You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2020/08/26 03:26:51 UTC
[GitHub] [cloudstack] echoidcf opened a new issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
echoidcf opened a new issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and master branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete the comments.
-->
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Bug Report
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
VR/Loadbalancer
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on master branch.
-->
~~~
All version after 4.11 (maybe)
4.7 are not affected
~~~
##### CONFIGURATION
<!--
Information about the configuration if relevant, e.g. basic network, advanced networking, etc. N/A otherwise
-->
VR with dnsmasq network service offering
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
##### SUMMARY
<!-- Explain the problem/feature briefly -->
Because dnsmasq daemon is using tcp53 port, haproxy can not use that port again.
Set a loadbalancer rule for public port 53 will result in error while start/reload/restarting haproxy.
After 4.11, haproxy is reload/restart via python script (CsHelper.py)
But CsHelper.py nevery not check if reload/restart is ok, haproxy is killed permanently after setting this loadbalancer rule.
The rule can be set without any error/warning, and loadbalancer service is down after that.
##### STEPS TO REPRODUCE
<!--
For bugs, show exactly how to reproduce the problem, using a minimal test-case. Use Screenshots if accurate.
For new features, show how the feature would be used.
-->
<!-- Paste example playbooks or commands between quotes below -->
~~~
1. create/use a network offerings with DNS and LB services.
2. create a LB rule with public 53
After that rule is added with error, but haproxy down completely.
~~~
<!-- You can also paste gist.github.com links for larger files -->
##### EXPECTED RESULTS
<!-- What did you expect to happen when running the steps above? -->
~~~
~~~
##### ACTUAL RESULTS
<!-- What actually happened? -->
<!-- Paste verbatim command output between quotes below -->
~~~
~~~
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] Spaceman1984 commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
Spaceman1984 commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-707050673
I checked on the VR, nothing was listening on port 111.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-682429120
cc @Spaceman1984
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] echoidcf commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
echoidcf commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-680712626
Same port with 111, opened by rpcbind.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] Spaceman1984 commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
Spaceman1984 commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-707019155
Should adding port 111 on the load balancer always throw an error? Is there a check that needs to be done or should it be hardcoded?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-680708618
I think the fix would be to disallow users to from creating rule for port 53 if network offers DNS
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] andrijapanicsb commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
andrijapanicsb commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-707023892
More proper solution would be to NOT bind those ports on public interfaces (dumb idea anyway) - so that haproxy will not fail to bind those ports later on public interfaces
But the quick one would be to give an error early:
Ideally: "netstat-antup | grep "0.0.0.0" should be used to see all ports that are binded on all intefaces - and make list of all those ports that can NOT be binded by haproxy - and give descriptive error for all of them, in the UI - better in API
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] andrijapanicsb commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
andrijapanicsb commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-707028754
I think that's true @rhtyd , but only valid for Shared networks, or something - I recall the issue we fix for 4.13.1/4.14
In general, the design around those should be considered (i..e even if we give option to expose 53 publicly, we do so only on the default public IP, but with additional public IPs (that are needed for PF/LB anyways) we should allow LB on any port)
Not sure what's the story with port 111, shouldn't be there IMO.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] Spaceman1984 commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
Spaceman1984 commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-707142343
I'll check which ports actually prevent haproxy from starting, I think most of them are not breaking the startup.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] echoidcf edited a comment on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
echoidcf edited a comment on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-680712626
Same with port 111, opened by rpcbind.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] Spaceman1984 closed issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
Spaceman1984 closed issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] Spaceman1984 commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
Spaceman1984 commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-707133517
This is the output running DefaultIsolatedNetworkOffering,
```
tcp 0 0 10.1.1.1:80 0.0.0.0:* LISTEN 1080/apache2
tcp 0 0 10.1.1.1:8080 0.0.0.0:* LISTEN 897/python
tcp 0 0 169.254.25.109:3922 0.0.0.0:* LISTEN 1492/sshd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1946/dnsmasq
tcp 0 0 10.1.1.1:443 0.0.0.0:* LISTEN 1080/apache2
tcp 0 0 0.0.0.0:35999 0.0.0.0:* LISTEN 1202/haproxy
udp 0 0 0.0.0.0:53 0.0.0.0:* 1946/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1946/dnsmasq
udp 0 0 0.0.0.0:69 0.0.0.0:* 1946/dnsmasq
udp 0 0 0.0.0.0:3914 0.0.0.0:* 287/rsyslogd
udp 0 0 192.168.43.34:123 0.0.0.0:* 804/ntpd
udp 0 0 169.254.25.109:123 0.0.0.0:* 804/ntpd
udp 0 0 10.1.1.1:123 0.0.0.0:* 804/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 804/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 804/ntpd
udp 0 0 0.0.0.0:45297 0.0.0.0:* 1200/haproxy
```
Would it be a good idea to throw an error if any of these ports are passed as a param to create an lb rule?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-707024197
@echoidcf I checked port 111 is for rpcbind/NFS, do you think there is any internal use for port 111 at all for VRs?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-707024810
Agree @andrijapanicsb however there may be a case for port 53 (allow DNS externally, there is a setting for that I think?)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] DaanHoogland commented on issue #4285: Set 53/111 LoadBalancer rule may kill haproxy and cause loadbalancer down completely.
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on issue #4285:
URL: https://github.com/apache/cloudstack/issues/4285#issuecomment-726062147
@Spaceman1984 , @echoidcf is this issue addressed fully with above PR?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org