You might need to add the host ip of the web server where the templates are hosted to "secstorage.allowed.internal.sites" in the global configuration.
On 6/12/12 3:50 PM, "Lu Heng" <h...@anytimechinese.com> wrote: >Hi > >Thanks for reply > >First, the SSVM can mount the secondary storage, and the ssvm-check.sh is >passed without error. the "no route to the host" problem still exsits. > >second, what should we fill in the vlan in the public network setup while >the IP is simply in the access port? > >and the iptable rule on the ssvm host: >Chain INPUT (policy ACCEPT) >target prot opt source destination >ACCEPT gre -- anywhere anywhere >RH-Firewall-1-INPUT all -- anywhere anywhere > >Chain FORWARD (policy ACCEPT) >target prot opt source destination >RH-Firewall-1-INPUT all -- anywhere anywhere > >Chain OUTPUT (policy ACCEPT) >target prot opt source destination > >Chain RH-Firewall-1-INPUT (2 references) >target prot opt source destination >ACCEPT tcp -- anywhere anywhere tcp >dpts:5900:6099 >ACCEPT all -- anywhere anywhere >ACCEPT icmp -- anywhere anywhere icmp any >ACCEPT esp -- anywhere anywhere >ACCEPT ah -- anywhere anywhere >ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns >ACCEPT udp -- anywhere anywhere udp dpt:ipp >ACCEPT tcp -- anywhere anywhere tcp dpt:ipp >ACCEPT udp -- anywhere anywhere udp >dpt:bootps >ACCEPT all -- anywhere anywhere state >RELATED,ESTABLISHED >ACCEPT udp -- anywhere anywhere state NEW udp >dpt:ha-cluster >ACCEPT tcp -- anywhere anywhere state NEW tcp >dpt:ssh >ACCEPT tcp -- anywhere anywhere state NEW tcp >dpt:http >ACCEPT tcp -- anywhere anywhere state NEW tcp >dpt:https >REJECT all -- anywhere anywhere reject-with >icmp-host-prohibited > >Output of ip route on ssvm: > >204.13.152.2 via 46.136.128.1 dev eth1 >10.2.0.0/24 dev eth3 proto kernel scope link src 10.2.0.189 >123.123.123.0/24 dev eth1 proto kernel scope link src 123.123.123.9 >111.111.111.0/24 dev eth2 proto kernel scope link src 111.111.111.18 >169.254.0.0/16 dev eth0 proto kernel scope link src 169.254.2.83 >default via 46.136.132.1 dev eth2 > >On Wed, Jun 13, 2012 at 12:42 AM, Frank Zhang ><frank.zh...@citrix.com>wrote: > >> >> >> > Hi >> > >> > We have following setup >> > >> > management network(public IP range, 123.123.123.0/24) storage >> > network(private IP range 10.2.0.0/24) public network(public IP range >> > 111.111.111.0/24) >> > >> > 1 CP >> > 1 Nic on management network >> > 1 Nic on storage network >> > >> > 2*Host >> > 1 Nic on management network >> > 1 Nic on storage network >> > 1 Nic on public network >> > >> > 1 storage >> > 1 Nic on management network >> > 1 nic on storage network >> > >> > Management server has an NFS share which mounted on the storage >> > network as secondary storage. >> > >> > So two questions: >> > >> > 1. for the public network, there is no vlan setup, the IP is direct >> routed to >> > both host server(they are on access point), the question is, while I >> config the >> > public network and guest network, it always ask for vlan number, >>which we >> > don't have. >> >> When you create zone, the vlan of public network is optional you should >>be >> able to >> Safely ignore it. What's exact error you suffered? >> >> > >> > 2. We saw "no route to the host" error in all the template, ISOs, in >> which we >> > can not create any instance on. >> > >> > Please, if any one have good suggestion in this network setup, how >>can we >> > do it. >> >> Do this: >> 1. login your SSVM >> 1.a go to the host where the SSVM is running >> 1.b ssh -i /root/.ssh/ id_rsa.cloud -p 30922 >>link_local_ip_address >> The link local ip address can be grabbed from SSVM page on >> UI which starts with 169 >> 1.c try to mount your secondary storage to somewhere in your SSVM >> 1.d if 1.c won't work, check if you can mount secondary storage >>on >> the host where SSVM running. If failed, then it's your network issue >> 1.e. if it works on your host, try to figure out any ip table >>rules >> in host blocking NFS traffic >> 1.h check routes of SSVM by 'ip route', the traffic to secondary >> storage should go thru storage network which is (private IP range >> 10.2.0.0/24) in you case >> >> > >> > -- >> > -- >> > Kind regards. >> > Lu >> > >> > This transmission is intended solely for the addressee(s) shown above. >> > It may contain information that is privileged, confidential or >>otherwise >> > protected from disclosure. Any review, dissemination or use of this >> > transmission or its contents by persons other than the intended >> addressee(s) >> > is strictly prohibited. If you have received this transmission in >>error, >> please >> > notify this office immediately and e-mail the original at the sender's >> address >> > above by replying to this message and including the text of the >> transmission >> > received. >> > > > >-- >-- >Kind regards. >Lu > >This transmission is intended solely for the addressee(s) shown above. >It may contain information that is privileged, confidential or >otherwise protected from disclosure. Any review, dissemination or use >of this transmission or its contents by persons other than the >intended addressee(s) is strictly prohibited. If you have received >this transmission in error, please notify this office immediately and >e-mail the original at the sender's address above by replying to this >message and including the text of the transmission received.
