For reference, you can use iptables commands in firewall-cmd by using the --direct option.
I've made a pull request to update the Quick Installation Guide with an example of commands you can use to configure the firewall. On Wed, Oct 24, 2018 at 8:07 AM Andrija Panic <[email protected]> wrote: > I assume a bit late (just a few months :) - but for sake of other list > members - had exactly the same case, because of FIREWALL on CentOS 7 > > - dashboard shows ZERO capacity, since SSVM is NOT functional - because > agent inside SSVM could not connect to Management Server - because of > FIREWALL... > - running ssvm.sh script reported BAD IP address of the Secondary Storage > inside VM - so make sure the agent is CONNECTED when viewing SSVM and CPVM > from Infrastructure --> System VMs... > - also CPVM was not working - again, because agent was not connected to > mgmt server.. > > Firewall can be properly fixed/configured (obviously), or you can try temp > workaround: > systemctl disable firewalld > systemctl stop firewalld > > After that, disable Zone, destroy both CPVM and SSVM, Enable Zone, and wait > for SSVM and CPVM to be created and that agent connects (Agent State shows > UP in GUI) > > Cheers > Andrija > > On Fri, 23 Mar 2018 at 17:52, Dag Sonstebo <[email protected]> > wrote: > > > Hi Olivier, > > > > Can you write to the NFS mount from SSVM? It could be you have it mounted > > OK, but ACLs and/or settings prevent you from actually reading/writing. > > > > Also keep in mind the NFS permissions you need to set > > (rw,async,no_root_squash,no_subtree_check) – some pointers on > > > http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/4.11/management-server/index.html#using-a-separate-nfs-server > > > > Regards, > > Dag Sonstebo > > Cloud Architect > > ShapeBlue > > > > On 23/03/2018, 16:27, "Olivier GUIN" <[email protected]> wrote: > > > > Hi, > > > > I've a problem with secondary storage, in the dashboard it is 0.00KB > . > > > > In the ssvm, when I launch ssvm.check : This no nfs mount directory > ! > > > > root@s-2-VM:/usr/local/cloud/systemvm# ./ssvm-check.sh > > ================================================ > > First DNS server is 200.13.136.8 > > PING 200.13.136.8 (200.13.136.8): 56 data bytes > > 64 bytes from 200.13.136.8: icmp_seq=0 ttl=63 time=2.566 ms > > 64 bytes from 200.13.136.8: icmp_seq=1 ttl=63 time=0.516 ms > > --- 200.13.136.8 ping statistics --- > > 2 packets transmitted, 2 packets received, 0% packet loss > > round-trip min/avg/max/stddev = 0.516/1.541/2.566/1.025 ms > > Good: Can ping DNS server > > ================================================ > > Good: DNS resolves cloudstack.apache.org > > ================================================ > > nfs is currently mounted > > ================================================ > > Management server is 172.16.1.5. Checking connectivity. > > ./ssvm-check.sh: line 121: warning: command substitution: ignored > null > > byte in input > > Good: Can connect to management server port 8250 > > ================================================ > > Good: Java process is running > > ================================================ > > Tests Complete. Look for ERROR or WARNING above. > > > > Can you help me to verify ssvm (Apache CloudStack SystemVM 4.11.0): > > > > eth0 => cloud_link_local_network : 169.254.0.123 > > eth1 => net-mgmt (managment) : IP OK ping server managment > > eth2 => net-public : IP public : ping 8.8.8.8 and ping > www.google.com > > eth3 => net-storage : IP storage : ping nfs server > > > > My log : > > > > 2018-03-23 13:22:26,166 WARN [c.c.a.d.ParamGenericValidationWorker] > > (qtp1796488937-14:ctx-ad319378 ctx-45f67ed3) (logid:60b07a9b) > Received > > unknown parameters for command listSystemVms. Unknown parameters : > > listall > > 2018-03-23 13:22:31,740 WARN [c.c.a.d.ParamGenericValidationWorker] > > (qtp1796488937-1691:ctx-95b8fcab ctx-d9892e7b) (logid:56afab29) > > Received > > unknown parameters for command listHosts. Unknown parameters : > listall > > 2018-03-23 13:22:38,604 WARN [c.c.a.m.DirectAgentAttache] > > (DirectAgentCronJob-186:ctx-45bbd1b8) (logid:1e90d267) Unable to > > complete the ping task > > > > I don't undestand ... > > > > I use http://packages.shapeblue.com/cloudstack/upstream/centos7/4.11 > > (yum.repos.d) > > > > I use this script to install, reinstall etc .... :-) > > > > #!/bin/sh > > clear > > yum clean all > > yum update -y > > yum install cloudstack-management cloudstack-usage -y > > cd /opt/ > > wget http://download.cloud.com.s3.amazonaws.com/tools/vhd-util > > mv vhd-util > > /usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/ > > chmod +x > > /usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/vhd-util > > cloudstack-setup-databases cloud:Xxxxxxxxxx@localhost > > --deploy-as=root:Xxxxxxxxxxx > > cloudstack-setup-management > > rmdir /tmp/secondary > > mkdir /tmp/secondary > > mount -t nfs 172.16.6.3:/volume1/cs/secondary /tmp/secondary > > > > > /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt > > > > -m /tmp/secondary -u > > > > > http://packages.shapeblue.com.s3-eu-west-1.amazonaws.com/systemvmtemplate/4.11/systemvmtemplate-4.11.0-xen.vhd.bz2 > > -h xenserver > > umount /tmp/secondary/ > > rmdir /tmp/secondary/ > > tail -f /var/log/cloudstack/management/management-server.log > > > > Thank's a lot > > > > Olivier > > > > > > > > > > [email protected] > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > @shapeblue > > > > > > > > > > -- > > Andrija Panić >
