You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Rui Mao <ma...@163.com> on 2016/01/28 05:00:55 UTC
答复: Cannot see second storage, might be iptable issue inside Secondary Storage VM?
More finding, the Console Proxy VM cannot resolve DNS too, but has no the
iptable issue. The host can do DNS, seems a firewall issue in the host which
blocked DNS traffic from VMs.
Best regards,
Rui Mao
-----邮件原件-----
发件人: users-return-24452-maorui2k=163.com@cloudstack.apache.org
[mailto:users-return-24452-maorui2k=163.com@cloudstack.apache.org] 代表 Rui
Mao
发送时间: 2016年1月28日 10:47
收件人: users@cloudstack.apache.org
主题: Cannot see second storage, might be iptable issue inside Secondary
Storage VM?
Hi,
Initially after I installed a very basic CloudStack 4.7 setup with CentOS 7.
I could see the secondary storage with capacity. But after a while which I'm
not sure how long, I couldn't see it. I tried ssh into the Secondary Storage
VM, used ssvm_check.sh to check status, and found DNS resolve was not
working. I also checked iptable rules, and it seemed not right here. And
more the list was increasing with time.
I'm not sure if this is the root cause of secondary storage failure, but it
definitely not right.
root@s-2-VM:~# /usr/local/cloud/systemvm/ssvm-check.sh
================================================
First DNS server is 10.1.0.11
PING 10.1.0.11 (10.1.0.11): 48 data bytes
56 bytes from 10.1.0.11: icmp_seq=0 ttl=127 time=91.364 ms
56 bytes from 10.1.0.11: icmp_seq=1 ttl=127 time=0.694 ms
--- 10.1.0.11 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.694/46.029/91.364/45.335 ms
Good: Can ping DNS server
================================================
ERROR: DNS not resolving download.cloud.com
resolv.conf follows
nameserver 10.1.0.11
nameserver 10.1.0.16
nameserver 10.1.0.11
nameserver 10.1.0.16
root@s-2-VM:~# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT tcp -- anywhere anywhere tcp dpt:10086
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP icmp -- anywhere anywhere icmp
timestamp-request
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
Chain HTTP (0 references)
target prot opt source destination
Best regards,
Rui Mao