If you are using basic zone then you have to add rules to your security groups to allow traffic between VMs. Everything is denied by default. http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.9/networking/security_groups.html
On Thu, Apr 6, 2017 at 1:25 PM, Rafael Weingärtner < rafaelweingart...@gmail.com> wrote: > Unless I am mistaken, ACS should be configuring these things. > I have never played much with KVM, so maybe some other guys can jump in as > well. > > Do you have a user in ACS slack channel? You may find more prompt answers > there > > On Thu, Apr 6, 2017 at 4:22 PM, Muhammad Adeel Zahid <16030...@lums.edu.pk > > > wrote: > > > Bingo! When I turn off the firewall of the "host" carrying the VM, I can > > ping and ssh into the VM. It means I will have to add some rules to the > > iptables but I don't know exactly what those rules would look like. Can > you > > please help me > > > > ________________________________ > > From: Muhammad Adeel Zahid > > Sent: Friday, April 7, 2017 1:18:06 AM > > To: users@cloudstack.apache.org > > Subject: Re: Accessing Virtual Instances from other systems on the same > > subnet > > > > > > One more thing. The default template just downloaded. But the same > result. > > I can ping my instance VM's from the "host" they are running on but not > > from any other machine. I will repeat the steps you told and will get > back > > to you. > > > > ________________________________ > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > > Sent: Friday, April 7, 2017 1:08:47 AM > > To: users@cloudstack.apache.org > > Subject: Re: Accessing Virtual Instances from other systems on the same > > subnet > > > > Well, if that is the case, I would do the following while pinging from > the > > outside world: > > > > - tcpdump inside these problematic VMs to check if they can see ping > > packets; > > - If they cannot, I would check iptables rules (iptables -L) on both > VMs > > and hosts; > > - Then, I would check the tcpdump also on a host where the VMs are > > running to see if the packets are at least getting into the host. > > - I would also check the arp table of your client PC (just in case) > > > > > > On Thu, Apr 6, 2017 at 4:02 PM, Muhammad Adeel Zahid < > 16030...@lums.edu.pk > > > > > wrote: > > > > > I tried it both way. I ran VMs on the same systems and I also ran VMs > on > > a > > > system different than system VMs but the result is same. > > > > > > ________________________________ > > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > > > Sent: Friday, April 7, 2017 12:58:33 AM > > > To: users@cloudstack.apache.org > > > Subject: Re: Accessing Virtual Instances from other systems on the same > > > subnet > > > > > > Are these users VMs running on the same server as the system vms? > > > > > > On Thu, Apr 6, 2017 at 3:54 PM, Muhammad Adeel Zahid < > > 16030...@lums.edu.pk > > > > > > > wrote: > > > > > > > ah, my bad, I meant one server running both cloudstack-management and > > kvm > > > > and another server running kvm alone. Both are physical machines. > > > > > > > > ________________________________ > > > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > > > > Sent: Friday, April 7, 2017 12:51:42 AM > > > > To: users@cloudstack.apache.org > > > > Subject: Re: Accessing Virtual Instances from other systems on the > same > > > > subnet > > > > > > > > I did not understand what you mean by "a server running management > > studio > > > > and KVM" > > > > > > > > On Thu, Apr 6, 2017 at 3:48 PM, Muhammad Adeel Zahid < > > > 16030...@lums.edu.pk > > > > > > > > > wrote: > > > > > > > > > Yes, I added the basic zone. I have one server running the > management > > > > > studio and KVM both and another machine running kvm alone. > > > > > > > > > > ________________________________ > > > > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > > > > > Sent: Friday, April 7, 2017 12:23:50 AM > > > > > To: users@cloudstack.apache.org > > > > > Subject: Re: Accessing Virtual Instances from other systems on the > > same > > > > > subnet > > > > > > > > > > Hmm, it should not be a problem just because you are using a ISO > > based > > > > VM. > > > > > Have you tried to instantiate the VM using the CentOS template that > > > comes > > > > > with ACS? > > > > > These KVM servers you are using, are they real servers or VMs? > > > > > > > > > > If you followed ( > > > > > http://docs.cloudstack.apache.org/projects/cloudstack- > > > > > installation/en/4.9/qig.html), > > > > > then you have deployed a basic zone. > > > > > > > > > > On Thu, Apr 6, 2017 at 3:16 PM, Muhammad Adeel Zahid < > > > > 16030...@lums.edu.pk > > > > > > > > > > > wrote: > > > > > > > > > > > Hi Rafael, > > > > > > > > > > > > > > > > > > Thanks for reaching out. I am not sure about traffic labeling and > > > rest > > > > of > > > > > > the stuff. I have just setup the basic installation using this > > > tutorial > > > > > > http://docs.cloudstack.apache.org/projects/cloudstack- > > > > > > installation/en/4.9/qig.html and haven't explicitly set anything > > that > > > > is > > > > > > not in the tutorial. About the IP addresses of VM's. Yes, they > seem > > > to > > > > > have > > > > > > a single IP (ifconfig). Please note that I am creating VM's from > > > cenots > > > > > 6.8 > > > > > > minimal ISO image that I intend to use later as template. Does > that > > > > > create > > > > > > the problem? > > > > > > > > > > > > > > > > > > Adeel > > > > > > > > > > > > > > > > > > ________________________________ > > > > > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > > > > > > Sent: Friday, April 7, 2017 12:05:15 AM > > > > > > To: users@cloudstack.apache.org > > > > > > Subject: Re: Accessing Virtual Instances from other systems on > the > > > same > > > > > > subnet > > > > > > > > > > > > I asked a clarification because anything is a VM/instance (system > > and > > > > > > users), I wanted to know if the VMs without access were either a > > > system > > > > > VM > > > > > > (VR, SSVM, CVM or others) or a user VM. > > > > > > Well, what is your setup? Are you using basic network where the > > > public > > > > IP > > > > > > is assigned directly to users VMs? > > > > > > > > > > > > I asked you about the traffic label you are using for the public > > > > network. > > > > > > System VMs get IPs on management and public networks. The SSVM > has > > > also > > > > > an > > > > > > IP on storage network. So, it seems that everything is fine with > > your > > > > > > public networks, not so sure about the rest.VMs get an IP on > Guest > > > > > network. > > > > > > The basic zone setup you will set the Guest IP as the public > > network > > > > > (with > > > > > > external access). Do these VMs have only a single IP? > > > > > > > > > > > > On Thu, Apr 6, 2017 at 2:57 PM, Muhammad Adeel Zahid < > > > > > 16030...@lums.edu.pk > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > Specifically, by instances I mean the following > > > > > > > > > > > > > > > > > > > > > > > > > > > > I think, you people call it instance VM's or just VM's. You > can > > > see > > > > > that > > > > > > > my instance VM's has addressed 10.0.0.124 & 10.0.0.141 > > > respectively. > > > > I > > > > > > can > > > > > > > access or ping them from the host they are running on but I > > cannot > > > > > access > > > > > > > or ping them from any other machine on the same network i.e > > > > > 10.0.0.0/24. > > > > > > > > > > > > > > On the other hand there are system VMs like Primary storage and > > > > > secondary > > > > > > > storage VM's as shown in figure below. > > > > > > > > > > > > > > > > > > > > > > > > > > > > I can access or ping these VM's using their public IP address > > from > > > > any > > > > > of > > > > > > > the systems on the same subnet (be they part of cloudstack > > > > installation > > > > > > or > > > > > > > not). Now my question is, how I can access/ping my instance > VM's > > > from > > > > > any > > > > > > > system in the same subnet i.e 10.0.0.0/24? > > > > > > > > > > > > > > > > > > > > > Hope that clarifies the question > > > > > > > > > > > > > > > > > > > > > ------------------------------ > > > > > > > *From:* Muhammad Adeel Zahid <16030...@lums.edu.pk> > > > > > > > *Sent:* Thursday, April 6, 2017 6:05:57 PM > > > > > > > > > > > > > > *To:* users@cloudstack.apache.org > > > > > > > *Subject:* Re: Accessing Virtual Instances from other systems > on > > > the > > > > > same > > > > > > > subnet > > > > > > > > > > > > > > by instances I mean what cloudstack management server calls > > > > instances. > > > > > I > > > > > > > have followed the sample guide to install cloudstack management > > and > > > > KVM > > > > > > on > > > > > > > two separate machines and got no error during the installation. > > > > > > > > > > > > > > ________________________________ > > > > > > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > > > > > > > Sent: Thursday, April 6, 2017 5:21:53 PM > > > > > > > To: users@cloudstack.apache.org > > > > > > > Subject: Re: Accessing Virtual Instances from other systems on > > the > > > > same > > > > > > > subnet > > > > > > > > > > > > > > What is your setup? > > > > > > > What do you mean by instances? User VMs? > > > > > > > I am assuming you are talking about the public IP. Did you set > > the > > > > name > > > > > > of > > > > > > > the public bridge properly (interface where the public traffic > > > goes)? > > > > > > > > > > > > > > On Thu, Apr 6, 2017 at 6:44 AM, Muhammad Adeel Zahid < > > > > > > 16030...@lums.edu.pk > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > Hi Guys, > > > > > > > > > > > > > > > > > > > > > > > > I have setup cloudstack management and hpyervisor (KVM) on > > > machine > > > > 1 > > > > > > and > > > > > > > > machine 2 respectively. I am successfully able to ping the > > > > instances > > > > > > from > > > > > > > > hypervisor machine (machine 2) but I can't ping it from any > of > > > the > > > > > > other > > > > > > > > machines on the same subnet. Why is that? How can I make it > > > work? > > > > > > > > > > > > > > > > > > > > > > > > Another observation is that I can ping secondary storage and > > > > primary > > > > > > > > storage vm's from any system on the same subnet without any > > extra > > > > > > > > configuration. Can I have similar configuration-free setup > from > > > > > virtual > > > > > > > > instances? If not, what else I have to do to ping/access > > virtual > > > > > > > instances > > > > > > > > from other machines in the same subnet. > > > > > > > > > > > > > > > > > > > > > > > > Regards > > > > > > > > > > > > > > > > Adeel > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Rafael Weingärtner > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Rafael Weingärtner > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Rafael Weingärtner > > > > > > > > > > > > > > > > > > > > > -- > > > > Rafael Weingärtner > > > > > > > > > > > > > > > > -- > > > Rafael Weingärtner > > > > > > > > > > > -- > > Rafael Weingärtner > > > > > > -- > Rafael Weingärtner >
