You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Daan Hoogland <da...@gmail.com> on 2013/08/08 13:13:25 UTC
anyone please: firewall rules application
I feel I am on a ghost hunt.
On Thu, Aug 8, 2013 at 10:32 AM, Daan Hoogland <da...@gmail.com> wrote:
> H,
>
> I noted that in some of the 4.1 versions I have been testing setting a
> firewall rule fails. This seems to be when a router is not fully
> initialized, is it?
>
> the stack trace seems to reflect this, but the error message just says
> "Failed to create firewall rule" or "Failed to delete firewall rule"
>
> com.cloud.exception.ResourceUnavailableException: Resource
> [DataCenter:1] is unreachable: Unable to apply ip association, virtual
> router is not in the right state
> at com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRules(VirtualNetworkApplianceManagerImpl.java:3445)
> at com.cloud.network.router.VirtualNetworkApplianceManagerImpl.associatePublicIP(VirtualNetworkApplianceManagerImpl.java:3272)
> at com.cloud.network.router.VpcVirtualNetworkApplianceManagerImpl.associatePublicIP(VpcVirtualNetworkApplianceManagerImpl.java:554)
> at com.cloud.network.element.VirtualRouterElement.applyIps(VirtualRouterElement.java:438)
> at com.cloud.network.NetworkManagerImpl.applyIpAssociations(NetworkManagerImpl.java:625)
> at com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2380)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:500)
> at com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(FirewallManagerImpl.java:630)
> at com.cloud.network.firewall.FirewallManagerImpl.applyIngressFirewallRules(FirewallManagerImpl.java:603)
> at org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd.execute(CreateFirewallRuleCmd.java:124)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:162)
> at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
> at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
> at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
> at java.util.concurrent.FutureTask.run(Unknown Source)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> at java.lang.Thread.run(Unknown Source)
>
> Can someone confirm my suspicion?
>
> thanks,
> Daan
Re: anyone please: firewall rules application
Posted by Daan Hoogland <da...@gmail.com>.
thanks, it thought it didn;t have a plugable nic. I fixed it.
I read this advice in Donals blog on logging to, very helpful.
regards,
On Thu, Aug 8, 2013 at 7:06 PM, Alex Huang <Al...@citrix.com> wrote:
> Dan,
>
> There should be a warning right above that exception. What does that warning say? It gives the actual state of the router that it thinks it's in.
>
> --Alex
>
>> -----Original Message-----
>> From: Daan Hoogland [mailto:daan.hoogland@gmail.com]
>> Sent: Thursday, August 8, 2013 4:13 AM
>> To: dev
>> Subject: anyone please: firewall rules application
>>
>> I feel I am on a ghost hunt.
>>
>> On Thu, Aug 8, 2013 at 10:32 AM, Daan Hoogland
>> <da...@gmail.com> wrote:
>> > H,
>> >
>> > I noted that in some of the 4.1 versions I have been testing setting a
>> > firewall rule fails. This seems to be when a router is not fully
>> > initialized, is it?
>> >
>> > the stack trace seems to reflect this, but the error message just says
>> > "Failed to create firewall rule" or "Failed to delete firewall rule"
>> >
>> > com.cloud.exception.ResourceUnavailableException: Resource
>> > [DataCenter:1] is unreachable: Unable to apply ip association, virtual
>> > router is not in the right state at
>> >
>> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRule
>> s
>> > (VirtualNetworkApplianceManagerImpl.java:3445)
>> > at
>> >
>> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.associateP
>> > ublicIP(VirtualNetworkApplianceManagerImpl.java:3272)
>> > at
>> >
>> com.cloud.network.router.VpcVirtualNetworkApplianceManagerImpl.associ
>> a
>> > tePublicIP(VpcVirtualNetworkApplianceManagerImpl.java:554)
>> > at
>> >
>> com.cloud.network.element.VirtualRouterElement.applyIps(VirtualRouterE
>> > lement.java:438) at
>> >
>> com.cloud.network.NetworkManagerImpl.applyIpAssociations(NetworkMan
>> age
>> > rImpl.java:625) at
>> >
>> com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl
>> .jav
>> > a:2380) at
>> > com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallMana
>> > gerImpl.java:500) at
>> > com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(Fire
>> > wallManagerImpl.java:630) at
>> > com.cloud.network.firewall.FirewallManagerImpl.applyIngressFirewallRul
>> > es(FirewallManagerImpl.java:603) at
>> > org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd.
