Possible bug in migrating VMs with advanced using security groups ?

Fri, 18 Jan 2019 07:13:22 -0800 

Don't know whether this is a bug or to do wit setup -

CS 4.11.2

1 x manager, 3 x compute nodes runnning Advanced with security groups.

VM (internal name i-2-29-VM)  - is created and works fine with default security 
group allowing inbound SSH and ICMP echo request.

Migrate the VM to another of the compute nodes and the VM migrate and from the 
proxy console the VM can connect out but the default security group inbound is 
not copied across the compute node.   The 
/var/log/cloudstack/agent/security_group.log shows on the compute node the VM 
has migrated to -

2019-01-18 14:54:25,724 - Ignoring failure to delete ebtables chain for vm 
i-2-29-VM
2019-01-18 14:54:25,724 - ebtables -t nat -F i-2-29-VM-out
2019-01-18 14:54:25,730 - Ignoring failure to delete ebtables chain for vm 
i-2-29-VM
2019-01-18 14:54:25,730 - ebtables -t nat -F i-2-29-VM-in-ips
2019-01-18 14:54:25,735 - Ignoring failure to delete ebtables chain for vm 
i-2-29-VM
2019-01-18 14:54:25,735 - ebtables -t nat -F i-2-29-VM-out-ips
2019-01-18 14:54:25,740 - Ignoring failure to delete ebtables chain for vm 
i-2-29-VM
2019-01-18 14:54:25,741 - iptables -N i-2-29-VM
2019-01-18 14:54:25,745 - ip6tables -N i-2-29-VM
2019-01-18 14:54:25,749 - iptables -N i-2-29-VM-eg
2019-01-18 14:54:25,753 - ip6tables -N i-2-29-VM-eg
2019-01-18 14:54:25,758 - iptables -N i-2-29-def
2019-01-18 14:54:25,763 - ip6tables -N i-2-29-def
2019-01-18 14:54:25,767 - Creating ipset chain .... i-2-29-VM
2019-01-18 14:54:25,768 - ipset -F i-2-29-VM
2019-01-18 14:54:25,772 - ipset chain not exists creating.... i-2-29-VM
2019-01-18 14:54:25,772 - ipset -N i-2-29-VM iphash family inet
2019-01-18 14:54:25,777 - vm ip 172.30.6.60
2019-01-18 14:54:25,777 - ipset -A i-2-29-VM 172.30.6.60
2019-01-18 14:54:25,782 - Failed to network rule !
Traceback (most recent call last):
  File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py", 
line 995, in add_network_rules
    default_network_rules(vmName, vm_id, vm_ip, vm_ip6, vmMac, vif, brname, 
sec_ips)
  File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py", 
line 490, in default_network_rules
    if ips[0] == "0":
IndexError: list index out of range


Jon

Reply via email to