Open tamoorahmedntu opened 1 month ago
@tamoorahmedntu I am not sure whether I understood the issue you are facing but I believe you may be able to report the issue better after going through this document: https://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#accessing-system-vms.
The issue I'm facing is the Web console to CPVM is only accessible once I ssh into it and tell iptables to allow all ports. I'm sure this is not correct I should not be sshing into the vm and allowing all ports in order for the console to work.
The issue I'm facing is the Web console to CPVM is only accessible once I ssh into it and tell iptables to allow all ports. I'm sure this is not correct I should not be sshing into the vm and allowing all ports in order for the console to work. … ____ From: Jithin Raju @.> Sent: Tuesday, August 6, 2024 5:16:24 AM To: apache/cloudstack @.> Cc: Ahmed, Tamoor @.>; Mention @.> Subject: Re: [apache/cloudstack] Unable to use SSVM Or CPVM on 4.18/4.19 (Issue #9490) @tamoorahmedntuhttps://github.com/tamoorahmedntu I am not sure whether I understood the issue you are facing but I believe you may be able to report the issue better after going through this document: https://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#accessing-system-vms. — Reply to this email directly, view it on GitHub<#9490 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANH2J2QVU6JHBD5NUH3HWMTZQBEZRAVCNFSM6AAAAABMBE3ACGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENZQGM2DQNBRGM. You are receiving this because you were mentioned.Message ID: @.***> DISCLAIMER: This email is intended solely for the addressee. It may contain private and confidential information. If you are not the intended addressee, please take no action based on it nor show a copy to anyone. In this case, please reply to this email to highlight the error. Opinions and information in this email that do not relate to the official business of Nottingham Trent University shall be understood as neither given nor endorsed by the University. Nottingham Trent University has taken steps to ensure that this email and any attachments are virus-free, but we do advise that the recipient should check that the email and its attachments are actually virus free. This is in keeping with good computing practice.
@tamoorahmedntu can you share the output of some commands inside CPVM ?
Unfortunately I'm unable to that until I solve another issue #9489
root@v-3-VM:~# iptables-save
# Generated by iptables-save v1.8.7 on Fri Aug 9 18:12:41 2024
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [6571:370457]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 13 -j DROP
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
COMMIT
# Completed on Fri Aug 9 18:12:41 2024
# Generated by iptables-save v1.8.7 on Fri Aug 9 18:12:41 2024
*nat
:PREROUTING ACCEPT [8:528]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [18:1239]
:POSTROUTING ACCEPT [18:1239]
COMMIT
# Completed on Fri Aug 9 18:12:41 2024
root@v-3-VM:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0e:00:a9:fe:00:15 brd ff:ff:ff:ff:ff:ff
altname enp0s3
altname ens3
inet 169.254.0.21/16 brd 169.254.255.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 1e:00:27:00:00:26 brd ff:ff:ff:ff:ff:ff
altname enp0s4
altname ens4
inet 152.71.168.16/24 brd 152.71.168.255 scope global eth1
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 1e:00:58:00:00:01 brd ff:ff:ff:ff:ff:ff
altname enp0s5
altname ens5
inet 152.71.168.20/24 brd 152.71.168.255 scope global eth2
valid_lft forever preferred_lft forever
root@v-3-VM:~# ip route
default via 152.71.168.254 dev eth2
8.8.8.8 via 152.71.168.254 dev eth1
10.0.0.0/8 via 152.71.168.254 dev eth1
152.71.168.0/24 dev eth1 proto kernel scope link src 152.71.168.16
152.71.168.0/24 dev eth2 proto kernel scope link src 152.71.168.20
169.254.0.0/16 dev eth0 proto kernel scope link src 169.254.0.21
172.16.0.0/12 via 152.71.168.254 dev eth1
192.168.0.0/16 via 152.71.168.254 dev eth1
root@v-3-VM:~#
@tamoorahmedntu I suspect the issue is possibly caused by the same subnet in the management/pod and public traffic. Is it possible to use two different subnets for them?
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
OS / ENVIRONMENT
SUMMARY
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS
management-server.log agent.log