>> > execute(CreateFirewallRuleCmd.java:124)
>> > at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:162)
>> > at
>> >
>> com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:4
>> 37
>> > ) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown
>> > Source) at java.util.concurrent.FutureTask$Sync.innerRun(Unknown
>> > Source) at java.util.concurrent.FutureTask.run(Unknown Source) at
>> > java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at
>> > java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at
>> > java.lang.Thread.run(Unknown Source)
>> >
>> > Can someone confirm my suspicion?
>> >
>> > thanks,
>> > Daan
RE: anyone please: firewall rules application
Posted by Alex Huang <Al...@citrix.com>.
Dan,
There should be a warning right above that exception. What does that warning say? It gives the actual state of the router that it thinks it's in.
--Alex
> -----Original Message-----
> From: Daan Hoogland [mailto:daan.hoogland@gmail.com]
> Sent: Thursday, August 8, 2013 4:13 AM
> To: dev
> Subject: anyone please: firewall rules application
>
> I feel I am on a ghost hunt.
>
> On Thu, Aug 8, 2013 at 10:32 AM, Daan Hoogland
> <da...@gmail.com> wrote:
> > H,
> >
> > I noted that in some of the 4.1 versions I have been testing setting a
> > firewall rule fails. This seems to be when a router is not fully
> > initialized, is it?
> >
> > the stack trace seems to reflect this, but the error message just says
> > "Failed to create firewall rule" or "Failed to delete firewall rule"
> >
> > com.cloud.exception.ResourceUnavailableException: Resource
> > [DataCenter:1] is unreachable: Unable to apply ip association, virtual
> > router is not in the right state at
> >
> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRule
> s
> > (VirtualNetworkApplianceManagerImpl.java:3445)
> > at
> >
> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.associateP
> > ublicIP(VirtualNetworkApplianceManagerImpl.java:3272)
> > at
> >
> com.cloud.network.router.VpcVirtualNetworkApplianceManagerImpl.associ
> a
> > tePublicIP(VpcVirtualNetworkApplianceManagerImpl.java:554)
> > at
> >
> com.cloud.network.element.VirtualRouterElement.applyIps(VirtualRouterE
> > lement.java:438) at
> >
> com.cloud.network.NetworkManagerImpl.applyIpAssociations(NetworkMan
> age
> > rImpl.java:625) at
> >
> com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl
> .jav
> > a:2380) at
> > com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallMana
> > gerImpl.java:500) at
> > com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(Fire
> > wallManagerImpl.java:630) at
> > com.cloud.network.firewall.FirewallManagerImpl.applyIngressFirewallRul
> > es(FirewallManagerImpl.java:603) at
> > org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd.
> > execute(CreateFirewallRuleCmd.java:124)
> > at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:162)
> > at
> >
> com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:4
> 37
> > ) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown
> > Source) at java.util.concurrent.FutureTask$Sync.innerRun(Unknown
> > Source) at java.util.concurrent.FutureTask.run(Unknown Source) at
> > java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at
> > java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at
> > java.lang.Thread.run(Unknown Source)
> >
> > Can someone confirm my suspicion?
> >
> > thanks,
> > Daan
Re: anyone please: firewall rules application
Posted by Daan Hoogland <da...@gmail.com>.
Thanks Donal,
I found my ghost. Onward into the night :)
On Thu, Aug 8, 2013 at 5:05 PM, Donal Lafferty
<do...@citrix.com> wrote:
> Hi Daan,
>
> Here's a bit of background to logs Jayapal is referring to: http://dlafferty.blogspot.co.uk/2013/08/using-cloudstacks-log-files-xenserver.html
>
> It explains why there is a second set of logs on the XenServer hypervisor.
