Instances migrated in an advanced zone do not get security groups applied.

Paul Angus Tue, 10 Sep 2013 10:30:24 -0700

Hi,

I've been testing the security groups in advanced zones with 'UK's largest 
satellite broadcaster'. We've found that migrated VMs do not get their security 
groups re-applied on the new host.


A error appears in the management log saying:

callHostPlugin failed for cmd: network_rules with args seqno: 10, vmIP: 
10.79.128.229, deflated: true, secIps: 0:, vmID: 6, vmMAC: 06:be:c6:00:00:e5, 
vmName: i-2-6-VM, rules: 
eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s,
 signature: a30a3f964032bfbd44c86576a2ce0973,  due to There was a failure 
communicating with the plugin.



2013-09-10 14:25:58,257 DEBUG [cloud.api.ApiServlet] (catalina-exec-4:null) 
===START===  10.65.85.24 -- GET  
command=authorizeSecurityGroupEgress&response=json&sessionkey=Xn7cUdk27lNRmWuhxSMDvVUcBMg%3D&securitygroupid=c667fdd1-561f-4d05-a5bd-8edf4af36e84&protocol=tcp&domainid=cff3401a-1a06-11e3-8a35-005056b93213&account=admin&startport=1&endport=1&cidrlist=1.1.1.1%2F32&_=1378819570842
2013-09-10 14:25:58,294 DEBUG [cloud.async.AsyncJobManagerImpl] 
(catalina-exec-4:null) submit async job-33 = [ 
f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ], details: AsyncJobVO {id:33, userId: 2, 
accountId: 2, sessionKey: null, instanceType: SecurityGroup, instanceId: 3, 
cmd: 
org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd,
 cmdOriginator: null, cmdInfo: 
{"sessionkey":"Xn7cUdk27lNRmWuhxSMDvVUcBMg\u003d","protocol":"tcp","cmdEventType":"SG.AUTH.EGRESS","ctxUserId":"2","securitygroupid":"c667fdd1-561f-4d05-a5bd-8edf4af36e84","httpmethod":"GET","startport":"1","domainid":"cff3401a-1a06-11e3-8a35-005056b93213","endport":"1","response":"json","account":"admin","cidrlist":"1.1.1.1/32","_":"1378819570842","ctxAccountId":"2","ctxStartEventId":"146"},
 cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, 
processStatus: 0, resultCode: 0, result: null, initMsid: 345052351047, 
completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2013-09-10 14:25:58,294 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Executing 
org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd
 for job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]
2013-09-10 14:25:58,296 DEBUG [cloud.api.ApiServlet] (catalina-exec-4:null) 
===END===  10.65.85.24 -- GET  
command=authorizeSecurityGroupEgress&response=json&sessionkey=Xn7cUdk27lNRmWuhxSMDvVUcBMg%3D&securitygroupid=c667fdd1-561f-4d05-a5bd-8edf4af36e84&protocol=tcp&domainid=cff3401a-1a06-11e3-8a35-005056b93213&account=admin&startport=1&endport=1&cidrlist=1.1.1.1%2F32&_=1378819570842
2013-09-10 14:25:58,320 DEBUG [network.security.SecurityGroupManagerImpl] 
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Added 1 
rules to security group TestSecurityGroup2
2013-09-10 14:25:58,326 DEBUG [network.security.SecurityGroupManagerImpl] 
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Security 
Group Mgr v2: scheduling ruleset updates for 2 vms  (unique=2), current queue 
size=0
2013-09-10 14:25:58,330 DEBUG [network.security.SecurityGroupManagerImpl] 
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Security 
Group Mgr v2: done scheduling ruleset updates for 2 vms: num new jobs=2 num 
rows insert or updated=2 time taken=4
2013-09-10 14:25:58,354 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Complete 
async job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ], jobStatus: 1, 
resultCode: 0, result: 
org.apache.cloudstack.api.response.SecurityGroupResponse@e873b4bb
2013-09-10 14:25:58,355 DEBUG [network.security.SecurityGroupManagerImpl] 
(SecGrp-Worker-15:null) SecurityGroupManager v2: sending ruleset update for vm 
i-2-7-VM:ingress num rules=3:egress num rules=4 num cidrs=7 
sig=a30a3f964032bfbd44c86576a2ce0973
2013-09-10 14:25:58,366 DEBUG [network.security.SecurityGroupManagerImpl] 
(SecGrp-Worker-16:null) SecurityGroupManager v2: sending ruleset update for vm 
i-2-6-VM:ingress num rules=3:egress num rules=4 num cidrs=7 
sig=a30a3f964032bfbd44c86576a2ce0973
2013-09-10 14:25:58,371 DEBUG [agent.transport.Request] (SecGrp-Worker-15:null) 
Seq 5-717554011: Sending  { Cmd , MgmtId: 345052351047, via: 5, Ver: v1, Flags: 
100111, 
[{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.129.224","vmName":"i-2-7-VM","guestMac":"06:1a:66:00:01:da","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":2,"vmId":7,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
 }
2013-09-10 14:25:58,371 DEBUG [agent.transport.Request] (SecGrp-Worker-15:null) 
Seq 5-717554011: Executing:  { Cmd , MgmtId: 345052351047, via: 5, Ver: v1, 
