Hi,
I've been testing the security groups in advanced zones with 'UK's largest
satellite broadcaster'. We've found that migrated VMs do not get their security
groups re-applied on the new host.
A error appears in the management log saying:
callHostPlugin failed for cmd: network_rules with args seqno: 10, vmIP:
10.79.128.229, deflated: true, secIps: 0:, vmID: 6, vmMAC: 06:be:c6:00:00:e5,
vmName: i-2-6-VM, rules:
eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s,
signature: a30a3f964032bfbd44c86576a2ce0973, due to There was a failure
communicating with the plugin.
2013-09-10 14:25:58,257 DEBUG [cloud.api.ApiServlet] (catalina-exec-4:null)
===START=== 10.65.85.24 -- GET
command=authorizeSecurityGroupEgress&response=json&sessionkey=Xn7cUdk27lNRmWuhxSMDvVUcBMg%3D&securitygroupid=c667fdd1-561f-4d05-a5bd-8edf4af36e84&protocol=tcp&domainid=cff3401a-1a06-11e3-8a35-005056b93213&account=admin&startport=1&endport=1&cidrlist=1.1.1.1%2F32&_=1378819570842
2013-09-10 14:25:58,294 DEBUG [cloud.async.AsyncJobManagerImpl]
(catalina-exec-4:null) submit async job-33 = [
f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ], details: AsyncJobVO {id:33, userId: 2,
accountId: 2, sessionKey: null, instanceType: SecurityGroup, instanceId: 3,
cmd:
org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd,
cmdOriginator: null, cmdInfo:
{"sessionkey":"Xn7cUdk27lNRmWuhxSMDvVUcBMg\u003d","protocol":"tcp","cmdEventType":"SG.AUTH.EGRESS","ctxUserId":"2","securitygroupid":"c667fdd1-561f-4d05-a5bd-8edf4af36e84","httpmethod":"GET","startport":"1","domainid":"cff3401a-1a06-11e3-8a35-005056b93213","endport":"1","response":"json","account":"admin","cidrlist":"1.1.1.1/32","_":"1378819570842","ctxAccountId":"2","ctxStartEventId":"146"},
cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0,
processStatus: 0, resultCode: 0, result: null, initMsid: 345052351047,
completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2013-09-10 14:25:58,294 DEBUG [cloud.async.AsyncJobManagerImpl]
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Executing
org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd
for job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]
2013-09-10 14:25:58,296 DEBUG [cloud.api.ApiServlet] (catalina-exec-4:null)
===END=== 10.65.85.24 -- GET
command=authorizeSecurityGroupEgress&response=json&sessionkey=Xn7cUdk27lNRmWuhxSMDvVUcBMg%3D&securitygroupid=c667fdd1-561f-4d05-a5bd-8edf4af36e84&protocol=tcp&domainid=cff3401a-1a06-11e3-8a35-005056b93213&account=admin&startport=1&endport=1&cidrlist=1.1.1.1%2F32&_=1378819570842
2013-09-10 14:25:58,320 DEBUG [network.security.SecurityGroupManagerImpl]
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Added 1
rules to security group TestSecurityGroup2
2013-09-10 14:25:58,326 DEBUG [network.security.SecurityGroupManagerImpl]
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Security
Group Mgr v2: scheduling ruleset updates for 2 vms (unique=2), current queue
size=0
2013-09-10 14:25:58,330 DEBUG [network.security.SecurityGroupManagerImpl]
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Security
Group Mgr v2: done scheduling ruleset updates for 2 vms: num new jobs=2 num
rows insert or updated=2 time taken=4
2013-09-10 14:25:58,354 DEBUG [cloud.async.AsyncJobManagerImpl]
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Complete
async job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ], jobStatus: 1,
resultCode: 0, result:
org.apache.cloudstack.api.response.SecurityGroupResponse@e873b4bb
2013-09-10 14:25:58,355 DEBUG [network.security.SecurityGroupManagerImpl]
(SecGrp-Worker-15:null) SecurityGroupManager v2: sending ruleset update for vm
i-2-7-VM:ingress num rules=3:egress num rules=4 num cidrs=7
sig=a30a3f964032bfbd44c86576a2ce0973
2013-09-10 14:25:58,366 DEBUG [network.security.SecurityGroupManagerImpl]
(SecGrp-Worker-16:null) SecurityGroupManager v2: sending ruleset update for vm
i-2-6-VM:ingress num rules=3:egress num rules=4 num cidrs=7
sig=a30a3f964032bfbd44c86576a2ce0973
2013-09-10 14:25:58,371 DEBUG [agent.transport.Request] (SecGrp-Worker-15:null)
Seq 5-717554011: Sending { Cmd , MgmtId: 345052351047, via: 5, Ver: v1, Flags:
100111,
[{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.129.224","vmName":"i-2-7-VM","guestMac":"06:1a:66:00:01:da","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":2,"vmId":7,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
}
2013-09-10 14:25:58,371 DEBUG [agent.transport.Request] (SecGrp-Worker-15:null)
Seq 5-717554011: Executing: { Cmd , MgmtId: 345052351047, via: 5, Ver: v1,
Flags: 100111,
[{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.129.224","vmName":"i-2-7-VM","guestMac":"06:1a:66:00:01:da","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":2,"vmId":7,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
