Hello, I'm running CS 4.14 with KVM hypervisor. I have noticed that default SG rules are not applied on the new VMs. I found errors in agent log which state that it cannot apply default network rules on the for the VM instance. Bellow what I have in agent log while creating new VM. Sorry for posting the log here.
[root@fr-kvm1 ~]# iptables --list | grep '433' [root@fr-kvm1 ~]# cat /var/log/cloudstack/agent/security_groups.log [root@fr-kvm1 ~]# cat /var/log/cloudstack/agent/security_group.log [root@fr-kvm1 ~]# cat /var/log/cloudstack/agent/agent.log 2020-06-13 14:25:19,832 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:null) (logid:065cc7d6) Trying to fetch storage pool 546baecf-c3cf-4180-bb1f-2d2faad501cf from libvirt 2020-06-13 14:25:19,858 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:null) (logid:065cc7d6) Asking libvirt to refresh storage pool 546baecf-c3cf-4180-bb1f-2d2faad501cf 2020-06-13 14:25:19,909 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-5:null) (logid:065cc7d6) Trying to fetch storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed from libvirt 2020-06-13 14:25:19,912 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-5:null) (logid:065cc7d6) Asking libvirt to refresh storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed 2020-06-13 14:25:58,228 WARN [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-1:null) (logid:3659aedc) Expected 1 answers while executing DhcpEntryCommand but received 2 2020-06-13 14:25:58,820 WARN [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null) (logid:3659aedc) Expected 1 answers while executing SavePasswordCommand but received 2 2020-06-13 14:25:59,718 WARN [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null) (logid:3659aedc) Expected 1 answers while executing VmDataCommand but received 2 2020-06-13 14:25:59,788 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:null) (logid:3659aedc) Trying to fetch storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed from libvirt 2020-06-13 14:25:59,809 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:null) (logid:3659aedc) Trying to fetch storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed from libvirt 2020-06-13 14:25:59,822 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:null) (logid:3659aedc) Creating volume 57d91afa-9a56-4a0c-8936-9335679df804 from template 8ef6a817-c50b-4ac5-9589-a88a99275a5f in pool adbffc6e-55e4-385e-987a-6aca3b0880ed (NetworkFilesystem) with size 16106127360 2020-06-13 14:25:59,825 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:null) (logid:3659aedc) Attempting to create volume 57d91afa-9a56-4a0c-8936-9335679df804 (NetworkFilesystem) in pool adbffc6e-55e4-385e-987a-6aca3b0880ed with size 7516192768 2020-06-13 14:26:02,607 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-5:null) (logid:3659aedc) Trying to fetch storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed from libvirt 2020-06-13 14:26:02,643 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-5:null) (logid:3659aedc) Trying to fetch storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed from libvirt 2020-06-13 14:26:02,766 WARN [kvm.resource.LibvirtKvmAgentHook] (agentRequest-Handler-5:null) (logid:3659aedc) Groovy script '/etc/cloudstack/agent/hooks/libvirt-vm-xml-transformer.groovy' is not available. Transformations will not be applied. 2020-06-13 14:26:02,766 WARN [kvm.resource.LibvirtKvmAgentHook] (agentRequest-Handler-5:null) (logid:3659aedc) Groovy scripting engine is not initialized. Data transformation skipped. 2020-06-13 14:26:02,928 WARN [kvm.resource.LibvirtKvmAgentHook] (agentRequest-Handler-5:null) (logid:3659aedc) Groovy script '/etc/cloudstack/agent/hooks/libvirt-vm-state-change.groovy' is not available. Transformations will not be applied. 2020-06-13 14:26:02,929 WARN [kvm.resource.LibvirtKvmAgentHook] (agentRequest-Handler-5:null) (logid:3659aedc) Groovy scripting engine is not initialized. Data transformation skipped. 