cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jayapal Reddy (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CLOUDSTACK-5403) Shared network - None of PF, LB rules work after router restart, firewall rules dropped from iptables post restart
Date Mon, 09 Dec 2013 11:22:12 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-5403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13843066#comment-13843066
] 

Jayapal Reddy edited comment on CLOUDSTACK-5403 at 12/9/13 11:21 AM:
---------------------------------------------------------------------

Hi,

>From the logs it is observed that the the server it is not started by default. By default
on VR the haproxy daemon should run, pid file get create created.

Can you please make sure with the hyper router template there is no issues with haproxy daemon
start.

logs:
 SSH execution of command /root/loadbalancer.sh -i 10.102.195.178 -f /tmp/10_102_195_178.cfg
-a 10.102.196.240:888:, -s 10.102.196.238:8081:0/0:,, has an error status code in return.
result output: mv: cannot stat `/var/run/haproxy.pid': No such file or directory
cat: /var/run/haproxy.pid.old: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
[WARNING] 339/184353 (3747) : config : 'option forwardfor' ignored for proxy '10_102_196_240-888'
as it requires HTTP mode.
[WARNING] 339/184353 (3747) : config : 'option forceclose' ignored for proxy '10_102_196_240-888'
as it requires HTTP mode.
[ALERT] 339/184353 (3747) : Starting proxy 10_102_196_240-888: cannot bind socket
cat: /var/run/haproxy.pid.old: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
mv: cannot stat `/var/run/haproxy.pid.old': No such file or directory

2013-12-06 17:14:17,313 ERROR [c.c.h.h.r.HypervDirectConnectResource] (DirectAgent-398:ctx-fe77f054)
LoadBalancerConfigCommand on domain router 10.102.195.178 failed. message: mv: cannot stat
`/var/run/haproxy.pid': No such file or directory
cat: /var/run/haproxy.pid.old: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
[WARNING] 339/184353 (3747) : config : 'option forwardfor' ignored for proxy '10_102_196_240-888'
as it requires HTTP mode.
[WARNING] 339/184353 (3747) : config : 'option forceclose' ignored for proxy '10_102_196_240-888'
as it requires HTTP mode.
[ALERT] 339/184353 (3747) : Starting proxy 10_102_196_240-888: cannot bind socket
cat: /var/run/haproxy.pid.old: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
mv: cannot stat `/var/run/haproxy.pid.old': No such file or directory



was (Author: jayapal):
Hi,

>From the logs it is observed that the the server it is not started by default. By default
on VR the haproxy daemon should run, pid file get create created.

Can you please make sure with the hyper router template there is no issues with haproxy daemon
start.


 SSH execution of command /root/loadbalancer.sh -i 10.102.195.178 -f /tmp/10_102_195_178.cfg
-a 10.102.196.240:888:, -s 10.102.196.238:8081:0/0:,, has an error status code in return.
result output: mv: cannot stat `/var/run/haproxy.pid': No such file or directory
cat: /var/run/haproxy.pid.old: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
[WARNING] 339/184353 (3747) : config : 'option forwardfor' ignored for proxy '10_102_196_240-888'
as it requires HTTP mode.
[WARNING] 339/184353 (3747) : config : 'option forceclose' ignored for proxy '10_102_196_240-888'
as it requires HTTP mode.
[ALERT] 339/184353 (3747) : Starting proxy 10_102_196_240-888: cannot bind socket
cat: /var/run/haproxy.pid.old: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
mv: cannot stat `/var/run/haproxy.pid.old': No such file or directory

2013-12-06 17:14:17,313 ERROR [c.c.h.h.r.HypervDirectConnectResource] (DirectAgent-398:ctx-fe77f054)
LoadBalancerConfigCommand on domain router 10.102.195.178 failed. message: mv: cannot stat
`/var/run/haproxy.pid': No such file or directory
cat: /var/run/haproxy.pid.old: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
[WARNING] 339/184353 (3747) : config : 'option forwardfor' ignored for proxy '10_102_196_240-888'
as it requires HTTP mode.
[WARNING] 339/184353 (3747) : config : 'option forceclose' ignored for proxy '10_102_196_240-888'
as it requires HTTP mode.
[ALERT] 339/184353 (3747) : Starting proxy 10_102_196_240-888: cannot bind socket
cat: /var/run/haproxy.pid.old: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
mv: cannot stat `/var/run/haproxy.pid.old': No such file or directory


> Shared network - None of PF, LB rules work after router restart, firewall rules dropped
from iptables post restart
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5403
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5403
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server, Network Controller
>    Affects Versions: 4.3.0
>         Environment: Advanced zone, shared network on Hyper-V
>            Reporter: Sowmya Krishnan
>            Assignee: Devdeep Singh
>            Priority: Critical
>              Labels: hyper-V,
>             Fix For: 4.3.0
>
>         Attachments: iptables_after_restart.gz, iptables_before_restart.gz, restart_vr.log.gz,
restart_vr_agent.log.log
>
>
> None of PF, LB or firewall rules work after router is restarted in shared network, advanced
zone
> Steps:
> Create a shared network in advanced zone
> Acquire IP
> Create PF and corresponding Firewall rule
> Acquire another IP
> Create LB and corresponding Firewall rule
> Ensure all the rules work
> Restart router
> Check all rules
> Result:
> None of PF or LB rules work after router restart
> I've tested this only in Hypev-V so far. I'll update the bug in case I am able to test
in any other hypervisor as well.
> The following rules are dropped from iptables FORWARD chain after restart:
> ACCEPT     tcp  --  anywhere             shareduser1vm1       state RELATED,ESTABLISHED
/* 10.102.196.239:888:888 */
> ACCEPT     tcp  --  anywhere             shareduser1vm1       tcp dpt:http state NEW
/* 10.102.196.239:888:888 */
> So also the firewall rules corresponding to the LB rule source ip
> The rules themselves exist in DB though:
> mysql> select * from firewall_rules;
> +----+--------------------------------------+---------------+------------+----------+--------+----------+----------------+------------+-----------+------------+--------------------------------------+---------------------+-----------+-----------+---------+------+--------+--------------+
> | id | uuid                                 | ip_address_id | start_port | end_port |
state  | protocol | purpose        | account_id | domain_id | network_id | xid           
                      | created             | icmp_code | icmp_type | related | type | vpc_id
| traffic_type |
> +----+--------------------------------------+---------------+------------+----------+--------+----------+----------------+------------+-----------+------------+--------------------------------------+---------------------+-----------+-----------+---------+------+--------+--------------+
> |  1 | b9082345-8a3d-4f6d-9b64-3d2d98e65d2d |             5 |        888 |      888 |
Active | tcp      | Firewall       |          4 |         2 |        205 | 5cf27b56-4d37-4ec1-bdf8-ede0407f0115
| 2013-12-06 06:51:40 |      NULL |      NULL |    NULL | User |   NULL | Ingress      |
> |  2 | 5b657e22-649a-4cd4-b23c-2416243f48ba |             5 |        888 |      888 |
Active | tcp      | PortForwarding |          4 |         2 |        205 | aad0e89d-f0df-4ee2-949d-39f129a1383a
| 2013-12-06 06:52:13 |      NULL |      NULL |    NULL | User |   NULL | NULL         |
> | 13 | 42f795f9-45e6-471f-9b17-4ce631a09531 |             6 |        888 |      888 |
Active | tcp      | Firewall       |          4 |         2 |        205 | 0802945b-23b8-4b95-9441-f6b89e66d806
| 2013-12-06 11:27:08 |      NULL |      NULL |    NULL | User |   NULL | Ingress      |
> | 14 | 9f5aa3dd-b8e9-4193-b635-c5fd7e188f35 |             6 |        888 |      888 |
Active | tcp      | LoadBalancing  |          4 |         2 |        205 | ef7067b9-38b3-4d42-b8ee-5bfe44a817fa
| 2013-12-06 11:27:53 |      NULL |      NULL |    NULL | User |   NULL | NULL         |
> +----+--------------------------------------+---------------+------------+----------+--------+----------+----------------+------------+-----------+------------+--------------------------------------+---------------------+-----------+-----------+---------+------+--------+--------------+
> 4 rows in set (0.00 sec)
> mysql> select * from load_balancing_rules;
> +----+----------+-------------+--------------------+------------------+------------+-------------------+------------------------------+--------+-------------+
> | id | name     | description | default_port_start | default_port_end | algorithm  |
source_ip_address | source_ip_address_network_id | scheme | lb_protocol |
> +----+----------+-------------+--------------------+------------------+------------+-------------------+------------------------------+--------+-------------+
> | 14 | lbshared | NULL        |                 80 |               80 | roundrobin |
NULL              |                         NULL | Public | NULL        |
> +----+----------+-------------+--------------------+------------------+------------+-------------------+------------------------------+--------+-------------+
> 1 row in set (0.00 sec)
> mysql> select * from port_forwarding_rules;
> +----+-------------+-----------------+-----------------+---------------+
> | id | instance_id | dest_ip_address | dest_port_start | dest_port_end |
> +----+-------------+-----------------+-----------------+---------------+
> |  2 |           5 | 10.102.198.2    |              80 |            80 |
> +----+-------------+-----------------+-----------------+---------------+
> 1 row in set (0.00 sec)



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message