Community

CloudPlatform 4.x

Nova publicação New comment

284 seguidores

Pankaj Paliwal

vm system with agent state (-) none

30 de Julho de 2014 17:29

vm system with agent state (-) none

Hi community !

I use cloudstack 4.4 on centos with xenserver 6.2.

I created a advanced zone without security group. I have 3 nics :

- nics 1 for guest network and administration network.

- nics 2 for public network

- nics 3 for storage network.

I have a primary storage iscsi and my secondary storage locate on NFS server.

I followed installation instruction (vhd-utils, cloud-install-sys-tmplt ...)

When I working my zone, two vm created (secondary storage and console proxy) but agent state none (attach file 1)

I logged in Secondary Storage VM i try "ping 8.8.8.8" = ok but "ping www.google.fr" failed with DNS 8.8.8.8 of course.

When I created a advanced zone WITH security group. I don't have problems with System'vm. Agents of system'vm work normaly. I can download iso, template, to create VM ....

The only difference is to add the nic public network.

Where I can look for to help ?

Thanks for your help !

Attached Thumbnails

Clément Mutz MEMBERS 30 July 2014 - 17:29 PM

6 comentários

iniciar sessão para comentar.

Previous 6 comentários

Data Votos

Pankaj Paliwal

23 de Março de 2016 07:29

vm system with agent state (-) none

Ok because of DNS, my two vm sytems don't start normaly, I think.

When I create a zone Without public network (so with security group), my two vm system ping www.google.fr with same DNS server (8.8.8.8).

Thanks for your help !

Clément

Clément Mutz MEMBERS 31 July 2014 - 07:36 AM

Pankaj Paliwal

23 de Março de 2016 07:30

I retry to install cloudstack but in version 4.3 with public network and without security group and that work !

I can see agent state "UP". And on the System vm I can ping www.google.fr.

I don't understand :huh:

But new problem now I haven't access to my vm (ping, ssh). Where is the firewall in cloudstack when i create a zone without security group. I can see security group in network section.

Thanks for your reply.

ClÃ©ment.

Clément Mutz MEMBERS 31 July 2014 - 12:58 PM

Pankaj Paliwal

23 de Março de 2016 07:30

Hi !

My problem is understandable ?

In conclusion. I have a cloudstack UP but i haven't access at all VMs, when I make a zone WITHOUT security group (with security group no problem).

Thanks for your reply.

ClÃ©ment.

Clément Mutz MEMBERS 03 August 2014 - 21:26 PM

Pankaj Paliwal

23 de Março de 2016 07:30

a idea?

thanks a lot

Clément Mutz MEMBERS 14 August 2014 - 09:58 AM

Pankaj Paliwal

23 de Março de 2016 07:30

Hi,

I give you my different tests, the first problem I can't ping system vm (internal nic and external nic) since same network (since computing node for exemple).

I can ping a host from internal nic (10.254.50.0/24) since system vm.

IP address of computing node 10.254.50.45

IP address of console proxy vm 10.254.50.209

On console proxy VM :

root@v-2-VM:~# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 37.122.XXX.XX 0.0.0.0 UG 0 0 0 eth2

8.8.8.8 10.254.50.254 255.255.255.255 UGH 0 0 0 eth1

10.254.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

37.122.XXX.XXX 0.0.0.0 255.255.255.XXX U 0 0 0 eth2

169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0

I can ping www.google.fr, my two gateway and host for test:

root@v-2-VM:~# ping -c2 www.google.fr

PING www.google.fr (173.194.66.94): 48 data bytes

56 bytes from 173.194.66.94: icmp_seq=0 ttl=48 time=5.989 ms

56 bytes from 173.194.66.94: icmp_seq=1 ttl=48 time=5.959 ms

--- www.google.fr ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max/stddev = 5.959/5.974/5.989/0.000 ms

root@v-2-VM:~# ping -c2 10.254.50.254

PING 10.254.50.254 (10.254.50.254): 48 data bytes

56 bytes from 10.254.50.254: icmp_seq=0 ttl=64 time=0.250 ms

56 bytes from 10.254.50.254: icmp_seq=1 ttl=64 time=0.251 ms

--- 10.254.50.254 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.250/0.251/0.251/0.000 ms

root@v-2-VM:~# ping -c2 37.122.XXX.XXX

PING 37.122.XXX.XXX (37.122.XXX.XXX): 48 data bytes

56 bytes from 37.122.XXX.XXX: icmp_seq=0 ttl=64 time=0.284 ms

56 bytes from 37.122.XXX.XXX: icmp_seq=1 ttl=64 time=0.173 ms

--- 37.122.XXX.XXX ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.173/0.228/0.284/0.056 ms

root@v-2-VM:~# ping -c2 10.254.50.45

PING 10.254.50.123 (10.254.50.123): 48 data bytes

56 bytes from 10.254.50.123: icmp_seq=0 ttl=128 time=1.468 ms

56 bytes from 10.254.50.123: icmp_seq=1 ttl=128 time=0.345 ms

--- 10.254.50.123 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.345/0.906/1.468/0.562 ms

From my computing node I can ping gateway but not system vm :

root@ubuntu:/# ping -c2 10.254.50.254

PING 10.254.50.254 (10.254.50.254) 56(84) bytes of data.

64 bytes from 10.254.50.254: icmp_req=1 ttl=64 time=1.14 ms

64 bytes from 10.254.50.254: icmp_req=2 ttl=64 time=0.238 ms

--- 10.254.50.254 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms

rtt min/avg/max/mdev = 0.238/0.691/1.145/0.454 ms

root@ubuntu:/# ping -c2 10.254.50.209

PING 10.254.50.209 (10.254.50.209) 56(84) bytes of data.

--- 10.254.50.209 ping statistics ---

2 packets transmitted, 0 received, 100% packet loss, time 1000ms

With the following command : tcpdump -vv -i eth1

16:05:14.378905 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.254.50.209 tell 10.254.50.45, length 46

16:05:15.377608 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.254.50.209 tell 10.254.50.45, length 46

16:05:16.377600 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.254.50.209 tell 10.254.50.45, length 46

16:05:17.395947 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.254.50.209 tell 10.254.50.45, length 46

16:05:18.393719 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.254.50.209 tell 10.254.50.45, length 46

16:05:18.828127 IP (tos 0x0, ttl 64, id 30676, offset 0, flags [DF], proto TCP (6), length 56)

10.254.50.201.58036 > 10.254.50.45.8250: Flags [P.], cksum 0x7b1c (incorrect -> 0xdd06), seq 3973496:3973500, ack 1507845368, win 2641, options [nop,nop,TS val 826858 ecr 954898], length 4

seq 3973496:3973500, ack 1507845368, win

eq 1:5, ack 217, win 331, options [nop,nop,TS val 956151 ecr 826868], length 4

16:05:18.883024 IP (tos 0x0, ttl 64, id 30678, offset 0, flags [DF], proto TCP (6), length 52)

I see paquets come on my console proxy :mellow:

I didn't touch iptables rules

There is a firewall hidden ?

Clément Mutz MEMBERS 15 August 2014 - 16:10 PM

Pankaj Paliwal

23 de Março de 2016 07:30

Here my firewall rules by default on console proxy :

Chain INPUT (policy DROP)

target prot opt source destination

ACCEPT all -- anywhere anywhere

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

DROP icmp -- anywhere anywhere icmp timestamp-request

ACCEPT icmp -- anywhere anywhere

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:8001

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http

Chain FORWARD (policy DROP)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

Thanks for your reply,

Clément

Clément Mutz MEMBERS 15 August 2014 - 16:24 PM

Participate

Ask, Discuss, Answer

Ask a Question

Getting Started

Discuss the Accelerite Support Portal

Other links

CloudPlatform 4.x

vm system with agent state (-) none

vm system with agent state (-) none

Attached Thumbnails

Previous 6 comentários

vm system with agent state (-) none

Participate

Top Contributors

Upload File / Image

Other links

CloudPlatform 4.x

vm system with agent state (-) none

vm system with agent state (-) none

Attached Thumbnails

Previous 6 comentários

vm system with agent state (-) none

Participate

Top Contributors

ACCELERITE SOFTWARE EVALUATION LICENSE AGREEMENT