meta-data missing on vRouter

[Livio Lv]

Hi all:

I am trying to get the metadata using curl
http:///latest/local-ipv4 from the instance
provisioned in cloudstack following the instruction of admin
guide(20.3 User data and meta data section). I get a 404 error. When I
check
 under /var/www/html/latest, I do not see any
file or directory in it. How can i mannage it?

Thanks in advance.

RE: multiple local primary storage for XenServer

[Koushik Das]

I did a quick check in the code and based on it only the first SR is returned. 
So if there are multiple local SR then all of them won't get discovered 
automatically.
Refer to method protected StartupStorageCommand initializeLocalSR(Connection 
conn) in CitrixResourceBase.java

> -Original Message-
> From: Kirk Kosinski [mailto:kirkkosin...@gmail.com]
> Sent: Tuesday, May 14, 2013 5:43 AM
> To: users@cloudstack.apache.org
> Subject: Re: multiple local primary storage for XenServer
> 
> Do your hosts each have more than one local SR?  Sorry I just want to be
> clear.  I know that one local SR per host is successfully detected when you
> add the host, but I am not sure about multiple local SRs per host.
> 
> Thanks,
> Kirk
> 
> On 05/13/2013 04:56 PM, Kirk Jantzer wrote:
> > For me, when I added the hosts, it added their local storage, this was
> > all done when creating a basic zone.
> >
> > Regards,
> >
> > Kirk Jantzer
> > (678) 561-5475
> > http://about.me/kirkjantzer
> > On May 13, 2013 7:50 PM, "Kirk Kosinski"  wrote:
> >
> >> Does it add all of the local SRs for a host as primary storage when
> >> you add the host, or do you have to add the SRs manually (PreSetup
> >> option or otherwise)?
> >>
> >> Kirk
> >>
> >> On 05/13/2013 04:17 PM, Kirk Jantzer wrote:
> >>> Kirk - totally possible, this is my lab setup. When you create your
> >>> zone, you have to check the box for 'local storage'. When you go to
> >>> add a host, it will add the hosts storage as primary storage. Also,
> >>> you'll need to recreate your compute service offerings to use local
> storage.
> >>>
> >>> Regards,
> >>>
> >>> Kirk Jantzer
> >>> http://about.me/kirkjantzer
> >>> On May 13, 2013 7:14 PM, "Kirk Kosinski" 
> wrote:
> >>>
>  Has anyone every used more than one local primary storage on a
>  XenServer host in CloudStack?  Do you add it in CloudStack using
>  the PreSetup option or some other way?
> 
>  Thanks,
>  Kirk
> 
> >>>
> >>
> >

how to configure netscaler to enable DefaultSharedNetscalerEIPandELBNetworkOffering

[jekie]

Dear All:
I  have configured a cloudstack 4.0.1-incubating basic zone with 
DefaultSharedNetscalerEIPandELBNetworkOffering following document on 
http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/zone-add.html,below
 is the summary of my configuration:
netscaler vpx 10.0：
system ip:192.168.10.9
subnet ip range:192.168.50.20-192.168.50.40
vlan :50 with interface 1/1 tagged
zone:
name:zone1
dns1:192.168.50.254
internal dns1:192.168.10.254
hypervisor:kvm
network offering: DefaultSharedNetscalerEIPand ELBNetworkOffering
public:checked
cloudstack netscalr configuration:
ipaddr 192.168.10.9
user/password:nsroot/nsroot
type:netscaler vpx loadbalancer
public interface:1/1
private interface 1/2
number of retries：2
capacity:1
dedicated:not check
 public traffic:
gateway:192.168.50.254
netmask:255.255.255.0
vlan:50
startip:192.168.50.20
endip:192.168.50.40
pod:
name:pod1
reserved system gateway:192.168.10.254
reserved system netmask:255.255.255.0
start/end reserved system ip:192.168.10.20-192.168.10.40


guest traffic:
guest gateway:192.168.30.254
guest netmask:255.255.255.0
guest start ip/end ip:192.168.30.20-192.168.30.70


After enabling this basic zone,what makes  me confused is that my system vms' 
public address are all in guest subnet,console proxy vm' public ip is 
192.168.30.20,secondary storage vm 's public ip is 192.168.30.30,the vnc 
console doestn't work properly,it alerts me
https://192-168-50-23.realhostip.com/ajax?token=txmijPkR_7vKEi3LmfY9ZoI5ZOeuH_k8FeUHJN_iDmc4UIGpsKSwpG0rGImS01oiKye2FMn2IyFwn9t2D1f7Q9sxbTBd1JrUolkUhGLbAC41mwpDn9mG2EQU4v86tC54r2sDCLAQJQfX7sYuVlOCD1zJdCnQT82XNxlpuGP8Sj4go6qBA79mtJ_V4XgW2I7l8hl1thtWXQ7vVnoBFyfiznsAvnXBLbNKhe3weJQgg0nbdTPNAL1bZxLgbZt4LRozreQwhkKpBjg
 cannot connected
error 501 net::ERR_INSECURE_RESPONSE


