You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@vcl.apache.org by Elwin Litchfield <le...@mail.usf.edu> on 2015/05/26 19:13:37 UTC
vcld.log
Everything seemed to work till the reservation was over. Port 22 is
blocked, but ping is OK & port 3389 is still available & connection with
admin ID & password presented at the beginning of the reservation. I have
bee reading the vcld.log & am unable to make any sense of it. Can you help
me understand what is hapening?
Thanks 2015-05-26
12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
SSH command on VM7Cent6VCL1:
|9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
'/sbin/chkconfig --list iptables' 2>&1
2015-05-26
12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
service exists
2015-05-26 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
SSH command on VM7Cent6VCL1:
|9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
'iptables -L --line-number -n' 2>&1
2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:run_ssh_command(5020)|run_ssh_command
output:
|9344|46:46|timeout| Chain INPUT (policy ACCEPT)
|9344|46:46|timeout| num target prot opt source destination
|9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,RELATED,ESTABLISHED tcp dpt:22
|9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
|9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
|9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
|9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:443
|9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:80
|9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:3389
|9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
dpt:3389
|9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
|9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
|9344|46:46|timeout| num target prot opt source destination
|9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
|9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
|9344|46:46|timeout| num target prot opt source destination
2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:run_ssh_command(5034)|SSH
command executed on VM7Cent6VCL1, returning (0, "Chain INPUT (policy
ACCEPT) nu...")
2015-05-26
12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
Chain = INPUT
2015-05-26
12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
2015-05-26
12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
2015-05-26
12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
2015-05-26
12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated for
management node 1: 2015-05-26 12:26:36
2015-05-26
12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
2015-05-26
12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
Chain = FORWARD
2015-05-26
12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
Chain = OUTPUT
2015-05-26
12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|retrieved
firewall configuration from VM7Cent6VCL1:
|9344|46:46|timeout| : {
|9344|46:46|timeout| : "FORWARD" => {
|9344|46:46|timeout| : "1" => {
|9344|46:46|timeout| : "all" => {
|9344|46:46|timeout| : "any" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "any",
|9344|46:46|timeout| : "number" => 1,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "REJECT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "INPUT" => {
|9344|46:46|timeout| : "1" => {
|9344|46:46|timeout| : "tcp" => {
|9344|46:46|timeout| : "22" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "ssh",
|9344|46:46|timeout| : "number" => 1,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "2" => {
|9344|46:46|timeout| : "all" => {
|9344|46:46|timeout| : "any" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "any",
|9344|46:46|timeout| : "number" => 2,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "3" => {
|9344|46:46|timeout| : "icmp" => {
|9344|46:46|timeout| : "any" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "any",
|9344|46:46|timeout| : "number" => 3,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "4" => {
|9344|46:46|timeout| : "all" => {
|9344|46:46|timeout| : "any" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "any",
|9344|46:46|timeout| : "number" => 4,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "5" => {
|9344|46:46|timeout| : "tcp" => {
|9344|46:46|timeout| : "443" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "https",
|9344|46:46|timeout| : "number" => 5,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "6" => {
|9344|46:46|timeout| : "tcp" => {
|9344|46:46|timeout| : "80" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "http",
|9344|46:46|timeout| : "number" => 6,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "7" => {
|9344|46:46|timeout| : "tcp" => {
|9344|46:46|timeout| : "3389" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "ms-wbt-server",
|9344|46:46|timeout| : "number" => 7,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "8" => {
|9344|46:46|timeout| : "udp" => {
|9344|46:46|timeout| : "3389" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "ms-wbt-server",
|9344|46:46|timeout| : "number" => 8,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "9" => {
|9344|46:46|timeout| : "all" => {
|9344|46:46|timeout| : "any" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "any",
|9344|46:46|timeout| : "number" => 9,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "REJECT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
2015-05-26
12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attempting
to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
2015-05-26 12:26:38|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
SSH command on VM7Cent6VCL1:
|9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
'iptables -D INPUT 1' 2>&1
2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5020)|run_ssh_command
output:
2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5034)|SSH
command executed on VM7Cent6VCL1, returning (0, "")
2015-05-26
12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|executed
command on VM7Cent6VCL1: 'iptables -D INPUT 1'
2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
SSH command on VM7Cent6VCL1:
|9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
'/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
|9344|46:46|timeout| ---- WARNING ----
|9344|46:46|timeout| 2015-05-26
12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5006)|attempt
1/3: failed to execute SSH command on VM7Cent6VCL1: '/sbin/iptables-save >
/etc/sysconfig/iptables', exit status: 255, output:
|9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to host
VM7Cent6VCL1 port 22: No route to host
|9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
|9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
|9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line: 3794)
|9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line: 2576)
|9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
|9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line: 271)
2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4894)|sleeping
for 2 seconds before making next SSH attempt
201
Thanks
Lewis
Re: vcld.log
Posted by Elwin Litchfield <le...@mail.usf.edu>.
I am learning more than I thought I would ever learn. It is a challenge.
There isn't enough time in the day. But if it was easy anyone could do
it.. Thanks for your help.
Lewis
On Thu, May 28, 2015 at 1:37 PM, Josh Thompson <jo...@ncsu.edu>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Lewis,
>
> It sounds like you are progressing pretty well with VCL!
>
> Deleting things depends on how you have VCL set up. With VMware, the image
> files will at least be in a datastore. You could also have copies of them
> in
> a different format in a repository, if you have one set up. I've not used
> the
> XenServer patch. So, I'm not sure where it will place files.
>
> As an example, if your query gave you a file named "linux-CentOS6-5-v0"
> that
> had been flagged as deleted, and you had a repository mounted on your
> management node under "/install/vmware_repository", you could delete the
> directory and its contents located at "/install/vmware_repository/linux-
> CentOS6-5-v0". You would also need to delete the directory for that image
> from the datastore being used by your VMware host servers. If you have
> that
> mounted from NFS, and also have it mounted on your management node, you
> could
> delete them that way. For example, if it was mounted at
> "/install/vmware_datastore", you could delete the directory and its
> contents
> located at "/install/vmware_datastore/linux-CentOS6-5-v0". If you have it
> set
> up as a vmfs filesystem that is only available on the VMware hosts
> themselves,
> you could ssh to a host server from your management node, and delete it
> from
> there. You'll find everything mounted under /vmfs/volumes. An example
> would
> be deleting "/vmfs/volumes/datastore/linux-CentOS6-5-v0" and all of its
> contents.
>
> Josh
>
> On Thursday, May 28, 2015 1:56:26 PM Litchfield, Elwin L. wrote:
> > Sorry, I didn't have the nerve to try 2.4.2, I am waiting for it to
> settle
> > down before jumping in way over my head. 2.3.2 is over my head & I am
> > slowly learning how to use it. Now that I have the list of deleted = 1,
> I
> > have been looking in the PHP and MySql book to figure how to delete the
> > unwanted images & am totally lost. Can you point me in the correct
> > direction.
> >
> > Thanks.
> >
> > Lewis Litchfield
> > Technology Services – Viking Center Lab
> > University of South Florida Sarasota-Manatee
> > 941-359-4231
> >
> > ________________________________________
> > From: Josh Thompson <jo...@ncsu.edu>
> > Sent: Wednesday, May 27, 2015 11:02 AM
> > To: user@vcl.apache.org
> > Subject: Re: vcld.log
> >
> > - gpg control packet
> > Lewis,
> >
> > Under Manage Images, you can delete images (including all of their
> > revisions) as well as deleting specific revisions (after clicking Edit
> next
> > for that image). However, doing this only flags them as deleted in the
> > database. As a measure to prevent images from accidentally being
> > permanently deleted, they are not automatically deleted. The following
> > command should give you a list of base names for images that can then be
> > manually deleted:
> >
> > mysql vcl -e "SELECT imagename FROM imagerevision WHERE deleted = 1"
> >
> > Also, in 2.4.2, you can delete VMware based images by using "vcl
> --setup".
> >
> > Josh
> >
> > On Wednesday, May 27, 2015 9:47:38 AM Elwin Litchfield wrote:
> > > Thanks, is there a way to remove deleted images?
> > >
> > > On Wed, May 27, 2015 at 9:08 AM, Josh Thompson <josh_thompson@ncsu.edu
> >
> > >
> > > wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Lewis,
> > > >
> > > > That is correct. However, if you can successfully make an imaging
> > > > reservation
> > > > and connect to it, you can use that as your starting point for
> updating
> > > > your
> > > > firewall configuration. Then, just save it off as a new revision of
> the
> > > > image
> > > > or as a new image.
> > > >
> > > > Josh
> > > >
> > > > On Tuesday, May 26, 2015 7:52:23 PM Litchfield, Elwin L. wrote:
> > > > > I assume this configuration must be done before the image is
> created.
> > > > >
> > > > >
> > > > > Lewis Litchfield
> > > > > Technology Services – Viking Center Lab
> > > > > University of South Florida Sarasota-Manatee
> > > > > 941-359-4231
> > > > >
> > > > > ________________________________________
> > > > > From: Josh Thompson <jo...@ncsu.edu>
> > > > > Sent: Tuesday, May 26, 2015 3:40 PM
> > > > > To: user@vcl.apache.org
> > > > > Subject: Re: vcld.log
> > > > >
> > > > > Elwin,
> > > > >
> > > > > I can't find any docs on how you are supposed to configure the
> > > > > firewall
> > > >
> > > > for
> > > >
> > > > > a base linux image under 2.3.2, and I don't remember the details of
> > > > > it.
> > > >
> > > > I
> > > >
> > > > > think something like the following should get your working.
> > > > >
> > > > > First, stop iptables to clear all of the tables:
> > > > >
> > > > > service iptables stop
> > > > >
> > > > > Create a custom table - you can name it anything, we'll go with
> "VCL".
