[ https://issues.apache.org/jira/browse/CLOUDSTACK-8697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14940012#comment-14940012 ]
Michael Andersen edited comment on CLOUDSTACK-8697 at 10/1/15 4:12 PM: ----------------------------------------------------------------------- I was able to reproduce this error on ACS 4.4.4. there is a global configuration setting which determines on which interfaces the haproxy statistics (stats) is bound to on startup of haproxy. this setting is: network.loadbalancer.haproxy.stats.visibility it defaults to all. description: Load Balancer(haproxy) stats visibilty, the value can be one of the following six parameters : global,guest-network,link-local,disabled,all,default all When the above setting is left on the default a configuration is generated for haproxy which has a public and guest stats directive which try to bind to the same (guest) ip address. This results in an haproxy error: [ALERT] 273/131923 (3076) : Starting proxy stats_on_guest: cannot bind socket [10.10.2.151:8081] and haproxy never restarts with the new config. the faulty config directives: listen stats_on_public 10.10.2.151:8081 mode http option httpclose stats enable stats uri /admin?stats stats realm Haproxy\ Statistics stats auth admin493:test123 listen stats_on_guest 10.10.2.151:8081 mode http option httpclose stats enable stats uri /admin?stats stats realm Haproxy\ Statistics stats auth admin493:test123 In the code the visibility setting is retrieved by: ElasticLoadBalancerManagerImpl.java private void createApplyLoadBalancingRulesCommands(List<LoadBalancingRule> rules, DomainRouterVO elbVm, Commands cmds, long guestNetworkId) { ... //FIXME: why are we setting attributes directly? Ick!! There should be accessors and //the constructor should set defaults. cmd.lbStatsVisibility = _configDao.getValue(Config.NetworkLBHaproxyStatsVisbility.key()); then in core/src/com/cloud/network/HAProxyConfigurator.java the following function determines what to add to the generate haproxy config: line 542: public String[] generateConfiguration(LoadBalancerConfigCommand lbCmd) { ... line 575: if (!lbCmd.lbStatsVisibility.equals("disabled")) { /* new rule : listen admin_page guestip/link-local:8081 */ if (lbCmd.lbStatsVisibility.equals("global")) { result.add(generateStatsRule(lbCmd, "stats_on_public", lbCmd.lbStatsPublicIP)); } else if (lbCmd.lbStatsVisibility.equals("guest-network")) { result.add(generateStatsRule(lbCmd, "stats_on_guest", lbCmd.lbStatsGuestIP)); } else if (lbCmd.lbStatsVisibility.equals("link-local")) { result.add(generateStatsRule(lbCmd, "stats_on_private", lbCmd.lbStatsPrivateIP)); } else if (lbCmd.lbStatsVisibility.equals("all")) { result.add(generateStatsRule(lbCmd, "stats_on_public", lbCmd.lbStatsPublicIP)); result.add(generateStatsRule(lbCmd, "stats_on_guest", lbCmd.lbStatsGuestIP)); result.add(generateStatsRule(lbCmd, "stats_on_private", lbCmd.lbStatsPrivateIP)); } else { I have not yet tested it but setting the global setting to guest-network will most likely allow for assigning LB rules on an internal LB. In the code i think we should either retrieve the interfaces of the internallbVm before applying rules in the equals('all') case or simplify the 'all' case drastically by only applying a single directive which simply listens on 0.0.0.0? was (Author: michaelandersen): I was able to reproduce this error on ACS 4.4.4. there is a global configuration setting which determines on which interfaces the haproxy statistics (stats) is bound to on startup of haproxy. this setting is: network.loadbalancer.haproxy.stats.visibility it defaults to all. description: Load Balancer(haproxy) stats visibilty, the value can be one of the following six parameters : global,guest-network,link-local,disabled,all,default all When the above setting is left on the default a configuration is generated for haproxy which has a public and guest stats directive which try to bind to the same (guest) ip address. This results in an haproxy error: [ALERT] 273/131923 (3076) : Starting proxy stats_on_guest: cannot bind socket [10.10.2.151:8081] and haproxy never restarts with the new config. the faulty config directives: listen stats_on_public 10.10.2.151:8081 