You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Jayapal Reddy (JIRA)" <ji...@apache.org> on 2014/09/11 06:15:33 UTC

[jira] [Comment Edited] (CLOUDSTACK-7493) [Automation] Egress Firewall Rule fails to create on the Virtual Router in Hyper-V Setup - Reports Success instead of failure report

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-7493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14129593#comment-14129593 ] 

Jayapal Reddy edited comment on CLOUDSTACK-7493 at 9/11/14 4:14 AM:
--------------------------------------------------------------------

Hi Chandan,

The attached logs did not have information about the failure. All the logs are showing success.


1. Can you please attach logs for PROVING the rules got failed in VR ? How are you saying it is failing VR ?
After rule configuration is your egress traffic is not going out ?
After rule configuration did you see iptables rules configuration on the VR and saying it got failed ?

2. Is the rules configuration success when you run manually ?

If you assume failure from the details it is not true. The details is shown script execution logs which can be ignored. Only see the result. 

[{"com.cloud.agent.api.Answer":{"result":true,"details":"iptables v1.4.14: Couldn't load target `_FW_EGRESS_RULES':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\niptables v1.4.14: Couldn't load target `_FW_EGRESS_RULES':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n","wait":0}}] }

Please provide relevant logs for this bug description.

Thanks,
Jayapal





was (Author: jayapal):
Hi Chandan,

The attached logs did not have information about the failure. All the logs are showing success.


1. Can you please attach logs for PROVING the rules got failed in VR ? How are you saying it is failing VR ?
After rule configuration is your egress traffic is not going out ?
After rule configuration did you see iptables rules configuration on the VR and saying it got failed ?

2. Is the rules configuration success when you run manually ?

Please provide relevant logs for this bug description.

Thanks,
Jayapal




> [Automation] Egress Firewall Rule fails to create on the Virtual Router in Hyper-V Setup - Reports Success instead of failure report
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-7493
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7493
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Automation, Test
>    Affects Versions: 4.5.0
>            Reporter: Chandan Purushothama
>            Assignee: Chandan Purushothama
>            Priority: Blocker
>             Fix For: 4.5.0
>
>         Attachments: client_managementLogs.zip
>
>
> ==========================
> Error in management Server log:
> ==========================
> {code}
> 2014-09-03 18:04:36,689 DEBUG [c.c.a.ApiServlet] (catalina-exec-22:ctx-a84568da ctx-c6c0fc58 ctx-985e7722) ===END===  10.220.135.217 -- GET  jobid=561bbb6c-7931-493d-a778-525086befb96&apiKey=hCPmYiAF1lm_sBLrhXIEWXCJt0vYbxzkeFfv7E1ZhyPPL_TF6BvI8cVOm2AqLlzWwa2w9dO0eFQu6SafM_st3g&command=queryAsyncJobResult&response=json&signature=fWkgkcIGrOu7YQc%2Fw5GD%2B3HHGkM%3D
> 2014-09-03 18:04:36,701 DEBUG [c.c.a.t.Request] (API-Job-Executor-33:ctx-4c5fd3c9 job-316 ctx-8bc88918) Seq 1-4477422454536405316: Sending  { Cmd , MgmtId: 174253150778429, via: 1(10.220.163.36), Ver: v1, Flags: 100001, [{"com.cloud.agent.api.routing.SetFirewallRulesCommand":{"rules":[{"id":36,"srcIp":"","protocol":"all","revoked":false,"alreadyAdded":false,"sourceCidrList":["0.0.0.0/0"],"purpose":"Firewall","trafficType":"Egress","defaultEgressPolicy":false}],"accessDetails":{"router.guest.ip":"192.168.200.1","firewall.egress.default":"false","zone.network.type":"Advanced","router.ip":"10.220.165.184","router.name":"r-45-VM"},"wait":0}}] }
> 2014-09-03 18:04:36,701 DEBUG [c.c.a.t.Request] (API-Job-Executor-33:ctx-4c5fd3c9 job-316 ctx-8bc88918) Seq 1-4477422454536405316: Executing:  { Cmd , MgmtId: 174253150778429, via: 1(10.220.163.36), Ver: v1, Flags: 100001, [{"com.cloud.agent.api.routing.SetFirewallRulesCommand":{"rules":[{"id":36,"srcIp":"","protocol":"all","revoked":false,"alreadyAdded":false,"sourceCidrList":["0.0.0.0/0"],"purpose":"Firewall","trafficType":"Egress","defaultEgressPolicy":false}],"accessDetails":{"router.guest.ip":"192.168.200.1","firewall.egress.default":"false","zone.network.type":"Advanced","router.ip":"10.220.165.184","router.name":"r-45-VM"},"wait":0}}] }
> 2014-09-03 18:04:36,702 DEBUG [c.c.a.m.DirectAgentAttache] (DirectAgent-316:ctx-c363d57a) Seq 1-4477422454536405316: Executing request
> 2014-09-03 18:04:36,702 DEBUG [c.c.h.h.r.HypervDirectConnectResource] (DirectAgent-316:ctx-c363d57a) Use router's private IP for SSH control. IP : 10.220.165.184
> 2014-09-03 18:04:36,702 DEBUG [c.c.h.h.r.HypervDirectConnectResource] (DirectAgent-316:ctx-c363d57a) Run command on VR: 10.220.165.184, script: firewall_egress.sh with args:  -F -E -P 0 -a :all:0:0:0.0.0.0/0:,
> 2014-09-03 18:04:37,394 DEBUG [c.c.a.m.AgentManagerImpl] (AgentManager-Handler-14:null) SeqA 3-604: Processing Seq 3-604:  { Cmd , MgmtId: -1, via: 3, Ver: v1, Flags: 11, [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":2,"_loadInfo":"{\n  \"connections\": []\n}","wait":0}}] }
> 2014-09-03 18:04:37,397 DEBUG [c.c.a.m.AgentManagerImpl] (AgentManager-Handler-14:null) SeqA 3-604: Sending Seq 3-604:  { Ans: , MgmtId: 174253150778429, via: 3, Ver: v1, Flags: 100010, [{"com.cloud.agent.api.AgentControlAnswer":{"result":true,"wait":0}}] }
> 2014-09-03 18:04:37,826 DEBUG [c.c.s.StorageManagerImpl] (StorageManager-Scavenger-3:ctx-e8a5b20a) Storage pool garbage collector found 0 templates to clean up in storage pool: XenRT-Zone-0-Pod-0-Cluster-0-Primary-Store-0
> 2014-09-03 18:04:37,829 DEBUG [c.c.s.StorageManagerImpl] (StorageManager-Scavenger-3:ctx-e8a5b20a) Secondary storage garbage collector found 0 templates to cleanup on template_store_ref for store: cifs://10.220.163.36/storage/secondary
> 2014-09-03 18:04:37,831 DEBUG [c.c.s.StorageManagerImpl] (StorageManager-Scavenger-3:ctx-e8a5b20a) Secondary storage garbage collector found 0 snapshots to cleanup on snapshot_store_ref for store: cifs://10.220.163.36/storage/secondary
> 2014-09-03 18:04:37,832 DEBUG [c.c.s.StorageManagerImpl] (StorageManager-Scavenger-3:ctx-e8a5b20a) Secondary storage garbage collector found 0 volumes to cleanup on volume_store_ref for store: cifs://10.220.163.36/storage/secondary
> 2014-09-03 18:04:37,940 DEBUG [c.c.h.h.r.HypervDirectConnectResource] (DirectAgent-316:ctx-c363d57a) firewall_egress.sh execution result: true
> 2014-09-03 18:04:37,940 DEBUG [c.c.a.m.DirectAgentAttache] (DirectAgent-316:ctx-c363d57a) Seq 1-4477422454536405316: Response Received: 
> 2014-09-03 18:04:37,940 DEBUG [c.c.a.t.Request] (DirectAgent-316:ctx-c363d57a) Seq 1-4477422454536405316: Processing:  { Ans: , MgmtId: 174253150778429, via: 1, Ver: v1, Flags: 0, [{"com.cloud.agent.api.Answer":{"result":true,"details":"iptables v1.4.14: Couldn't load target `_FW_EGRESS_RULES':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\niptables v1.4.14: Couldn't load target `_FW_EGRESS_RULES':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n","wait":0}}] }
> 2014-09-03 18:04:37,941 DEBUG [c.c.a.t.Request] (API-Job-Executor-33:ctx-4c5fd3c9 job-316 ctx-8bc88918) Seq 1-4477422454536405316: Received:  { Ans: , MgmtId: 174253150778429, via: 1, Ver: v1, Flags: 0, { Answer } }
> 2014-09-03 18:04:37,964 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-33:ctx-4c5fd3c9 job-316 ctx-8bc88918) Complete async job-316, jobStatus: SUCCEEDED, resultCode: 0, result: org.apache.cloudstack.api.response.FirewallResponse/firewallrule/{"id":"ec795578-c833-4be6-a0d7-e33235d87920","protocol":"all","networkid":"49c9ee87-5ad0-4c4b-9111-621963f2e69e","state":"Active","cidrlist":"0.0.0.0/0","tags":[],"fordisplay":true}
> 2014-09-03 18:04:37,969 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-33:ctx-4c5fd3c9 job-316) Done executing org.apache.cloudstack.api.command.user.firewall.CreateEgressFirewallRuleCmd for job-316
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)