You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Francois Gaudreault <fg...@cloudops.com> on 2013/06/10 19:28:01 UTC
Fwd: Unable to adjust firewall rules on VR since upgrade
Hi,
I posted this on the users mailing list, but didn't get any reply. Maybe
I will get more attention here :)
Let me know if I should open a bug report.
Thanks!
-------- Original Message --------
Subject: Unable to adjust firewall rules on VR since upgrade
Date: Fri, 07 Jun 2013 12:52:42 -0400
From: Francois Gaudreault <fg...@cloudops.com>
Reply-To: fgaudreault@cloudops.com
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
Hi,
Before posting a bug report for this, I am curious to see if anyone else
faced that issue.
We were running on 4.0.0, and we had couple isolated networks (hence
couple VRs) with firewall rules. When we upgraded to 4.1.0, we were not
able to adjust/delete firewall rules for the existing VRs. The error in
the log was:
WARN [network.firewall.FirewallManagerImpl] (Job-Executor-83:job-461)
Failed to apply firewall rules due to
com.cloud.exception.ResourceUnavailableException: Resource
[DataCenter:1] is unreachable: Unable to apply firewall rules on router
at
com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRules(VirtualNetworkApplianceManagerImpl.java:3431)
at
com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyFirewallRules(VirtualNetworkApplianceManagerImpl.java:3287)
at
com.cloud.network.element.VirtualRouterElement.applyFWRules(VirtualRouterElement.java:229)
at
com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:544)
at
com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2344)
at
com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:500)
at
com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(FirewallManagerImpl.java:630)
at
com.cloud.network.firewall.FirewallManagerImpl.revokeFirewallRule(FirewallManagerImpl.java:670)
at
com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
at
com.cloud.network.firewall.FirewallManagerImpl.revokeFirewallRule(FirewallManagerImpl.java:683)
at
org.apache.cloudstack.api.command.user.firewall.DeleteEgressFirewallRuleCmd.execute(DeleteEgressFirewallRuleCmd.java:97)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:162)
at
com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:679)
Thanks!
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect
fgaudreault@cloudops.com
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
Re: Unable to adjust firewall rules on VR since upgrade
Posted by Chiradeep Vittal <Ch...@citrix.com>.
Technically there is no agent running inside the VR. They are all handled
by ssh scripts. But generally, communication problems between the mgmt
server and the dom0 or a stuck (kernel OOM f.e) VR can cause this issue.
On 6/10/13 10:45 AM, "Francois Gaudreault" <fg...@cloudops.com>
wrote:
>Interesting... I can't reproduce it today :S So maybe that was just a
>temporary issue? (I hate those issues!)
>
>What would cause this actually? VR not running? Agent on the VR not
>running?
>
>Thanks!
>
>Francois
>
>On 2013-06-10 1:34 PM, Chiradeep Vittal wrote:
>> Need more logs
>>
>> On 6/10/13 10:28 AM, "Francois Gaudreault" <fg...@cloudops.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I posted this on the users mailing list, but didn't get any reply.
>>>Maybe
>>> I will get more attention here :)
>>>
>>> Let me know if I should open a bug report.
>>>
>>> Thanks!
>>>
>>> -------- Original Message --------
>>> Subject: Unable to adjust firewall rules on VR since upgrade
>>> Date: Fri, 07 Jun 2013 12:52:42 -0400
>>> From: Francois Gaudreault <fg...@cloudops.com>
>>> Reply-To: fgaudreault@cloudops.com
>>> To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
>>>
>>>
>>>
>>> Hi,
>>>
>>> Before posting a bug report for this, I am curious to see if anyone
>>>else
>>> faced that issue.
