cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jayapal Reddy (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CLOUDSTACK-9848) VR commands exist status is not checked in python config files
Date Thu, 23 Mar 2017 13:30:41 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938293#comment-15938293
] 

Jayapal Reddy edited comment on CLOUDSTACK-9848 at 3/23/17 1:30 PM:
--------------------------------------------------------------------

Currently for add_chain exist status is not checked because the iptables rules add processing
fails when iptables chain policy is added. This needs to be fixed.

 please see my below debug log.
For '-P INPUT DROP' in compare method it is trying add chain without name (actually there
is no need to add chain for policy add rule) 'iptables -t filter -N'


2017-03-23 09:34:06,048  CsNetfilter.py compare:139 fw ['filter', '', '-P INPUT DROP']
2017-03-23 09:34:06,048  CsHelper.py execute2:209 Executing: iptables -t filter -N
2017-03-23 09:34:06,056  configure.py main:1032 Exception while configuring router
Traceback (most recent call last):
  File "/opt/cloud/bin/configure.py", line 1015, in main
    nf.compare(config.get_fw())
  File "/opt/cloud/bin/cs/CsNetfilter.py", line 143, in compare
    self.add_chain(new_rule)
  File "/opt/cloud/bin/cs/CsNetfilter.py", line 193, in add_chain
    raise Exception("iptables command got failed with error: {}".format(error))
Exception: iptables command got failed with error:



was (Author: jayapal):
Currently for add_chain exist status is not checked because the iptables rules add processing
fails when iptables chain policy is added. please see my below debug log.

For '-P INPUT DROP' in compare method it is trying add chain without name (actually there
is no need to add chain for policy add rule) 'iptables -t filter -N'


2017-03-23 09:34:06,048  CsNetfilter.py compare:139 fw ['filter', '', '-P INPUT DROP']
2017-03-23 09:34:06,048  CsHelper.py execute2:209 Executing: iptables -t filter -N
2017-03-23 09:34:06,056  configure.py main:1032 Exception while configuring router
Traceback (most recent call last):
  File "/opt/cloud/bin/configure.py", line 1015, in main
    nf.compare(config.get_fw())
  File "/opt/cloud/bin/cs/CsNetfilter.py", line 143, in compare
    self.add_chain(new_rule)
  File "/opt/cloud/bin/cs/CsNetfilter.py", line 193, in add_chain
    raise Exception("iptables command got failed with error: {}".format(error))
Exception: iptables command got failed with error:


> VR commands exist status is not checked in python config files
> --------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9848
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9848
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Jayapal Reddy
>            Assignee: Jayapal Reddy
>
> When iptables rules are configured on the VR failures or exceptions are not detected
in VR because iptables commands exit/return status is not checked.Also in exception catch
failure is not returned.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message