You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Jayapal Reddy (JIRA)" <ji...@apache.org> on 2013/07/25 12:15:49 UTC
[jira] [Commented] (CLOUDSTACK-2933) [VPC][VMware]Unable to login
to VM using the LB configured public IP.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13719473#comment-13719473 ]
Jayapal Reddy commented on CLOUDSTACK-2933:
-------------------------------------------
This issue is not reproduced in my setup.
Followed the same steps mentioned in the bug.
root@r-3-QA:~# iptables -L -nv
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
30 2536 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
11 1473 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
204 12240 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3922
4777 679K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 1312 ACCEPT udp -- eth2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
12 770 ACCEPT udp -- eth2 * 0.0.0.0/0 192.168.1.1 udp dpt:53
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 192.168.1.1 tcp dpt:53
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 192.168.1.1 state NEW tcp dpt:80
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 192.168.1.1 state NEW tcp dpt:8080
2 128 load_balancer tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 lb_stats tcp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 NETWORK_STATS_eth1 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 192.168.0.0/16 !192.168.0.0/16
0 0 ACL_INBOUND_eth2 all -- * eth2 0.0.0.0/0 192.168.1.0/24
Chain OUTPUT (policy ACCEPT 1415 packets, 103K bytes)
pkts bytes target prot opt in out source destination
Chain ACL_INBOUND_eth2 (2 references)
pkts bytes target prot opt in out source destination
2 128 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain NETWORK_STATS_eth1 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * eth1 192.168.0.0/16 0.0.0.0/0
0 0 all -- eth1 * 0.0.0.0/0 192.168.0.0/16
Chain lb_stats (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.52.112 tcp dpt:8081
Chain load_balancer (1 references)
pkts bytes target prot opt in out source destination
2 128 ACL_INBOUND_eth2 tcp -- * * 0.0.0.0/0 10.147.52.113 tcp dpt:22
root@r-3-QA:~#
root@r-3-QA:~# cat /etc/haproxy/haproxy.cfg
global
log 127.0.0.1:3914 local0 warning
maxconn 4096
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option dontlognull
retries 3
option redispatch
option forwardfor
option forceclose
timeout connect 5000
timeout client 50000
timeout server 50000
listen stats_on_public 10.147.52.112:8081
mode http
option httpclose
stats enable
stats uri /admin?stats
stats realm Haproxy\ Statistics
stats auth admin1:AdMiN123
listen 10_147_52_113-22 10.147.52.113:22
balance roundrobin
server 10_147_52_113-22_0 192.168.1.26:22 check
[root@nfs1 ~]# ssh 10.147.52.113
root@10.147.52.113's password:
Last login: Thu Jul 25 06:03:48 2013 from 192.168.1.1
[root@v1t1 ~]# ls
anaconda-ks.cfg install.log install.log.syslog
> [VPC][VMware]Unable to login to VM using the LB configured public IP.
> ----------------------------------------------------------------------
>
> Key: CLOUDSTACK-2933
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2933
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Network Controller
> Affects Versions: 4.2.0
> Reporter: manasaveloori
> Assignee: Venkata Siva Vijayendra Bhamidipati
> Priority: Critical
> Fix For: 4.2.0
>
>
> Steps:
> 1. Have a CS with advanced zone and VMware host.
> 2. Create a VPC and a tier.
> 3. Deploy a VM on the tier .
> 4. Apply allow_all ACL to the tier network
> 5. Acquire a public Ip and define a LB rule on port 22.
> 6. SSH to the VM using the public IP on which LB is defined.
> Observations:
> Unable to do SSH to VM:
> The LB rule is configured in the router under /etc/haproxy/haproxy.cfg.
