You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2020/03/05 08:46:49 UTC
[GitHub] [cloudstack] Pearl1594 opened a new pull request #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Pearl1594 opened a new pull request #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937
## Description
Port forwarding rules not checked properly on Isolated networks (non-VPC)
Port forwarding checks is reported as failing on non-VPC Isolated networks (works fine on VPC Isolated networks).
Reason for this seems to be different IP tables rules when it comes to non-VPC vs VPC Isolated network.
## Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [ ] New feature (non-breaking change which adds functionality)
- [X] Bug fix (non-breaking change which fixes an issue)
- [ ] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
## Screenshots (if appropriate):
## How Has This Been Tested?
Ran the Health check on UI and cmk and obtained successful results for Isolated networks (VPC and non-VPC)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan commented on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595768681
Packaging result: ✖centos6 ✔centos7 ✖debian. JID-1022
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan commented on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595207710
@Pearl1594 a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan commented on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595755827
@DaanHoogland a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan removed a comment on issue #3937: VR
Port Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
blueorangutan removed a comment on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595207710
@Pearl1594 a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] DaanHoogland commented on issue #3937: VR Port Forward
rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595164865
@Pearl1594 there is a pylint failure. Can you have a look?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] DaanHoogland commented on issue #3937: VR Port Forward
rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595755661
@blueorangutan package
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] DaanHoogland commented on issue #3937: VR Port Forward
rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595770874
@blueorangutan test
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] Pearl1594 commented on issue #3937: VR Port Forward
rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
Pearl1594 commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595207434
@blueorangutan package
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] weizhouapache commented on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595459008
check network VR and VPC VR, found difference as below
1. network VR
```
root@r-753-VM:~# iptables-save |grep POST
-A POSTROUTING -s 192.168.10.0/24 -d 192.168.10.251/32 -o eth0 -p tcp -m tcp --dport 22 -j SNAT --to-source 192.168.10.141
```
2. VPC VR
```
root@r-1074-VM:~# iptables-save |grep POST
-A POSTROUTING -d 10.11.118.150/32 -p tcp -m tcp --dport 22 -j SNAT --to-source 192.168.0.12:22
-A POSTROUTING -s 192.168.0.0/27 -d 192.168.0.12/32 -o eth2 -p tcp -m tcp --dport 22 -j SNAT --to-source 192.168.0.3
```
3. The first rule in VPC VR seems wrong.
everything seems ok even if I remove it in VPC VR.
```
root@r-1074-VM:~# iptables -t nat -D POSTROUTING -d 10.11.118.150/32 -p tcp -m tcp --dport 22 -j SNAT --to-source 192.168.0.12:22
```
@rhtyd @DaanHoogland @Pearl1594 I will create a PR to remove the rule in VPC VR. what do you think ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] weizhouapache commented on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595231100
we need to review the iptables rules in isolated network and vpc
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] DaanHoogland commented on issue #3937: VR Port Forward
rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-596457919
@weizhouapache can we merge this and solve your issue in a separate PR?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan commented on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595217123
Packaging result: ✖centos6 ✔centos7 ✔debian. JID-1005
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] andrijapanicsb closed pull request #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
andrijapanicsb closed pull request #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] DaanHoogland commented on issue #3937: VR Port Forward
rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595212157
> E:392,12: Too many positional arguments for function call (too-many-function-args)
>
> -----------------------------------
>
> Your code has been rated at 9.99/10
9.99/10 is good @Pearl1594 ;) but pylint wants perfection :(
I think the solution is to change positional paramters to named parameters. This can also contribute to the readability.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] Pearl1594 removed a comment on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
Pearl1594 removed a comment on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595207434
@blueorangutan package
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan commented on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-596023755
<b>Trillian test result (tid-1210)</b>
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 39215 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr3937-t1210-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_internal_lb.py
Intermittent failure detected: /marvin/tests/smoke/test_kubernetes_clusters.py
Smoke tests completed. 83 look OK, 0 have error(s)
Only failed tests results shown below:
Test | Result | Time (s) | Test File
--- | --- | --- | ---
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] andrijapanicsb commented on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
andrijapanicsb commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-598692033
This one was implemented via simpler fix, as discussed on #3952 - via https://github.com/apache/cloudstack/pull/3963 - so closing this PR.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] DaanHoogland commented on issue #3937: VR Port Forward
rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
DaanHoogland commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595699963
you might be right @weizhouapache but i am missing some context.
Are you stating that this fix is not needed, or not enough?
As for your example; what rule did you add?
It seems you added portforwarding on port 22 in one case from 192.168.10.251 to 192.168.10.141 and in the other case from 192.168.0.12 to 192.168.0.3. is that correct?
the rule `-A POSTROUTING -d 10.11.118.150/32 -p tcp -m tcp --dport 22 -j SNAT --to-source 192.168.0.12:22` is in the way, how?
All that said, what is the course of action in your opinion?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] Pearl1594 commented on issue #3937: VR Port Forward
rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
Pearl1594 commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595207335
@DaanHoogland handled the previous pylint failure. Looking into the current one, but not exactly sure what it is
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] weizhouapache commented on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
weizhouapache commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595408402
@rhtyd @Pearl1594
I will check the iptables rules in VPC/network VRs.
The iptables rules for port forwarding in VRs should be very similar.
it is not an issue with monitoring script I think.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan removed a comment on issue #3937: VR
Port Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
blueorangutan removed a comment on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595217123
Packaging result: ✖centos6 ✔centos7 ✔debian. JID-1005
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [cloudstack] blueorangutan commented on issue #3937: VR Port
Forward rule check on Non-VPC Isolated networks
Posted by GitBox <gi...@apache.org>.
blueorangutan commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks
URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595770911
@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services