Hi,
Initially after I installed a very basic CloudStack 4.7 setup with CentOS 7. I could see the secondary storage with capacity. But after a while which I'm not sure how long, I couldn't see it. I tried ssh into the Secondary Storage VM, used ssvm_check.sh to check status, and found DNS resolve was not working. I also checked iptable rules, and it seemed not right here. And more the list was increasing with time. I'm not sure if this is the root cause of secondary storage failure, but it definitely not right. root@s-2-VM:~# /usr/local/cloud/systemvm/ssvm-check.sh ================================================ First DNS server is 10.1.0.11 PING 10.1.0.11 (10.1.0.11): 48 data bytes 56 bytes from 10.1.0.11: icmp_seq=0 ttl=127 time=91.364 ms 56 bytes from 10.1.0.11: icmp_seq=1 ttl=127 time=0.694 ms --- 10.1.0.11 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.694/46.029/91.364/45.335 ms Good: Can ping DNS server ================================================ ERROR: DNS not resolving download.cloud.com resolv.conf follows nameserver 10.1.0.11 nameserver 10.1.0.16 nameserver 10.1.0.11 nameserver 10.1.0.16 root@s-2-VM:~# iptables --list Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere tcp dpt:10086 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP icmp -- anywhere anywhere icmp timestamp-request ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable Chain HTTP (0 references) target prot opt source destination Best regards, Rui Mao