[
https://issues.apache.org/jira/browse/CLOUDSTACK-79?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453429#comment-13453429
]
Wido den Hollander commented on CLOUDSTACK-79:
----------------------------------------------
Oh, sorry, I didn't make this really clear.
In CS 3.0.2 and the upcoming 4.0 release this isn't possible yet. What you
could do is run the security_group.py script by hand with the same parameters
as the agent did. You can find this in the agent.log if the loglevel is high
enough.
The three options I proposed where actually development options which could be
implemented.
> CloudStack 3.0.4: firewall rules not restored on KVM host
> ---------------------------------------------------------
>
> Key: CLOUDSTACK-79
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-79
> Project: CloudStack
> Issue Type: Bug
> Components: KVM, Network Controller
> Affects Versions: pre-4.0.0
> Reporter: Vladimir Ostrovsky
> Fix For: 4.1.0
>
>
> I have CloudStack 3.0.4 with a Basic Zone defined. The Zone includes several
> KVM hosts and uses Security Groups (in other words, IPtables on the hosts) to
> isolate traffic between VMs.
> The problem: if, for some reason, IPtables on the host are flushed or the
> iptables service is restarted, the cloud-agent doesn't pull the correct rules
> from the management server and doesn't synchronize the host with Security
> Groups definitions in CloudStack. Restart of the cloud-agent service doesn't
> help as well.
> Shouldn't the agent do it?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
