Multicast Issues on Centos 7

BedCruncher

OK!!! I think we have something here. So I finally figured out that part of the problem seems to be in the firewall zone as specified in the Centos 7 Setup guide. The issue I think stems from that the public zone seems to be blocking the multicast ports. I even explicitly told the firewalld daemon to add the interface em2 to the trusted zone, but it never did unless I manually specified in the NIC interface file ZONE=trusted. This seems to be a bug of sorts in that project.

I suppose that you could also specify a port range for the firewalld daemon to allow through. In my case the NIC hosting the FOG Server is segregated my other network. So in this case I don’t care to have all ports open on that interface because there is no reason to block that traffic. Keep in mind the interface em1 is still in the public zone and more locked down and restricted.

The result seems to be that I am now able get it to consistently image across at least two devices and so far it has persisted across device and server reboots. So I think we have made a good leap in that regards. I will keep checking back here for a few days to try and update if I run into issues.

Thank you all for persistently fighting with me to get this rolling. I do much appreciate all you have done for me and with me.
@Sebastian-Roth @Wayne-Workman @Tom-Elliott

Wayne Workman

@BedCruncher Great find, try this?

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m udp -p udp -m pkttype --pkt-type multicast -j ACCEPT

Source:
http://superuser.com/questions/837340/how-do-i-enable-set-multicast-rules-using-firewalld-in-rhel7-centos-7

BedCruncher

@Wayne-Workman
No, I hadn’t. The command I ran was

firewall-cmd --permanent --zone=trusted --change-interface=em2

that was specified at this RHEL Firewalld page page. This seems to be this link firewalld.zones.

So I can change mine around and try it, but I wouldn’t have managed to do that particular one myself as I’m by no means a iptables guru. I will try to apply that tomorrow to test it out and let you know.

Wayne Workman

@BedCruncher If you find that the command I posted - or any command - allows you to multicast, I will immediately update all firewalld documentation we have in the wiki to reflect your success.

dvchuyen

@Wayne-Workman said in Multicast Issues on Centos 7:

Yes, I confirm the command work. I found it and solved my problem few days ago.

https://forums.fogproject.org/topic/7194/could-not-pxe-boot-input-output-error-when-do-multicast/31

BedCruncher

@Wayne-Workman
Sorry… I reread over what I had posted and it didn’t seem clear. The command above that I had ran was “supposed” to make it permanent, but failed to do so. I had to specify it statically in the NIC interface file. I will also double check the command you posted and test to see if it persists across reboots.

Wayne Workman

@dvchuyen I’ve updated the Fedora 23 and the CentOS 7 Wiki articles.

BedCruncher

@Wayne-Workman
I am not quite experiencing the same perfect results as @dvchuyen with regards to that firewall rule. I got it to work once, but since then it’s been extremely problematic.

 firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m udp -p udp -m pkttype --pkt-type multicast -j ACCEPT

verified it was in there with ipdtable-save and ran firewall-cmd --reload and systemctl restart firewalld. This was to ensure that it was all properly in there and correct. I even rebooted the server to ensure that there wasn’t something in the network service that was gumming it up. I have also deleted the tasks out of FOG and manually triggered it again and still hang.

Wayne Workman

@BedCruncher can you turn off your firewall and see if multicast works then?

systemctl stop firewalld

BedCruncher

@Wayne-Workman
I will do that really quick, but it seems like it might be a different issue with firewalld now. I got it to work again if I ran systemctl restart firewalld.service after a reboot. then it would start the imaging seemingly consistently. For some reason the rules aren’t correctly applying at boot time.

Wayne Workman

@BedCruncher From the behaviour you’ve been describing - I no longer believe this is a firewall issue.

Please just turn off firewall until we can complete troubleshooting with some sort of conclusive findings:

systemctl stop firewalld
systemctl disable firewalld

BedCruncher

@Wayne-Workman
God, I feel like I’m crying wolf all the time now. I disabled the firewalld service and it was hanging there as before. I then ran the commands

systemctl stop FOGMulticastManager
killall udp-sender
killall udp-sender
killall udp-sender
mysql -u root fog
TRUNCATE TABLE multicastSessionsAssoc;
TRUNCATE TABLE multicastSessions;
TRUNCATE TABLE tasks;
quit;
systemctl start FOGMulticastManager

I then tested it, and ran the multicast test. I again ran the commands to do all that above. I rebooted and ran the above commands again to ensure I was working clean and disabled the firewall and tested and so far it seems to be working. Please disregard.

Wayne Workman

@BedCruncher said in Multicast Issues on Centos 7:

@Wayne-Workman

Using one of the links, can’t remember which. I was able to get the server and client to send using the udp-sender and udp-receiver. So I know they can talk, but I had to use the command.

udp-sender --file /opt/fog/.fogsettings --log /opt/fog/log/multicast.log  --ttl 32 --nopointopoint --interface em2

if I dropped the last bit off then it would still try to grab em1 instead of em2.

An example now exists in two different places in the wiki. I want to merge the articles but it will be an involved process to do that - I’ll get it done.

For now, here are the two articles:

https://wiki.fogproject.org/wiki/index.php?title=Troubleshoot_Downloading_-_Multicast
2.
https://wiki.fogproject.org/wiki/index.php?title=Multicast