You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "manasaveloori (JIRA)" <ji...@apache.org> on 2013/06/11 13:00:21 UTC
[jira] [Created] (CLOUDSTACK-2933) [VPC][VMware]Unable to login to
VM using the LB configured public IP.
manasaveloori created CLOUDSTACK-2933:
-----------------------------------------
Summary: [VPC][VMware]Unable to login to VM using the LB configured public IP.
Key: CLOUDSTACK-2933
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2933
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Network Controller
Affects Versions: 4.2.0
Reporter: manasaveloori
Priority: Critical
Fix For: 4.2.0
Steps:
1. Have a CS with advanced zone and VMware host.
2. Create a VPC and a tier.
3. Deploy a VM on the tier .
4. Apply allow_all ACL to the tier network
5. Acquire a public Ip and define a LB rule on port 22.
6. SSH to the VM using the public IP on which LB is defined.
Observations:
Unable to do SSH to VM:
The LB rule is configured in the router under /etc/haproxy/haproxy.cfg.
root@r-3-VM:/var/log# vi /etc/haproxy/haproxy.cfg
global
log 127.0.0.1:3914 local0 warning
maxconn 4096
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option dontlognull
retries 3
option redispatch
option forwardfor
option forceclose
timeout connect 5000
timeout client 50000
timeout server 50000
listen stats_on_public 10.147.47.5:8081
mode http
option httpclose
stats enable
stats uri /admin?stats
stats realm Haproxy\ Statistics
stats auth admin1:AdMiN123
listen 10_147_47_60-22 10.147.47.60:22
balance roundrobin
server 10_147_47_60-22_0 10.0.1.249:22 check
root@r-3-VM:~# iptables -L -nv
Chain INPUT (policy DROP 73 packets, 6206 bytes)
pkts bytes target prot opt in out source destination
15 872 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 LOG flags 0 level 4 prefix "**********************swamy**"
6127 446K NETWORK_STATS all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
41 2460 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3922
5996 436K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- eth2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
11 809 ACCEPT udp -- eth2 * 0.0.0.0/0 10.0.1.1 udp dpt:53
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 10.0.1.1 tcp dpt:53
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 10.0.1.1 state NEW tcp dpt:80
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 10.0.1.1 state NEW tcp dpt:8080
0 0 ACCEPT udp -- eth3 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
6 456 ACCEPT udp -- eth3 * 0.0.0.0/0 10.0.2.1 udp dpt:53
0 0 ACCEPT tcp -- eth3 * 0.0.0.0/0 10.0.2.1 tcp dpt:53
0 0 ACCEPT tcp -- eth3 * 0.0.0.0/0 10.0.2.1 state NEW tcp dpt:80
0 0 ACCEPT tcp -- eth3 * 0.0.0.0/0 10.0.2.1 state NEW tcp dpt:8080
0 0 load_balancer_eth0 tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 load_balancer_eth2 tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 load_balancer_eth3 tcp -- eth3 * 0.0.0.0/0 0.0.0.0/0
15 872 lb_stats tcp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
118 28242 NETWORK_STATS_eth1 all -- * * 0.0.0.0/0 0.0.0.0/0
118 28242 NETWORK_STATS all -- * * 0.0.0.0/0 0.0.0.0/0
113 27942 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 240 ACCEPT all -- * * 10.0.0.0/16 !10.0.0.0/16
0 0 ACL_INBOUND_eth3 all -- * eth3 0.0.0.0/0 10.0.2.0/24
1 60 ACL_INBOUND_eth2 all -- * eth2 0.0.0.0/0 10.0.1.0/24
Chain OUTPUT (policy ACCEPT 7639 packets, 575K bytes)
pkts bytes target prot opt in out source destination
7639 575K NETWORK_STATS all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ACL_INBOUND_eth2 (1 references)
pkts bytes target prot opt in out source destination
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:65535
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ACL_INBOUND_eth3 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain NETWORK_STATS (3 references)
pkts bytes target prot opt in out source destination
0 0 all -- eth0 eth2 0.0.0.0/0 0.0.0.0/0
0 0 all -- eth2 eth0 0.0.0.0/0 0.0.0.0/0
6108 321K tcp -- !eth0 eth2 0.0.0.0/0 0.0.0.0/0
4593 284K tcp -- eth2 !eth0 0.0.0.0/0 0.0.0.0/0
Chain NETWORK_STATS_eth1 (1 references)
pkts bytes target prot opt in out source destination
63 7041 all -- * eth1 10.0.0.0/16 0.0.0.0/0
55 21201 all -- eth1 * 0.0.0.0/0 10.0.0.0/16
Chain lb_stats (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.5 state NEW tcp dpt:8081
Chain load_balancer_eth0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.60 tcp dpt:22
Chain load_balancer_eth2 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.60 tcp dpt:22
Chain load_balancer_eth3 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.60 tcp dpt:22
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira