[one-users] [Beta 3.0] Sunstone-Server error on starting
Christoph Raible
c.raible at science-computing.de
Tue Aug 2 04:36:12 PDT 2011
Hi,
now I tried with two VMs on the same host, but I can ping from VM to VM
... This looks like the Hook doesn't work.
I also have a talk to some IPTABLE experts they think that this isn't
working because the ICMP "drop" is based on Network Layer 3 and IPTABLES
is working on Layer 2...
They said that it will make sense when it is integrated into EBTABLES
but not in IPTABLES.
Next issue on this is, when I restart the Cluster-Node / Host-Node or
IPTABLES-Service all rules are "deleted" this is very ugly...
There should be a mechanism to integrate those rules by starting one
(maybe out from database) or something else!
Hope you understand what I mean ;)
Regards,
Christoph
Am 01.08.2011 17:33, schrieb Jaime Melis:
> Hi Christoph,
>
> regarding the firewall hook, I've reviewed the rules and simulated your
> scenario and it's the expected behaviour. The ping should work from the
> worker node running the vm to the vm, but it won't from other vms, which
> is the purpose of the filter. Could you please start another VM and try
> pinging from there?
>
> Regards,
> Jaime
>
> 2011/7/29 Christoph Raible <c.raible at science-computing.de
> <mailto:c.raible at science-computing.de>>
>
> Hi Carlos,
>
> this doesn't work for me... I uncomment this options and restart the
> one daemon.
>
> Then I create a virtual Machine with following Template:
>
> https://pastee.org/j6f3d
>
> After commenting out Default requiretty in /etc/sudoers
> creation and inserting IPTABLES rule works but have no effect...
>
> An IPTABLES -L shows me the following output:
>
> https://pastee.org/vjynr
>
> But I can Ping my VM... Is it possible that the Firwalling is still
> buggy? Or is this an error of my bridged network configuration?
>
> Regards
>
> Chritoph
>
>
>
>
>
> Am 27.07.2011 17 <tel:27.07.2011%2017>:16, schrieb Carlos Martín
> Sánchez:
>
> Hi Christoph,
>
> We are aware of the top command bug, see [1] if you are
> interested in
> the ticket.
>
> As for the iptables configuration, we are still improving the
> documentation and some requirements and configurations are not as
> detailed as they should.
>
> Some of the networking features have to be activated editing
> /etc/one/oned.conf
> I believe you just need to uncomment this hook:
>
> VM_HOOK = [
> name = "firewall",
> on = "RUNNING",
> command = "vnm/firewall",
> arguments = "on $TEMPLATE",
> remote = "yes" ]
>
> And restart OpenNebula with one stop; one start
>
> Best regards,
> Carlos.
>
> [1] http://dev.opennebula.org/__issues/747
> <http://dev.opennebula.org/issues/747>
> --
> Carlos Martín, MSc
> Project Major Contributor
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org <http://www.OpenNebula.org>
> <http://www.opennebula.org/> | cmartin at opennebula.org
> <mailto:cmartin at opennebula.org>
> <mailto:cmartin at opennebula.org <mailto:cmartin at opennebula.org>__>
>
>
>
> On Wed, Jul 27, 2011 at 2:00 PM, Christoph Raible
> <c.raible at science-computing.de
> <mailto:c.raible at science-computing.de>
> <mailto:c.raible at science-__computing.de
> <mailto:c.raible at science-computing.de>>>
> wrote:
>
> Am 27.07.2011 11 <tel:27.07.2011%2011>
> <tel:27.07.2011%2011>:14, schrieb Héctor Sanjuán:
>
>
> Hi Christoph,
>
> it seems the ruby gem 'sequel' is not present in your
> system.
> This gem
> is needed by the monitoring system (requirements in [1],
> also
> seems you
> are missing sqlite3), which is used by Sunstone
> (requirements in
> [2]).
>
> You can install the missing dependencies manually
> issuing 'gem
> install...'.
>
> Also, in order to assure that you have all the dependencies
> necessary
> for OpenNebula in general, we recommend to use the
> 'install_gems' script
> [3], which will try to install all the ruby gems for you
> in their
> correct versions.
>
> For Scientific linux, this means however that you will
> need to
> install
> the packages listed in the doc manually before the
> script can
> proceed to
> install the gems.
