You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Ahmad Emneina <ae...@gmail.com> on 2013/04/04 21:37:03 UTC

Re: Problems with Security Groups over CloudStack 4.0.1 with XenServer 6.0.2 and Basic Zone

have you changed the networking backend on xenserver to bridged mode?

>(DirectAgent-214:null) Not retrying security group rules for vm 13 on
failure
since host 8 cannot do bridge firewalling

this line is why I ask.


On Thu, Apr 4, 2013 at 12:24 PM, Sergio Tonani <se...@csi.it> wrote:

> Hi all, I am trying CloudStack 4.0.1 with XenServer 6.0.2 in a Basic
> Zone...
> Security Groups does not work.
> I follow all the instructions of the manual. CSP is installed and host
> network
> work in bridge mode.
> I have another cluster with KVM that work fine.
>
> On XenServer host, CS don't write any ebtable's rules neither iptables. On
> KVM
> host ebtable and iptables rule are populated correctly.
>
> Log file management-server.log show these messages when i create a new
> instance
> in a security group:
>
> 2013-04-04 15:02:03,611 WARN [xen.resource.CitrixResourceBase]
> (DirectAgent-214:null) Host 10.102.90.3 cannot do bridge firewalling
> 2013-04-04 15:02:03,612 DEBUG [agent.manager.DirectAgentAttache]
> (DirectAgent-214:null) Seq 8-949355071: Response Received:
> 2013-04-04 15:02:03,612 DEBUG [agent.transport.Request]
> (DirectAgent-214:null)
> Seq 8-949355071: Processing: { Ans: , MgmtId: 218022145849384, via: 8,
> Ver: v1,
> Flags: 110,
>
> [{"SecurityGroupRuleAnswer":{"logSequenceNumber":1,"vmId":13,"reason":"CANNOT_BRIDGE_FIREWALL","result":false,"details":"Host
> 10.102.90.3 cannot do bridge firewalling","wait":0}}] }
> 2013-04-04 15:02:03,615 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Failed to program rule
> com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host
> 10.102.90.3
> cannot do bridge firewalling and updated jobs
> 2013-04-04 15:02:03,615 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Not retrying security group rules for vm 13 on
> failure
> since host 8 cannot do bridge firewalling
> 2013-04-04 15:02:03,617 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Failed to program rule
> com.cloud.agent.api.SecurityGroupRuleAnswer into host 8 due to Host
> 10.102.90.3
> cannot do bridge firewalling and updated jobs
> 2013-04-04 15:02:03,617 DEBUG [network.security.SecurityGroupListener]
> (DirectAgent-214:null) Not retrying security group rules for vm 13 on
> failure
> since host 8 cannot do bridge firewalling
>
> Where could I start to troubleshoot SecurityGroups on XenServer? Any
> suggestions?
>
>  __________________________________________________________________
>  Sergio Tonani
>