Firewall rule set regiond <-> rackd
Flo
florian.engelmann at gmail.com
Wed Aug 23 08:32:04 UTC 2017
On Tue, Aug 22, 2017 at 7:55 PM, Mike Pontillo
<mike.pontillo at canonical.com> wrote:
> On Tue, Aug 22, 2017 at 6:40 AM, Flo <florian.engelmann at gmail.com> wrote:
>>
>> The firewall rules I requested are:
>> allow from 10.0.252.0/24 to 10.1.0.61/32 tcp+udp/53, tcp/80, tcp/5240,
>> tcp/5250-5259, tcp/8000, tcp/8888, udp/123
>>
>> The rackd is able to connect to the regiond but the communication is
>> not 100% functional. To me it looks like something is missing.
>> The UI gets horribly slow after starting the remote rackd and getting
>> the status of the remote rackd fails (UNKNOWN).
>
>
> Can you attach the .log files in /var/log/maas on each controller?
>
> How many IP addresses are on your region controller? I've seen similar
> issues in the past when the rack controller continues to try (and fail) to
> connect to the region on filtered ports. Last week we landed a fix for a
> portion of this issue[1] (which has not yet been released), which helps in
> situations where the MAAS region has multiple secondary IP addresses on the
> same subnet. Is it possible that the rack is trying to connect to the region
> on an unreachable address?
It looks like that's exactly our problem. As we tried to use one
Server as region-controller AND rack controller and another server as
second rack controller (different fabric) the regiond announced all
interfaces and IPs via RPC (http://regioncontroller/MAAS/rpc/
We will try to isolate the region controller and the "local" rack
controller by using LXC.
All the best,
Florian
More information about the Maas-devel
mailing list