> > > > >
> > > > > iptables -N VCL
> > > > >
> > > > > Create a rule in INPUT that jumps to the VCL table for everything:
> > > > >
> > > > > iptables -A INPUT -j VCL
> > > > >
> > > > > Add a few important rules to the VCL table:
> > > > >
> > > > > iptables -A VCL -i lo -j ACCEPT
> > > > > iptables -A VCL -m state --state RELATED,ESTABLISHED -j ACCEPT
> > > > > iptables -A VCL -p icmp -m icmp --icmp-type any -j ACCEPT
> > > > >
> > > > > Add a rule to the VCL table to accept traffic from your management
> > > > > node:
> > > > >
> > > > > iptables -A VCL -s <management node IP> -m state --state NEW -m
> tcp -p
> > > >
> > > > tcp
> > > >
> > > > > -- dport 22 -j ACCEPT
> > > > >
> > > > > Add a rule to the VCL table to reject other traffic:
> > > > >
> > > > > iptables -A VCL -j REJECT --reject-with icmp-host-prohibited
> > > > >
> > > > > Save the new configuration:
> > > > >
> > > > > service iptables save
> > > > >
> > > > > If I remember correctly, VCL should then manage required additions
> and
> > > > > removals on the INPUT table, and leave the VCL table alone, and
> since
> > > > > the
> > > > > VCL table has a rule allowing traffic from your management node, it
> > > >
> > > > should
> > > >
> > > > > stop shutting itself out.
> > > > >
> > > > > Let me know if this works for you.
> > > > >
> > > > > Josh
> > > > >
> > > > > On Tuesday, May 26, 2015 1:13:37 PM Elwin Litchfield wrote:
> > > > > > Everything seemed to work till the reservation was over. Port
> 22 is
> > > > > > blocked, but ping is OK & port 3389 is still available &
> connection
> > > >
> > > > with
> > > >
> > > > > > admin ID & password presented at the beginning of the
> reservation.
> > > > > > I
> > > >
> > > > have
> > > >
> > > > > > bee reading the vcld.log & am unable to make any sense of it.
> Can
> > > > > > you
> > > > > > help
> > > > > > me understand what is hapening?
> > > > > >
> > > > > >
> > > > > > Thanks 2015-05-26
> > > > > > 12:26:32|9344|46:46|timeout|utils.pm:
> run_ssh_command(4902)|executing
> > > > > >
> > > > > > SSH command on VM7Cent6VCL1:
> > > > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > > > >
> > > > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x
> > > > > > VM7Cent6VCL1
> > > > > > '/sbin/chkconfig --list iptables' 2>&1
> > > > > > 2015-05-26
> > > > > >
> 12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
> > > > > > service exists
> > > > > > 2015-05-26
> > > > > > 12:26:32|9344|46:46|timeout|utils.pm:
> run_ssh_command(4902)|executing
> > > > > >
> > > > > > SSH command on VM7Cent6VCL1:
> > > > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > > > >
> > > > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x
> > > > > > VM7Cent6VCL1
> > > > > > 'iptables -L --line-number -n' 2>&1
> > > > > > 2015-05-26
> > > >
> > > > > > 12:26:33|9344|46:46|timeout|utils.pm:
> > > > run_ssh_command(5020)|run_ssh_command
> > > >
> > > > > > output:
> > > > > > |9344|46:46|timeout| Chain INPUT (policy ACCEPT)
> > > > > > |9344|46:46|timeout| num target prot opt source destination
> > > > > > |9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> > > > > >
> > > > > > NEW,RELATED,ESTABLISHED tcp dpt:22
> > > > > >
> > > > > > |9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> > > > > >
> > > > > > RELATED,ESTABLISHED
> > > > > >
> > > > > > |9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> > > > > > |9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> > > > > > |9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> NEW
> > > > > > |tcp
> > > > > >
> > > > > > dpt:443
> > > > > >
> > > > > > |9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> NEW
> > > > > > |tcp
> > > > > >
> > > > > > dpt:80
> > > > > >
> > > > > > |9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> NEW
> > > > > > |tcp
> > > > > >
> > > > > > dpt:3389
> > > > > >
> > > > > > |9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state
> NEW
> > > > > > |udp
> > > > > >
> > > > > > dpt:3389
> > > > > >
> > > > > > |9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> reject-with
> > > > > >
> > > > > > icmp-host-prohibited
> > > > > >
> > > > > > |9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
> > > > > > |9344|46:46|timeout| num target prot opt source destination
> > > > > > |9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> reject-with
> > > > > >
> > > > > > icmp-host-prohibited
> > > > > >
> > > > > > |9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
> > > > > > |9344|46:46|timeout| num target prot opt source destination
> > > > > >
> > > > > > 2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:
> > > > run_ssh_command(5034)|SSH
> > > >
> > > > > > command executed on VM7Cent6VCL1, returning (0, "Chain INPUT
> (policy
> > > > > > ACCEPT) nu...")
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|ou
> > > > tp
> > > >
> > > > > > ut Chain = INPUT
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|ou
> > > > tp
> > > >
> > > > > > ut rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|ou
> > > > tp
> > > >
> > > > > > ut rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|ou
> > > > tp
> > > >
> > > > > > ut rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|ou
> > > > tp
> > > >
> > > > > > ut rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > > > > 2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated
> > > > > > for
> > > > > > management node 1: 2015-05-26 12:26:36
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|ou
> > > > tp
> > > >
> > > > > > ut rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|ou
> > > > tp
> > > >
> > > > > > ut Chain = FORWARD
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|ou
> > > > tp
> > > >
> > > > > > ut Chain = OUTPUT
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|re
> > > > tr
> > > >
> > > > > > ie ved
> > > > > >
> > > > > > firewall configuration from VM7Cent6VCL1:
> > > > > > |9344|46:46|timeout| : {
> > > > > > |9344|46:46|timeout| : "FORWARD" => {
> > > > > > |9344|46:46|timeout| : "1" => {
> > > > > > |9344|46:46|timeout| : "all" => {
> > > > > > |9344|46:46|timeout| : "any" => {
> > > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "name" => "any",
> > > > > > |9344|46:46|timeout| : "number" => 1,
> > > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "target" => "REJECT"
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : },
> > > > > > |9344|46:46|timeout| : "INPUT" => {
> > > > > > |9344|46:46|timeout| : "1" => {
> > > > > > |9344|46:46|timeout| : "tcp" => {
> > > > > > |9344|46:46|timeout| : "22" => {
> > > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "name" => "ssh",
> > > > > > |9344|46:46|timeout| : "number" => 1,
> > > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : },
> > > > > > |9344|46:46|timeout| : "2" => {
> > > > > > |9344|46:46|timeout| : "all" => {
> > > > > > |9344|46:46|timeout| : "any" => {
> > > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "name" => "any",
> > > > > > |9344|46:46|timeout| : "number" => 2,
> > > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : },
> > > > > > |9344|46:46|timeout| : "3" => {
> > > > > > |9344|46:46|timeout| : "icmp" => {
> > > > > > |9344|46:46|timeout| : "any" => {
> > > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "name" => "any",
> > > > > > |9344|46:46|timeout| : "number" => 3,
> > > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : },
> > > > > > |9344|46:46|timeout| : "4" => {
> > > > > > |9344|46:46|timeout| : "all" => {
> > > > > > |9344|46:46|timeout| : "any" => {
> > > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "name" => "any",
> > > > > > |9344|46:46|timeout| : "number" => 4,
> > > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : },
> > > > > > |9344|46:46|timeout| : "5" => {
> > > > > > |9344|46:46|timeout| : "tcp" => {
> > > > > > |9344|46:46|timeout| : "443" => {
> > > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "name" => "https",
> > > > > > |9344|46:46|timeout| : "number" => 5,
> > > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : },
> > > > > > |9344|46:46|timeout| : "6" => {
> > > > > > |9344|46:46|timeout| : "tcp" => {
> > > > > > |9344|46:46|timeout| : "80" => {
> > > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "name" => "http",
> > > > > > |9344|46:46|timeout| : "number" => 6,
> > > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : },
> > > > > > |9344|46:46|timeout| : "7" => {
> > > > > > |9344|46:46|timeout| : "tcp" => {
> > > > > > |9344|46:46|timeout| : "3389" => {
> > > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > > > > > |9344|46:46|timeout| : "number" => 7,
> > > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : },
> > > > > > |9344|46:46|timeout| : "8" => {
> > > > > > |9344|46:46|timeout| : "udp" => {
> > > > > > |9344|46:46|timeout| : "3389" => {
> > > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > > > > > |9344|46:46|timeout| : "number" => 8,
> > > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : },
> > > > > > |9344|46:46|timeout| : "9" => {
> > > > > > |9344|46:46|timeout| : "all" => {
> > > > > > |9344|46:46|timeout| : "any" => {
> > > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "name" => "any",
> > > > > > |9344|46:46|timeout| : "number" => 9,
> > > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > > |9344|46:46|timeout| : "target" => "REJECT"
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > > |9344|46:46|timeout| : }
> > > > > >
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attempt
> > > > in
> > > >
> > > > > > g
> > > > > > to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > > > > 2015-05-26
> > > > > > 12:26:38|9344|46:46|timeout|utils.pm:
> run_ssh_command(4902)|executing
> > > > > >
> > > > > > SSH command on VM7Cent6VCL1:
> > > > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > > > >
> > > > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x
> > > > > > VM7Cent6VCL1
> > > > > > 'iptables -D INPUT 1' 2>&1
> > > > > > 2015-05-26
> > > >
> > > > > > 12:26:39|9344|46:46|timeout|utils.pm:
> > > > run_ssh_command(5020)|run_ssh_command
> > > >
> > > > > > output:
> > > >
> > > > > > 2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:
> > > > run_ssh_command(5034)|SSH
> > > >
> > > > > > command executed on VM7Cent6VCL1, returning (0, "")
> > > > > > 2015-05-26
> > > >
> > > >
> 12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|execute
> > > > d
> > > >
> > > > > > command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > > > > 2015-05-26
> > > > > > 12:26:39|9344|46:46|timeout|utils.pm:
> run_ssh_command(4902)|executing
> > > > > >
> > > > > > SSH command on VM7Cent6VCL1:
> > > > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > > > >
> > > > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x
> > > > > > VM7Cent6VCL1
> > > > > > '/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
> > > > > >
> > > > > > |9344|46:46|timeout| ---- WARNING ----
> > > > > > |9344|46:46|timeout| 2015-05-26
> > > > > >
> > > > > > 12:26:39|9344|46:46|timeout|utils.pm:
> run_ssh_command(5006)|attempt
> > > >
> > > > > > 1/3: failed to execute SSH command on VM7Cent6VCL1:
> > > > '/sbin/iptables-save >
> > > >
> > > > > > /etc/sysconfig/iptables', exit status: 255, output:
> > > > > > |9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to
> > > > > > |host
> > > > > >
> > > > > > VM7Cent6VCL1 port 22: No route to host
> > > > > >
> > > > > > |9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
> > > > > > |9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
> > > > > > |9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line:
> > > > > > |3794)
> > > > > > |9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line:
> > > > > > |2576)
> > > > > > |9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
> > > > > > |9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line:
> 271)
> > > > > >
> > > > > > 2015-05-26
> > > > > > 12:26:39|9344|46:46|timeout|utils.pm:
> run_ssh_command(4894)|sleeping
> > > >
> > > > for 2
> > > >
> > > > > > seconds before making next SSH attempt
> > > > > > 201
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > Lewis
> > > > >
> > > > > --
> > > > > -------------------------------
> > > > > Josh Thompson
> > > > > VCL Developer
> > > > > North Carolina State University
> > > > >
> > > > > my GPG/PGP key can be found at pgp.mit.edu
> > > > >
> > > > > All electronic mail messages in connection with State business
> which
> > > > > are sent to or received by this account are subject to the NC
> Public
> > > > > Records Law and may be disclosed to third parties.