At the sametime ,i even cannot add vm in cloudstack guestNetworkForBasicZone -> 
Add Load Balancer  UI ,I think my problem lies in netscaler configuration, 
please help me !


thanks in advance!

Re: Template download stuck at 1%

[Chip Childers]

On Wed, May 15, 2013 at 12:40:47AM +0100, CK wrote:
> Running a fresh install of ACS on Centos 6.4 with KVM as the host. Having
> setup a basic zone the CentOS 5.5(64-bit) no GUI (KVM) template is stuck at
> 1% downloaded.
> 
> I have run through the SSVM troubleshooting guide and everything appears to
> be running fine on the SSVM - secstorage nfs mount, public access, etc.
> 
> I tried: wget
> http://download.cloud.com/releases/2.2.0/eec2209b-9875-3c8d-92be-c001bd8a0faf.qcow2.bz2in
> the SSVM a couple of times and it starts saving the template, but each
> time is gets as far as around 7MB (eg.7,479,075,  7,173,935) = 1% it just
> stops downloading.

This doesn't sound like a CloudStack issue exactly, but more like a
local connectivity problem (since wget is failing as well).  Are you
having problems pulling the file down to your local machine?

Re: Console proxy and iptables redirect

[Chip Childers]

On Wed, May 15, 2013 at 06:09:08AM +0100, Callum Massey wrote:
> I have the management server setup on port 8080 with an iptables redirect 
> from port 80, however the web vnc doesn't work when it's setup this way, what 
> do I need to do get it to work? (Note that currently only the management 
> servers ip can be reached through the firewall and only port 80 is open)
> 
> Callum 

It's required that the browser can access the CPVM to access the
console.  Have you looked at what traffic your browser is attempting to
pass to see what's missing?

Re: how to configure netscaler to enable DefaultSharedNetscalerEIPandELBNetworkOffering

[Murali Reddy]

On 15/05/13 3:21 PM, "jekie"  wrote:

>Dear All:
>I  have configured a cloudstack 4.0.1-incubating basic zone with
>DefaultSharedNetscalerEIPandELBNetworkOffering following document on
>http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Insta
>llation_Guide/zone-add.html,below is the summary of my configuration:
>netscaler vpx 10.0：
>system ip:192.168.10.9
>subnet ip range:192.168.50.20-192.168.50.40
>vlan :50 with interface 1/1 tagged
>zone:
>name:zone1
>dns1:192.168.50.254
>internal dns1:192.168.10.254
>hypervisor:kvm
>network offering: DefaultSharedNetscalerEIPand ELBNetworkOffering
>public:checked
>cloudstack netscalr configuration:
>ipaddr 192.168.10.9
>user/password:nsroot/nsroot
>type:netscaler vpx loadbalancer
>public interface:1/1
>private interface 1/2
>number of retries：2
>capacity:1
>dedicated:not check
> public traffic:
>gateway:192.168.50.254
>netmask:255.255.255.0
>vlan:50
>startip:192.168.50.20
>endip:192.168.50.40
>pod:
>name:pod1
>reserved system gateway:192.168.10.254
>reserved system netmask:255.255.255.0
>start/end reserved system ip:192.168.10.20-192.168.10.40
>
>
>guest traffic:
>guest gateway:192.168.30.254
>guest netmask:255.255.255.0
>guest start ip/end ip:192.168.30.20-192.168.30.70
>
>
>After enabling this basic zone,what makes  me confused is that my system
>vms' public address are all in guest subnet,console proxy vm' public ip
>is 192.168.30.20,secondary storage vm 's public ip is 192.168.30.30,the
>vnc console doestn't work properly,it alerts me

This is expected behaviour. System VM's will get an IP from the guest
subnet, however there is a public acquired for each system VM (similar to
user VM's) and there is 1:1 NAT established between the acquired public IP
for the system VM and guest IP os system VM. There are bugs due to which
system VM's were not getting public IP in 4.0. Fix is currently available
in 4.2 release.

