> Hello >during the installation of XenServer host I ran the command > xe-switch-network-backend "bridge" and installed XenServer Cloud Support Package. >I followed all the instructions of the manual.
Hey Sergio - Found a solution yet? I ran into same problem[1] with CS 4.0.1 and XCP 1.1 and looking for answers here. Since I'm on XCP I don't need to install CSP but as per docs[2], ebtables is not enabled by default. I did following to enable it on my hypervisors but no luck: modprobe ebtables modprobe arp_tables net.bridge.bridge-nf-call-arptables = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 Anyone has got clues how to make security groups working on xenserver(+csp) / xcp? [1] http://pastebin.com/gPTT4Rr4 [2] http://www.xen.org/download/xcp/index_1.1.0.html On Fri, Apr 5, 2013 at 1:02 PM, Sergio Tonani <sergio.ton...@csi.it> wrote: > Hello > during the installation of XenServer host I ran the command > xe-switch-network-backend "bridge" and installed XenServer Cloud > Support > Package. > I followed all the instructions of the manual. > > > > _________________________________________________________________________ > > > > Il 5 aprile 2013 alle 7.56 Geoff Higginbottom > > <geoff.higginbot...@shapeblue.com> ha scritto: > > > Sergio, > > > > > > Did you install the XenServer Cloud Support Package, it's required > if you > > > are using Security Groups on XenServer 6.0.2 > > > > > > Regards > > > > > > Geoff Higginbottom > > > CTO / Cloud Architect > > > > > > D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 > > > 0540<tel:+442036030540>| M: +447968161581<tel:+447968161581> > > > > > > geoff.higginbot...@shapeblue.com<mailto: > geoff.higginbot...@shapeblue.com> > > > |www.shapeblue.com | Twitter:@shapeblue< > https://twitter.com/#!/shapeblue> > > > > > > ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS > > > > > > > > > On 5 Apr 2013, at 06:34, "Jayapal Reddy Uradi" > > > <jayapalreddy.ur...@citrix.com<mailto:jayapalreddy.ur...@citrix.com > >> > > > wrote: > > > > > > Did you run the following command in xenserver as part of host setup > ? > > > xe-switch-network-backend "bridge" > > > > > > Thanks, > > > Jayapal > > > -----Original Message----- > > > From: Ignazio Cassano [mailto:ignaziocass...@gmail.com] > > > Sent: Friday, 5 April 2013 5:35 AM > > > To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>; > > > Sergio Tonani > > > Subject: Re: Problems with Security Groups over CloudStack 4.0.1 with > > > XenServer 6.0.2 and Basic Zone > > > > > > Ciao Sergio, I suggest using Advanced Zones instead of Basic. > > > I do not know very well CS4, but in previous versions Advanced zones > have > > > a lot of features. > > > Ciao > > > Ignazio > > > PS (fammi sapere come questa nuova versione) > > > > > > > > > 2013/4/4 Sergio Tonani <sergio.ton...@csi.it<mailto: > sergio.ton...@csi.it>> > > > > > > Hi all, I am trying CloudStack 4.0.1 with XenServer 6.0.2 in a Basic > > > Zone... > > > Security Groups does not work. > > > I follow all the instructions of the manual. CSP is installed and > host > > > network work in bridge mode. > > > I have another cluster with KVM that work fine. > > > > > > On XenServer host, CS don't write any ebtable's rules neither > > > iptables. On KVM host ebtable and iptables rule are populated > > > correctly. > > > > > > Log file management-server.log show these messages when i create a > new > > > instance in a security group: > > > > > > 2013-04-04 15:02:03,611 WARN [xen.resource.CitrixResourceBase] > > > (DirectAgent-214:null) Host 10.102.90.3 cannot do bridge firewalling > > > 2013-04-04 15:02:03,612 DEBUG [agent.manager.DirectAgentAttache] > > > (DirectAgent-214:null) Seq 8-949355071: Response Received: > > > 2013-04-04 15:02:03,612 DEBUG [agent.transport.Request] > > > (DirectAgent-214:null) > > > Seq 8-949355071: Processing: { Ans: , MgmtId: 218022145849384, via: > 8, > > > Ver: v1, > > > Flags: 110, > > > > > > > [{"SecurityGroupRuleAnswer":{"logSequenceNumber":1,"vmId":13,"reason": > > > "CANNOT_BRIDGE_FIREWALL","result":false,"details":"Host > > > 10.102.90.3 cannot do bridge firewalling","wait":0}}] } > > > 2013-04-04 15:02:03,615 DEBUG > [network.security.SecurityGroupListener] > > > (DirectAgent-214:null) Failed to program rule > > > com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host > > > 10.102.90.3 > > > cannot do bridge firewalling and updated jobs > > > 2013-04-04 15:02:03,615 DEBUG > [network.security.SecurityGroupListener] > > > (DirectAgent-214:null) Not retrying security group rules for vm 13 on > > > failure since host 8 cannot do bridge firewalling > > > 2013-04-04 15:02:03,617 DEBUG > [network.security.SecurityGroupListener] > > > (DirectAgent-214:null) Failed to program rule > > > com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host > > > 10.102.90.3 > > > cannot do bridge firewalling and updated jobs > > > 2013-04-04 15:02:03,617 DEBUG > [network.security.SecurityGroupListener] > > > (DirectAgent-214:null) Not retrying security group rules for vm 13 on > > > failure since host 8 cannot do bridge firewalling > > > > > > Where could I start to troubleshoot SecurityGroups on XenServer? Any > > > suggestions? > > > > > > __________________________________________________________________ > > > Sergio Tonani > > > > > > > > > This email and any attachments to it may be confidential and are > intended > > > solely for the use of the individual to whom it is addressed. Any > views or > > > opinions expressed are solely those of the author and do not > necessarily > > > represent those of Shape Blue Ltd or related companies. If you are > not the > > > intended recipient of this email, you must neither take any action > based > > > upon its contents, nor copy or show it to anyone. Please contact the > > > sender if you believe you have received this email in error. Shape > Blue > > > Ltd is a company incorporated in England & Wales. ShapeBlue Services > India > > > LLP is operated under license from Shape Blue Ltd. ShapeBlue is a > > > registered trademark. > > > __________________________________________________________________ > Sergio Tonani > > CSI Piemonte - DIREZIONE TECNICA INFRASTRUTTURE E TECNOLOGIE - AREA > RISORSE E > SERVIZI > C.so Tazzoli 215 B - 10135 Torino > Tel. +39 011.316.5843 > e-mail: sergio.ton...@csi.it > www.csipiemonte.it > __________________________________________________________________ > Il presente messaggio, corredato degli eventuali allegati, contiene > informazioni da considerarsi strettamente riservate e confidenziali. > Ne è vietato l'uso improprio, la diffusione, la distribuzione o la > riproduzione > da parte di altre persone e/o entità diverse da quelle specificate. > Qualora lo abbiate ricevuto per errore, vi preghiamo di distruggere il > messaggio, comunicando l'errata ricezione tramite il reply all'indirizzo > mittente. > > "A complex system that works is invariably found to have evolved from a > simple > system that worked…A complex system designed from scratch never works and > cannot be patched up to make it work. You have to start over with a > working > simple system." — John Gall in Systemantics: How Systems Really Work and > How > They Fail >
