Hello, I have done some more testing with the VPC network tiers and it seems that the Static NAT is indeed causing connectivity issues. Here is what I've done:
Setup 1. I have created two test network tiers with one guest vm in each tier. Static NAT is NOT enabled. Each VM has a port forwarding rule (port 22) from its dedicated public IP address. ACLs have been setup to allow traffic on port 22 from the private ip addresses on each network tier. 1. ACLs seems to work just fine. traffic between the networks flows according to the rules. both vms can see each other's private IPs and can ping/ssh/etc 2. From the Internet hosts can access vms on port 22 4. The vms can also access each other and itself on their public IPs. I don't think this worked before, but could be wrong. Setup 2. Everything the same as Setup 1, but one public IP address has been setup as Static NAT to one guest vm. the second guest vm and second public IP remained unchanged. 1. ACLs stopped working correctly (see below) 2. From the Internet hosts can access vms on port 22, including the Static NAT vm 3. Other guest vms can access the Static NAT vm using private & public IP addresses 4. Static NAT vm can NOT access other vms neither using public nor private IPs 5. Static NAT vm can access the internet hosts (apart from the public IP range belonging to the cloudstack setup) The above behaviour of Setup 2 scenarios is very strange, especially points 4 & 5. Any thoughts anyone? Cheers ----- Original Message ----- > From: "Rohit Yadav" <rohit.ya...@shapeblue.com> > To: "users" <users@cloudstack.apache.org> > Sent: Thursday, 12 April, 2018 12:06:54 > Subject: Re: Upgrade from ACS 4.9.3 to 4.11.0 > Hi Andrei, > > > Thanks for sharing, yes the egress thing is a known issue which is caused due > to > failure during VR setup to create egress table. By performing a restart of the > network (without cleanup option selected), the egress table gets created and > rules are successfully applied. > > > The issue has been fixed in the vr downtime pr: > > https://github.com/apache/cloudstack/pull/2508 > > > - Rohit > > <https://cloudstack.apache.org> > > > > ________________________________ > From: Andrei Mikhailovsky <and...@arhont.com.INVALID> > Sent: Tuesday, April 3, 2018 3:33:43 PM > To: users > Subject: Re: Upgrade from ACS 4.9.3 to 4.11.0 > > Rohit, > > Following the update from 4.9.3 to 4.11.0, I would like to comment on a few > things: > > 1. The upgrade went well, a part from the cloudstack-management server startup > issue that I've described in my previous email. > 2. there was an issue with the virtual router template upgrade. The issue is > described below: > > VR template upgrade issue: > > After updating the systemvm template I went onto the Infrastructure > Virtual > Routers and selected the Update template option for each virtual router. The > virtual routers were updated successfully using the new templates. However, > this has broken ALL Egress rules on all networks and none of the guest vms. > Port forwarding / incoming rules were working just fine. Removal and addition > of Egress rules did not fix the issue. To fix the issue I had to restart each > of the networks with the Clean up option ticked. > > > Cheers > > Andrei > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > ----- Original Message ----- >> From: "Andrei Mikhailovsky" <and...@arhont.com.INVALID> >> To: "users" <users@cloudstack.apache.org> >> Sent: Monday, 2 April, 2018 21:44:27 >> Subject: Re: Upgrade from ACS 4.9.3 to 4.11.0 > >> Hi Rohit, >> >> Following some further investigation it seems that the installation packages >> replaced the following file: >> >> /etc/default/cloudstack-management >> >> with >> >> /etc/default/cloudstack-management.dpkg-dist >> >> >> Thus, the management server couldn't load the env variables and thus was >> unable >> to start. >> >> I've put the file back and the management server is able to start. >> >> I will let you know if there are any other issues/problems. >> >> Cheers >> >> Andrei >> >> >> >> ----- Original Message ----- >>> From: "Andrei Mikhailovsky" <and...@arhont.com.INVALID> >>> To: "users" <users@cloudstack.apache.org> >>> Sent: Monday, 2 April, 2018 20:58:59 >>> Subject: Re: Upgrade from ACS 4.9.3 to 4.11.0 >> >>> Hi Rohit, >>> >>> I have just upgraded and having issues starting the service with the >>> following >>> error: >>> >>> >>> Apr 02 20:56:37 ais-cloudhost13 systemd[1]: cloudstack-management.service: >>> Failed to load environment files: No such file or directory >>> Apr 02 20:56:37 ais-cloudhost13 systemd[1]: cloudstack-management.service: >>> Failed to run 'start-pre' task: No such file or directory >>> Apr 02 20:56:37 ais-cloudhost13 systemd[1]: Failed to start CloudStack >>> Management Server. >>> -- Subject: Unit cloudstack-management.service has failed >>> -- Defined-By: systemd >>> >>> Cheers >>> >>> Andrei >>> >>> ----- Original Message ----- >>>> From: "Rohit Yadav" <rohit.ya...@shapeblue.com> >>>> To: "users" <users@cloudstack.apache.org> >>>> Sent: Friday, 30 March, 2018 19:17:48 >>>> Subject: Re: Upgrade from ACS 4.9.3 to 4.11.0 >>> >>>> Some of the upgrade and minor issues have been fixed and will make their >>>> way >>>> into 4.11.1.0. You're welcome to upgrade and share your feedback, but bear >>>> in >>>> mind due to some changes a new/updated systemvmtemplate need to be issued >>>> for >>>> 4.11.1.0 (it will be compatible for both 4.11.0.0 and 4.11.1.0 releases, >>>> but >>>> 4.11.0.0 users will have to register that new template). >>>> >>>> >>>> >>>> - Rohit >>>> >>>> <https://cloudstack.apache.org> >>>> >>>> >>>> >>>> ________________________________ >>>> From: Andrei Mikhailovsky <and...@arhont.com.INVALID> >>>> Sent: Friday, March 30, 2018 11:00:34 PM >>>> To: users >>>> Subject: Upgrade from ACS 4.9.3 to 4.11.0 >>>> >>>> Hello, >>>> >>>> My current infrastructure is ACS 4.9.3 with KVM based on Ubuntu 16.04 >>>> servers >>>> for the KVM hosts and the management server. >>>> >>>> I am planning to perform an upgrade from ACS 4.9.3 to 4.11.0 and was >>>> wondering >>>> if anyone had any issues during the upgrades? Anything to watch out for? >>>> >>>> I have previously seen issues with upgrading to 4.10, which required some >>>> manual >>>> db updates from what I recall. Has this issue been fixed in the 4.11 >>>> upgrade >>>> process? >>>> >>>> thanks >>>> >>>> Andrei >>>> >>>> rohit.ya...@shapeblue.com >>>> www.shapeblue.com<http://www.shapeblue.com> >>>> 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > > > @shapeblue