>https://192-168-50-23.realhostip.com/ajax?token=txmijPkR_7vKEi3LmfY9ZoI5ZO
>euH_k8FeUHJN_iDmc4UIGpsKSwpG0rGImS01oiKye2FMn2IyFwn9t2D1f7Q9sxbTBd1JrUolkU
>hGLbAC41mwpDn9mG2EQU4v86tC54r2sDCLAQJQfX7sYuVlOCD1zJdCnQT82XNxlpuGP8Sj4go6
>qBA79mtJ_V4XgW2I7l8hl1thtWXQ7vVnoBFyfiznsAvnXBLbNKhe3weJQgg0nbdTPNAL1bZxLg
>bZt4LRozreQwhkKpBjg cannot connected
>error 501 net::ERR_INSECURE_RESPONSE
>
>
>At the sametime ,i even cannot add vm in cloudstack
>guestNetworkForBasicZone -> Add Load Balancer  UI ,I think my problem
>lies in netscaler configuration, please help me !
>
>
>thanks in advance!
>
>
>
>
>
>

[DISCUSS] EIP Enhancements FS & Design Document

[Venkata SwamyBabu Budumuru]

Hi,

I didn't find the old mail thread about this FS. Hence posting my review 
comments in a new thread.

I have few queries/ comments after reviewing the FS [1]

[1] https://cwiki.apache.org/CLOUDSTACK/eip-enhancements.html
[2] Prior discussion thread :  http://sy.pe/6bNG


1. Are we providing any flexibility for admin to impose no. of EIPs an account 
can use?
2. As per the Spec, when an instance has a public ip with is_system=false, then 
we don't let user asosciateEIP. I feel, it would be better if allow the user to 
associate EIP in this case?
3. When "Associate PublicIP" is false then are going to keep all the semantics 
to stand the same except the fact that vm deployment by default not getting the 
public ip?
4. Do allow CS to reprogram NAT rules on the provider in case of n/w restarts?
5. Under Scope, point 4 says that we only support static NAT on region level 
EIP. Is this true for advanced zones as well? we cannot we support other 
services like PF / LB etc..,?
6. Can you confirm that we are supporting this for Shared n/ws in advanced zone?
7. I see in the spec that "createElasticIpRange" API not having any VLAN id. 
Are we supporting region level IP CIDR with both tagged and untagged? multiple 
subnets in the same VLAN and different VLANs etc..,
8. When there is an ElasticIp associated with instance, Does the current 
implementation release this IP and gives it back to account when VM got to 
stopped state? if yes, does this mean user has to associateEIP every time user 
starts instance?


Thanks,
SWAMY

Re: Working with clouds on multiple ESX hosts

[Ahmad Emneina]

I forgot to reply all so the group see's my answer:
i see. so for trunk2, you want to trunk your zone vlans (that were defined
in cloudstack for the advanced,guest networks) to it. you should see the
portgroup being created on vswitch1, for the guest network. if that vlan is
present on all hosts, and switchports, you should be good to go.


On Tue, May 14, 2013 at 3:45 PM, Stanley Kaytovich wrote:

> Ahmad,
>
> Each host has a total of 8 physical nics.
>
> 2 Nics for management (vswitch0) (trunk1)
> 4 nics for public (vswitch1) (trunk2)
> 2 10gbe nics for storage (separate switch)
> 0 nics for guests - also tried 1 separate nic and got same results
>
> -Stan
>
> Ahmad Emneina  wrote:
>
>
> I was talking about physical switchports and trunks. How many nics do your
> esx hosts have? Do the vSwitches correspond to different pysical nics, or
> do they all map to 1 nic?
>
>
> On Tue, May 14, 2013 at 2:42 PM, Stanley Kaytovich  >wrote:
>
> > Ahmad,
> >
> > Actually, I misspoke, there are 6 ports on each host, but our switch only
> > allows 8 ports in a trunk. If I understand you correctly, I created a
> trunk
> > on our switch for vSwitch1 (8 ports).
> >
> > Below is our vSwitch configuration in CloudStack/vCenter:
> >
> > vSwitch0 - management (excluded from trunk)
> > vSwitch1 - public
> > vSwitch2 - storage (excluded from trunk)
> > vSwitch3 - guests (excluded from trunk)
> >
> > Regards,
> > Stan
> >
> > -Original Message-
> > From: Ahmad Emneina [mailto:aemne...@gmail.com]
> > Sent: Tuesday, May 14, 2013 5:30 PM
> > To: Cloudstack users mailing list
> > Subject: Re: Working with clouds on multiple ESX hosts
> >
> > what vlans are you trunking to the hosts? what vlans are you using in
> > cloudstack as your zone vlans?
> >
> >
> > On Tue, May 14, 2013 at 2:22 PM, Stanley Kaytovich  > >wrote:
> >
> > > Ahmad,
> > >
> > > I configured trunking on the switch for 8 ports. Each host has 4
> > > physical NICs, so 8 ports are in a trunk on the switch. Still no
> > > network connectivity.
> > >
> > > :-/
> > >
> > >
> > > -Original Message-
> > > From: Ahmad Emneina [mailto:aemne...@gmail.com]
> > > Sent: Tuesday, May 14, 2013 4:35 PM
> > > To: Cloudstack users mailing list
> > > Subject: Re: Working with clouds on multiple ESX hosts
> > >
> > > Sounds like youre not trunking the zone vlans to all the switchports
> > > your hosts connect to. Can you verify the vlans are trunked, then see
> > > if your networking starts working?
> > >
> > >
> > > On Tue, May 14, 2013 at 1:28 PM, Stanley Kaytovich
> > >  > > >wrote:
> > >
> > > > Hello,
> > > >
> > > > This is more of a general question pertaining to best practices of
> > > > how everyone works with multiple ESX hosts in a cloudstack zone. It
> > > > seems that if a VM instance resides on a different host from other
> > > > instances, there is no networking ability on the alienated
> > > > instance(s). Since the hosts are chosen automatically, occasionally
> > > > instances are created on an alternate host and the instance boots up
> > > > without networking. Adding a tag in the computer offering is a way
> > > > of forcing instances to be created on a particular hosts, though
> > > > that
> > > requires additional offerings for every host.
> > > >
> > > > Using a dvSwitch would be great, though on 4.0.2 I do not believe it
> > > > is supported or I am unable to find any documentation to prove me
> > > otherwise.
> > > >
> > > > What is the best practice or workaround for this?
> > > >
> > > > - Stan
> > > >
> > >
> >
>

RE: Working with clouds on multiple ESX hosts

[Musayev, Ilya]

Stanley,

We are large VSphere shop with ACS. While dVswitch support is coming out in 
4.2, we've backported the code from 4.2 into 4.1 and have been running it for 
some time now.

We've also backported other features that are beneficial to VMWare like ability 
to append a hostname to VM name in vSphere. 

We are using tags and in some cases zones when networks don't overlap due to 
security/compliance.

For example, I have QA 1 environment, which consists of high compute cluster 
and standard compute. While all QA1 hypervisors in both clusters can see the 
same resources, we tag the high compute hypervisors for VMs that need 2 CPUs+, 
and standard goes to standard 1CPU vms. We have to adhere to strict compliance, 
so we do customize CS to some extent. QA2 env has a same setup as QA1 except it 
has different network and storage - in this case we treat it as a separate zone 
- while I can use tags - I think in this case - it becomes too cumbersome.

If interested I can share the codebase and pre-build RPMs for 4.1 we are 
running in house.

Regards
ilya

> -Original Message-
> From: Ahmad Emneina [mailto:aemne...@gmail.com]
> Sent: Wednesday, May 15, 2013 2:18 PM
> To: Stanley Kaytovich
> Cc: users@cloudstack.apache.org
> Subject: Re: Working with clouds on multiple ESX hosts
> 
> I forgot to reply all so the group see's my answer:
> i see. so for trunk2, you want to trunk your zone vlans (that were defined in
> cloudstack for the advanced,guest networks) to it. you should see the
> portgroup being created on vswitch1, for the guest network. if that vlan is
> present on all hosts, and switchports, you should be good to go.
> 
> 
> On Tue, May 14, 2013 at 3:45 PM, Stanley Kaytovich
> wrote:
> 
> > Ahmad,
> >
> > Each host has a total of 8 physical nics.
> >
> > 2 Nics for management (vswitch0) (trunk1)
> > 4 nics for public (vswitch1) (trunk2)
> > 2 10gbe nics for storage (separate switch)
> > 0 nics for guests - also tried 1 separate nic and got same results
> >
> > -Stan
> >
> > Ahmad Emneina  wrote:
> >
> >
> > I was talking about physical switchports and trunks. How many nics do
> > your esx hosts have? Do the vSwitches correspond to different pysical
> > nics, or do they all map to 1 nic?
> >
> >
> > On Tue, May 14, 2013 at 2:42 PM, Stanley Kaytovich
> >  > >wrote:
> >
> > > Ahmad,
> > >
> > > Actually, I misspoke, there are 6 ports on each host, but our switch
> > > only allows 8 ports in a trunk. If I understand you correctly, I
> > > created a
> > trunk
> > > on our switch for vSwitch1 (8 ports).
> > >
> > > Below is our vSwitch configuration in CloudStack/vCenter:
> > >
> > > vSwitch0 - management (excluded from trunk)
> > > vSwitch1 - public
> > > vSwitch2 - storage (excluded from trunk)
> > > vSwitch3 - guests (excluded from trunk)
> > >
> > > Regards,
> > > Stan
> > >
> > > -Original Message-
> > > From: Ahmad Emneina [mailto:aemne...@gmail.com]
> > > Sent: Tuesday, May 14, 2013 5:30 PM
> > > To: Cloudstack users mailing list
> > > Subject: Re: Working with clouds on multiple ESX hosts
> > >
> > > what vlans are you trunking to the hosts? what vlans are you using
> > > in cloudstack as your zone vlans?
> > >
> > >
> > > On Tue, May 14, 2013 at 2:22 PM, Stanley Kaytovich
> > >  > > >wrote:
> > >
> > > > Ahmad,
> > > >
> > > > I configured trunking on the switch for 8 ports. Each host has 4
> > > > physical NICs, so 8 ports are in a trunk on the switch. Still no
> > > > network connectivity.
> > > >
> > > > :-/
> > > >
> > > >
> > > > -Original Message-
> > > > From: Ahmad Emneina [mailto:aemne...@gmail.com]
> > > > Sent: Tuesday, May 14, 2013 4:35 PM
> > > > To: Cloudstack users mailing list
> > > > Subject: Re: Working with clouds on multiple ESX hosts
> > > >
> > > > Sounds like youre not trunking the zone vlans to all the
> > > > switchports your hosts connect to. Can you verify the vlans are
> > > > trunked, then see if your networking starts working?
> > > >
> > > >
> > > > On Tue, May 14, 2013 at 1:28 PM, Stanley Kaytovich
> > > >  > > > >wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > This is more of a general question pertaining to best practices
> > > > > of how everyone works with multiple ESX hosts in a cloudstack
> > > > > zone. It seems that if a VM instance resides on a different host
> > > > > from other instances, there is no networking ability on the
> > > > > alienated instance(s). Since the hosts are chosen automatically,
> > > > > occasionally instances are created on an alternate host and the
> > > > > instance boots up without networking. Adding a tag in the
> > > > > computer offering is a way of forcing instances to be created on
> > > > > a particular hosts, though that
> > > > requires additional offerings for every host.
> > > > >
> > > > > Using a dvSwitch would be great, though on 4.0.2 I do not
> > > > > believe it is supported or I am unable to find any documentation
> > > > > to prove me
> > > > otherwise.
> > > > >
> > > > > What is the

RE: automating template creation and install

[Musayev, Ilya]

I'm ditching my linux template generator in favor of box grinder!

Thanks for sharing
-ilya

> -Original Message-
> From: David Nalley [mailto:da...@gnsa.us]
> Sent: Tuesday, May 14, 2013 3:07 PM
> To: users@cloudstack.apache.org
> Subject: Re: automating template creation and install
> 
> So my first choice is Boxgrinder - but it's not the only way.
> 
> Check out how Fedora creates them:
> https://fedoraproject.org/wiki/Cloud_SIG/EC2_Creation
> 
> The tools to do that abound, SuSE has a platform, and there are tons of third
> party tools.
> 
> --David
> 
> 
> On Tue, May 14, 2013 at 8:34 AM, Shane Witbeck
>  wrote:
> > I'd like to automate the creation and install of VM templates.
> >
> > Is there a step-by-step procedure for doing this without using an existing
> VM or snapshot? There's a lot of useful info here:
> >
> > http://cloudstack.apache.org/docs/en-
> US/Apache_CloudStack/4.0.2/html/A
> > dmin_Guide/working-with-templates.html
> >
> > but I'd like to know how to take, say a plain Ubuntu ISO, and create a
> template from it which allows SSH to it.
> >
> >
> >
> > Thanks,
> > Shane
> >

RE: Console proxy and iptables redirect

[Musayev, Ilya]

> -Original Message-
> From: Chip Childers [mailto:chip.child...@sungard.com]
> Sent: Wednesday, May 15, 2013 10:32 AM
> To: users@cloudstack.apache.org
> Subject: Re: Console proxy and iptables redirect
> 
> On Wed, May 15, 2013 at 06:09:08AM +0100, Callum Massey wrote:
> > I have the management server setup on port 8080 with an iptables
> > redirect from port 80, however the web vnc doesn't work when it's
> > setup this way, what do I need to do get it to work? (Note that
> > currently only the management servers ip can be reached through the
> > firewall and only port 80 is open)
> >
> > Callum
> 
> It's required that the browser can access the CPVM to access the console.
> Have you looked at what traffic your browser is attempting to pass to see
> what's missing?