> > > >
> > > > - --
> > > > - -------------------------------
> > > > Josh Thompson
> > > > VCL Developer
> > > > North Carolina State University
> > > >
> > > > my GPG/PGP key can be found at pgp.mit.edu
> > > >
> > > > All electronic mail messages in connection with State business which
> > > > are sent to or received by this account are subject to the NC Public
> > > > Records Law and may be disclosed to third parties.
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v2
> > > >
> > > > iEYEARECAAYFAlVlweoACgkQV/LQcNdtPQMQMwCeKII154mTy404UH9lVj7Jay/C
> > > > BFkAn1bCP/vRTeQIFeOsz73Rx/dDUL13
> > > > =1olU
> > > > -----END PGP SIGNATURE-----
> >
> > --
> > -------------------------------
> > Josh Thompson
> > VCL Developer
> > North Carolina State University
> >
> > my GPG/PGP key can be found at pgp.mit.edu
> >
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iEUEARECAAYFAlVnUlMACgkQV/LQcNdtPQPQiQCfX8xKdZwzBEN1CgYTTiObgvL5
> iqgAmK4jDZzJBILWcY8c5YW0P30xkzI=
> =i4iw
> -----END PGP SIGNATURE-----
>
>
Re: vcld.log
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lewis,
It sounds like you are progressing pretty well with VCL!
Deleting things depends on how you have VCL set up. With VMware, the image
files will at least be in a datastore. You could also have copies of them in
a different format in a repository, if you have one set up. I've not used the
XenServer patch. So, I'm not sure where it will place files.
As an example, if your query gave you a file named "linux-CentOS6-5-v0" that
had been flagged as deleted, and you had a repository mounted on your
management node under "/install/vmware_repository", you could delete the
directory and its contents located at "/install/vmware_repository/linux-
CentOS6-5-v0". You would also need to delete the directory for that image
from the datastore being used by your VMware host servers. If you have that
mounted from NFS, and also have it mounted on your management node, you could
delete them that way. For example, if it was mounted at
"/install/vmware_datastore", you could delete the directory and its contents
located at "/install/vmware_datastore/linux-CentOS6-5-v0". If you have it set
up as a vmfs filesystem that is only available on the VMware hosts themselves,
you could ssh to a host server from your management node, and delete it from
there. You'll find everything mounted under /vmfs/volumes. An example would
be deleting "/vmfs/volumes/datastore/linux-CentOS6-5-v0" and all of its
contents.
Josh
On Thursday, May 28, 2015 1:56:26 PM Litchfield, Elwin L. wrote:
> Sorry, I didn't have the nerve to try 2.4.2, I am waiting for it to settle
> down before jumping in way over my head. 2.3.2 is over my head & I am
> slowly learning how to use it. Now that I have the list of deleted = 1, I
> have been looking in the PHP and MySql book to figure how to delete the
> unwanted images & am totally lost. Can you point me in the correct
> direction.
>
> Thanks.
>
> Lewis Litchfield
> Technology Services – Viking Center Lab
> University of South Florida Sarasota-Manatee
> 941-359-4231
>
> ________________________________________
> From: Josh Thompson <jo...@ncsu.edu>
> Sent: Wednesday, May 27, 2015 11:02 AM
> To: user@vcl.apache.org
> Subject: Re: vcld.log
>
> - gpg control packet
> Lewis,
>
> Under Manage Images, you can delete images (including all of their
> revisions) as well as deleting specific revisions (after clicking Edit next
> for that image). However, doing this only flags them as deleted in the
> database. As a measure to prevent images from accidentally being
> permanently deleted, they are not automatically deleted. The following
> command should give you a list of base names for images that can then be
> manually deleted:
>
> mysql vcl -e "SELECT imagename FROM imagerevision WHERE deleted = 1"
>
> Also, in 2.4.2, you can delete VMware based images by using "vcl --setup".
>
> Josh
>
> On Wednesday, May 27, 2015 9:47:38 AM Elwin Litchfield wrote:
> > Thanks, is there a way to remove deleted images?
> >
> > On Wed, May 27, 2015 at 9:08 AM, Josh Thompson <jo...@ncsu.edu>
> >
> > wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Lewis,
> > >
> > > That is correct. However, if you can successfully make an imaging
> > > reservation
> > > and connect to it, you can use that as your starting point for updating
> > > your
> > > firewall configuration. Then, just save it off as a new revision of the
> > > image
> > > or as a new image.
> > >
> > > Josh
> > >
> > > On Tuesday, May 26, 2015 7:52:23 PM Litchfield, Elwin L. wrote:
> > > > I assume this configuration must be done before the image is created.
> > > >
> > > >
> > > > Lewis Litchfield
> > > > Technology Services – Viking Center Lab
> > > > University of South Florida Sarasota-Manatee
> > > > 941-359-4231
> > > >
> > > > ________________________________________
> > > > From: Josh Thompson <jo...@ncsu.edu>
> > > > Sent: Tuesday, May 26, 2015 3:40 PM
> > > > To: user@vcl.apache.org
> > > > Subject: Re: vcld.log
> > > >
> > > > Elwin,
> > > >
> > > > I can't find any docs on how you are supposed to configure the
> > > > firewall
> > >
> > > for
> > >
> > > > a base linux image under 2.3.2, and I don't remember the details of
> > > > it.
> > >
> > > I
> > >
> > > > think something like the following should get your working.
> > > >
> > > > First, stop iptables to clear all of the tables:
> > > >
> > > > service iptables stop
> > > >
> > > > Create a custom table - you can name it anything, we'll go with "VCL".
> > > >
> > > > iptables -N VCL
> > > >
> > > > Create a rule in INPUT that jumps to the VCL table for everything:
> > > >
> > > > iptables -A INPUT -j VCL
> > > >
> > > > Add a few important rules to the VCL table:
> > > >
> > > > iptables -A VCL -i lo -j ACCEPT
> > > > iptables -A VCL -m state --state RELATED,ESTABLISHED -j ACCEPT
> > > > iptables -A VCL -p icmp -m icmp --icmp-type any -j ACCEPT
> > > >
> > > > Add a rule to the VCL table to accept traffic from your management
> > > > node:
> > > >
> > > > iptables -A VCL -s <management node IP> -m state --state NEW -m tcp -p
> > >
> > > tcp
> > >
> > > > -- dport 22 -j ACCEPT
> > > >
> > > > Add a rule to the VCL table to reject other traffic:
> > > >
> > > > iptables -A VCL -j REJECT --reject-with icmp-host-prohibited
> > > >
> > > > Save the new configuration:
> > > >
> > > > service iptables save
> > > >
> > > > If I remember correctly, VCL should then manage required additions and
> > > > removals on the INPUT table, and leave the VCL table alone, and since
> > > > the
> > > > VCL table has a rule allowing traffic from your management node, it
> > >
> > > should
> > >
> > > > stop shutting itself out.
> > > >
> > > > Let me know if this works for you.
> > > >
> > > > Josh
> > > >
> > > > On Tuesday, May 26, 2015 1:13:37 PM Elwin Litchfield wrote:
> > > > > Everything seemed to work till the reservation was over. Port 22 is
> > > > > blocked, but ping is OK & port 3389 is still available & connection
> > >
> > > with
> > >
> > > > > admin ID & password presented at the beginning of the reservation.
> > > > > I
> > >
> > > have
> > >
> > > > > bee reading the vcld.log & am unable to make any sense of it. Can
> > > > > you
> > > > > help
> > > > > me understand what is hapening?
> > > > >
> > > > >
> > > > > Thanks 2015-05-26
> > > > > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > > >
> > > > > SSH command on VM7Cent6VCL1:
> > > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > > >
> > > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x
> > > > > VM7Cent6VCL1
> > > > > '/sbin/chkconfig --list iptables' 2>&1
> > > > > 2015-05-26
> > > > > 12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
> > > > > service exists
> > > > > 2015-05-26
> > > > > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > > >
> > > > > SSH command on VM7Cent6VCL1:
> > > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > > >
> > > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x
> > > > > VM7Cent6VCL1
> > > > > 'iptables -L --line-number -n' 2>&1
> > > > > 2015-05-26
> > >
> > > > > 12:26:33|9344|46:46|timeout|utils.pm:
> > > run_ssh_command(5020)|run_ssh_command
> > >
> > > > > output:
> > > > > |9344|46:46|timeout| Chain INPUT (policy ACCEPT)
> > > > > |9344|46:46|timeout| num target prot opt source destination
> > > > > |9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> > > > >
> > > > > NEW,RELATED,ESTABLISHED tcp dpt:22
> > > > >
> > > > > |9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> > > > >
> > > > > RELATED,ESTABLISHED
> > > > >
> > > > > |9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> > > > > |9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> > > > > |9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> > > > > |tcp
> > > > >
> > > > > dpt:443
> > > > >
> > > > > |9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> > > > > |tcp
> > > > >
> > > > > dpt:80
> > > > >
> > > > > |9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> > > > > |tcp
> > > > >
> > > > > dpt:3389
> > > > >
> > > > > |9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> > > > > |udp
> > > > >
> > > > > dpt:3389
> > > > >
> > > > > |9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> > > > >
> > > > > icmp-host-prohibited
> > > > >
> > > > > |9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
> > > > > |9344|46:46|timeout| num target prot opt source destination
> > > > > |9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> > > > >
> > > > > icmp-host-prohibited
> > > > >
> > > > > |9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
> > > > > |9344|46:46|timeout| num target prot opt source destination
> > > > >
> > > > > 2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:
> > > run_ssh_command(5034)|SSH
> > >
> > > > > command executed on VM7Cent6VCL1, returning (0, "Chain INPUT (policy
> > > > > ACCEPT) nu...")
> > > > > 2015-05-26
> > >
> > > 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|ou
> > > tp
> > >
> > > > > ut Chain = INPUT
> > > > > 2015-05-26
> > >
> > > 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|ou
> > > tp
> > >
> > > > > ut rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
> > > > > 2015-05-26
> > >
> > > 12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|ou
> > > tp
> > >
> > > > > ut rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
> > > > > 2015-05-26
> > >
> > > 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|ou
> > > tp
> > >
> > > > > ut rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
> > > > > 2015-05-26
> > >
> > > 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|ou
> > > tp
> > >
> > > > > ut rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > > > 2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated
> > > > > for
> > > > > management node 1: 2015-05-26 12:26:36
> > > > > 2015-05-26
> > >
> > > 12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|ou
> > > tp
> > >
> > > > > ut rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > > > 2015-05-26
> > >
> > > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|ou
> > > tp
> > >
> > > > > ut Chain = FORWARD
> > > > > 2015-05-26
> > >
> > > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|ou
> > > tp
> > >
> > > > > ut Chain = OUTPUT
> > > > > 2015-05-26
> > >
> > > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|re
> > > tr
> > >
> > > > > ie ved
> > > > >
> > > > > firewall configuration from VM7Cent6VCL1:
> > > > > |9344|46:46|timeout| : {
> > > > > |9344|46:46|timeout| : "FORWARD" => {
> > > > > |9344|46:46|timeout| : "1" => {
> > > > > |9344|46:46|timeout| : "all" => {
> > > > > |9344|46:46|timeout| : "any" => {
> > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "name" => "any",
> > > > > |9344|46:46|timeout| : "number" => 1,
> > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "target" => "REJECT"
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : },
> > > > > |9344|46:46|timeout| : "INPUT" => {
> > > > > |9344|46:46|timeout| : "1" => {
> > > > > |9344|46:46|timeout| : "tcp" => {
> > > > > |9344|46:46|timeout| : "22" => {
> > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "name" => "ssh",
> > > > > |9344|46:46|timeout| : "number" => 1,
> > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : },
> > > > > |9344|46:46|timeout| : "2" => {
> > > > > |9344|46:46|timeout| : "all" => {
> > > > > |9344|46:46|timeout| : "any" => {
> > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "name" => "any",
> > > > > |9344|46:46|timeout| : "number" => 2,
> > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : },
> > > > > |9344|46:46|timeout| : "3" => {
> > > > > |9344|46:46|timeout| : "icmp" => {
> > > > > |9344|46:46|timeout| : "any" => {
> > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "name" => "any",
> > > > > |9344|46:46|timeout| : "number" => 3,
> > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : },
> > > > > |9344|46:46|timeout| : "4" => {
> > > > > |9344|46:46|timeout| : "all" => {
> > > > > |9344|46:46|timeout| : "any" => {
> > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "name" => "any",
> > > > > |9344|46:46|timeout| : "number" => 4,
> > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : },
> > > > > |9344|46:46|timeout| : "5" => {
> > > > > |9344|46:46|timeout| : "tcp" => {
> > > > > |9344|46:46|timeout| : "443" => {
> > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "name" => "https",
> > > > > |9344|46:46|timeout| : "number" => 5,
> > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : },
> > > > > |9344|46:46|timeout| : "6" => {
> > > > > |9344|46:46|timeout| : "tcp" => {
> > > > > |9344|46:46|timeout| : "80" => {
> > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "name" => "http",
> > > > > |9344|46:46|timeout| : "number" => 6,
> > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : },
> > > > > |9344|46:46|timeout| : "7" => {
> > > > > |9344|46:46|timeout| : "tcp" => {
> > > > > |9344|46:46|timeout| : "3389" => {
> > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > > > > |9344|46:46|timeout| : "number" => 7,
> > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : },
> > > > > |9344|46:46|timeout| : "8" => {
> > > > > |9344|46:46|timeout| : "udp" => {
> > > > > |9344|46:46|timeout| : "3389" => {
> > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > > > > |9344|46:46|timeout| : "number" => 8,
> > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : },
> > > > > |9344|46:46|timeout| : "9" => {
> > > > > |9344|46:46|timeout| : "all" => {
> > > > > |9344|46:46|timeout| : "any" => {
> > > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "name" => "any",
> > > > > |9344|46:46|timeout| : "number" => 9,
> > > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > > |9344|46:46|timeout| : "target" => "REJECT"
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > > |9344|46:46|timeout| : }
> > > > >
> > > > > 2015-05-26
> > >
> > > 12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attempt
> > > in
> > >
> > > > > g
> > > > > to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > > > 2015-05-26
> > > > > 12:26:38|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > > >
> > > > > SSH command on VM7Cent6VCL1:
> > > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > > >
> > > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x
> > > > > VM7Cent6VCL1
> > > > > 'iptables -D INPUT 1' 2>&1
> > > > > 2015-05-26
> > >
> > > > > 12:26:39|9344|46:46|timeout|utils.pm:
> > > run_ssh_command(5020)|run_ssh_command
> > >
> > > > > output:
> > >
> > > > > 2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:
> > > run_ssh_command(5034)|SSH
> > >
> > > > > command executed on VM7Cent6VCL1, returning (0, "")
> > > > > 2015-05-26
> > >
> > > 12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|execute
> > > d
> > >
> > > > > command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > > > 2015-05-26
> > > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > > >
> > > > > SSH command on VM7Cent6VCL1:
> > > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > > >
> > > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x
> > > > > VM7Cent6VCL1
> > > > > '/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
> > > > >
> > > > > |9344|46:46|timeout| ---- WARNING ----
> > > > > |9344|46:46|timeout| 2015-05-26
> > > > >
> > > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5006)|attempt
> > >
> > > > > 1/3: failed to execute SSH command on VM7Cent6VCL1:
> > > '/sbin/iptables-save >
> > >
> > > > > /etc/sysconfig/iptables', exit status: 255, output:
> > > > > |9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to
> > > > > |host
> > > > >
> > > > > VM7Cent6VCL1 port 22: No route to host
> > > > >
> > > > > |9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
> > > > > |9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
> > > > > |9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line:
> > > > > |3794)
> > > > > |9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line:
> > > > > |2576)
> > > > > |9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
> > > > > |9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line: 271)
> > > > >
> > > > > 2015-05-26
> > > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4894)|sleeping
> > >
> > > for 2
> > >
> > > > > seconds before making next SSH attempt
> > > > > 201
> > > > >
> > > > > Thanks
> > > > >
> > > > > Lewis
> > > >
> > > > --
> > > > -------------------------------
> > > > Josh Thompson
> > > > VCL Developer
> > > > North Carolina State University
> > > >
> > > > my GPG/PGP key can be found at pgp.mit.edu
> > > >
> > > > All electronic mail messages in connection with State business which
> > > > are sent to or received by this account are subject to the NC Public
> > > > Records Law and may be disclosed to third parties.
> > >
> > > - --
> > > - -------------------------------
> > > Josh Thompson
> > > VCL Developer
> > > North Carolina State University
> > >
> > > my GPG/PGP key can be found at pgp.mit.edu
> > >
> > > All electronic mail messages in connection with State business which
> > > are sent to or received by this account are subject to the NC Public
> > > Records Law and may be disclosed to third parties.
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v2
> > >
> > > iEYEARECAAYFAlVlweoACgkQV/LQcNdtPQMQMwCeKII154mTy404UH9lVj7Jay/C
> > > BFkAn1bCP/vRTeQIFeOsz73Rx/dDUL13
> > > =1olU
> > > -----END PGP SIGNATURE-----
>
> --
> -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEUEARECAAYFAlVnUlMACgkQV/LQcNdtPQPQiQCfX8xKdZwzBEN1CgYTTiObgvL5
iqgAmK4jDZzJBILWcY8c5YW0P30xkzI=
=i4iw
-----END PGP SIGNATURE-----
Re: vcld.log
Posted by "Litchfield, Elwin L." <Le...@sar.usf.edu>.
Sorry, I didn't have the nerve to try 2.4.2, I am waiting for it to settle down before jumping in way over my head. 2.3.2 is over my head & I am slowly learning how to use it. Now that I have the list of deleted = 1, I have been looking in the PHP and MySql book to figure how to delete the unwanted images & am totally lost. Can you point me in the correct direction.
Thanks.
Lewis Litchfield
Technology Services – Viking Center Lab
University of South Florida Sarasota-Manatee
941-359-4231
________________________________________
From: Josh Thompson <jo...@ncsu.edu>
Sent: Wednesday, May 27, 2015 11:02 AM
To: user@vcl.apache.org
Subject: Re: vcld.log
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lewis,
Under Manage Images, you can delete images (including all of their revisions)
as well as deleting specific revisions (after clicking Edit next for that
image). However, doing this only flags them as deleted in the database. As a
measure to prevent images from accidentally being permanently deleted, they
are not automatically deleted. The following command should give you a list
of base names for images that can then be manually deleted:
mysql vcl -e "SELECT imagename FROM imagerevision WHERE deleted = 1"
Also, in 2.4.2, you can delete VMware based images by using "vcl --setup".