}
2013-09-10 14:25:58,371 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-158:null) Seq 5-717554011: Executing request
2013-09-10 14:25:58,377 DEBUG [cloud.async.AsyncJobManagerImpl]
(Job-Executor-19:job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]) Done
executing
org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd
for job-33 = [ f2d1c1e8-3b19-4f94-9c5c-d82ccf3af721 ]
2013-09-10 14:25:58,380 DEBUG [agent.transport.Request] (SecGrp-Worker-16:null)
Seq 9-521535511: Sending { Cmd , MgmtId: 345052351047, via: 9, Ver: v1, Flags:
100111,
[{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.128.229","vmName":"i-2-6-VM","guestMac":"06:be:c6:00:00:e5","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":10,"vmId":6,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
}
2013-09-10 14:25:58,380 DEBUG [agent.transport.Request] (SecGrp-Worker-16:null)
Seq 9-521535511: Executing: { Cmd , MgmtId: 345052351047, via: 9, Ver: v1,
Flags: 100111,
[{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"10.79.128.229","vmName":"i-2-6-VM","guestMac":"06:be:c6:00:00:e5","signature":"a30a3f964032bfbd44c86576a2ce0973","seqNum":10,"vmId":6,"msId":345052351047,"ingressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"egressRuleSet":[{"proto":"icmp","startPort":-1,"endPort":-1},{"proto":"tcp","startPort":1,"endPort":1},{"proto":"tcp","startPort":22,"endPort":22},{"proto":"tcp","startPort":80,"endPort":80}],"wait":0}}]
}
2013-09-10 14:25:58,380 DEBUG [agent.manager.DirectAgentAttache]
(DirectAgent-293:null) Seq 9-521535511: Executing request
2013-09-10 14:25:58,913 WARN [xen.resource.CitrixResourceBase]
(DirectAgent-293:null) callHostPlugin failed for cmd: network_rules with args
seqno: 10, vmIP: 10.79.128.229, deflated: true, secIps: 0:, vmID: 6, vmMAC:
06:be:c6:00:00:e5, vmName: i-2-6-VM, rules:
eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s,
signature: a30a3f964032bfbd44c86576a2ce0973, due to There was a failure
communicating with the plugin.
2013-09-10 14:25:58,914 WARN [agent.manager.DirectAgentAttache]
(DirectAgent-293:null) Seq 9-521535511: Exception Caught while executing command
com.cloud.utils.exception.CloudRuntimeException: callHostPlugin failed for cmd:
network_rules with args seqno: 10, vmIP: 10.79.128.229, deflated: true, secIps:
0:, vmID: 6, vmMAC: 06:be:c6:00:00:e5, vmName: i-2-6-VM, rules:
eJzztMpMzi2w0jUEIQM9MNQ30PFzjQhR8LQqSS6wMjICIaxSFgYghCblisdEV7A2QxDUA0N9YyNkGax2ueK2CwA5fy2s,
signature: a30a3f964032bfbd44c86576a2ce0973, due to There was a failure
communicating with the plugin.
at
com.cloud.hypervisor.xen.resource.CitrixResourceBase.callHostPlugin(CitrixResourceBase.java:4199)
at
com.cloud.hypervisor.xen.resource.CitrixResourceBase.execute(CitrixResourceBase.java:5787)
at
com.cloud.hypervisor.xen.resource.CitrixResourceBase.executeRequest(CitrixResourceBase.java:565)
at
com.cloud.hypervisor.xen.resource.XenServer56Resource.executeRequest(XenServer56Resource.java:73)
at
com.cloud.hypervisor.xen.resource.XenServer610Resource.executeRequest(XenServer610Resource.java:104)
at
com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:679)
Regards,
Paul Angus
Senior Consultant / Cloud Architect
[cid:image003.png@01CEAE3C.4D48A3C0]
S: +44 20 3603 0540<tel:+442036030540> | M: +4<tel:+447968161581>47711418784 |
T: CloudyAngus
paul.an...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com> |
www.shapeblue.com | Twitter:@shapeblue<https://twitter.com/>
ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS
Apache CloudStack Bootcamp training courses
21/22 August,
London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
18/19 September,
Bangalore<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
02/03 October,
London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
13/14 November,
London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
27/28 November,
Bangalore<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
08/09 January 2014,
London<http://www.shapeblue.com/cloudstack-bootcamp-training-course/>
This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. Any views or
opinions expressed are solely those of the author and do not necessarily
represent those of Shape Blue Ltd or related companies. If you are not the
intended recipient of this email, you must neither take any action based upon
its contents, nor copy or show it to anyone. Please contact the sender if you
believe you have received this email in error. Shape Blue Ltd is a company
incorporated in England & Wales. ShapeBlue Services India LLP is operated under
license from Shape Blue Ltd. ShapeBlue is a registered trademark.
