So, the issue is that we rely on iptables service and not firewalld - and when both starts, firewalld will "win" and basically remove any iptables rules from memory that are loaded from /etc/sysconfig/iptable file - I've reproduced the issue partially.
In general, we need to update the cloudstack-setup-management - but there is a problem: CentOS7: firewalld is present by default Ubuntu 18.04 does not have firewalld installed by default My idea would be to either ensure (in the cloudstack-setup-management) that both firewalld/ufw are disabled and continue operating with pure iptables OR to not add rules at all, but instead print a message on the requirements to open access to ports 8080/8250/9090 with whatever firewall management tool the user uses. Best, On Thu, 25 Jun 2020 at 17:46, Corey, Mike <mike.co...@sap.com> wrote: > Shutting down the firewall resolved the UI access issue. Funny I didn't > think to check that as the UI worked immediately after the setup. > > Besides 8080, what else does the setup configure in the firewall rules? > For whatever reason, it doesn’t appear my CentOS is keeping that > configuration after the reboot. > > Mike > > > > -----Original Message----- > From: Andrija Panic <andrija.pa...@gmail.com> > Sent: Tuesday, June 23, 2020 6:05 PM > To: users <users@cloudstack.apache.org> > Subject: Re: Fresh 4.14 install - UI won't start after reboot > > Hi Mike, > > I've checked the "after" log file - and everything seems fine - there is DB > update happening from 4.0.0 version all the way to 4.14.0.0 version (this > is clean install obviously) and the exception you see "can not ping > management server" - is NORMAL, i.e. in every ACS installation this happens > only one time during the boot process of the mgmt server and any next > occurrence of a similar thing would mean a real issue. > > I can see that your mgmt server started just fine. > Can you check your firewall on that server/VM - does it allow access to > port 8080 > > Temporarily stop the firewall with systemctl stop firewalls > and see if that solves the problem. > > if you have used the "cloudstack-setup-management" command, as a way to > "configure" mgmt (it adds firewal rules and starts the mgmt server for you) > - then all should be fine. > Otherwise, fix your firewall accordingly / as you want it. > > Cheers, > > On Tue, 23 Jun 2020 at 17:37, Corey, Mike <mike.co...@sap.com> wrote: > > > Hi, > > > > Sorry for the delay, I had other stuff to work on last week. > > > > Here is the link to the log files, before & after a reboot of the > > management VM. The reboot occurred at June 23 @ 1100 local > time...anything > > before that time would be the installation/setup of CSM. > > > > I hope you can help figure this out. > > > > Thanks! > > > > https://tinyurl.com/yc5tebts > > > > > > -----Original Message----- > > From: Andrija Panic <andrija.pa...@gmail.com> > > Sent: Thursday, June 11, 2020 4:23 PM > > To: users <users@cloudstack.apache.org> > > Subject: Re: Fresh 4.14 install - UI won't start after reboot > > > > Mike, > > > > those are the same packages, built by ShapeBlue and we are using them > > already (CentOS7) on a few places. > > > > That error is visible for many versions of ACS, that it can not connect > to > > itself (kind of nonsense, but is there during mgmt server starting, only > > once! and to be ignored). > > > > Can you restart management-server and report if you still have issues? > > > > If so, please uploading your management-server.log to some external file > > sharing Web site, post link here so we can download it, and also share > time > > at which you rebooted it or the VM. > > > > Best, > > Andrija > > > > On Thu, 11 Jun 2020, 20:45 Corey, Mike, <mike.co...@sap.com> wrote: > > > > > Sorry, but the problem still exists. Both distros give me the error " > > > Unable to ping management server at 10.4.32.163:9090 due to > > > ConnectException java.net.ConnectException: Connection refused" now. > > > > > > I wonder whatever changes the setup does to the firewall, they don't > > stick > > > after a reboot. > > > > > > > > > > > > -----Original Message----- > > > From: Corey, Mike <mike.co...@sap.com> > > > Sent: Thursday, June 11, 2020 1:13 PM > > > To: users@cloudstack.apache.org > > > Subject: [CAUTION] RE: Fresh 4.14 install - UI won't start after reboot > > > > > > I think I solved my own problem, but may have uncovered a bug with one > of > > > the distros. > > > > > > My first 3 attempts used the repo "baseurl= > > > http://packages.shapeblue.com/cloudstack/upstream/centos7/4.14"; and > the > > > UI would work after initial setup completion; however, it did not work > > > after a reboot of the VM. The error I'm guessing is the issue is this: > > > > > > 2020-06-11 10:00:29,431 ERROR [c.c.c.ClusterManagerImpl] (main:null) > > > (logid:) Unable to ping management server at 10.4.32.163:9090 due to > > > ConnectException > > > java.net.ConnectException: Connection refused > > > > > > My recent attempt used the repo "baseurl= > > > http://download.cloudstack.org/centos/7/4.14"; and the UI works even > > after > > > a reboot of the VM. > > > > > > I'd have to assume that the shapeblue and apache versions have > something > > > different in how they handle the firewall rules. Just a guess. > > > > > > Mike > > > > > > > > > > > > From: Corey, Mike <mike.co...@sap.com> > > > Sent: Thursday, June 11, 2020 9:52 AM > > > To: users@cloudstack.apache.org > > > Subject: [CAUTION] Fresh 4.14 install - UI won't start after reboot > > > > > > Hi, > > > > > > Still new here so please be patient. I just ran through a fresh > > > installation (MySQL & CS on same VM) and all looked good (no errors in > > > logs, installation completed, UI console loaded in browser) until I > > > rebooted the management server. The UI came online after the initial > > setup > > > ran through; however, after a reboot the UI won't load (30 mins so > far). > > > > > > Besides watching the management-server.log and greping it for errors, > is > > > there anything I can look at to troubleshoot the UI portal connectivity > > > events? > > > > > > Thanks! > > > > > > > > > Mike Corey > > > > > > Technology Senior Consultant, IT CS CTW Operation & Virtualization > > Service > > > US > > > > > > SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United > > > States > > > > > > T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com<mailto: > > > mike.co...@sap.com> > > > > > > > > > [cid:image003.png@01D63FD5.FBDDCF50] > > > > > > > > > > > > > > -- > > Andrija Panić > -- Andrija Panić