Josh
On Wednesday, May 27, 2015 9:47:38 AM Elwin Litchfield wrote:
> Thanks, is there a way to remove deleted images?
>
> On Wed, May 27, 2015 at 9:08 AM, Josh Thompson <jo...@ncsu.edu>
>
> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Lewis,
> >
> > That is correct. However, if you can successfully make an imaging
> > reservation
> > and connect to it, you can use that as your starting point for updating
> > your
> > firewall configuration. Then, just save it off as a new revision of the
> > image
> > or as a new image.
> >
> > Josh
> >
> > On Tuesday, May 26, 2015 7:52:23 PM Litchfield, Elwin L. wrote:
> > > I assume this configuration must be done before the image is created.
> > >
> > >
> > > Lewis Litchfield
> > > Technology Services – Viking Center Lab
> > > University of South Florida Sarasota-Manatee
> > > 941-359-4231
> > >
> > > ________________________________________
> > > From: Josh Thompson <jo...@ncsu.edu>
> > > Sent: Tuesday, May 26, 2015 3:40 PM
> > > To: user@vcl.apache.org
> > > Subject: Re: vcld.log
> > >
> > > Elwin,
> > >
> > > I can't find any docs on how you are supposed to configure the firewall
> >
> > for
> >
> > > a base linux image under 2.3.2, and I don't remember the details of it.
> >
> > I
> >
> > > think something like the following should get your working.
> > >
> > > First, stop iptables to clear all of the tables:
> > >
> > > service iptables stop
> > >
> > > Create a custom table - you can name it anything, we'll go with "VCL".
> > >
> > > iptables -N VCL
> > >
> > > Create a rule in INPUT that jumps to the VCL table for everything:
> > >
> > > iptables -A INPUT -j VCL
> > >
> > > Add a few important rules to the VCL table:
> > >
> > > iptables -A VCL -i lo -j ACCEPT
> > > iptables -A VCL -m state --state RELATED,ESTABLISHED -j ACCEPT
> > > iptables -A VCL -p icmp -m icmp --icmp-type any -j ACCEPT
> > >
> > > Add a rule to the VCL table to accept traffic from your management node:
> > >
> > > iptables -A VCL -s <management node IP> -m state --state NEW -m tcp -p
> >
> > tcp
> >
> > > -- dport 22 -j ACCEPT
> > >
> > > Add a rule to the VCL table to reject other traffic:
> > >
> > > iptables -A VCL -j REJECT --reject-with icmp-host-prohibited
> > >
> > > Save the new configuration:
> > >
> > > service iptables save
> > >
> > > If I remember correctly, VCL should then manage required additions and
> > > removals on the INPUT table, and leave the VCL table alone, and since
> > > the
> > > VCL table has a rule allowing traffic from your management node, it
> >
> > should
> >
> > > stop shutting itself out.
> > >
> > > Let me know if this works for you.
> > >
> > > Josh
> > >
> > > On Tuesday, May 26, 2015 1:13:37 PM Elwin Litchfield wrote:
> > > > Everything seemed to work till the reservation was over. Port 22 is
> > > > blocked, but ping is OK & port 3389 is still available & connection
> >
> > with
> >
> > > > admin ID & password presented at the beginning of the reservation. I
> >
> > have
> >
> > > > bee reading the vcld.log & am unable to make any sense of it. Can you
> > > > help
> > > > me understand what is hapening?
> > > >
> > > >
> > > > Thanks 2015-05-26
> > > > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > >
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > >
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > '/sbin/chkconfig --list iptables' 2>&1
> > > > 2015-05-26
> > > > 12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
> > > > service exists
> > > > 2015-05-26
> > > > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > >
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > >
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > 'iptables -L --line-number -n' 2>&1
> > > > 2015-05-26
> >
> > > > 12:26:33|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5020)|run_ssh_command
> >
> > > > output:
> > > > |9344|46:46|timeout| Chain INPUT (policy ACCEPT)
> > > > |9344|46:46|timeout| num target prot opt source destination
> > > > |9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> > > >
> > > > NEW,RELATED,ESTABLISHED tcp dpt:22
> > > >
> > > > |9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> > > >
> > > > RELATED,ESTABLISHED
> > > >
> > > > |9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> > > > |9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> > > > |9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > > >
> > > > dpt:443
> > > >
> > > > |9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > > >
> > > > dpt:80
> > > >
> > > > |9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > > >
> > > > dpt:3389
> > > >
> > > > |9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
> > > >
> > > > dpt:3389
> > > >
> > > > |9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> > > >
> > > > icmp-host-prohibited
> > > >
> > > > |9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
> > > > |9344|46:46|timeout| num target prot opt source destination
> > > > |9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> > > >
> > > > icmp-host-prohibited
> > > >
> > > > |9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
> > > > |9344|46:46|timeout| num target prot opt source destination
> > > >
> > > > 2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5034)|SSH
> >
> > > > command executed on VM7Cent6VCL1, returning (0, "Chain INPUT (policy
> > > > ACCEPT) nu...")
> > > > 2015-05-26
> >
> > 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> >
> > > > ut Chain = INPUT
> > > > 2015-05-26
> >
> > 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> >
> > > > ut rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
> > > > 2015-05-26
> >
> > 12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> >
> > > > ut rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
> > > > 2015-05-26
> >
> > 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> >
> > > > ut rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
> > > > 2015-05-26
> >
> > 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> >
> > > > ut rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > > 2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated for
> > > > management node 1: 2015-05-26 12:26:36
> > > > 2015-05-26
> >
> > 12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> >
> > > > ut rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > > 2015-05-26
> >
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> >
> > > > ut Chain = FORWARD
> > > > 2015-05-26
> >
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> >
> > > > ut Chain = OUTPUT
> > > > 2015-05-26
> >
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|retr
> >
> > > > ie ved
> > > >
> > > > firewall configuration from VM7Cent6VCL1:
> > > > |9344|46:46|timeout| : {
> > > > |9344|46:46|timeout| : "FORWARD" => {
> > > > |9344|46:46|timeout| : "1" => {
> > > > |9344|46:46|timeout| : "all" => {
> > > > |9344|46:46|timeout| : "any" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "any",
> > > > |9344|46:46|timeout| : "number" => 1,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "REJECT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "INPUT" => {
> > > > |9344|46:46|timeout| : "1" => {
> > > > |9344|46:46|timeout| : "tcp" => {
> > > > |9344|46:46|timeout| : "22" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "ssh",
> > > > |9344|46:46|timeout| : "number" => 1,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "2" => {
> > > > |9344|46:46|timeout| : "all" => {
> > > > |9344|46:46|timeout| : "any" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "any",
> > > > |9344|46:46|timeout| : "number" => 2,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "3" => {
> > > > |9344|46:46|timeout| : "icmp" => {
> > > > |9344|46:46|timeout| : "any" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "any",
> > > > |9344|46:46|timeout| : "number" => 3,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "4" => {
> > > > |9344|46:46|timeout| : "all" => {
> > > > |9344|46:46|timeout| : "any" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "any",
> > > > |9344|46:46|timeout| : "number" => 4,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "5" => {
> > > > |9344|46:46|timeout| : "tcp" => {
> > > > |9344|46:46|timeout| : "443" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "https",
> > > > |9344|46:46|timeout| : "number" => 5,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "6" => {
> > > > |9344|46:46|timeout| : "tcp" => {
> > > > |9344|46:46|timeout| : "80" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "http",
> > > > |9344|46:46|timeout| : "number" => 6,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "7" => {
> > > > |9344|46:46|timeout| : "tcp" => {
> > > > |9344|46:46|timeout| : "3389" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > > > |9344|46:46|timeout| : "number" => 7,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "8" => {
> > > > |9344|46:46|timeout| : "udp" => {
> > > > |9344|46:46|timeout| : "3389" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > > > |9344|46:46|timeout| : "number" => 8,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "9" => {
> > > > |9344|46:46|timeout| : "all" => {
> > > > |9344|46:46|timeout| : "any" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "any",
> > > > |9344|46:46|timeout| : "number" => 9,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "REJECT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > >
> > > > 2015-05-26
> >
> > 12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attemptin
> >
> > > > g
> > > > to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > > 2015-05-26
> > > > 12:26:38|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > >
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > >
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > 'iptables -D INPUT 1' 2>&1
> > > > 2015-05-26
> >
> > > > 12:26:39|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5020)|run_ssh_command
> >
> > > > output:
> >
> > > > 2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5034)|SSH
> >
> > > > command executed on VM7Cent6VCL1, returning (0, "")
> > > > 2015-05-26
> >
> > 12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|executed
> >
> > > > command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > > 2015-05-26
> > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > >
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > >
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > '/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
> > > >
> > > > |9344|46:46|timeout| ---- WARNING ----
> > > > |9344|46:46|timeout| 2015-05-26
> > > >
> > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5006)|attempt
> >
> > > > 1/3: failed to execute SSH command on VM7Cent6VCL1:
> > '/sbin/iptables-save >
> >
> > > > /etc/sysconfig/iptables', exit status: 255, output:
> > > > |9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to host
> > > >
> > > > VM7Cent6VCL1 port 22: No route to host
> > > >
> > > > |9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
> > > > |9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
> > > > |9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line: 3794)
> > > > |9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line: 2576)
> > > > |9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
> > > > |9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line: 271)
> > > >
> > > > 2015-05-26
> > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4894)|sleeping
> >
> > for 2
> >
> > > > seconds before making next SSH attempt
> > > > 201
> > > >
> > > > Thanks
> > > >
> > > > Lewis
> > >
> > > --
> > > -------------------------------
> > > Josh Thompson
> > > VCL Developer
> > > North Carolina State University
> > >
> > > my GPG/PGP key can be found at pgp.mit.edu
> > >
> > > All electronic mail messages in connection with State business which
> > > are sent to or received by this account are subject to the NC Public
> > > Records Law and may be disclosed to third parties.
