cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jayapal Reddy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-9848) VR commands exist status is not checked in python config files
Date Thu, 23 Mar 2017 13:29:42 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938293#comment-15938293
] 

Jayapal Reddy commented on CLOUDSTACK-9848:
-------------------------------------------

Currently for add_chain exist status is not checked because the iptables rules add processing
fails when iptables chain policy is added. please see my below debug log.

For '-P INPUT DROP' in compare method it is trying add chain without name (actually there
is no need to add chain for policy add rule) 'iptables -t filter -N'


2017-03-23 09:34:06,048  CsNetfilter.py compare:139 fw ['filter', '', '-P INPUT DROP']
2017-03-23 09:34:06,048  CsHelper.py execute2:209 Executing: iptables -t filter -N
2017-03-23 09:34:06,056  configure.py main:1032 Exception while configuring router
Traceback (most recent call last):
  File "/opt/cloud/bin/configure.py", line 1015, in main
    nf.compare(config.get_fw())
  File "/opt/cloud/bin/cs/CsNetfilter.py", line 143, in compare
    self.add_chain(new_rule)
  File "/opt/cloud/bin/cs/CsNetfilter.py", line 193, in add_chain
    raise Exception("iptables command got failed with error: {}".format(error))
Exception: iptables command got failed with error:


> VR commands exist status is not checked in python config files
> --------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9848
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9848
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Jayapal Reddy
>            Assignee: Jayapal Reddy
>
> When iptables rules are configured on the VR failures or exceptions are not detected
in VR because iptables commands exit/return status is not checked.Also in exception catch
failure is not returned.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message