Flags: 100111, 
[{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.129.224","vmName":"i-2-7-VM","guestMac":"06:1a:66:00:01:da","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":2,"vmId":7,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
 }
2013-09-10 14:25:58,371 DEBUG [agent.manager.DirectAgentAttache] 
(DirectAgent-158:null) Seq 5-717554011: Executing request
2013-09-10 14:25:58,377 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Done 
executing 
org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd
 for job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]
2013-09-10 14:25:58,380 DEBUG [agent.transport.Request] (SecGrp-Worker-16:null) 
Seq 9-521535511: Sending  { Cmd , MgmtId: 345052351047, via: 9, Ver: v1, Flags: 
100111, 
[{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.128.229","vmName":"i-2-6-VM","guestMac":"06:be:c6:00:00:e5","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":10,"vmId":6,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
 }
2013-09-10 14:25:58,380 DEBUG [agent.transport.Request] (SecGrp-Worker-16:null) 
Seq 9-521535511: Executing:  { Cmd , MgmtId: 345052351047, via: 9, Ver: v1, 
Flags: 100111, 
[{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.128.229","vmName":"i-2-6-VM","guestMac":"06:be:c6:00:00:e5","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":10,"vmId":6,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
 }
2013-09-10 14:25:58,380 DEBUG [agent.manager.DirectAgentAttache] 
(DirectAgent-293:null) Seq 9-521535511: Executing request
2013-09-10 14:25:58,913 WARN  [xen.resource.CitrixResourceBase] 
(DirectAgent-293:null) callHostPlugin failed for cmd: network_rules with args 
seqno: 10, vmIP: 10.79.128.229, deflated: true, secIps: 0:, vmID: 6, vmMAC: 
06:be:c6:00:00:e5, vmName: i-2-6-VM, rules: 
eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s,
 signature: a30a3f964032bfbd44c86576a2ce0973,  due to There was a failure 
communicating with the plugin.
2013-09-10 14:25:58,914 WARN  [agent.manager.DirectAgentAttache] 
(DirectAgent-293:null) Seq 9-521535511: Exception Caught while executing command
com.cloud.utils.exception.CloudRuntimeException: callHostPlugin failed for cmd: 
network_rules with args seqno: 10, vmIP: 10.79.128.229, deflated: true, secIps: 
0:, vmID: 6, vmMAC: 06:be:c6:00:00:e5, vmName: i-2-6-VM, rules: 
eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s,
 signature: a30a3f964032bfbd44c86576a2ce0973,  due to There was a failure 
communicating with the plugin.
       at 
com.cloud.hypervisor.xen.resource.CitrixResourceBase.callHostPlugin(CitrixResourceBase.java:4199)
       at 
com.cloud.hypervisor.xen.resource.CitrixResourceBase.execute(CitrixResourceBase.java:5787)
       at 
com.cloud.hypervisor.xen.resource.CitrixResourceBase.executeRequest(CitrixResourceBase.java:565)
       at 
com.cloud.hypervisor.xen.resource.XenServer56Resource.executeRequest(XenServer56Resource.java:73)
       at 
com.cloud.hypervisor.xen.resource.XenServer610Resource.executeRequest(XenServer610Resource.java:104)
       at 
com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
       at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
       at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
       at java.util.concurrent.FutureTask.run(FutureTask.java:166)
       at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
       at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
       at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
       at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
       at java.lang.Thread.run(Thread.java:679)




Regards,

Paul Angus
Senior Consultant / Cloud Architect
[cid:[email protected]]

S: +44 20 3603 0540<tel:+442036030540> | M: +4<tel:+447968161581>47711418784 | 
T: CloudyAngus
[email protected]<mailto:[email protected]> | 
www.shapeblue.com | Twitter:@shapeblue<https://twitter.com/>
ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS

Apache CloudStack Bootcamp training courses
21/22 August, 
London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
18/19 September, 
Bangalore<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
02/03 October, 
London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
13/14 November, 
London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
27/28 November, 
Bangalore<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
08/09 January 2014, 
London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is operated under 
license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Instances migrated in an advanced zone do not get security groups applied.

Reply via email to