> >
> > - --
> > - -------------------------------
> > Josh Thompson
> > VCL Developer
> > North Carolina State University
> >
> > my GPG/PGP key can be found at pgp.mit.edu
> >
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2
> >
> > iEYEARECAAYFAlVlweoACgkQV/LQcNdtPQMQMwCeKII154mTy404UH9lVj7Jay/C
> > BFkAn1bCP/vRTeQIFeOsz73Rx/dDUL13
> > =1olU
> > -----END PGP SIGNATURE-----
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlVl3J0ACgkQV/LQcNdtPQM1fgCfZ0B7WIekOFRYpwOP+ZltWcxG
iQMAn2TN7rxlrP1KcKhmupfGNxtDNJbj
=W6pN
-----END PGP SIGNATURE-----
Re: vcld.log
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lewis,
Under Manage Images, you can delete images (including all of their revisions)
as well as deleting specific revisions (after clicking Edit next for that
image). However, doing this only flags them as deleted in the database. As a
measure to prevent images from accidentally being permanently deleted, they
are not automatically deleted. The following command should give you a list
of base names for images that can then be manually deleted:
mysql vcl -e "SELECT imagename FROM imagerevision WHERE deleted = 1"
Also, in 2.4.2, you can delete VMware based images by using "vcl --setup".
Josh
On Wednesday, May 27, 2015 9:47:38 AM Elwin Litchfield wrote:
> Thanks, is there a way to remove deleted images?
>
> On Wed, May 27, 2015 at 9:08 AM, Josh Thompson <jo...@ncsu.edu>
>
> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Lewis,
> >
> > That is correct. However, if you can successfully make an imaging
> > reservation
> > and connect to it, you can use that as your starting point for updating
> > your
> > firewall configuration. Then, just save it off as a new revision of the
> > image
> > or as a new image.
> >
> > Josh
> >
> > On Tuesday, May 26, 2015 7:52:23 PM Litchfield, Elwin L. wrote:
> > > I assume this configuration must be done before the image is created.
> > >
> > >
> > > Lewis Litchfield
> > > Technology Services – Viking Center Lab
> > > University of South Florida Sarasota-Manatee
> > > 941-359-4231
> > >
> > > ________________________________________
> > > From: Josh Thompson <jo...@ncsu.edu>
> > > Sent: Tuesday, May 26, 2015 3:40 PM
> > > To: user@vcl.apache.org
> > > Subject: Re: vcld.log
> > >
> > > Elwin,
> > >
> > > I can't find any docs on how you are supposed to configure the firewall
> >
> > for
> >
> > > a base linux image under 2.3.2, and I don't remember the details of it.
> >
> > I
> >
> > > think something like the following should get your working.
> > >
> > > First, stop iptables to clear all of the tables:
> > >
> > > service iptables stop
> > >
> > > Create a custom table - you can name it anything, we'll go with "VCL".
> > >
> > > iptables -N VCL
> > >
> > > Create a rule in INPUT that jumps to the VCL table for everything:
> > >
> > > iptables -A INPUT -j VCL
> > >
> > > Add a few important rules to the VCL table:
> > >
> > > iptables -A VCL -i lo -j ACCEPT
> > > iptables -A VCL -m state --state RELATED,ESTABLISHED -j ACCEPT
> > > iptables -A VCL -p icmp -m icmp --icmp-type any -j ACCEPT
> > >
> > > Add a rule to the VCL table to accept traffic from your management node:
> > >
> > > iptables -A VCL -s <management node IP> -m state --state NEW -m tcp -p
> >
> > tcp
> >
> > > -- dport 22 -j ACCEPT
> > >
> > > Add a rule to the VCL table to reject other traffic:
> > >
> > > iptables -A VCL -j REJECT --reject-with icmp-host-prohibited
> > >
> > > Save the new configuration:
> > >
> > > service iptables save
> > >
> > > If I remember correctly, VCL should then manage required additions and
> > > removals on the INPUT table, and leave the VCL table alone, and since
> > > the
> > > VCL table has a rule allowing traffic from your management node, it
> >
> > should
> >
> > > stop shutting itself out.
> > >
> > > Let me know if this works for you.
> > >
> > > Josh
> > >
> > > On Tuesday, May 26, 2015 1:13:37 PM Elwin Litchfield wrote:
> > > > Everything seemed to work till the reservation was over. Port 22 is
> > > > blocked, but ping is OK & port 3389 is still available & connection
> >
> > with
> >
> > > > admin ID & password presented at the beginning of the reservation. I
> >
> > have
> >
> > > > bee reading the vcld.log & am unable to make any sense of it. Can you
> > > > help
> > > > me understand what is hapening?
> > > >
> > > >
> > > > Thanks 2015-05-26
> > > > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > >
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > >
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > '/sbin/chkconfig --list iptables' 2>&1
> > > > 2015-05-26
> > > > 12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
> > > > service exists
> > > > 2015-05-26
> > > > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > >
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > >
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > 'iptables -L --line-number -n' 2>&1
> > > > 2015-05-26
> >
> > > > 12:26:33|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5020)|run_ssh_command
> >
> > > > output:
> > > > |9344|46:46|timeout| Chain INPUT (policy ACCEPT)
> > > > |9344|46:46|timeout| num target prot opt source destination
> > > > |9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> > > >
> > > > NEW,RELATED,ESTABLISHED tcp dpt:22
> > > >
> > > > |9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> > > >
> > > > RELATED,ESTABLISHED
> > > >
> > > > |9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> > > > |9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> > > > |9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > > >
> > > > dpt:443
> > > >
> > > > |9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > > >
> > > > dpt:80
> > > >
> > > > |9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > > >
> > > > dpt:3389
> > > >
> > > > |9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
> > > >
> > > > dpt:3389
> > > >
> > > > |9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> > > >
> > > > icmp-host-prohibited
> > > >
> > > > |9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
> > > > |9344|46:46|timeout| num target prot opt source destination
> > > > |9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> > > >
> > > > icmp-host-prohibited
> > > >
> > > > |9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
> > > > |9344|46:46|timeout| num target prot opt source destination
> > > >
> > > > 2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5034)|SSH
> >
> > > > command executed on VM7Cent6VCL1, returning (0, "Chain INPUT (policy
> > > > ACCEPT) nu...")
> > > > 2015-05-26
> >
> > 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> >
> > > > ut Chain = INPUT
> > > > 2015-05-26
> >
> > 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> >
> > > > ut rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
> > > > 2015-05-26
> >
> > 12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> >
> > > > ut rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
> > > > 2015-05-26
> >
> > 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> >
> > > > ut rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
> > > > 2015-05-26
> >
> > 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> >
> > > > ut rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > > 2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated for
> > > > management node 1: 2015-05-26 12:26:36
> > > > 2015-05-26
> >
> > 12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> >
> > > > ut rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > > 2015-05-26
> >
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> >
> > > > ut Chain = FORWARD
> > > > 2015-05-26
> >
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> >
> > > > ut Chain = OUTPUT
> > > > 2015-05-26
> >
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|retr
> >
> > > > ie ved
> > > >
> > > > firewall configuration from VM7Cent6VCL1:
> > > > |9344|46:46|timeout| : {
> > > > |9344|46:46|timeout| : "FORWARD" => {
> > > > |9344|46:46|timeout| : "1" => {
> > > > |9344|46:46|timeout| : "all" => {
> > > > |9344|46:46|timeout| : "any" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "any",
> > > > |9344|46:46|timeout| : "number" => 1,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "REJECT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "INPUT" => {
> > > > |9344|46:46|timeout| : "1" => {
> > > > |9344|46:46|timeout| : "tcp" => {
> > > > |9344|46:46|timeout| : "22" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "ssh",
> > > > |9344|46:46|timeout| : "number" => 1,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "2" => {
> > > > |9344|46:46|timeout| : "all" => {
> > > > |9344|46:46|timeout| : "any" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "any",
> > > > |9344|46:46|timeout| : "number" => 2,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "3" => {
> > > > |9344|46:46|timeout| : "icmp" => {
> > > > |9344|46:46|timeout| : "any" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "any",
> > > > |9344|46:46|timeout| : "number" => 3,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "4" => {
> > > > |9344|46:46|timeout| : "all" => {
> > > > |9344|46:46|timeout| : "any" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "any",
> > > > |9344|46:46|timeout| : "number" => 4,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "5" => {
> > > > |9344|46:46|timeout| : "tcp" => {
> > > > |9344|46:46|timeout| : "443" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "https",
> > > > |9344|46:46|timeout| : "number" => 5,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "6" => {
> > > > |9344|46:46|timeout| : "tcp" => {
> > > > |9344|46:46|timeout| : "80" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "http",
> > > > |9344|46:46|timeout| : "number" => 6,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "7" => {
> > > > |9344|46:46|timeout| : "tcp" => {
> > > > |9344|46:46|timeout| : "3389" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > > > |9344|46:46|timeout| : "number" => 7,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "8" => {
> > > > |9344|46:46|timeout| : "udp" => {
> > > > |9344|46:46|timeout| : "3389" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > > > |9344|46:46|timeout| : "number" => 8,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : },
> > > > |9344|46:46|timeout| : "9" => {
> > > > |9344|46:46|timeout| : "all" => {
> > > > |9344|46:46|timeout| : "any" => {
> > > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "name" => "any",
> > > > |9344|46:46|timeout| : "number" => 9,
> > > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| : "target" => "REJECT"
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > > |9344|46:46|timeout| : }
> > > >
> > > > 2015-05-26
> >
> > 12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attemptin
> >
> > > > g
> > > > to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > > 2015-05-26
> > > > 12:26:38|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > >
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > >
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > 'iptables -D INPUT 1' 2>&1
> > > > 2015-05-26
> >
> > > > 12:26:39|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5020)|run_ssh_command
> >
> > > > output:
> >
> > > > 2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5034)|SSH
> >
> > > > command executed on VM7Cent6VCL1, returning (0, "")
> > > > 2015-05-26
> >
> > 12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|executed
> >
> > > > command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > > 2015-05-26
> > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > >
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > > >
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > '/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
> > > >
> > > > |9344|46:46|timeout| ---- WARNING ----
> > > > |9344|46:46|timeout| 2015-05-26
> > > >
> > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5006)|attempt
> >
> > > > 1/3: failed to execute SSH command on VM7Cent6VCL1:
> > '/sbin/iptables-save >
> >
> > > > /etc/sysconfig/iptables', exit status: 255, output:
> > > > |9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to host
> > > >
> > > > VM7Cent6VCL1 port 22: No route to host
> > > >
> > > > |9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
> > > > |9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
> > > > |9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line: 3794)
> > > > |9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line: 2576)
> > > > |9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
> > > > |9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line: 271)
> > > >
> > > > 2015-05-26
> > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4894)|sleeping
> >
> > for 2
> >
> > > > seconds before making next SSH attempt
> > > > 201
> > > >
> > > > Thanks
> > > >
> > > > Lewis
> > >
> > > --
> > > -------------------------------
> > > Josh Thompson
> > > VCL Developer
> > > North Carolina State University
> > >
> > > my GPG/PGP key can be found at pgp.mit.edu
> > >
> > > All electronic mail messages in connection with State business which
> > > are sent to or received by this account are subject to the NC Public
> > > Records Law and may be disclosed to third parties.