mode http option httpclose stats enable stats uri /admin?stats stats realm Haproxy\ Statistics stats auth admin493:test123 listen stats_on_guest 10.10.2.151:8081 mode http option httpclose stats enable stats uri /admin?stats stats realm Haproxy\ Statistics stats auth admin493:test123 In the code the visibility setting is retrieved by: ElasticLoadBalancerManagerImpl.java private void createApplyLoadBalancingRulesCommands(List<LoadBalancingRule> rules, DomainRouterVO elbVm, Commands cmds, long guestNetworkId) { ... //FIXME: why are we setting attributes directly? Ick!! There should be accessors and //the constructor should set defaults. cmd.lbStatsVisibility = _configDao.getValue(Config.NetworkLBHaproxyStatsVisbility.key()); then in core/src/com/cloud/network/HAProxyConfigurator.java the following function determines what to add to the generate haproxy config: line 542: public String[] generateConfiguration(LoadBalancerConfigCommand lbCmd) { ... line 575: if (!lbCmd.lbStatsVisibility.equals("disabled")) { /* new rule : listen admin_page guestip/link-local:8081 */ if (lbCmd.lbStatsVisibility.equals("global")) { result.add(generateStatsRule(lbCmd, "stats_on_public", lbCmd.lbStatsPublicIP)); } else if (lbCmd.lbStatsVisibility.equals("guest-network")) { result.add(generateStatsRule(lbCmd, "stats_on_guest", lbCmd.lbStatsGuestIP)); } else if (lbCmd.lbStatsVisibility.equals("link-local")) { result.add(generateStatsRule(lbCmd, "stats_on_private", lbCmd.lbStatsPrivateIP)); } else if (lbCmd.lbStatsVisibility.equals("all")) { result.add(generateStatsRule(lbCmd, "stats_on_public", lbCmd.lbStatsPublicIP)); result.add(generateStatsRule(lbCmd, "stats_on_guest", lbCmd.lbStatsGuestIP)); result.add(generateStatsRule(lbCmd, "stats_on_private", lbCmd.lbStatsPrivateIP)); } else { I have not yet tested it but setting the global setting to guest-network will most likely allow for assigning LB rules on an internal LB. In the code i think we should either retrieve the interfaces of the internallbVm before applying rules in the equals('all') case or simply the 'all' case drastically by only applying a single directive which listens on 0.0.0.0? > Assign VPC Internal LB rule to a VM fails > ----------------------------------------- > > Key: CLOUDSTACK-8697 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8697 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Network Controller > Affects Versions: 4.4.4, 4.6.0 > Reporter: Pavan Kumar Bandarupally > Assignee: Wilder Rodrigues > Priority: Blocker > Attachments: MS Log.rar, MSLog.rar > > > Assigning an internal LB rule to a VM inside VPC network fails. Seems to be a > configuration issue. > ================ > 2015-07-31 21:13:49,059 ERROR [c.c.u.s.SshHelper] > (DirectAgent-345:ctx-2bdddfcc) SSH execution of command > /opt/cloud/bin/router_proxy.sh update_config.py 169.254.2.171 > load_balancer.json has an error status code in return. result output: > 2015-07-31 21:13:49,062 DEBUG [c.c.a.r.v.VirtualRoutingResource] > (DirectAgent-345:ctx-2bdddfcc) Processing ScriptConfigItem, executing > update_config.py load_balancer.json took 6656ms > 2015-07-31 21:13:49,062 WARN [c.c.a.r.v.VirtualRoutingResource] > (DirectAgent-345:ctx-2bdddfcc) Expected 1 answers while executing > LoadBalancerConfigCommand but received 2 > 2015-07-31 21:13:49,062 DEBUG [c.c.a.m.DirectAgentAttache] > (DirectAgent-345:ctx-2bdddfcc) Seq 7-4435764157983228083: Response Received: > 2015-07-31 21:13:49,063 DEBUG [c.c.a.t.Request] > (DirectAgent-345:ctx-2bdddfcc) Seq 7-4435764157983228083: Processing: { Ans: > , MgmtId: 6702933999656, via: 7, Ver: v1, Flags: 0, > [{"com.cloud.agent.api.routing.GroupAnswer":{"results":["null - failed: > ","null - failed: "],"result":false,"wait":0}}] } > 2015-07-31 21:13:49,063 DEBUG [c.c.a.t.Request] > (API-Job-Executor-9:ctx-4c2d49d3 job-315 ctx-06ebb5a1) Seq > 7-4435764157983228083: Received: { Ans: , MgmtId: 6702933999656, via: 7, > Ver: v1, Flags: 0, { GroupAnswer } } > 2015-07-31 21:13:49,133 DEBUG [c.c.n.l.LoadBalancingRulesManagerImpl] > (API-Job-Executor-9:ctx-4c2d49d3 job-315 ctx-06ebb5a1) LB Rollback rule id: 6 > while attaching VM: [29] -- This message was sent by Atlassian JIRA (v6.3.4#6332)