Just to elaborate on what Chip mentioned, end user desktop browser must be able 
to reach CPVM on port 443.
CPVM also need to reach hypervisors to create VNC session, for vSphere it is 
5900-5964, and 59000-6 (when you run out of the first initial 64 ports).

Regards
ilya

Hello, Is it possible to setup the Advance Network on the same box with KVM?

[wq meng]

Hello, Is it possible to setup the Advance Network on the same box with KVM?

Hi all.

I now have a problem.

I have one physical NIC card.

I setup the CS manger on it, and then setup the KVM on the computer too.

For the Advanced network,

There have 3 Vlans,

On the computer, I use eth1.

Here is the Vlan setting.

Vlan 1100 for the manage network with IP block 192.168.100.0/24
Vlan 1200 for the public network with IP block let see. 8.1.1.0/24
Vlan 1300 for the guest network with IP block 10.1.1.0/4

The problem is that I have a public IP block which have already on eth1,
such as 8.8.2.0/29

eth1 ,  8.8.2.0/29 ,  IP 8.8.2.2 is a public IP, which I use to access the
ssh and mange the computer

eth1.1100, 192.168.100.0/24
eth1.1200, 8.1.1.0/24   This is the public block to assign to VMs.
eth1.1300, 10.1.1.0/4


When I setup the bridge network for the KVM, I just lose the connection to
the server, as from the guide with CS 4.0.2

eth1 's configuration
Make sure it looks similair to:
DEVICE=eth1
HWADDR=00:04:xx:xx:xx:xx
ONBOOT=yes
HOTPLUG=no
BOOTPROTO=none
TYPE=Ethernet


You see that for eth1, there is no IP 8.8.2.2, setup on this BOx.



So how to add the IP 8.8.2.2 back to this computer?   And also may others
IP blocks for CloudStack work too?




Thank you very much.

RE: meta-data missing on vRouter

[Musayev, Ilya]

Check the .htaccess file in /var/www/html/latest on the router VM. If this is 
cloud-init/boto related, I've posted a fix - but apache review board crashed on 
me 2'ce. 

Also, I've posted fixes in my private github repo, perhaps you can apply them 
and see if it helps.

https://github.com/serverchief/cloudsand/commits/
Both commits for Apr 17, 2013

> -Original Message-
> From: Livio Lv [mailto:sandiwater1...@gmail.com]
> Sent: Wednesday, May 15, 2013 3:57 AM
> To: users@cloudstack.apache.org
> Subject: meta-data missing on vRouter
> 
> Hi all:
> 
> I am trying to get the metadata using curl
> http:///latest/local-ipv4 from the instance provisioned in
> cloudstack following the instruction of admin
> guide(20.3 User data and meta data section). I get a 404 error. When I check
>  under /var/www/html/latest, I do not see any file or
> directory in it. How can i mannage it?
> 
> Thanks in advance.

RE: meta-data missing on vRouter

[Musayev, Ilya]

I will resubmit the fixes yet again. :)

> -Original Message-
> From: Musayev, Ilya [mailto:imusa...@webmd.net]
> Sent: Wednesday, May 15, 2013 5:08 PM
> To: users@cloudstack.apache.org
> Subject: RE: meta-data missing on vRouter
> 
> Check the .htaccess file in /var/www/html/latest on the router VM. If this is
> cloud-init/boto related, I've posted a fix - but apache review board crashed
> on me 2'ce.
> 
> Also, I've posted fixes in my private github repo, perhaps you can apply them
> and see if it helps.
> 
> https://github.com/serverchief/cloudsand/commits/
> Both commits for Apr 17, 2013
> 
> > -Original Message-
> > From: Livio Lv [mailto:sandiwater1...@gmail.com]
> > Sent: Wednesday, May 15, 2013 3:57 AM
> > To: users@cloudstack.apache.org
> > Subject: meta-data missing on vRouter
> >
> > Hi all:
> >
> > I am trying to get the metadata using curl
> > http:///latest/local-ipv4 from the instance
> > provisioned in cloudstack following the instruction of admin
> > guide(20.3 User data and meta data section). I get a 404 error. When I
> > check  under /var/www/html/latest, I do not see any
> > file or directory in it. How can i mannage it?
> >
> > Thanks in advance.
> 

Re: meta-data missing on vRouter

[David Nalley]

You are a committer - commit them :)

