You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Nux! <nu...@li.nux.ro> on 2014/04/11 17:40:54 UTC
Security Group bug impeding system VMs functionality
Hello,
I'm on 4.3 right now, CentOS6.5 + KVM and SG ADV zone.
What happens is that after a reboot or after disabling a zone, when the
system VMs come back the iptables rules required for their proper
functioning do not get set.
It seems to be happening randomly and it may not be affecting both VMs
(S and V) at the same time.
More info:
http://paste.fedoraproject.org/93567/72307041/
sg log: http://paste.fedoraproject.org/93564/23056713/
The problem always goes away if I stop/start the system VMs; the
required iptables rules get created, eg:
-A s-105-VM -m physdev --physdev-in vnet3 --physdev-is-bridged -j
RETURN
-A s-105-VM -m physdev --physdev-in vnet2 --physdev-is-bridged -j
RETURN
-A s-105-VM -m physdev --physdev-in vnet1 --physdev-is-bridged -j
RETURN
-A s-105-VM -j ACCEPT
-A v-106-VM -m physdev --physdev-in vnet6 --physdev-is-bridged -j
RETURN
-A v-106-VM -m physdev --physdev-in vnet5 --physdev-is-bridged -j
RETURN
-A v-106-VM -j ACCEPT
If someone could have a look at this it'd be great. Let me know if more
info is needed.
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
Re: Security Group bug impeding system VMs functionality
Posted by Nux! <nu...@li.nux.ro>.
On 17.04.2014 09:19, Jayapal Reddy Uradi wrote:
> Hi Nux,
>
> Can you please upload the logs.
> Please add steps to try for reproducing.
>
> Thanks,
> Jayapal
Jayapal,
I can't seem to replicate this any more, not sure what were the
conditions when it happened, though I was doing nothing fancy.
I'll keep playing around with it and if I hit it again I'll get back to
you with logs and more info.
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
Re: Security Group bug impeding system VMs functionality
Posted by Jayapal Reddy Uradi <ja...@citrix.com>.
Hi Nux,
Can you please upload the logs.
Please add steps to try for reproducing.
Thanks,
Jayapal
On 16-Apr-2014, at 9:26 AM, Jayapal Reddy Uradi <ja...@citrix.com> wrote:
> Hi Nux,
>
> The paste links are does not exist.
> Can you please upload the logs again. Also upload rules/logs specific to system rules are not set.
>
>
> Thanks,
> Jayapal
>
> On 11-Apr-2014, at 9:10 PM, Nux! <nu...@li.nux.ro> wrote:
>
>> Hello,
>>
>> I'm on 4.3 right now, CentOS6.5 + KVM and SG ADV zone.
>> What happens is that after a reboot or after disabling a zone, when the system VMs come back the iptables rules required for their proper functioning do not get set.
>> It seems to be happening randomly and it may not be affecting both VMs (S and V) at the same time.
>>
>> More info:
>> http://paste.fedoraproject.org/93567/72307041/
>> sg log: http://paste.fedoraproject.org/93564/23056713/
>>
>> The problem always goes away if I stop/start the system VMs; the required iptables rules get created, eg:
>> -A s-105-VM -m physdev --physdev-in vnet3 --physdev-is-bridged -j RETURN
>> -A s-105-VM -m physdev --physdev-in vnet2 --physdev-is-bridged -j RETURN
>> -A s-105-VM -m physdev --physdev-in vnet1 --physdev-is-bridged -j RETURN
>> -A s-105-VM -j ACCEPT
>> -A v-106-VM -m physdev --physdev-in vnet6 --physdev-is-bridged -j RETURN
>> -A v-106-VM -m physdev --physdev-in vnet5 --physdev-is-bridged -j RETURN
>> -A v-106-VM -j ACCEPT
>>
>>
>> If someone could have a look at this it'd be great. Let me know if more info is needed.
>>
>> Lucian
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
>
Re: Security Group bug impeding system VMs functionality
Posted by Jayapal Reddy Uradi <ja...@citrix.com>.
Hi Nux,
The paste links are does not exist.
Can you please upload the logs again. Also upload rules/logs specific to system rules are not set.
Thanks,
Jayapal
On 11-Apr-2014, at 9:10 PM, Nux! <nu...@li.nux.ro> wrote:
> Hello,
>
> I'm on 4.3 right now, CentOS6.5 + KVM and SG ADV zone.
> What happens is that after a reboot or after disabling a zone, when the system VMs come back the iptables rules required for their proper functioning do not get set.
> It seems to be happening randomly and it may not be affecting both VMs (S and V) at the same time.
>
> More info:
> http://paste.fedoraproject.org/93567/72307041/
> sg log: http://paste.fedoraproject.org/93564/23056713/
>
> The problem always goes away if I stop/start the system VMs; the required iptables rules get created, eg:
> -A s-105-VM -m physdev --physdev-in vnet3 --physdev-is-bridged -j RETURN
> -A s-105-VM -m physdev --physdev-in vnet2 --physdev-is-bridged -j RETURN
> -A s-105-VM -m physdev --physdev-in vnet1 --physdev-is-bridged -j RETURN
> -A s-105-VM -j ACCEPT
> -A v-106-VM -m physdev --physdev-in vnet6 --physdev-is-bridged -j RETURN
> -A v-106-VM -m physdev --physdev-in vnet5 --physdev-is-bridged -j RETURN
> -A v-106-VM -j ACCEPT
>
>
> If someone could have a look at this it'd be great. Let me know if more info is needed.
>
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro