Firewall rule set regiond <-> rackd
Mike Pontillo
mike.pontillo at canonical.com
Tue Aug 22 17:55:12 UTC 2017
On Tue, Aug 22, 2017 at 6:40 AM, Flo <florian.engelmann at gmail.com> wrote:
> The firewall rules I requested are:
> allow from 10.0.252.0/24 to 10.1.0.61/32 tcp+udp/53, tcp/80, tcp/5240,
> tcp/5250-5259, tcp/8000, tcp/8888, udp/123
>
> The rackd is able to connect to the regiond but the communication is
> not 100% functional. To me it looks like something is missing.
> The UI gets horribly slow after starting the remote rackd and getting
> the status of the remote rackd fails (UNKNOWN).
>
Can you attach the .log files in /var/log/maas on each controller?
How many IP addresses are on your region controller? I've seen similar
issues in the past when the rack controller continues to try (and fail) to
connect to the region on filtered ports. Last week we landed a fix for a
portion of this issue[1] (which has not yet been released), which helps in
situations where the MAAS region has multiple secondary IP addresses on the
same subnet. Is it possible that the rack is trying to connect to the
region on an unreachable address?
Regards,
Mike
[1]:
https://git.launchpad.net/maas/commit/?h=2.2&id=e34ededffc9cb96124ee2232793e0c064fdd735a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/maas-devel/attachments/20170822/8eb86e8d/attachment.html>
More information about the Maas-devel
mailing list