You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Paul Angus <pa...@shapeblue.com> on 2013/09/10 16:41:54 UTC
Instances migrated in an advanced zone do not get security groups
applied.
Hi,
I've been testing the security groups in advanced zones with 'UK's largest satellite broadcaster'. We've found that migrated VMs do not get their security groups re-applied on the new host.
A error appears in the management log saying:
callHostPlugin failed for cmd: network_rules with args seqno: 10, vmIP: 10.79.128.229, deflated: true, secIps: 0:, vmID: 6, vmMAC: 06:be:c6:00:00:e5, vmName: i-2-6-VM, rules: eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s, signature: a30a3f964032bfbd44c86576a2ce0973, due to There was a failure communicating with the plugin.
2013-09-10 14:25:58,257 DEBUG [cloud.api.ApiServlet] (catalina-exec-4:null) ===START=== 10.65.85.24 -- GET command=authorizeSecurityGroupEgress&response=json&sessionkey=Xn7cUdk27lNRmWuhxSMDvVUcBMg%3D&securitygroupid=c667fdd1-561f-4d05-a5bd-8edf4af36e84&protocol=tcp&domainid=cff3401a-1a06-11e3-8a35-005056b93213&account=admin&startport=1&endport=1&cidrlist=1.1.1.1%2F32&_=1378819570842
2013-09-10 14:25:58,294 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-4:null) submit async job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ], details: AsyncJobVO {id:33, userId: 2, accountId: 2, sessionKey: null, instanceType: SecurityGroup, instanceId: 3, cmd: org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd, cmdOriginator: null, cmdInfo: {"sessionkey":"Xn7cUdk27lNRmWuhxSMDvVUcBMg\u003d","protocol":"tcp","cmdEventType":"SG.AUTH.EGRESS","ctxUserId":"2","securitygroupid":"c667fdd1-561f-4d05-a5bd-8edf4af36e84","httpmethod":"GET","startport":"1","domainid":"cff3401a-1a06-11e3-8a35-005056b93213","endport":"1","response":"json","account":"admin","cidrlist":"1.1.1.1/32","_":"1378819570842","ctxAccountId":"2","ctxStartEventId":"146"}, cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode: 0, result: null, initMsid: 345052351047, completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2013-09-10 14:25:58,294 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Executing org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd for job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]
2013-09-10 14:25:58,296 DEBUG [cloud.api.ApiServlet] (catalina-exec-4:null) ===END=== 10.65.85.24 -- GET command=authorizeSecurityGroupEgress&response=json&sessionkey=Xn7cUdk27lNRmWuhxSMDvVUcBMg%3D&securitygroupid=c667fdd1-561f-4d05-a5bd-8edf4af36e84&protocol=tcp&domainid=cff3401a-1a06-11e3-8a35-005056b93213&account=admin&startport=1&endport=1&cidrlist=1.1.1.1%2F32&_=1378819570842
2013-09-10 14:25:58,320 DEBUG [network.security.SecurityGroupManagerImpl] (Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Added 1 rules to security group TestSecurityGroup2
2013-09-10 14:25:58,326 DEBUG [network.security.SecurityGroupManagerImpl] (Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Security Group Mgr v2: scheduling ruleset updates for 2 vms (unique=2), current queue size=0
2013-09-10 14:25:58,330 DEBUG [network.security.SecurityGroupManagerImpl] (Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Security Group Mgr v2: done scheduling ruleset updates for 2 vms: num new jobs=2 num rows insert or updated=2 time taken=4
2013-09-10 14:25:58,354 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Complete async job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ], jobStatus: 1, resultCode: 0, result: org.apache.cloudstack.api.response.SecurityGroupResponse@e873b4bb
2013-09-10 14:25:58,355 DEBUG [network.security.SecurityGroupManagerImpl] (SecGrp-Worker-15:null) SecurityGroupManager v2: sending ruleset update for vm i-2-7-VM:ingress num rules=3:egress num rules=4 num cidrs=7 sig=a30a3f964032bfbd44c86576a2ce0973
2013-09-10 14:25:58,366 DEBUG [network.security.SecurityGroupManagerImpl] (SecGrp-Worker-16:null) SecurityGroupManager v2: sending ruleset update for vm i-2-6-VM:ingress num rules=3:egress num rules=4 num cidrs=7 sig=a30a3f964032bfbd44c86576a2ce0973