2020-06-13 14:26:02,929 ERROR [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-5:null) (logid:3659aedc) Unable to apply default network rule for nic cloudbr0 for VM i-23-433-VM 2020-06-13 14:26:05,771 ERROR [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-1:null) (logid:2c66b1bd) Unable to apply default network rule for nic cloudbr0 for VM i-23-433-VM 2020-06-13 14:26:05,772 WARN [resource.wrapper.LibvirtSecurityGroupRulesCommandWrapper] (agentRequest-Handler-1:null) (logid:2c66b1bd) Failed to program default network rules for vm i-23-433-VM 2020-06-13 14:26:09,241 ERROR [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-2:null) (logid:e7718d11) Unable to apply default network rule for nic cloudbr0 for VM i-23-433-VM 2020-06-13 14:26:09,241 WARN [resource.wrapper.LibvirtSecurityGroupRulesCommandWrapper] (agentRequest-Handler-2:null) (logid:e7718d11) Failed to program default network rules for vm i-23-433-VM 2020-06-13 14:26:09,291 ERROR [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-4:null) (logid:d8b7f1cc) Unable to apply default network rule for nic cloudbr0 for VM i-23-433-VM 2020-06-13 14:26:09,291 WARN [resource.wrapper.LibvirtSecurityGroupRulesCommandWrapper] (agentRequest-Handler-4:null) (logid:d8b7f1cc) Failed to program default network rules for vm i-23-433-VM 2020-06-13 14:26:12,069 ERROR [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-3:null) (logid:94699055) Unable to apply default network rule for nic cloudbr0 for VM i-23-433-VM 2020-06-13 14:26:12,069 WARN [resource.wrapper.LibvirtSecurityGroupRulesCommandWrapper] (agentRequest-Handler-3:null) (logid:94699055) Failed to program default network rules for vm i-23-433-VM 2020-06-13 14:26:20,095 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-1:null) (logid:e4f546a3) Trying to fetch storage pool 546baecf-c3cf-4180-bb1f-2d2faad501cf from libvirt 2020-06-13 14:26:20,117 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-1:null) (logid:e4f546a3) Asking libvirt to refresh storage pool 546baecf-c3cf-4180-bb1f-2d2faad501cf 2020-06-13 14:26:20,167 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-2:null) (logid:e4f546a3) Trying to fetch storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed from libvirt 2020-06-13 14:26:20,169 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-2:null) (logid:e4f546a3) Asking libvirt to refresh storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed 2020-06-13 14:27:20,335 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-3:null) (logid:ca0db075) Trying to fetch storage pool 546baecf-c3cf-4180-bb1f-2d2faad501cf from libvirt 2020-06-13 14:27:20,357 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-3:null) (logid:ca0db075) Asking libvirt to refresh storage pool 546baecf-c3cf-4180-bb1f-2d2faad501cf 2020-06-13 14:27:20,403 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-1:null) (logid:ca0db075) Trying to fetch storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed from libvirt 2020-06-13 14:27:20,405 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-1:null) (logid:ca0db075) Asking libvirt to refresh storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed 2020-06-13 14:28:20,575 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-5:null) (logid:c6b61240) Trying to fetch storage pool 546baecf-c3cf-4180-bb1f-2d2faad501cf from libvirt 2020-06-13 14:28:20,600 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-5:null) (logid:c6b61240) Asking libvirt to refresh storage pool 546baecf-c3cf-4180-bb1f-2d2faad501cf 2020-06-13 14:28:20,651 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-3:null) (logid:c6b61240) Trying to fetch storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed from libvirt 2020-06-13 14:28:20,653 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-3:null) (logid:c6b61240) Asking libvirt to refresh storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed 2020-06-13 14:29:20,819 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:null) (logid:aba4ed7e) Trying to fetch storage pool 546baecf-c3cf-4180-bb1f-2d2faad501cf from libvirt 2020-06-13 14:29:20,840 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:null) (logid:aba4ed7e) Asking libvirt to refresh storage pool 546baecf-c3cf-4180-bb1f-2d2faad501cf 2020-06-13 14:29:20,892 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-5:null) (logid:aba4ed7e) Trying to fetch storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed from libvirt 2020-06-13 14:29:20,893 INFO [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-5:null) (logid:aba4ed7e) Asking libvirt to refresh storage pool adbffc6e-55e4-385e-987a-6aca3b0880ed 2020-06-13 14:29:32,713 WARN [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-2:null) (logid:03322b65) Expected 1 answers while executing SetMonitorServiceCommand but received 3 2020-06-13 14:29:32,761 INFO [resource.virtualnetwork.VirtualRoutingResource] (agentRequest-Handler-4:null) (logid:a12b7894) Fetching health check result for 169.254.1.154 and executing fresh checks: false