--David

On Wed, May 15, 2013 at 5:09 PM, Musayev, Ilya  wrote:
> I will resubmit the fixes yet again. :)
>
>> -Original Message-
>> From: Musayev, Ilya [mailto:imusa...@webmd.net]
>> Sent: Wednesday, May 15, 2013 5:08 PM
>> To: users@cloudstack.apache.org
>> Subject: RE: meta-data missing on vRouter
>>
>> Check the .htaccess file in /var/www/html/latest on the router VM. If this is
>> cloud-init/boto related, I've posted a fix - but apache review board crashed
>> on me 2'ce.
>>
>> Also, I've posted fixes in my private github repo, perhaps you can apply them
>> and see if it helps.
>>
>> https://github.com/serverchief/cloudsand/commits/
>> Both commits for Apr 17, 2013
>>
>> > -Original Message-
>> > From: Livio Lv [mailto:sandiwater1...@gmail.com]
>> > Sent: Wednesday, May 15, 2013 3:57 AM
>> > To: users@cloudstack.apache.org
>> > Subject: meta-data missing on vRouter
>> >
>> > Hi all:
>> >
>> > I am trying to get the metadata using curl
>> > http:///latest/local-ipv4 from the instance
>> > provisioned in cloudstack following the instruction of admin
>> > guide(20.3 User data and meta data section). I get a 404 error. When I
>> > check  under /var/www/html/latest, I do not see any
>> > file or directory in it. How can i mannage it?
>> >
>> > Thanks in advance.
>>
>
>

CloudStack exports vCPU as socket, not core

[Stanley Kaytovich]

CloudStack: 4.0.2
-

Hi All,

Similar to this bug report: 
https://issues.apache.org/jira/browse/CLOUDSTACK-904, we're having the same 
issue. All VMs are created with sockets instead of cores. This is a huge issue 
since some OSes are limited to the number of sockets they can have.

Anyone found a solution/workaround for this? Seems like editing the machine 
after it was created is the only option so far.

Thanks in advance,
Stan

DC CloudStack Meetup

[John Burwell]

All,

Basho Technologies [1] will be hosting Chip Childers for a meet up entitled 
"Cloudstack – What Is It and What’s Next"  on 29 May 2013 at our Herndon, VA 
office.  For more information and/or to RSVP, please see the meetup.com 
announcement [2].

Thanks,
-John

[1]: http://www.basho.com
[2]: http://www.meetup.com/Riak-DC/events/118224772/

RE: meta-data missing on vRouter

[Musayev, Ilya]

David, 

I would have, but that would be a bit renegade IMHO. I'd need for another 
person (Chiradeep or Rohit) to approve it, since they were the original 
developers who wrote the code and need to agree on the changes.

I will resubmit the patch again tomorrow, hopefully we can get it into 4.1

Thanks
ilya


> -Original Message-
> From: David Nalley [mailto:da...@gnsa.us]
> Sent: Wednesday, May 15, 2013 5:30 PM
> To: users@cloudstack.apache.org
> Subject: Re: meta-data missing on vRouter
> 
> You are a committer - commit them :)
> 
> --David
> 
> On Wed, May 15, 2013 at 5:09 PM, Musayev, Ilya 
> wrote:
> > I will resubmit the fixes yet again. :)
> >
> >> -Original Message-
> >> From: Musayev, Ilya [mailto:imusa...@webmd.net]
> >> Sent: Wednesday, May 15, 2013 5:08 PM
> >> To: users@cloudstack.apache.org
> >> Subject: RE: meta-data missing on vRouter
> >>
> >> Check the .htaccess file in /var/www/html/latest on the router VM. If
> >> this is cloud-init/boto related, I've posted a fix - but apache
> >> review board crashed on me 2'ce.
> >>
> >> Also, I've posted fixes in my private github repo, perhaps you can
> >> apply them and see if it helps.
> >>
> >> https://github.com/serverchief/cloudsand/commits/
> >> Both commits for Apr 17, 2013
> >>
> >> > -Original Message-
> >> > From: Livio Lv [mailto:sandiwater1...@gmail.com]
> >> > Sent: Wednesday, May 15, 2013 3:57 AM
> >> > To: users@cloudstack.apache.org
> >> > Subject: meta-data missing on vRouter
> >> >
> >> > Hi all:
> >> >
> >> > I am trying to get the metadata using curl
> >> > http:///latest/local-ipv4 from the instance
> >> > provisioned in cloudstack following the instruction of admin
> >> > guide(20.3 User data and meta data section). I get a 404 error.
> >> > When I check  under /var/www/html/latest, I do
> >> > not see any file or directory in it. How can i mannage it?
> >> >
> >> > Thanks in advance.
> >>
> >
> >

Re: CloudStack exports vCPU as socket, not core

[Kirk Jantzer]

At present, I believe what you suggested is the only solution. We're
looking to use XCP instead of XenServer as our hypervisor - XCP allows for
this option, whereas you need at least the advanced license of XenServer to
be able to utilize this feature.


