Search Engine: Elastic

Article ID: 130230, created on Jan 30, 2017, last review on Jan 30, 2017

  • Applies to:
  • Operations Automation 7.0

Symptoms

  • OSA brands have been migrated to a new Branding UI node during upgrade to OA 7.0 (see Upgrade Workflow Guide for more details).
  • The Branding node has been deployed as a Virtuozzo container with assigned Frontnet and Backnet interfaces via Virtuozzo container management utilities.
  • Brands are not accessible at the new location over the new IP addresses, the new IPs are not reachable at all
  • The TCP traffic reaches the hardware node, but does not appear inside the Branding container

Cause

Virtuozzo bridge filtering prevents unwanted traffic to be passed to a container, unless the IP configuration is present inside the corresponding ve.conf file. With Branding node, all IP addresses are assigned directly inside the container by OSA, so they are missing from the node perspective and get filtered out.

Resolution

To solve the issue immediately and pass the traffic into the container, run the following command on the node:

# service ebtables stop

To solve the issue permanently, it is needed to remove all public network configuration from the node perspective and manage it inside the container only. To do that, change the container configuration file /etc/vz/conf/$VEID.conf (where VEID is the ID of the container), here is a real-life example:

  • existing configuration:

    NETIF="ifname=eth0,mac=00:18:51:BD:84:6D,host_mac=00:18:51:9A:9D:27,configure=all,network=frontnet,gw=xxx.xxx.182.254,ip=xxx.xxx.182.199/255.255.255.128,ip6;ifname=eth1,mac=00:18:51:86:2E:76,host_mac=00:18:51:AA:CF:FB,network=backnet,ip=yyy.yyy.32.41/255.255.255.0,ip6="
    
  • safe configuration:

    NETIF="ifname=eth0,mac=00:18:51:BD:84:6D,host_mac=00:18:51:9A:9D:27,network=frontnet,gw=,ip=,ip6;ifname=eth1,mac=00:18:51:86:2E:76,host_mac=00:18:51:AA:CF:FB,network=backnet,ip=yyy.yyy.32.41/255.255.255.0,ip6="
    
  • important changes, applied to eth0 interface:

    • remove configure=all pattern
    • remove IP and netmask configuration, leave just ip= and ip6=
    • remove GW configuration, leave just gw=
  • backup all ifcfg-* files inside the container in /etc/sysconfig/network-scripts/ directory and restart the container after the changes have been applied:

    # vzctl restart $VEID
    

Note: with this change, the current network configuration should be preserved and remain untouched inside the container after the restart. So backing up the network configuration fiels is a safety measure in case something goes wrong afterwards, and the settings need to be restored.

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 0871c0b47b3b86ae3b1af4c2942cd0ce 1941880841f714e458ae4dc3d9f3062d

Email subscription for changes to this article
Save as PDF