> >
> > - --
> > - -------------------------------
> > Josh Thompson
> > VCL Developer
> > North Carolina State University
> >
> > my GPG/PGP key can be found at pgp.mit.edu
> >
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2
> >
> > iEYEARECAAYFAlVlweoACgkQV/LQcNdtPQMQMwCeKII154mTy404UH9lVj7Jay/C
> > BFkAn1bCP/vRTeQIFeOsz73Rx/dDUL13
> > =1olU
> > -----END PGP SIGNATURE-----
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlVl3J0ACgkQV/LQcNdtPQM1fgCfZ0B7WIekOFRYpwOP+ZltWcxG
iQMAn2TN7rxlrP1KcKhmupfGNxtDNJbj
=W6pN
-----END PGP SIGNATURE-----
Re: vcld.log
Posted by Elwin Litchfield <le...@mail.usf.edu>.
Thanks, is there a way to remove deleted images?
On Wed, May 27, 2015 at 9:08 AM, Josh Thompson <jo...@ncsu.edu>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Lewis,
>
> That is correct. However, if you can successfully make an imaging
> reservation
> and connect to it, you can use that as your starting point for updating
> your
> firewall configuration. Then, just save it off as a new revision of the
> image
> or as a new image.
>
> Josh
>
> On Tuesday, May 26, 2015 7:52:23 PM Litchfield, Elwin L. wrote:
> > I assume this configuration must be done before the image is created.
> >
> >
> > Lewis Litchfield
> > Technology Services – Viking Center Lab
> > University of South Florida Sarasota-Manatee
> > 941-359-4231
> >
> > ________________________________________
> > From: Josh Thompson <jo...@ncsu.edu>
> > Sent: Tuesday, May 26, 2015 3:40 PM
> > To: user@vcl.apache.org
> > Subject: Re: vcld.log
> >
> > Elwin,
> >
> > I can't find any docs on how you are supposed to configure the firewall
> for
> > a base linux image under 2.3.2, and I don't remember the details of it.
> I
> > think something like the following should get your working.
> >
> > First, stop iptables to clear all of the tables:
> >
> > service iptables stop
> >
> > Create a custom table - you can name it anything, we'll go with "VCL".
> >
> > iptables -N VCL
> >
> > Create a rule in INPUT that jumps to the VCL table for everything:
> >
> > iptables -A INPUT -j VCL
> >
> > Add a few important rules to the VCL table:
> >
> > iptables -A VCL -i lo -j ACCEPT
> > iptables -A VCL -m state --state RELATED,ESTABLISHED -j ACCEPT
> > iptables -A VCL -p icmp -m icmp --icmp-type any -j ACCEPT
> >
> > Add a rule to the VCL table to accept traffic from your management node:
> >
> > iptables -A VCL -s <management node IP> -m state --state NEW -m tcp -p
> tcp
> > -- dport 22 -j ACCEPT
> >
> > Add a rule to the VCL table to reject other traffic:
> >
> > iptables -A VCL -j REJECT --reject-with icmp-host-prohibited
> >
> > Save the new configuration:
> >
> > service iptables save
> >
> > If I remember correctly, VCL should then manage required additions and
> > removals on the INPUT table, and leave the VCL table alone, and since the
> > VCL table has a rule allowing traffic from your management node, it
> should
> > stop shutting itself out.
> >
> > Let me know if this works for you.
> >
> > Josh
> >
> > On Tuesday, May 26, 2015 1:13:37 PM Elwin Litchfield wrote:
> > > Everything seemed to work till the reservation was over. Port 22 is
> > > blocked, but ping is OK & port 3389 is still available & connection
> with
> > > admin ID & password presented at the beginning of the reservation. I
> have
> > > bee reading the vcld.log & am unable to make any sense of it. Can you
> > > help
> > > me understand what is hapening?
> > >
> > >
> > > Thanks 2015-05-26
> > > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > >
> > > SSH command on VM7Cent6VCL1:
> > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > >
> > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > '/sbin/chkconfig --list iptables' 2>&1
> > > 2015-05-26
> > > 12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
> > > service exists
> > > 2015-05-26
> > > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > >
> > > SSH command on VM7Cent6VCL1:
> > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > >
> > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > 'iptables -L --line-number -n' 2>&1
> > > 2015-05-26
> > > 12:26:33|9344|46:46|timeout|utils.pm:
> run_ssh_command(5020)|run_ssh_command
> > >
> > > output:
> > > |9344|46:46|timeout| Chain INPUT (policy ACCEPT)
> > > |9344|46:46|timeout| num target prot opt source destination
> > > |9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> > >
> > > NEW,RELATED,ESTABLISHED tcp dpt:22
> > >
> > > |9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> > >
> > > RELATED,ESTABLISHED
> > >
> > > |9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> > > |9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> > > |9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > >
> > > dpt:443
> > >
> > > |9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > >
> > > dpt:80
> > >
> > > |9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > >
> > > dpt:3389
> > >
> > > |9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
> > >
> > > dpt:3389
> > >
> > > |9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> > >
> > > icmp-host-prohibited
> > >
> > > |9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
> > > |9344|46:46|timeout| num target prot opt source destination
> > > |9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> > >
> > > icmp-host-prohibited
> > >
> > > |9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
> > > |9344|46:46|timeout| num target prot opt source destination
> > >
> > > 2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:
> run_ssh_command(5034)|SSH
> > > command executed on VM7Cent6VCL1, returning (0, "Chain INPUT (policy
> > > ACCEPT) nu...")
> > > 2015-05-26
> > >
> 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> > > ut Chain = INPUT
> > > 2015-05-26
> > >
> 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > > ut rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
> > > 2015-05-26
> > >
> 12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > > ut rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
> > > 2015-05-26
> > >
> 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > > ut rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
> > > 2015-05-26
> > >
> 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > > ut rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > 2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated for
> > > management node 1: 2015-05-26 12:26:36
> > > 2015-05-26
> > >
> 12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > > ut rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > 2015-05-26
> > >
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> > > ut Chain = FORWARD
> > > 2015-05-26
> > >
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> > > ut Chain = OUTPUT
> > > 2015-05-26
> > >
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|retr
> > > ie ved
> > >
> > > firewall configuration from VM7Cent6VCL1:
> > > |9344|46:46|timeout| : {
> > > |9344|46:46|timeout| : "FORWARD" => {
> > > |9344|46:46|timeout| : "1" => {
> > > |9344|46:46|timeout| : "all" => {
> > > |9344|46:46|timeout| : "any" => {
> > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "name" => "any",
> > > |9344|46:46|timeout| : "number" => 1,
> > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "target" => "REJECT"
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : },
> > > |9344|46:46|timeout| : "INPUT" => {
> > > |9344|46:46|timeout| : "1" => {
> > > |9344|46:46|timeout| : "tcp" => {
> > > |9344|46:46|timeout| : "22" => {
> > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "name" => "ssh",
> > > |9344|46:46|timeout| : "number" => 1,
> > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : },
> > > |9344|46:46|timeout| : "2" => {
> > > |9344|46:46|timeout| : "all" => {
> > > |9344|46:46|timeout| : "any" => {
> > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "name" => "any",
> > > |9344|46:46|timeout| : "number" => 2,
> > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : },
> > > |9344|46:46|timeout| : "3" => {
> > > |9344|46:46|timeout| : "icmp" => {
> > > |9344|46:46|timeout| : "any" => {
> > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "name" => "any",
> > > |9344|46:46|timeout| : "number" => 3,
> > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : },
> > > |9344|46:46|timeout| : "4" => {
> > > |9344|46:46|timeout| : "all" => {
> > > |9344|46:46|timeout| : "any" => {
> > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "name" => "any",
> > > |9344|46:46|timeout| : "number" => 4,
> > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : },
> > > |9344|46:46|timeout| : "5" => {
> > > |9344|46:46|timeout| : "tcp" => {
> > > |9344|46:46|timeout| : "443" => {
> > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "name" => "https",
> > > |9344|46:46|timeout| : "number" => 5,
> > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : },
> > > |9344|46:46|timeout| : "6" => {
> > > |9344|46:46|timeout| : "tcp" => {
> > > |9344|46:46|timeout| : "80" => {
> > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "name" => "http",
> > > |9344|46:46|timeout| : "number" => 6,
> > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : },
> > > |9344|46:46|timeout| : "7" => {
> > > |9344|46:46|timeout| : "tcp" => {
> > > |9344|46:46|timeout| : "3389" => {
> > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > > |9344|46:46|timeout| : "number" => 7,
> > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : },
> > > |9344|46:46|timeout| : "8" => {
> > > |9344|46:46|timeout| : "udp" => {
> > > |9344|46:46|timeout| : "3389" => {
> > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > > |9344|46:46|timeout| : "number" => 8,
> > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "target" => "ACCEPT"
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : },
> > > |9344|46:46|timeout| : "9" => {
> > > |9344|46:46|timeout| : "all" => {
> > > |9344|46:46|timeout| : "any" => {
> > > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "name" => "any",
> > > |9344|46:46|timeout| : "number" => 9,
> > > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > > |9344|46:46|timeout| : "target" => "REJECT"
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > > |9344|46:46|timeout| : }
> > >
> > > 2015-05-26
> > >
> 12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attemptin
> > > g
> > > to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > 2015-05-26
> > > 12:26:38|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > >
> > > SSH command on VM7Cent6VCL1:
> > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > >
> > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > 'iptables -D INPUT 1' 2>&1
> > > 2015-05-26
> > > 12:26:39|9344|46:46|timeout|utils.pm:
> run_ssh_command(5020)|run_ssh_command
> > > output:
> > > 2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:
> run_ssh_command(5034)|SSH
> > > command executed on VM7Cent6VCL1, returning (0, "")
> > > 2015-05-26
> > >
> 12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|executed
> > > command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > 2015-05-26
> > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > >
> > > SSH command on VM7Cent6VCL1:
> > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> > >
> > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > '/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
> > >
> > > |9344|46:46|timeout| ---- WARNING ----
> > > |9344|46:46|timeout| 2015-05-26
> > >
> > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5006)|attempt
> > > 1/3: failed to execute SSH command on VM7Cent6VCL1:
> '/sbin/iptables-save >
> > >
> > > /etc/sysconfig/iptables', exit status: 255, output:
> > > |9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to host
> > >
> > > VM7Cent6VCL1 port 22: No route to host
> > >
> > > |9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
> > > |9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
> > > |9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line: 3794)
> > > |9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line: 2576)
> > > |9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
> > > |9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line: 271)
> > >
> > > 2015-05-26
> > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4894)|sleeping
> for 2
> > > seconds before making next SSH attempt
> > > 201
> > >
> > > Thanks
> > >
> > > Lewis
> >
> > --
> > -------------------------------
> > Josh Thompson
> > VCL Developer
> > North Carolina State University
> >
> > my GPG/PGP key can be found at pgp.mit.edu
> >
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iEYEARECAAYFAlVlweoACgkQV/LQcNdtPQMQMwCeKII154mTy404UH9lVj7Jay/C
> BFkAn1bCP/vRTeQIFeOsz73Rx/dDUL13
> =1olU
> -----END PGP SIGNATURE-----
>
>
Re: vcld.log
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lewis,
That is correct. However, if you can successfully make an imaging reservation
and connect to it, you can use that as your starting point for updating your
firewall configuration. Then, just save it off as a new revision of the image
or as a new image.
