We've had the same issues and besides maintaining the iptables rules manually (not realistic when everything else is so dynamic), our fix too was turning off the iptables on the XS hosts. On top of that you have to run some type of check the ensure that they remain off because many things that you do in CS will trigger iptables to start back up and suddenly start blocking traffic.
Ours didn't start happening until we started adding multiple zones. Not sure if that was the trigger but that's when we started seeing these problems. Since ours was just for our test/dev environments internally we didn't care too much about the security groups functionality that the iptables would provide, we have physical firewalls everywhere. On Jul 18, 2013, at 3:56 PM, Carlos Reategui <car...@reategui.com> wrote: > I had problems with a XS6.0.2 + CS4.0.1 with Basic network that were > "solved" by turning off iptables on the XS hosts. > > > On Thu, Jul 18, 2013 at 2:43 PM, Bradley Hieber <mercsni...@gmail.com>wrote: > >> Iptables are turned off on management server. Ssvm is running on another >> machine. >> — >> Sent from Mailbox for iPhone >> >> On Thu, Jul 18, 2013 at 5:28 PM, Mir Islam <mis...@mirislam.com> wrote: >> >>> ok, but it is clear that the ssvm is not able to mount the secondary >> storage. What is in the iptables on the host (I assume it is the management >> server as well) ? >>> On Jul 18, 2013, at 1:03 PM, Bradley Hieber wrote: >>>> this is a POC environment. Everything is running on a 192.168.2.0/24with a >>>> SOHO acting as DNS and gateway. >>>> >>>> >>>> On Thu, Jul 18, 2013 at 4:01 PM, Mir Islam <mis...@mirislam.com> wrote: >>>> >>>>> Looks like your network is not probably setup correctly. What is your >>>>> topology looking like? >>>>> >>>>> >>>>> On Jul 18, 2013, at 12:38 PM, Bradley Hieber wrote: >>>>> >>>>>> http://pastebin.com/gdTdGGBu >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Jul 18, 2013 at 2:57 PM, Bradley Hieber <mercsni...@gmail.com >>>>>> wrote: >>>>>> >>>>>>> No mount on /mnt/SecStorage >>>>>>> — >>>>>>> Sent from Mailbox <https://www.dropbox.com/mailbox> for iPhone >>>>>>> >>>>>>> >>>>>>> On Thu, Jul 18, 2013 at 2:46 PM, Dean Kamali <dean.kam...@gmail.com >>>>>> wrote: >>>>>>> >>>>>>>> Okay, can you open up the proxy console of your SSVM? >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Jul 18, 2013 at 2:42 PM, Mir Islam <mis...@mirislam.com> >>>>> wrote: >>>>>>>> >>>>>>>>> Try to mount your secondary storage NFS mount point from within the >>>>>>>> SSVM. >>>>>>>>> There maybe some firewall rule preventing it from mounting the >>>>> storage. >>>>>>>>> Find the link local IP of the SSVM and ssh into it on port 3922 >> using >>>>>>>>> identity under /root/.ssh/id_rsa.cloud from your host machine. >> Then do >>>>>>>> a df >>>>>>>>> to see if the storage on /mnt/SecStorage shows up or not. >>>>>>>>> >>>>>>>>> On Jul 18, 2013, at 11:36 AM, Bradley Hieber wrote: >>>>>>>>> >>>>>>>>>> they show as running in the Infrastructure-> System VM's area, but >>>>>>>> the >>>>>>>>>> management logs say there is none >>>>>>>>>> >>>>>>>>>> 2013-07-18 14:35:37,814 DEBUG >>>>>>>>>> [storage.secondary.SecondaryStorageManagerImpl] >> (secstorage-1:null) >>>>>>>> Zone >>>>>>>>> 1 >>>>>>>>>> is ready to launch secondary storage VM >>>>>>>>>> 2013-07-18 14:35:38,704 DEBUG >>>>>>>>> [cloud.consoleproxy.ConsoleProxyManagerImpl] >>>>>>>>>> (consoleproxy-1:null) Zone 1 is ready to launch console proxy >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, Jul 18, 2013 at 2:35 PM, Dean Kamali < >> dean.kam...@gmail.com> >>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Did you enable your zone? If so, system VMS should get >> automatically >>>>>>>>>>> deployed >>>>>>>>>>> On Jul 18, 2013 2:33 PM, "Bradley Hieber" <mercsni...@gmail.com> >>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> So I have the following: >>>>>>>>>>>> ID a54fae18-ef07-11e2-b49d-000c293c698f Zone name Red Zone ID >>>>>>>>>>>> 8f59e824-a9f1-4acd-8a5c-f68ea9ced479 Description SystemVM >> Template >>>>>>>>>>>> (XenServer) Hypervisor XenServer Type SYSTEM Ready Yes Status >>>>>>>> Download >>>>>>>>>>>> Complete But I can't deploy and instance from it...thoughts? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Thu, Jul 18, 2013 at 2:29 PM, Dean Kamali < >>>>> dean.kam...@gmail.com> >>>>>>>> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> From the UI, go to templates, then you will find System VM >>>>>>>> template, >>>>>>>>>>>> click >>>>>>>>>>>>> on it, and you should see a progress bar for download, or >> errors >>>>>>>> if >>>>>>>>>>> there >>>>>>>>>>>>> is an issue. >>>>>>>>>>>>> >>>>>>>>>>>>> If all goes well, you should see "successfully installed" or >>>>>>>> "Ready" >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Thu, Jul 18, 2013 at 2:26 PM, Bradley Hieber < >>>>>>>> mercsni...@gmail.com >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> How do you know if the secondary storage vm is downloading the >>>>>>>> CentOS >>>>>>>>>>>>>> template? I am seeing the following even though my SSVM is >>>>>>>>>>> running.... >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2013-07-18 14:26:07,813 DEBUG >>>>>>>>>>>>>> [storage.secondary.SecondaryStorageManagerImpl] >>>>>>>> (secstorage-1:null) >>>>>>>>>>>> Zone >>>>>>>>>>>>> 1 >>>>>>>>>>>>>> is ready to launch secondary storage VM >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Brad >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Brad >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Brad >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Brad >>>>> >>>>> >>>> >>>> >>>> -- >>>> Brad >>