>>>
>>> We were running on 4.0.0, and we had couple isolated networks (hence
>>> couple VRs) with firewall rules. When we upgraded to 4.1.0, we were
>>>not
>>> able to adjust/delete firewall rules for the existing VRs. The error
>>>in
>>> the log was:
>>> WARN [network.firewall.FirewallManagerImpl] (Job-Executor-83:job-461)
>>> Failed to apply firewall rules due to
>>> com.cloud.exception.ResourceUnavailableException: Resource
>>> [DataCenter:1] is unreachable: Unable to apply firewall rules on router
>>> at
>>>
>>>com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRules(V
>>>ir
>>> tualNetworkApplianceManagerImpl.java:3431)
>>> at
>>>
>>>com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyFirewal
>>>lR
>>> ules(VirtualNetworkApplianceManagerImpl.java:3287)
>>> at
>>>
>>>com.cloud.network.element.VirtualRouterElement.applyFWRules(VirtualRoute
>>>rE
>>> lement.java:229)
>>> at
>>>
>>>com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManage
>>>rI
>>> mpl.java:544)
>>> at
>>>
>>>com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:
>>>23
>>> 44)
>>> at
>>>
>>>com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManage
>>>rI
>>> mpl.java:500)
>>> at
>>>
>>>com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(Firewa
>>>ll
>>> ManagerImpl.java:630)
>>> at
>>>
>>>com.cloud.network.firewall.FirewallManagerImpl.revokeFirewallRule(Firewa
>>>ll
>>> ManagerImpl.java:670)
>>> at
>>>
>>>com.cloud.utils.component.ComponentInstantiationPostProcessor$Intercepto
>>>rD
>>> ispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
>>> at
>>>
>>>com.cloud.network.firewall.FirewallManagerImpl.revokeFirewallRule(Firewa
>>>ll
>>> ManagerImpl.java:683)
>>> at
>>>
>>>org.apache.cloudstack.api.command.user.firewall.DeleteEgressFirewallRule
>>>Cm
>>> d.execute(DeleteEgressFirewallRuleCmd.java:97)
>>> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:162)
>>> at
>>> com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
>>> at
>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>>> at
>>>java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
>>> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
>>> at
>>>
>>>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.jav
>>>a:
>>> 1146)
>>> at
>>>
>>>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
>>>va
>>> :615)
>>> at java.lang.Thread.run(Thread.java:679)
>>>
>>> Thanks!
>>>
>>> --
>>> Francois Gaudreault
>>> Architecte de Solution Cloud | Cloud Solutions Architect
>>> fgaudreault@cloudops.com
>>> 514-629-6775
>>> - - -
>>> CloudOps
>>> 420 rue Guy
>>> Montréal QC H3J 1S6
>>> www.cloudops.com
>>> @CloudOps_
>>>
>>>
>>>
>>
>>
>
>
>--
>Francois Gaudreault
>Architecte de Solution Cloud | Cloud Solutions Architect
>fgaudreault@cloudops.com
>514-629-6775
>- - -
>CloudOps
>420 rue Guy
>Montréal QC H3J 1S6
>www.cloudops.com
>@CloudOps_
>
Re: Unable to adjust firewall rules on VR since upgrade
Posted by Francois Gaudreault <fg...@cloudops.com>.
Interesting... I can't reproduce it today :S So maybe that was just a
temporary issue? (I hate those issues!)
What would cause this actually? VR not running? Agent on the VR not
running?
Thanks!
Francois
On 2013-06-10 1:34 PM, Chiradeep Vittal wrote:
> Need more logs
>
> On 6/10/13 10:28 AM, "Francois Gaudreault" <fg...@cloudops.com>
> wrote:
>
>> Hi,
>>
>> I posted this on the users mailing list, but didn't get any reply. Maybe
>> I will get more attention here :)
>>
>> Let me know if I should open a bug report.
>>
>> Thanks!
>>
>> -------- Original Message --------
>> Subject: Unable to adjust firewall rules on VR since upgrade
>> Date: Fri, 07 Jun 2013 12:52:42 -0400
>> From: Francois Gaudreault <fg...@cloudops.com>
>> Reply-To: fgaudreault@cloudops.com
>> To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
>>
>>
>>
>> Hi,
>>
>> Before posting a bug report for this, I am curious to see if anyone else
>> faced that issue.