>
> Don't hesitate to write back if you have more questions,
>
> Hector
>
> [1]
> http://opennebula.org/____documentation:rel3.0:acctd_____conf#requirements_installation
> <http://opennebula.org/__documentation:rel3.0:acctd___conf#requirements_installation>
> <http://opennebula.org/__documentation:rel3.0:acctd___conf#requirements_installation
> <http://opennebula.org/documentation:rel3.0:acctd_conf#requirements_installation>__>
>
> [2]
> http://opennebula.org/____documentation:rel3.0:sunstone#____requirements_installation
> <http://opennebula.org/__documentation:rel3.0:sunstone#__requirements_installation>
> <http://opennebula.org/__documentation:rel3.0:sunstone#__requirements_installation
> <http://opennebula.org/documentation:rel3.0:sunstone#requirements_installation>>
>
> [3]
> http://opennebula.org/____documentation:rel3.0:ignc#____ruby_libraries_requirements_____front-end
> <http://opennebula.org/__documentation:rel3.0:ignc#__ruby_libraries_requirements___front-end>
> <http://opennebula.org/__documentation:rel3.0:ignc#__ruby_libraries_requirements___front-end
> <http://opennebula.org/documentation:rel3.0:ignc#ruby_libraries_requirements_front-end>>
>
>
>
>
>
> El 27/07/11 10:21, Christoph Raible escribió:
>
> Hi @all,
>
> I got the following error on Starting
> sunstone-server with
> OpenNebula 3.0 Beta1.
>
> http://pastebin.com/SdBJZSc5
>
>
> My System is a 64-Bit Scientific Linux 6.0
> Selinux disabled
> iptables disabled
> One networkinterface as bridge
>
>
> Following Gems are installed:
> daemons (1.1.4)
> eventmachine (0.12.10)
> json (1.5.3)
> mkrf (0.2.3)
> nokogiri (1.5.0)
> rack (1.3.2)
> rake (0.9.2, 0.8.7)
> sinatra (1.2.6)
> thin (1.2.11)
> tilt (1.3.2)
>
> and my sunstone-server.conf is configured so:
>
> http://pastebin.com/4bjn1bqX
>
>
> I hope someone can help me with my problem...
> I need the Sunstone server for an article in the
> linux-admin
> magazin
> (Germany ;) )
>
>
>
> Regards
> Chr.Raible
>
>
>
>
> Hi Thanks for your help.
>
> With those informations and all gems, sunstone and
> monitoring systemHi
now I tried with two VMs but i can also ping from VM to VM ...
I also have a talk to some IPTABLES experts they think that this isn't
working because the ICMP package is on Network Layer 3 and IPTABLES is
working on Layer 2... This would not be make sense...
> works fine :)
>
> Now I found two other "errors/bug" (don't know how to
> describe ;) )
>
> The "onevm top" command doesn't refresh the status of the
> VMs. When
> I start creation of an VM and switch to the top overview,
> the status
> is always on pending state...
>
> The second bug is that the IP-Table configurtaion doesn't
> work. I
> insert the following Option to the NIC section:
>
> ICMP = drop
>
> But after creation of the VM I can ping those VM.
> oneadmin has rights to add an delete iptable rules and has
> also full
> sudo rights...
>
> Has anyone an idea? Or is this just not implemented in the Beta?
>
> Thank an best regards,
>
> Christoph
>
>
>
> --
> Vorstand/Board of Management:
> Dr. Bernd Finkbeiner, Dr. Roland Niemeier, Dr. Arno Steitz, Dr.
> Ingrid Zech
> Vorsitzender des Aufsichtsrats/
> Chairman of the Supervisory Board:
> Philippe Miltin
> Sitz/Registered Office: Tuebingen
> Registergericht/Registration Court: Stuttgart
> Registernummer/Commercial Register No.: HRB 382196
>
> ___________________________________________________
> Users mailing list
> Users at lists.opennebula.org <mailto:Users at lists.opennebula.org>
> <mailto:Users at lists.__opennebula.org
> <mailto:Users at lists.opennebula.org>>
>
> http://lists.opennebula.org/____listinfo.cgi/users-opennebula.____org
> <http://lists.opennebula.org/__listinfo.cgi/users-opennebula.__org>
> <http://lists.opennebula.org/__listinfo.cgi/users-opennebula.__org
> <http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>>
>
>
>
> --
> Vorstand/Board of Management:
> Dr. Bernd Finkbeiner, Dr. Roland Niemeier, Dr. Arno Steitz, Dr.
> Ingrid Zech
> Vorsitzender des Aufsichtsrats/
> Chairman of the Supervisory Board:
> Philippe Miltin
> Sitz/Registered Office: Tuebingen
> Registergericht/Registration Court: Stuttgart
> Registernummer/Commercial Register No.: HRB 382196
>
> _________________________________________________
> Users mailing list
> Users at lists.opennebula.org <mailto:Users at lists.opennebula.org>
> http://lists.opennebula.org/__listinfo.cgi/users-opennebula.__org
> <http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
>
>
>
>
> --
> Jaime Melis, Cloud Technology Engineer/Researcher
> Major Contributor
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org <http://www.OpenNebula.org> | jmelis at opennebula.org
> <mailto:jmelis at opennebula.org>
--
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier,
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
More information about the Users
mailing list