Problems with Securi​ty Groups over Cloud​Stack 4.0.1 with Xen​Server 6.0.2 and Bas​ic Zone​

Thu, 04 Apr 2013 12:24:37 -0700 

Hi all, I am trying CloudStack 4.0.1 with XenServer 6.0.2 in a Basic Zone...
Security Groups does not work.
I follow all the instructions of the manual. CSP is installed and host network
work in bridge mode.
I have another cluster with KVM that work fine.

On XenServer host, CS don't write any ebtable's rules neither iptables. On KVM
host ebtable and iptables rule are populated correctly.

Log file management-server.log show these messages when i create a new instance
in a security group:

2013-04-04 15:02:03,611 WARN [xen.resource.CitrixResourceBase]
(DirectAgent-214:null) Host 10.102.90.3 cannot do bridge firewalling
2013-04-04 15:02:03,612 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-214:null) Seq 8-949355071: Response Received:
2013-04-04 15:02:03,612 DEBUG [agent.transport.Request] (DirectAgent-214:null)
Seq 8-949355071: Processing: { Ans: , MgmtId: 218022145849384, via: 8, Ver: v1,
Flags: 110,
[{"SecurityGroupRuleAnswer":{"logSequenceNumber":1,"vmId":13,"reason":"CANNOT_BRIDGE_FIREWALL","result":false,"details":"Host
10.102.90.3 cannot do bridge firewalling","wait":0}}] }
2013-04-04 15:02:03,615 DEBUG [network.security.SecurityGroupListener]
(DirectAgent-214:null) Failed to program rule
com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host 10.102.90.3
cannot do bridge firewalling and updated jobs
2013-04-04 15:02:03,615 DEBUG [network.security.SecurityGroupListener]
(DirectAgent-214:null) Not retrying security group rules for vm 13 on failure
since host 8 cannot do bridge firewalling
2013-04-04 15:02:03,617 DEBUG [network.security.SecurityGroupListener]
(DirectAgent-214:null) Failed to program rule
com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host 10.102.90.3
cannot do bridge firewalling and updated jobs
2013-04-04 15:02:03,617 DEBUG [network.security.SecurityGroupListener]
(DirectAgent-214:null) Not retrying security group rules for vm 13 on failure
since host 8 cannot do bridge firewalling

Where could I start to troubleshoot SecurityGroups on XenServer? Any
suggestions?

 __________________________________________________________________
 Sergio Tonani

Reply via email to