2013-09-10 14:25:58,371 DEBUG [agent.transport.Request] (SecGrp-Worker-15:null) Seq 5-717554011: Sending { Cmd , MgmtId: 345052351047, via: 5, Ver: v1, Flags: 100111, [{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.129.224","vmName":"i-2-7-VM","guestMac":"06:1a:66:00:01:da","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":2,"vmId":7,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}] }
2013-09-10 14:25:58,371 DEBUG [agent.transport.Request] (SecGrp-Worker-15:null) Seq 5-717554011: Executing: { Cmd , MgmtId: 345052351047, via: 5, Ver: v1, Flags: 100111, [{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.129.224","vmName":"i-2-7-VM","guestMac":"06:1a:66:00:01:da","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":2,"vmId":7,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}] }
2013-09-10 14:25:58,371 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-158:null) Seq 5-717554011: Executing request
2013-09-10 14:25:58,377 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Done executing org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd for job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]
2013-09-10 14:25:58,380 DEBUG [agent.transport.Request] (SecGrp-Worker-16:null) Seq 9-521535511: Sending { Cmd , MgmtId: 345052351047, via: 9, Ver: v1, Flags: 100111, [{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.128.229","vmName":"i-2-6-VM","guestMac":"06:be:c6:00:00:e5","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":10,"vmId":6,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}] }
2013-09-10 14:25:58,380 DEBUG [agent.transport.Request] (SecGrp-Worker-16:null) Seq 9-521535511: Executing: { Cmd , MgmtId: 345052351047, via: 9, Ver: v1, Flags: 100111, [{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.128.229","vmName":"i-2-6-VM","guestMac":"06:be:c6:00:00:e5","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":10,"vmId":6,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}] }
2013-09-10 14:25:58,380 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-293:null) Seq 9-521535511: Executing request
2013-09-10 14:25:58,913 WARN [xen.resource.CitrixResourceBase] (DirectAgent-293:null) callHostPlugin failed for cmd: network_rules with args seqno: 10, vmIP: 10.79.128.229, deflated: true, secIps: 0:, vmID: 6, vmMAC: 06:be:c6:00:00:e5, vmName: i-2-6-VM, rules: eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s, signature: a30a3f964032bfbd44c86576a2ce0973, due to There was a failure communicating with the plugin.
2013-09-10 14:25:58,914 WARN [agent.manager.DirectAgentAttache] (DirectAgent-293:null) Seq 9-521535511: Exception Caught while executing command
com.cloud.utils.exception.CloudRuntimeException: callHostPlugin failed for cmd: network_rules with args seqno: 10, vmIP: 10.79.128.229, deflated: true, secIps: 0:, vmID: 6, vmMAC: 06:be:c6:00:00:e5, vmName: i-2-6-VM, rules: eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s, signature: a30a3f964032bfbd44c86576a2ce0973, due to There was a failure communicating with the plugin.
at com.cloud.hypervisor.xen.resource.CitrixResourceBase.callHostPlugin(CitrixResourceBase.java:4199)
at com.cloud.hypervisor.xen.resource.CitrixResourceBase.execute(CitrixResourceBase.java:5787)
at com.cloud.hypervisor.xen.resource.CitrixResourceBase.executeRequest(CitrixResourceBase.java:565)
at com.cloud.hypervisor.xen.resource.XenServer56Resource.executeRequest(XenServer56Resource.java:73)
at com.cloud.hypervisor.xen.resource.XenServer610Resource.executeRequest(XenServer610Resource.java:104)
at com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:679)
Regards,
Paul Angus
Senior Consultant / Cloud Architect
[cid:image003.png@01CEAE3C.4D48A3C0]
S: +44 20 3603 0540<tel:+442036030540> | M: +4<tel:+447968161581>47711418784 | T: CloudyAngus
paul.angus@shapeblue.com<ma...@shapeblue.com> | www.shapeblue.com | Twitter:@shapeblue<https://twitter.com/>
ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS
Apache CloudStack Bootcamp training courses
21/22 August, London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
18/19 September, Bangalore<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
02/03 October, London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
13/14 November, London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
27/28 November, Bangalore<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
08/09 January 2014, London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.