUG [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null)
Executing: /usr/lib64/cloud/common/scripts/network/domr/router_proxy.sh vpc_ipassoc.sh 169.254.2.223
 -A  -l 77.95.133.142 -c ethnull -g 77.95.133.129 -m 26 -n 77.95.133.128
2013-01-18 02:04:53,298 DEBUG [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null)
Execution is successful.
2013-01-18 02:04:53,298 DEBUG [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null)
Device "ethnull" does not exist.
Cannot find device "ethnull"
Error: argument "Table_ethnull" is wrong: "table" value is invalid

Error: argument "Table_ethnull" is wrong: "table" value is invalid

RTNETLINK answers: No such process

2013-01-18 02:04:53,299 DEBUG [cloud.agent.Agent] (agentRequest-Handler-2:null) Processing
command: com.cloud.agent.api.routing.SetSourceNatCommand

                  
> s2s VPN trouble
> ---------------
>
>                 Key: CLOUDSTACK-938
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-938
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.0.0, 4.0.1
>         Environment: CentOS 6.3 x86_64
> CS - 4.0.1-0.11
>            Reporter: Richard Shevel
>             Fix For: 4.0.2, 4.1.0
>
>         Attachments: after_restart_VPC.zip, auth.log, catalina.zip, management-server_afer_upgrade2.zip,
management-server_after_upgrade.zip, management-server.zip, messages, public.png, r-292-vm_log.tar.gz
>
>
> Dear colleagues, the problem is clearly a bug:
> I created a VPC
> Further, in my VPN Customer Gateway to the settings
> Gateway 217.70.20.213
> CIDR list 192.168.10.0/24
> IPsec Preshared-Key blablablablablabla
> IKE Encryption 3des
> IKE Hash md5
> IKE DH None
> ESP Encryption 3des
> ESP Hash md5
> Perfect Forward Secrecy None
> IKE lifetime (second) 86 400
> ESP Lifetime (second) 28 800
> Dead Peer Detection Yes
> In the setting of VPC I create VPN Gateway
> When creating a VPN Connection get the error:
> Resource [Site2SiteVpnConnection:15] is unreachable: Failed to apply site-to-site VPN
> catalina.out:
> WARN  [cloud.api.ApiDispatcher] (Job-Executor-11:job-463) class com.cloud.api.ServerApiException
: Resource [Site2SiteVpnConnection:15] is unreachable: Failed to apply site-to-site VPN
> WARN  [cloud.async.AsyncJobManagerImpl] (Job-Executor-11:job-463) Unable to unregister
active job 463 from JMX monitoring
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable
to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable
to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable
to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable
to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable
to update router r-288-VM's VPN connection status
> management-server.log:
> 2013-01-09 21:27:54,587 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-4:null)
Ping from 5
> 2013-01-09 21:27:54,623 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-2:null)
Ping from 3
> 2013-01-09 21:28:17,546 DEBUG [storage.secondary.SecondaryStorageManagerImpl] (secstorage-1:null)
Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:17,656 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl] (consoleproxy-1:null)
Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:18,306 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null)
Found 3 routers.
> 2013-01-09 21:28:18,316 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null)
Seq 5-223284290: Sending  { Cmd , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 100111, [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}]
}
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request] (AgentManager-Handler-3:null)
Seq 5-223284290: Processing:  { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand
failed","result":false,"wait":0}}] }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentAttache] (AgentManager-Handler-3:null)
Seq 5-223284290: No more commands found
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null)
Seq 5-223284290: Received:  { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer
} }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentManagerImpl] (RouterStatusMonitor-1:null)
Details from executing class com.cloud.agent.api.CheckS2SVpnConnectionsCommand: CheckS2SVpnConneciontsCommand
failed
> 2013-01-09 21:28:18,458 WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null)
Unable to update router r-288-VM's VPN connection status
> 2013-01-09 21:28:43,063 DEBUG [cloud.server.StatsCollector] (StatsCollector-2:null) StorageCollector
is running...
> 2013-01-09 21:28:43,117 DEBUG [agent.transport.Request] (StatsCollector-2:null) Seq 17-292881626:
Received:  { Ans: , MgmtId: 52239887788, via: 17, Ver: v1, Flags: 10, { GetStorageStatsAnswer
} }
> 2013-01-09 21:28:45,185 DEBUG [agent.transport.Request] (StatsCollector-2:null) Seq 3-1166872144:
Received:  { Ans: , MgmtId: 52239887788, via: 3, Ver: v1, Flags: 10, { GetStorageStatsAnswer
} }
> 2013-01-09 21:28:47,545 DEBUG [storage.secondary.SecondaryStorageManagerImpl] (secstorage-1:null)
Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:47,655 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl] (consoleproxy-1:null)
Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:48,305 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null)
Found 3 routers.
> 2013-01-09 21:28:48,328 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null)
Seq 5-223284291: Sending  { Cmd , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 100111, [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}]
}
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request] (AgentManager-Handler-9:null)
Seq 5-223284291: Processing:  { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand
failed","result":false,"wait":0}}] }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentAttache] (AgentManager-Handler-9:null)
Seq 5-223284291: No more commands found
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null)
Seq 5-223284291: Received:  { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer
} }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentManagerImpl] (RouterStatusMonitor-1:null)
Details from executing class com.cloud.agent.api.CheckS2SVpnConnectionsCommand: CheckS2SVpnConneciontsCommand
failed
> 2013-01-09 21:28:48,430 WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null)
Unable to update router r-288-VM's VPN connection status
> 2013-01-09 21:28:49,298 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-7:null)
Ping from 11
> 2013-01-09 21:28:49,299 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-6:null)
Ping from 17
> 2013-01-09 21:28:51,594 DEBUG [cloud.server.StatsCollector] (StatsCollector-3:null) HostStatsCollector
is running...

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message