You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Jayapal Reddy (JIRA)" <ji...@apache.org> on 2017/03/23 13:30:41 UTC
[jira] [Comment Edited] (CLOUDSTACK-9848) VR commands exist status
is not checked in python config files
[ https://issues.apache.org/jira/browse/CLOUDSTACK-9848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938293#comment-15938293 ]
Jayapal Reddy edited comment on CLOUDSTACK-9848 at 3/23/17 1:30 PM:
--------------------------------------------------------------------
Currently for add_chain exist status is not checked because the iptables rules add processing fails when iptables chain policy is added. This needs to be fixed.
please see my below debug log.
For '-P INPUT DROP' in compare method it is trying add chain without name (actually there is no need to add chain for policy add rule) 'iptables -t filter -N'
2017-03-23 09:34:06,048 CsNetfilter.py compare:139 fw ['filter', '', '-P INPUT DROP']
2017-03-23 09:34:06,048 CsHelper.py execute2:209 Executing: iptables -t filter -N
2017-03-23 09:34:06,056 configure.py main:1032 Exception while configuring router
Traceback (most recent call last):
File "/opt/cloud/bin/configure.py", line 1015, in main
nf.compare(config.get_fw())
File "/opt/cloud/bin/cs/CsNetfilter.py", line 143, in compare
self.add_chain(new_rule)
File "/opt/cloud/bin/cs/CsNetfilter.py", line 193, in add_chain
raise Exception("iptables command got failed with error: {}".format(error))
Exception: iptables command got failed with error:
was (Author: jayapal):
Currently for add_chain exist status is not checked because the iptables rules add processing fails when iptables chain policy is added. please see my below debug log.
For '-P INPUT DROP' in compare method it is trying add chain without name (actually there is no need to add chain for policy add rule) 'iptables -t filter -N'
2017-03-23 09:34:06,048 CsNetfilter.py compare:139 fw ['filter', '', '-P INPUT DROP']
2017-03-23 09:34:06,048 CsHelper.py execute2:209 Executing: iptables -t filter -N
2017-03-23 09:34:06,056 configure.py main:1032 Exception while configuring router
Traceback (most recent call last):
File "/opt/cloud/bin/configure.py", line 1015, in main
nf.compare(config.get_fw())
File "/opt/cloud/bin/cs/CsNetfilter.py", line 143, in compare
self.add_chain(new_rule)
File "/opt/cloud/bin/cs/CsNetfilter.py", line 193, in add_chain
raise Exception("iptables command got failed with error: {}".format(error))
Exception: iptables command got failed with error:
> VR commands exist status is not checked in python config files
> --------------------------------------------------------------
>
> Key: CLOUDSTACK-9848
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9848
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Reporter: Jayapal Reddy
> Assignee: Jayapal Reddy
>
> When iptables rules are configured on the VR failures or exceptions are not detected in VR because iptables commands exit/return status is not checked.Also in exception catch failure is not returned.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)