On Wed, May 15, 2013 at 5:50 PM, Stanley Kaytovich wrote:

> CloudStack: 4.0.2
> -
>
> Hi All,
>
> Similar to this bug report:
> https://issues.apache.org/jira/browse/CLOUDSTACK-904, we're having the
> same issue. All VMs are created with sockets instead of cores. This is a
> huge issue since some OSes are limited to the number of sockets they can
> have.
>
> Anyone found a solution/workaround for this? Seems like editing the
> machine after it was created is the only option so far.
>
> Thanks in advance,
> Stan
>



-- 
Regards,

Kirk Jantzer
c: (678) 561-5475

Re: Template download stuck at 1%

[CK]

Running wget to download a template as a test on the SSVM starts off fine
and then after several seconds (10+) the download grinds down to 0Kb/s -
the ETA starts to go up.

Doing the same wget download from the MS host works fine the template is
downloaded in full - no timeouts.

Looking in the log I noticed this line: 2013-05-16 02:30:26,123 DEBUG
[storage.download.DownloadListener] (Timer-6:null) Scheduling timeout at
3 ms, template=CentOS 6.3 at host nfs://192.168.2.12/export/secondary

What is the storage.download.DownloadListener and what is the 30s timeout -
could this be causing this issue?

My iptables is as follows - does it look ok?

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8250 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7080 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8096 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1798 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 16509 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5900:6100 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 49152:49216 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 111
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 111
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 2049
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 32803
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 32769
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 892
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 892
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 875
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 875
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 662
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 662
-j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state
RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state
RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWA

Re: Template download stuck at 1%

[Musayev, Ilya]

Stop firewall and see if it helps.


 Original message 
From: CK 
Date:
To: users@cloudstack.apache.org
Subject: Re: Template download stuck at 1%


Running wget to download a template as a test on the SSVM starts off fine
and then after several seconds (10+) the download grinds down to 0Kb/s -
the ETA starts to go up.

Doing the same wget download from the MS host works fine the template is
downloaded in full - no timeouts.

Looking in the log I noticed this line: 2013-05-16 02:30:26,123 DEBUG
[storage.download.DownloadListener] (Timer-6:null) Scheduling timeout at
3 ms, template=CentOS 6.3 at host nfs://192.168.2.12/export/secondary

What is the storage.download.DownloadListener and what is the 30s timeout -
could this be causing this issue?

My iptables is as follows - does it look ok?

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8250 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7080 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8096 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1798 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 16509 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5900:6100 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 49152:49216 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 111
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 111
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 2049
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 32803
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 32769
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 892
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 892
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 875
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 875
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 662
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 662
-j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state
RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp

RE: Template download stuck at 1%

[Musayev, Ilya]

I would also check that MTU is properly set across the board and no packets are 
dropped on the switch or elsewhere.

From: Musayev, Ilya
Sent: Wednesday, May 15, 2013 10:02 PM
To: users@cloudstack.apache.org
Subject: Re: Template download stuck at 1%

Stop firewall and see if it helps.


 Original message 
From: CK mailto:cloudw...@gmail.com>>
Date:
To: users@cloudstack.apache.org
Subject: Re: Template download stuck at 1%

Running wget to download a template as a test on the SSVM starts off fine
and then after several seconds (10+) the download grinds down to 0Kb/s -
the ETA starts to go up.

Doing the same wget download from the MS host works fine the template is
downloaded in full - no timeouts.

Looking in the log I noticed this line: 2013-05-16 02:30:26,123 DEBUG
[storage.download.DownloadListener] (Timer-6:null) Scheduling timeout at
3 ms, template=CentOS 6.3 at host nfs://192.168.2.12/export/secondary

What is the storage.download.DownloadListener and what is the 30s timeout -
could this be causing this issue?

My iptables is as follows - does it look ok?

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8250 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7080 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8096 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1798 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 16509 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5900:6100 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 49152:49216 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 111
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 111
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 2049
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 32803
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 32769
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 892
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 892
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 875
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 875
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --dport 662
-j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m state --state NEW -m udp --dport 662
-j ACCEPT
-A INPUT -j REJECT --reject-with i