>
> DL
>
>
>> -----Original Message-----
>> From: Jayapal Reddy Uradi [mailto:jayapalreddy.uradi@citrix.com]
>> Sent: 08 August 2013 12:55
>> To: <de...@cloudstack.apache.org>
>> Subject: Re: anyone please: firewall rules application
>>
>>
>> Check the host logs (in xen /var/log/SMlog) to see which script is causing the
>> failure.
>>
>> Thanks,
>> jayapal
>>
>> On 08-Aug-2013, at 4:43 PM, Daan Hoogland <da...@gmail.com>
>> wrote:
>>
>> > I feel I am on a ghost hunt.
>> >
>> > On Thu, Aug 8, 2013 at 10:32 AM, Daan Hoogland
>> <da...@gmail.com> wrote:
>> >> H,
>> >>
>> >> I noted that in some of the 4.1 versions I have been testing setting
>> >> a firewall rule fails. This seems to be when a router is not fully
>> >> initialized, is it?
>> >>
>> >> the stack trace seems to reflect this, but the error message just
>> >> says "Failed to create firewall rule" or "Failed to delete firewall rule"
>> >>
>> >> com.cloud.exception.ResourceUnavailableException: Resource
>> >> [DataCenter:1] is unreachable: Unable to apply ip association,
>> >> virtual router is not in the right state at
>> >>
>> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRule
>> >> s(VirtualNetworkApplianceManagerImpl.java:3445)
>> >> at
>> >>
>> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.associate
>> >> PublicIP(VirtualNetworkApplianceManagerImpl.java:3272)
>> >> at
>> >>
>> com.cloud.network.router.VpcVirtualNetworkApplianceManagerImpl.associ
>> >> atePublicIP(VpcVirtualNetworkApplianceManagerImpl.java:554)
>> >> at
>> >>
>> com.cloud.network.element.VirtualRouterElement.applyIps(VirtualRouter
>> >> Element.java:438) at
>> >>
>> com.cloud.network.NetworkManagerImpl.applyIpAssociations(NetworkMan
>> ag
>> >> erImpl.java:625) at
>> >>
>> com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl
>> .ja
>> >> va:2380) at
>> >> com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallMan
>> >> agerImpl.java:500) at
>> >> com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(Fir
>> >> ewallManagerImpl.java:630) at
>> >> com.cloud.network.firewall.FirewallManagerImpl.applyIngressFirewallRu
>> >> les(FirewallManagerImpl.java:603) at
>> >> org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd
>> >> .execute(CreateFirewallRuleCmd.java:124)
>> >> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:162)
>> >> at
>> >>
>> com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:4
>> 3
>> >> 7) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown
>> >> Source) at java.util.concurrent.FutureTask$Sync.innerRun(Unknown
>> >> Source) at java.util.concurrent.FutureTask.run(Unknown Source) at
>> >> java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at
>> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
>> at
>> >> java.lang.Thread.run(Unknown Source)
>> >>
>> >> Can someone confirm my suspicion?
>> >>
>> >> thanks,
>> >> Daan
>
RE: anyone please: firewall rules application
Posted by Donal Lafferty <do...@citrix.com>.
Hi Daan,
Here's a bit of background to logs Jayapal is referring to: http://dlafferty.blogspot.co.uk/2013/08/using-cloudstacks-log-files-xenserver.html
It explains why there is a second set of logs on the XenServer hypervisor.
DL
> -----Original Message-----
> From: Jayapal Reddy Uradi [mailto:jayapalreddy.uradi@citrix.com]
> Sent: 08 August 2013 12:55
> To: <de...@cloudstack.apache.org>
> Subject: Re: anyone please: firewall rules application
>
>
> Check the host logs (in xen /var/log/SMlog) to see which script is causing the
> failure.
>
> Thanks,
> jayapal
>
> On 08-Aug-2013, at 4:43 PM, Daan Hoogland <da...@gmail.com>
> wrote:
>
> > I feel I am on a ghost hunt.
> >
> > On Thu, Aug 8, 2013 at 10:32 AM, Daan Hoogland
> <da...@gmail.com> wrote:
> >> H,
> >>
> >> I noted that in some of the 4.1 versions I have been testing setting
> >> a firewall rule fails. This seems to be when a router is not fully
> >> initialized, is it?