>>
>> We were running on 4.0.0, and we had couple isolated networks (hence
>> couple VRs) with firewall rules. When we upgraded to 4.1.0, we were not
>> able to adjust/delete firewall rules for the existing VRs. The error in
>> the log was:
>> WARN [network.firewall.FirewallManagerImpl] (Job-Executor-83:job-461)
>> Failed to apply firewall rules due to
>> com.cloud.exception.ResourceUnavailableException: Resource
>> [DataCenter:1] is unreachable: Unable to apply firewall rules on router
>> at
>> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRules(Vir
>> tualNetworkApplianceManagerImpl.java:3431)
>> at
>> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyFirewallR
>> ules(VirtualNetworkApplianceManagerImpl.java:3287)
>> at
>> com.cloud.network.element.VirtualRouterElement.applyFWRules(VirtualRouterE
>> lement.java:229)
>> at
>> com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerI
>> mpl.java:544)
>> at
>> com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:23
>> 44)
>> at
>> com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerI
>> mpl.java:500)
>> at
>> com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(Firewall
>> ManagerImpl.java:630)
>> at
>> com.cloud.network.firewall.FirewallManagerImpl.revokeFirewallRule(Firewall
>> ManagerImpl.java:670)
>> at
>> com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorD
>> ispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
>> at
>> com.cloud.network.firewall.FirewallManagerImpl.revokeFirewallRule(Firewall
>> ManagerImpl.java:683)
>> at
>> org.apache.cloudstack.api.command.user.firewall.DeleteEgressFirewallRuleCm
>> d.execute(DeleteEgressFirewallRuleCmd.java:97)
>> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:162)
>> at
>> com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
>> at
>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
>> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
>> 1146)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
>> :615)
>> at java.lang.Thread.run(Thread.java:679)
>>
>> Thanks!
>>
>> --
>> Francois Gaudreault
>> Architecte de Solution Cloud | Cloud Solutions Architect
>> fgaudreault@cloudops.com
>> 514-629-6775
>> - - -
>> CloudOps
>> 420 rue Guy
>> Montréal QC H3J 1S6
>> www.cloudops.com
>> @CloudOps_
>>
>>
>>
>
>
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect
fgaudreault@cloudops.com
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
Re: Unable to adjust firewall rules on VR since upgrade
Posted by Chiradeep Vittal <Ch...@citrix.com>.
Need more logs
On 6/10/13 10:28 AM, "Francois Gaudreault" <fg...@cloudops.com>
wrote:
>Hi,
>
>I posted this on the users mailing list, but didn't get any reply. Maybe
>I will get more attention here :)
>
>Let me know if I should open a bug report.
>
>Thanks!
>
>-------- Original Message --------
>Subject: Unable to adjust firewall rules on VR since upgrade
>Date: Fri, 07 Jun 2013 12:52:42 -0400
>From: Francois Gaudreault <fg...@cloudops.com>
>Reply-To: fgaudreault@cloudops.com
>To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
>
>
>
>Hi,
>
>Before posting a bug report for this, I am curious to see if anyone else
>faced that issue.
>
>We were running on 4.0.0, and we had couple isolated networks (hence
>couple VRs) with firewall rules. When we upgraded to 4.1.0, we were not
>able to adjust/delete firewall rules for the existing VRs. The error in
>the log was:
>WARN [network.firewall.FirewallManagerImpl] (Job-Executor-83:job-461)
>Failed to apply firewall rules due to
>com.cloud.exception.ResourceUnavailableException: Resource
>[DataCenter:1] is unreachable: Unable to apply firewall rules on router
> at
>com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRules(Vir
>tualNetworkApplianceManagerImpl.java:3431)
> at
>com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyFirewallR
>ules(VirtualNetworkApplianceManagerImpl.java:3287)
> at
>com.cloud.network.element.VirtualRouterElement.applyFWRules(VirtualRouterE
>lement.java:229)
> at
>com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerI
>mpl.java:544)
> at
>com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:23
>44)
> at
>com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerI
>mpl.java:500)
> at
>com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(Firewall
>ManagerImpl.java:630)
> at
>com.cloud.network.firewall.FirewallManagerImpl.revokeFirewallRule(Firewall
>ManagerImpl.java:670)
> at
>com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorD
>ispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at
>com.cloud.network.firewall.FirewallManagerImpl.revokeFirewallRule(Firewall
>ManagerImpl.java:683)
> at
>org.apache.cloudstack.api.command.user.firewall.DeleteEgressFirewallRuleCm
>d.execute(DeleteEgressFirewallRuleCmd.java:97)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:162)
> at
>com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
> at
>java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at
>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
>1146)
> at
>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
>:615)
> at java.lang.Thread.run(Thread.java:679)
>
>Thanks!
>
>--
>Francois Gaudreault
>Architecte de Solution Cloud | Cloud Solutions Architect
>fgaudreault@cloudops.com
>514-629-6775
>- - -
>CloudOps
>420 rue Guy
>Montréal QC H3J 1S6
>www.cloudops.com
>@CloudOps_
>
>
>