Hi all,
Im seeing the following problem in my CloudStack deployment with SecurityGroup
pushes to XenServer when a new virtual instance is created. Here is the
software stack that I'm running:
CloudPlatform: cloud-server-3.0.5-2
XenServer: XenServer release 6.0.2-53456p (xenenterprise)
Patches Installed: XS602E001 - XS602E008
root@node-00 rules.d]# cat /etc/xensource/network.conf
bridge
Here is the output from the management-server.log on CloudPlatform, any ideas
would be helpful, thanks in advanced!
2013-01-25 14:43:57,871 DEBUG [cloud.vm.VirtualMachineManagerImpl]
(Job-Executor-6:job-86) Start completed for VM VM[User|alrt-tst]
2013-01-25 14:43:57,878 DEBUG [network.security.SecurityGroupManagerImpl]
(SecGrp-Worker-2:null) SecurityGroupManager v2: sending ruleset update for vm
i-2-29-VM:ingress num rules=2:egress num rules=0 num cidrs=3
sig=bb788361bdf82b82661a293c02898435
2013-01-25 14:43:57,880 DEBUG [agent.transport.Request] (SecGrp-Worker-2:null)
Seq 1-279511732: Sending { Cmd , MgmtId: 29020505352127, via: 1, Ver: v1,
Flags: 100111,
[{"SecurityGroupRulesCmd":{"guestIp":"10.4.103.237","vmName":"i-2-29-VM","guestMac":"06:ed:4c:00:04:21","signature":"bb788361bdf82b82661a293c02898435","seqNum":2,"vmId":29,"msId":29020505352127,"ingressRuleSet":[{"proto":"tcp","startPort":3306,"endPort":3306},{"proto":"tcp","startPort":4000,"endPort":4000}],"egressRuleSet":[],"wait":0}}]
}
2013-01-25 14:43:57,880 DEBUG [agent.transport.Request] (SecGrp-Worker-2:null)
Seq 1-279511732: Executing: { Cmd , MgmtId: 29020505352127, via: 1, Ver: v1,
Flags: 100111,
[{"SecurityGroupRulesCmd":{"guestIp":"10.4.103.237","vmName":"i-2-29-VM","guestMac":"06:ed:4c:00:04:21","signature":"bb788361bdf82b82661a293c02898435","seqNum":2,"vmId":29,"msId":29020505352127,"ingressRuleSet":[{"proto":"tcp","startPort":3306,"endPort":3306},{"proto":"tcp","startPort":4000,"endPort":4000}],"egressRuleSet":[],"wait":0}}]
}
2013-01-25 14:43:57,880 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-23:null) Seq 1-279511732: Executing request
2013-01-25 14:43:57,890 DEBUG [cloud.async.AsyncJobManagerImpl]
(Job-Executor-6:job-86) Complete async job-86, jobStatus: 1, resultCode: 0,
result: com.cloud.api.response.UserVmResponse@5fc68827
2013-01-25 14:43:57,912 DEBUG [cloud.async.AsyncJobManagerImpl]
(Job-Executor-6:job-86) Done executing com.cloud.api.commands.StartVMCmd for
job-86
2013-01-25 14:43:57,966 WARN [xen.resource.CitrixResourceBase]
(DirectAgent-23:null) Host 10.1.100.16 cannot do bridge firewalling
2013-01-25 14:43:57,966 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-23:null) Seq 1-279511732: Response Received:
2013-01-25 14:43:57,966 DEBUG [agent.transport.Request] (DirectAgent-23:null)
Seq 1-279511732: Processing: { Ans: , MgmtId: 29020505352127, via: 1, Ver: v1,
Flags: 110,
[{"SecurityGroupRuleAnswer":{"logSequenceNumber":2,"vmId":29,"reason":"CANNOT_BRIDGE_FIREWALL","result":false,"details":"Host
10.1.100.16 cannot do bridge firewalling","wait":0}}] }
2013-01-25 14:43:57,968 DEBUG [network.security.SecurityGroupListener]
(DirectAgent-23:null) Failed to program rule
com.cloud.agent.api.SecurityGroupRuleAnswer into host 1 due to Host 10.1.100.16
cannot do bridge firewalling and updated jobs
2013-01-25 14:43:57,968 DEBUG [network.security.SecurityGroupListener]
(DirectAgent-23:null) Not retrying security group rules for vm 29 on failure
since host 1 cannot do bridge firewalling
2013-01-25 14:43:57,970 DEBUG [network.security.SecurityGroupListener]
(DirectAgent-23:null) Failed to program rule
com.cloud.agent.api.SecurityGroupRuleAnswer into host 1 due to Host 10.1.100.16
cannot do bridge firewalling and updated jobs
2013-01-25 14:43:57,970 DEBUG [network.security.SecurityGroupListener]
(DirectAgent-23:null) Not retrying security group rules for vm 29 on failure
since host 1 cannot do bridge firewalling
2013-01-25 14:43:57,970 DEBUG [agent.manager.AgentAttache]
(DirectAgent-23:null) Seq 1-279511732: No more commands found