> >>
> >> the stack trace seems to reflect this, but the error message just
> >> says "Failed to create firewall rule" or "Failed to delete firewall rule"
> >>
> >> com.cloud.exception.ResourceUnavailableException: Resource
> >> [DataCenter:1] is unreachable: Unable to apply ip association,
> >> virtual router is not in the right state at
> >>
> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRule
> >> s(VirtualNetworkApplianceManagerImpl.java:3445)
> >> at
> >>
> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.associate
> >> PublicIP(VirtualNetworkApplianceManagerImpl.java:3272)
> >> at
> >>
> com.cloud.network.router.VpcVirtualNetworkApplianceManagerImpl.associ
> >> atePublicIP(VpcVirtualNetworkApplianceManagerImpl.java:554)
> >> at
> >>
> com.cloud.network.element.VirtualRouterElement.applyIps(VirtualRouter
> >> Element.java:438) at
> >>
> com.cloud.network.NetworkManagerImpl.applyIpAssociations(NetworkMan
> ag
> >> erImpl.java:625) at
> >>
> com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl
> .ja
> >> va:2380) at
> >> com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallMan
> >> agerImpl.java:500) at
> >> com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(Fir
> >> ewallManagerImpl.java:630) at
> >> com.cloud.network.firewall.FirewallManagerImpl.applyIngressFirewallRu
> >> les(FirewallManagerImpl.java:603) at
> >> org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd
> >> .execute(CreateFirewallRuleCmd.java:124)
> >> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:162)
> >> at
> >>
> com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:4
> 3
> >> 7) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown
> >> Source) at java.util.concurrent.FutureTask$Sync.innerRun(Unknown
> >> Source) at java.util.concurrent.FutureTask.run(Unknown Source) at
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> at
> >> java.lang.Thread.run(Unknown Source)
> >>
> >> Can someone confirm my suspicion?
> >>
> >> thanks,
> >> Daan
Re: anyone please: firewall rules application
Posted by Jayapal Reddy Uradi <ja...@citrix.com>.
Check the host logs (in xen /var/log/SMlog) to see which script is causing the failure.
Thanks,
jayapal
On 08-Aug-2013, at 4:43 PM, Daan Hoogland <da...@gmail.com>
wrote:
> I feel I am on a ghost hunt.
>
> On Thu, Aug 8, 2013 at 10:32 AM, Daan Hoogland <da...@gmail.com> wrote:
>> H,
>>
>> I noted that in some of the 4.1 versions I have been testing setting a
>> firewall rule fails. This seems to be when a router is not fully
>> initialized, is it?
>>
>> the stack trace seems to reflect this, but the error message just says
>> "Failed to create firewall rule" or "Failed to delete firewall rule"
>>
>> com.cloud.exception.ResourceUnavailableException: Resource
>> [DataCenter:1] is unreachable: Unable to apply ip association, virtual
>> router is not in the right state
>> at com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRules(VirtualNetworkApplianceManagerImpl.java:3445)
>> at com.cloud.network.router.VirtualNetworkApplianceManagerImpl.associatePublicIP(VirtualNetworkApplianceManagerImpl.java:3272)
>> at com.cloud.network.router.VpcVirtualNetworkApplianceManagerImpl.associatePublicIP(VpcVirtualNetworkApplianceManagerImpl.java:554)
>> at com.cloud.network.element.VirtualRouterElement.applyIps(VirtualRouterElement.java:438)
>> at com.cloud.network.NetworkManagerImpl.applyIpAssociations(NetworkManagerImpl.java:625)
>> at com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2380)
>> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:500)
>> at com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(FirewallManagerImpl.java:630)
>> at com.cloud.network.firewall.FirewallManagerImpl.applyIngressFirewallRules(FirewallManagerImpl.java:603)
>> at org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd.execute(CreateFirewallRuleCmd.java:124)
>> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:162)
>> at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
>> at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
>> at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
>> at java.util.concurrent.FutureTask.run(Unknown Source)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
>> at java.lang.Thread.run(Unknown Source)
>>
>> Can someone confirm my suspicion?
>>
>> thanks,
>> Daan