> root@r-3-VM:/var/log# vi /etc/haproxy/haproxy.cfg
> global
> log 127.0.0.1:3914 local0 warning
> maxconn 4096
> chroot /var/lib/haproxy
> user haproxy
> group haproxy
> daemon
> defaults
> log global
> mode tcp
> option dontlognull
> retries 3
> option redispatch
> option forwardfor
> option forceclose
> timeout connect 5000
> timeout client 50000
> timeout server 50000
> listen stats_on_public 10.147.47.5:8081
> mode http
> option httpclose
> stats enable
> stats uri /admin?stats
> stats realm Haproxy\ Statistics
> stats auth admin1:AdMiN123
> listen 10_147_47_60-22 10.147.47.60:22
> balance roundrobin
> server 10_147_47_60-22_0 10.0.1.249:22 check
> root@r-3-VM:~# iptables -L -nv
> Chain INPUT (policy DROP 73 packets, 6206 bytes)
> pkts bytes target prot opt in out source destination
> 15 872 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 LOG flags 0 level 4 prefix "**********************swamy**"
> 6127 446K NETWORK_STATS all -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
> 0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
> 41 2460 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3922
> 5996 436K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT udp -- eth2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
> 11 809 ACCEPT udp -- eth2 * 0.0.0.0/0 10.0.1.1 udp dpt:53
> 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 10.0.1.1 tcp dpt:53
> 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 10.0.1.1 state NEW tcp dpt:80
> 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 10.0.1.1 state NEW tcp dpt:8080
> 0 0 ACCEPT udp -- eth3 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
> 6 456 ACCEPT udp -- eth3 * 0.0.0.0/0 10.0.2.1 udp dpt:53
> 0 0 ACCEPT tcp -- eth3 * 0.0.0.0/0 10.0.2.1 tcp dpt:53
> 0 0 ACCEPT tcp -- eth3 * 0.0.0.0/0 10.0.2.1 state NEW tcp dpt:80
> 0 0 ACCEPT tcp -- eth3 * 0.0.0.0/0 10.0.2.1 state NEW tcp dpt:8080
> 0 0 load_balancer_eth0 tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
> 0 0 load_balancer_eth2 tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0
> 0 0 load_balancer_eth3 tcp -- eth3 * 0.0.0.0/0 0.0.0.0/0
> 15 872 lb_stats tcp -- * * 0.0.0.0/0 0.0.0.0/0
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 118 28242 NETWORK_STATS_eth1 all -- * * 0.0.0.0/0 0.0.0.0/0
> 118 28242 NETWORK_STATS all -- * * 0.0.0.0/0 0.0.0.0/0
> 113 27942 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 4 240 ACCEPT all -- * * 10.0.0.0/16 !10.0.0.0/16
> 0 0 ACL_INBOUND_eth3 all -- * eth3 0.0.0.0/0 10.0.2.0/24
> 1 60 ACL_INBOUND_eth2 all -- * eth2 0.0.0.0/0 10.0.1.0/24
> Chain OUTPUT (policy ACCEPT 7639 packets, 575K bytes)
> pkts bytes target prot opt in out source destination
> 7639 575K NETWORK_STATS all -- * * 0.0.0.0/0 0.0.0.0/0
> Chain ACL_INBOUND_eth2 (1 references)
> pkts bytes target prot opt in out source destination
> 1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:65535
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> Chain ACL_INBOUND_eth3 (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> Chain NETWORK_STATS (3 references)
> pkts bytes target prot opt in out source destination
> 0 0 all -- eth0 eth2 0.0.0.0/0 0.0.0.0/0
> 0 0 all -- eth2 eth0 0.0.0.0/0 0.0.0.0/0
> 6108 321K tcp -- !eth0 eth2 0.0.0.0/0 0.0.0.0/0
> 4593 284K tcp -- eth2 !eth0 0.0.0.0/0 0.0.0.0/0
> Chain NETWORK_STATS_eth1 (1 references)
> pkts bytes target prot opt in out source destination
> 63 7041 all -- * eth1 10.0.0.0/16 0.0.0.0/0
> 55 21201 all -- eth1 * 0.0.0.0/0 10.0.0.0/16
> Chain lb_stats (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.5 state NEW tcp dpt:8081
> Chain load_balancer_eth0 (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.60 tcp dpt:22
> Chain load_balancer_eth2 (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.60 tcp dpt:22
> Chain load_balancer_eth3 (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.60 tcp dpt:22
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira