You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2018/07/18 19:24:34 UTC
[GitHub] GabrielBrascher edited a comment on issue #2732: security_group:
Use execute() function instead of non-existing bash()
GabrielBrascher edited a comment on issue #2732: security_group: Use execute() function instead of non-existing bash()
URL: https://github.com/apache/cloudstack/pull/2732#issuecomment-406037059
The following log messages are from `/var/log/cloudstack/agent/security_group.log`.
On 4.11.1:
```
2018-07-10 21:27:00,514 - Executing command: network_rules_vmSecondaryIp
2018-07-10 21:27:00,514 - vmName = i-2-3-VM
2018-07-10 21:27:00,514 - action = -A
2018-07-10 21:27:00,516 - vm ip 192.168.100.77
2018-07-10 21:27:00,516 - ipset -A i-2-3-VM 192.168.100.77
2018-07-10 21:27:00,520 - ip = 192.168.100.77
2018-07-10 21:27:00,520 - ebtables -t nat -I i-2-3-VM-in-ips -p ARP --arp-ip-src 192.168.100.77 -j RETURN
2018-07-10 21:27:00,524 - ebtables -t nat -I i-2-3-VM-out-ips -p ARP --arp-ip-dst 192.168.100.77 -j RETURN
2018-07-10 21:27:40,175 - Executing command: get_rule_logs_for_vms
2018-07-10 21:27:47,250 - Executing command: destroy_network_rules_for_vm
2018-07-10 21:27:47,250 - iptables-save | awk '/BF(.*)physdev-is-bridged(.*)i-2-3-def/ { sub(/-A/, "-D", $1) ; print }'
2018-07-10 21:27:47,257 - iptables -D BF-cloudbr1-IN -m physdev --physdev-in vnet8 --physdev-is-bridged -j i-2-3-def
2018-07-10 21:27:47,261 - iptables -D BF-cloudbr1-OUT -m physdev --physdev-out vnet8 --physdev-is-bridged -j i-2-3-def
2018-07-10 21:27:47,264 - ip6tables-save | awk '/BF(.*)physdev-is-bridged(.*)i-2-3-def/ { sub(/-A/, "-D", $1) ; print }'
2018-07-10 21:27:47,269 - ip6tables -D BF-cloudbr1-IN -m physdev --physdev-in vnet8 --physdev-is-bridged -j i-2-3-def
2018-07-10 21:27:47,274 - ip6tables -D BF-cloudbr1-OUT -m physdev --physdev-out vnet8 --physdev-is-bridged -j i-2-3-def
2018-07-10 21:27:47,277 - ebtables -t nat -L PREROUTING | grep i-2-3-VM
2018-07-10 21:27:47,283 - ebtables -t nat -L POSTROUTING | grep i-2-3-VM
2018-07-10 21:27:47,288 - ebtables -t nat -D PREROUTING -i vnet8 -j i-2-3-VM-in
2018-07-10 21:27:47,293 - ebtables -t nat -D POSTROUTING -o vnet8 -j i-2-3-VM-out
2018-07-10 21:27:47,298 - ebtables -t nat -F i-2-3-VM-in
2018-07-10 21:27:47,304 - ebtables -t nat -X i-2-3-VM-in
2018-07-10 21:27:47,309 - ebtables -t nat -F i-2-3-VM-out
2018-07-10 21:27:47,315 - ebtables -t nat -X i-2-3-VM-out
2018-07-10 21:27:47,320 - ebtables -t nat -F i-2-3-VM-in-ips
2018-07-10 21:27:47,326 - ebtables -t nat -X i-2-3-VM-in-ips
2018-07-10 21:27:47,331 - ebtables -t nat -F i-2-3-VM-out-ips
2018-07-10 21:27:47,337 - ebtables -t nat -X i-2-3-VM-out-ips
```
After updating to 4.12:
Note that there are lines returning non-zero exit status 1 and other lines returning exit status 255, which does not necessary means an error.
```
2018-07-10 22:08:04,889 - Failed to execute: ebtables -t nat -L PREROUTING | grep s-5-VM
Traceback (most recent call last):
File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 62, in execute
return check_output(cmd, shell=True)
File "/usr/lib/python2.7/subprocess.py", line 574, in check_output
raise CalledProcessError(retcode, cmd, output=output)
CalledProcessError: Command 'ebtables -t nat -L PREROUTING | grep s-5-VM' returned non-zero exit status 1
2018-07-10 22:08:04,891 - ebtables -t nat -L POSTROUTING | grep s-5-VM
2018-07-10 22:08:04,895 - Failed to execute: ebtables -t nat -L POSTROUTING | grep s-5-VM
Traceback (most recent call last):
File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 62, in execute
return check_output(cmd, shell=True)
File "/usr/lib/python2.7/subprocess.py", line 574, in check_output
raise CalledProcessError(retcode, cmd, output=output)
CalledProcessError: Command 'ebtables -t nat -L POSTROUTING | grep s-5-VM' returned non-zero exit status 1
2018-07-10 22:08:04,895 - ebtables -t nat -F s-5-VM-in
2018-07-10 22:08:04,898 - Failed to execute: ebtables -t nat -F s-5-VM-in
Traceback (most recent call last):
File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 62, in execute
return check_output(cmd, shell=True)
File "/usr/lib/python2.7/subprocess.py", line 574, in check_output
raise CalledProcessError(retcode, cmd, output=output)
CalledProcessError: Command 'ebtables -t nat -F s-5-VM-in' returned non-zero exit status 255
2018-07-10 22:08:04,898 - ebtables -t nat -X s-5-VM-in
2018-07-10 22:08:04,902 - Failed to execute: ebtables -t nat -X s-5-VM-in
Traceback (most recent call last):
File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 62, in execute
return check_output(cmd, shell=True)
File "/usr/lib/python2.7/subprocess.py", line 574, in check_output
raise CalledProcessError(retcode, cmd, output=output)
CalledProcessError: Command 'ebtables -t nat -X s-5-VM-in' returned non-zero exit status 255
```
After adding changes from this PR:
```
2018-07-18 19:46:43,797 - vmName = i-2-38-VM
2018-07-18 19:46:43,797 - action = -D
2018-07-18 19:46:43,798 - vm ip 2001:db8::2
2018-07-18 19:46:43,798 - ipset -D i-2-38-VM 2001:db8::2
2018-07-18 19:46:43,804 - ip = 2001:db8::2
2018-07-18 19:46:43,804 - ebtables -t nat -D i-2-38-VM-in-ips -p ARP --arp-ip-src 2001:db8::2 -j RETURN
2018-07-18 19:46:43,809 - ebtables -t nat -D i-2-38-VM-out-ips -p ARP --arp-ip-dst 2001:db8::2 -j RETURN
2018-07-18 19:53:08,700 - Executing command: cleanup_rules
2018-07-18 19:53:08,703 - Vms on the host : ['s-34-VM', 'v-35-VM', 'r-37-VM', 'i-2-38-VM']
2018-07-18 19:53:08,703 - iptables-save | grep -P '^:(?!.*-(def|eg))' | awk '{sub(/^:/, "", $1) ; print $1}' | sort | uniq
2018-07-18 19:53:08,710 - iptables chains in the host :['BF-cloudbr0', 'BF-cloudbr0-IN', 'BF-cloudbr0-OUT', 'BF-cloudbr1', 'BF-cloudbr1-IN', 'BF-cloudbr1-OUT', 'FORWARD', 'i-2-38-VM', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING', 'r-37-VM', 's-34-VM', 'v-35-VM', '']
2018-07-18 19:53:08,711 - grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//
2018-07-18 19:53:08,716 - ebtables -t nat -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
2018-07-18 19:53:08,724 - ebtables -t filter -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
2018-07-18 19:53:08,732 - ebtables chains in the host: ['FORWARD,', 'INPUT,', 'OUTPUT,', '']
2018-07-18 19:53:08,732 - Cleaned up rules for 0 chains
2018-07-18 20:37:18,701 - Executing command: cleanup_rules
2018-07-18 20:37:18,704 - Vms on the host : ['s-34-VM', 'v-35-VM', 'r-37-VM', 'i-2-38-VM']
2018-07-18 20:37:18,704 - iptables-save | grep -P '^:(?!.*-(def|eg))' | awk '{sub(/^:/, "", $1) ; print $1}' | sort | uniq
2018-07-18 20:37:18,710 - iptables chains in the host :['BF-cloudbr0', 'BF-cloudbr0-IN', 'BF-cloudbr0-OUT', 'BF-cloudbr1', 'BF-cloudbr1-IN', 'BF-cloudbr1-OUT', 'FORWARD', 'i-2-38-VM', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING', 'r-37-VM', 's-34-VM', 'v-35-VM', '']
2018-07-18 20:37:18,710 - grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//
2018-07-18 20:37:18,714 - ebtables -t nat -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
2018-07-18 20:37:18,722 - ebtables -t filter -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
2018-07-18 20:37:18,727 - ebtables chains in the host: ['FORWARD,', 'INPUT,', 'OUTPUT,', '']
2018-07-18 20:37:18,727 - Cleaned up rules for 0 chains
2018-07-18 20:43:01,624 - Executing command: network_rules_vmSecondaryIp
2018-07-18 20:43:01,624 - vmName = i-2-38-VM
2018-07-18 20:43:01,624 - action = -A
2018-07-18 20:43:01,626 - vm ip 192.168.100.71
2018-07-18 20:43:01,626 - ipset -A i-2-38-VM 192.168.100.71
2018-07-18 20:43:01,629 - ip = 192.168.100.71
2018-07-18 20:43:01,629 - ebtables -t nat -I i-2-38-VM-in-ips -p ARP --arp-ip-src 192.168.100.71 -j RETURN
2018-07-18 20:43:01,632 - ebtables -t nat -I i-2-38-VM-out-ips -p ARP --arp-ip-dst 192.168.100.71 -j RETURN
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services