You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "manasaveloori (JIRA)" <ji...@apache.org> on 2013/07/25 13:25:48 UTC
[jira] [Reopened] (CLOUDSTACK-2933) [VPC][VMware]Unable to login
to VM using the LB configured public IP.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
manasaveloori reopened CLOUDSTACK-2933:
---------------------------------------
> [VPC][VMware]Unable to login to VM using the LB configured public IP.
> ----------------------------------------------------------------------
>
> Key: CLOUDSTACK-2933
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2933
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Network Controller
> Affects Versions: 4.2.0
> Reporter: manasaveloori
> Assignee: Jayapal Reddy
> Priority: Critical
> Fix For: 4.2.0
>
>
> Steps:
> 1. Have a CS with advanced zone and VMware host.
> 2. Create a VPC and a tier.
> 3. Deploy a VM on the tier .
> 4. Apply allow_all ACL to the tier network
> 5. Acquire a public Ip and define a LB rule on port 22.
> 6. SSH to the VM using the public IP on which LB is defined.
> Observations:
> Unable to do SSH to VM:
> The LB rule is configured in the router under /etc/haproxy/haproxy.cfg.
> root@r-3-VM:/var/log# vi /etc/haproxy/haproxy.cfg
> global
> log 127.0.0.1:3914 local0 warning
> maxconn 4096
> chroot /var/lib/haproxy
> user haproxy
> group haproxy
> daemon
> defaults
> log global
> mode tcp
> option dontlognull
> retries 3
> option redispatch
> option forwardfor
> option forceclose
> timeout connect 5000
> timeout client 50000
> timeout server 50000
> listen stats_on_public 10.147.47.5:8081
> mode http
> option httpclose
> stats enable
> stats uri /admin?stats
> stats realm Haproxy\ Statistics
> stats auth admin1:AdMiN123
> listen 10_147_47_60-22 10.147.47.60:22
> balance roundrobin
> server 10_147_47_60-22_0 10.0.1.249:22 check
> root@r-3-VM:~# iptables -L -nv
> Chain INPUT (policy DROP 73 packets, 6206 bytes)
> pkts bytes target prot opt in out source destination
> 15 872 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 LOG flags 0 level 4 prefix "**********************swamy**"
> 6127 446K NETWORK_STATS all -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
> 0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
> 41 2460 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3922
> 5996 436K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT udp -- eth2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
> 11 809 ACCEPT udp -- eth2 * 0.0.0.0/0 10.0.1.1 udp dpt:53
> 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 10.0.1.1 tcp dpt:53
> 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 10.0.1.1 state NEW tcp dpt:80
> 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 10.0.1.1 state NEW tcp dpt:8080
> 0 0 ACCEPT udp -- eth3 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
> 6 456 ACCEPT udp -- eth3 * 0.0.0.0/0 10.0.2.1 udp dpt:53
> 0 0 ACCEPT tcp -- eth3 * 0.0.0.0/0 10.0.2.1 tcp dpt:53
> 0 0 ACCEPT tcp -- eth3 * 0.0.0.0/0 10.0.2.1 state NEW tcp dpt:80
> 0 0 ACCEPT tcp -- eth3 * 0.0.0.0/0 10.0.2.1 state NEW tcp dpt:8080
> 0 0 load_balancer_eth0 tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
> 0 0 load_balancer_eth2 tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0
> 0 0 load_balancer_eth3 tcp -- eth3 * 0.0.0.0/0 0.0.0.0/0
> 15 872 lb_stats tcp -- * * 0.0.0.0/0 0.0.0.0/0
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 118 28242 NETWORK_STATS_eth1 all -- * * 0.0.0.0/0 0.0.0.0/0
> 118 28242 NETWORK_STATS all -- * * 0.0.0.0/0 0.0.0.0/0
> 113 27942 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 4 240 ACCEPT all -- * * 10.0.0.0/16 !10.0.0.0/16
> 0 0 ACL_INBOUND_eth3 all -- * eth3 0.0.0.0/0 10.0.2.0/24
> 1 60 ACL_INBOUND_eth2 all -- * eth2 0.0.0.0/0 10.0.1.0/24
> Chain OUTPUT (policy ACCEPT 7639 packets, 575K bytes)
> pkts bytes target prot opt in out source destination
> 7639 575K NETWORK_STATS all -- * * 0.0.0.0/0 0.0.0.0/0
> Chain ACL_INBOUND_eth2 (1 references)
> pkts bytes target prot opt in out source destination
> 1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:65535
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> Chain ACL_INBOUND_eth3 (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> Chain NETWORK_STATS (3 references)
> pkts bytes target prot opt in out source destination
> 0 0 all -- eth0 eth2 0.0.0.0/0 0.0.0.0/0
> 0 0 all -- eth2 eth0 0.0.0.0/0 0.0.0.0/0
> 6108 321K tcp -- !eth0 eth2 0.0.0.0/0 0.0.0.0/0
> 4593 284K tcp -- eth2 !eth0 0.0.0.0/0 0.0.0.0/0
> Chain NETWORK_STATS_eth1 (1 references)
> pkts bytes target prot opt in out source destination
> 63 7041 all -- * eth1 10.0.0.0/16 0.0.0.0/0
> 55 21201 all -- eth1 * 0.0.0.0/0 10.0.0.0/16
> Chain lb_stats (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.5 state NEW tcp dpt:8081
> Chain load_balancer_eth0 (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.60 tcp dpt:22
> Chain load_balancer_eth2 (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.60 tcp dpt:22
> Chain load_balancer_eth3 (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.147.47.60 tcp dpt:22
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira