Did you run the following command in xenserver as part of host setup ? xe-switch-network-backend "bridge"
Thanks, Jayapal -----Original Message----- From: Ignazio Cassano [mailto:ignaziocass...@gmail.com] Sent: Friday, 5 April 2013 5:35 AM To: users@cloudstack.apache.org; Sergio Tonani Subject: Re: Problems with Security Groups over CloudStack 4.0.1 with XenServer 6.0.2 and Basic Zone Ciao Sergio, I suggest using Advanced Zones instead of Basic. I do not know very well CS4, but in previous versions Advanced zones have a lot of features. Ciao Ignazio PS (fammi sapere come questa nuova versione) 2013/4/4 Sergio Tonani <sergio.ton...@csi.it> > Hi all, I am trying CloudStack 4.0.1 with XenServer 6.0.2 in a Basic > Zone... > Security Groups does not work. > I follow all the instructions of the manual. CSP is installed and host > network work in bridge mode. > I have another cluster with KVM that work fine. > > On XenServer host, CS don't write any ebtable's rules neither > iptables. On KVM host ebtable and iptables rule are populated > correctly. > > Log file management-server.log show these messages when i create a new > instance in a security group: > > 2013-04-04 15:02:03,611 WARN [xen.resource.CitrixResourceBase] > (DirectAgent-214:null) Host 10.102.90.3 cannot do bridge firewalling > 2013-04-04 15:02:03,612 DEBUG [agent.manager.DirectAgentAttache] > (DirectAgent-214:null) Seq 8-949355071: Response Received: > 2013-04-04 15:02:03,612 DEBUG [agent.transport.Request] > (DirectAgent-214:null) > Seq 8-949355071: Processing: { Ans: , MgmtId: 218022145849384, via: 8, > Ver: v1, > Flags: 110, > > [{"SecurityGroupRuleAnswer":{"logSequenceNumber":1,"vmId":13,"reason": > "CANNOT_BRIDGE_FIREWALL","result":false,"details":"Host > 10.102.90.3 cannot do bridge firewalling","wait":0}}] } > 2013-04-04 15:02:03,615 DEBUG [network.security.SecurityGroupListener] > (DirectAgent-214:null) Failed to program rule > com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host > 10.102.90.3 > cannot do bridge firewalling and updated jobs > 2013-04-04 15:02:03,615 DEBUG [network.security.SecurityGroupListener] > (DirectAgent-214:null) Not retrying security group rules for vm 13 on > failure since host 8 cannot do bridge firewalling > 2013-04-04 15:02:03,617 DEBUG [network.security.SecurityGroupListener] > (DirectAgent-214:null) Failed to program rule > com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host > 10.102.90.3 > cannot do bridge firewalling and updated jobs > 2013-04-04 15:02:03,617 DEBUG [network.security.SecurityGroupListener] > (DirectAgent-214:null) Not retrying security group rules for vm 13 on > failure since host 8 cannot do bridge firewalling > > Where could I start to troubleshoot SecurityGroups on XenServer? Any > suggestions? > > __________________________________________________________________ > Sergio Tonani >
