Hi,
now I tried with two VMs on the same host, but I can ping from VM to VM
... This looks like the Hook doesn't work.
I also have a talk to some IPTABLE experts they think that this isn't
working because the ICMP "drop" is based on Network Layer 3 and IPTABLES
is working on Layer 2...
They said that it will make sense when it is integrated into EBTABLES
but not in IPTABLES.
Next issue on this is, when I restart the Cluster-Node / Host-Node or
IPTABLES-Service all rules are "deleted" this is very ugly...
There should be a mechanism to integrate those rules by starting one
(maybe out from database) or something else!
Hope you understand what I mean ;)
Regards,
Christoph
Am 01.08.2011 17:33, schrieb Jaime Melis:
Hi Christoph,
regarding the firewall hook, I've reviewed the rules and simulated your
scenario and it's the expected behaviour. The ping should work from the
worker node running the vm to the vm, but it won't from other vms, which
is the purpose of the filter. Could you please start another VM and try
pinging from there?
Regards,
Jaime
2011/7/29 Christoph Raible <c.rai...@science-computing.de
<mailto:c.rai...@science-computing.de>>
Hi Carlos,
this doesn't work for me... I uncomment this options and restart the
one daemon.
Then I create a virtual Machine with following Template:
https://pastee.org/j6f3d
After commenting out Default requiretty in /etc/sudoers
creation and inserting IPTABLES rule works but have no effect...
An IPTABLES -L shows me the following output:
https://pastee.org/vjynr
But I can Ping my VM... Is it possible that the Firwalling is still
buggy? Or is this an error of my bridged network configuration?
Regards
Chritoph
Am 27.07.2011 17 <tel:27.07.2011%2017>:16, schrieb Carlos Martín
Sánchez:
Hi Christoph,
We are aware of the top command bug, see [1] if you are
interested in
the ticket.
As for the iptables configuration, we are still improving the
documentation and some requirements and configurations are not as
detailed as they should.
Some of the networking features have to be activated editing
/etc/one/oned.conf
I believe you just need to uncomment this hook:
VM_HOOK = [
name = "firewall",
on = "RUNNING",
command = "vnm/firewall",
arguments = "on $TEMPLATE",
remote = "yes" ]
And restart OpenNebula with one stop; one start
Best regards,
Carlos.
[1] http://dev.opennebula.org/__issues/747
<http://dev.opennebula.org/issues/747>
--
Carlos Martín, MSc
Project Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org <http://www.OpenNebula.org>
<http://www.opennebula.org/> | cmar...@opennebula.org
<mailto:cmar...@opennebula.org>
<mailto:cmar...@opennebula.org <mailto:cmar...@opennebula.org>__>
On Wed, Jul 27, 2011 at 2:00 PM, Christoph Raible
<c.rai...@science-computing.de
<mailto:c.rai...@science-computing.de>
<mailto:c.raible@science-__computing.de
<mailto:c.rai...@science-computing.de>>>
wrote:
Am 27.07.2011 11 <tel:27.07.2011%2011>
<tel:27.07.2011%2011>:14, schrieb Héctor Sanjuán:
Hi Christoph,
it seems the ruby gem 'sequel' is not present in your
system.
This gem
is needed by the monitoring system (requirements in [1],
also
seems you
are missing sqlite3), which is used by Sunstone
(requirements in
[2]).
You can install the missing dependencies manually
issuing 'gem
install...'.
Also, in order to assure that you have all the dependencies
necessary
for OpenNebula in general, we recommend to use the
'install_gems' script
[3], which will try to install all the ruby gems for you
in their
correct versions.
For Scientific linux, this means however that you will
need to
install
the packages listed in the doc manually before the
script can
proceed to
install the gems.
Don't hesitate to write back if you have more questions,
Hector
[1]
http://opennebula.org/____documentation:rel3.0:acctd_____conf#requirements_installation
<http://opennebula.org/__documentation:rel3.0:acctd___conf#requirements_installation>
<http://opennebula.org/__documentation:rel3.0:acctd___conf#requirements_installation
<http://opennebula.org/documentation:rel3.0:acctd_conf#requirements_installation>__>
[2]
http://opennebula.org/____documentation:rel3.0:sunstone#____requirements_installation
<http://opennebula.org/__documentation:rel3.0:sunstone#__requirements_installation>
<http://opennebula.org/__documentation:rel3.0:sunstone#__requirements_installation
<http://opennebula.org/documentation:rel3.0:sunstone#requirements_installation>>
[3]
http://opennebula.org/____documentation:rel3.0:ignc#____ruby_libraries_requirements_____front-end
<http://opennebula.org/__documentation:rel3.0:ignc#__ruby_libraries_requirements___front-end>
<http://opennebula.org/__documentation:rel3.0:ignc#__ruby_libraries_requirements___front-end
<http://opennebula.org/documentation:rel3.0:ignc#ruby_libraries_requirements_front-end>>
El 27/07/11 10:21, Christoph Raible escribió:
Hi @all,
I got the following error on Starting
sunstone-server with
OpenNebula 3.0 Beta1.
http://pastebin.com/SdBJZSc5
My System is a 64-Bit Scientific Linux 6.0
Selinux disabled
iptables disabled
One networkinterface as bridge
Following Gems are installed:
daemons (1.1.4)
eventmachine (0.12.10)
json (1.5.3)
mkrf (0.2.3)
nokogiri (1.5.0)
rack (1.3.2)
rake (0.9.2, 0.8.7)
sinatra (1.2.6)
thin (1.2.11)
tilt (1.3.2)
and my sunstone-server.conf is configured so:
http://pastebin.com/4bjn1bqX
I hope someone can help me with my problem...
I need the Sunstone server for an article in the
linux-admin
magazin
(Germany ;) )
Regards
Chr.Raible
Hi Thanks for your help.
With those informations and all gems, sunstone and
monitoring systemHi
now I tried with two VMs but i can also ping from VM to VM ...
I also have a talk to some IPTABLES experts they think that this isn't
working because the ICMP package is on Network Layer 3 and IPTABLES is
working on Layer 2... This would not be make sense...
works fine :)
Now I found two other "errors/bug" (don't know how to
describe ;) )
The "onevm top" command doesn't refresh the status of the
VMs. When
I start creation of an VM and switch to the top overview,
the status
is always on pending state...
The second bug is that the IP-Table configurtaion doesn't
work. I
insert the following Option to the NIC section:
ICMP = drop
But after creation of the VM I can ping those VM.
oneadmin has rights to add an delete iptable rules and has
also full
sudo rights...
Has anyone an idea? Or is this just not implemented in the Beta?
Thank an best regards,
Christoph
--
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier, Dr. Arno Steitz, Dr.
Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
___________________________________________________
Users mailing list
Users@lists.opennebula.org <mailto:Users@lists.opennebula.org>
<mailto:Users@lists.__opennebula.org
<mailto:Users@lists.opennebula.org>>
http://lists.opennebula.org/____listinfo.cgi/users-opennebula.____org
<http://lists.opennebula.org/__listinfo.cgi/users-opennebula.__org>
<http://lists.opennebula.org/__listinfo.cgi/users-opennebula.__org
<http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>>
--
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier, Dr. Arno Steitz, Dr.
Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
_________________________________________________
Users mailing list
Users@lists.opennebula.org <mailto:Users@lists.opennebula.org>
http://lists.opennebula.org/__listinfo.cgi/users-opennebula.__org
<http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
--
Jaime Melis, Cloud Technology Engineer/Researcher
Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org <http://www.OpenNebula.org> | jme...@opennebula.org
<mailto:jme...@opennebula.org>
--
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier,
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org