Josh
On Tuesday, May 26, 2015 7:52:23 PM Litchfield, Elwin L. wrote:
> I assume this configuration must be done before the image is created.
>
>
> Lewis Litchfield
> Technology Services – Viking Center Lab
> University of South Florida Sarasota-Manatee
> 941-359-4231
>
> ________________________________________
> From: Josh Thompson <jo...@ncsu.edu>
> Sent: Tuesday, May 26, 2015 3:40 PM
> To: user@vcl.apache.org
> Subject: Re: vcld.log
>
> Elwin,
>
> I can't find any docs on how you are supposed to configure the firewall for
> a base linux image under 2.3.2, and I don't remember the details of it. I
> think something like the following should get your working.
>
> First, stop iptables to clear all of the tables:
>
> service iptables stop
>
> Create a custom table - you can name it anything, we'll go with "VCL".
>
> iptables -N VCL
>
> Create a rule in INPUT that jumps to the VCL table for everything:
>
> iptables -A INPUT -j VCL
>
> Add a few important rules to the VCL table:
>
> iptables -A VCL -i lo -j ACCEPT
> iptables -A VCL -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -A VCL -p icmp -m icmp --icmp-type any -j ACCEPT
>
> Add a rule to the VCL table to accept traffic from your management node:
>
> iptables -A VCL -s <management node IP> -m state --state NEW -m tcp -p tcp
> -- dport 22 -j ACCEPT
>
> Add a rule to the VCL table to reject other traffic:
>
> iptables -A VCL -j REJECT --reject-with icmp-host-prohibited
>
> Save the new configuration:
>
> service iptables save
>
> If I remember correctly, VCL should then manage required additions and
> removals on the INPUT table, and leave the VCL table alone, and since the
> VCL table has a rule allowing traffic from your management node, it should
> stop shutting itself out.
>
> Let me know if this works for you.
>
> Josh
>
> On Tuesday, May 26, 2015 1:13:37 PM Elwin Litchfield wrote:
> > Everything seemed to work till the reservation was over. Port 22 is
> > blocked, but ping is OK & port 3389 is still available & connection with
> > admin ID & password presented at the beginning of the reservation. I have
> > bee reading the vcld.log & am unable to make any sense of it. Can you
> > help
> > me understand what is hapening?
> >
> >
> > Thanks 2015-05-26
> > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> >
> > SSH command on VM7Cent6VCL1:
> > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> >
> > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > '/sbin/chkconfig --list iptables' 2>&1
> > 2015-05-26
> > 12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
> > service exists
> > 2015-05-26
> > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> >
> > SSH command on VM7Cent6VCL1:
> > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> >
> > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > 'iptables -L --line-number -n' 2>&1
> > 2015-05-26
> > 12:26:33|9344|46:46|timeout|utils.pm:run_ssh_command(5020)|run_ssh_command
> >
> > output:
> > |9344|46:46|timeout| Chain INPUT (policy ACCEPT)
> > |9344|46:46|timeout| num target prot opt source destination
> > |9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> >
> > NEW,RELATED,ESTABLISHED tcp dpt:22
> >
> > |9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> >
> > RELATED,ESTABLISHED
> >
> > |9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> > |9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> > |9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> >
> > dpt:443
> >
> > |9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> >
> > dpt:80
> >
> > |9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> >
> > dpt:3389
> >
> > |9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
> >
> > dpt:3389
> >
> > |9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> >
> > icmp-host-prohibited
> >
> > |9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
> > |9344|46:46|timeout| num target prot opt source destination
> > |9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> >
> > icmp-host-prohibited
> >
> > |9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
> > |9344|46:46|timeout| num target prot opt source destination
> >
> > 2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:run_ssh_command(5034)|SSH
> > command executed on VM7Cent6VCL1, returning (0, "Chain INPUT (policy
> > ACCEPT) nu...")
> > 2015-05-26
> > 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> > ut Chain = INPUT
> > 2015-05-26
> > 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > ut rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
> > 2015-05-26
> > 12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > ut rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
> > 2015-05-26
> > 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > ut rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
> > 2015-05-26
> > 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > ut rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > 2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated for
> > management node 1: 2015-05-26 12:26:36
> > 2015-05-26
> > 12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > ut rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > 2015-05-26
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> > ut Chain = FORWARD
> > 2015-05-26
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> > ut Chain = OUTPUT
> > 2015-05-26
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|retr
> > ie ved
> >
> > firewall configuration from VM7Cent6VCL1:
> > |9344|46:46|timeout| : {
> > |9344|46:46|timeout| : "FORWARD" => {
> > |9344|46:46|timeout| : "1" => {
> > |9344|46:46|timeout| : "all" => {
> > |9344|46:46|timeout| : "any" => {
> > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "name" => "any",
> > |9344|46:46|timeout| : "number" => 1,
> > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "target" => "REJECT"
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : },
> > |9344|46:46|timeout| : "INPUT" => {
> > |9344|46:46|timeout| : "1" => {
> > |9344|46:46|timeout| : "tcp" => {
> > |9344|46:46|timeout| : "22" => {
> > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "name" => "ssh",
> > |9344|46:46|timeout| : "number" => 1,
> > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "target" => "ACCEPT"
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : },
> > |9344|46:46|timeout| : "2" => {
> > |9344|46:46|timeout| : "all" => {
> > |9344|46:46|timeout| : "any" => {
> > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "name" => "any",
> > |9344|46:46|timeout| : "number" => 2,
> > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "target" => "ACCEPT"
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : },
> > |9344|46:46|timeout| : "3" => {
> > |9344|46:46|timeout| : "icmp" => {
> > |9344|46:46|timeout| : "any" => {
> > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "name" => "any",
> > |9344|46:46|timeout| : "number" => 3,
> > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "target" => "ACCEPT"
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : },
> > |9344|46:46|timeout| : "4" => {
> > |9344|46:46|timeout| : "all" => {
> > |9344|46:46|timeout| : "any" => {
> > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "name" => "any",
> > |9344|46:46|timeout| : "number" => 4,
> > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "target" => "ACCEPT"
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : },
> > |9344|46:46|timeout| : "5" => {
> > |9344|46:46|timeout| : "tcp" => {
> > |9344|46:46|timeout| : "443" => {
> > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "name" => "https",
> > |9344|46:46|timeout| : "number" => 5,
> > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "target" => "ACCEPT"
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : },
> > |9344|46:46|timeout| : "6" => {
> > |9344|46:46|timeout| : "tcp" => {
> > |9344|46:46|timeout| : "80" => {
> > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "name" => "http",
> > |9344|46:46|timeout| : "number" => 6,
> > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "target" => "ACCEPT"
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : },
> > |9344|46:46|timeout| : "7" => {
> > |9344|46:46|timeout| : "tcp" => {
> > |9344|46:46|timeout| : "3389" => {
> > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > |9344|46:46|timeout| : "number" => 7,
> > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "target" => "ACCEPT"
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : },
> > |9344|46:46|timeout| : "8" => {
> > |9344|46:46|timeout| : "udp" => {
> > |9344|46:46|timeout| : "3389" => {
> > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "name" => "ms-wbt-server",
> > |9344|46:46|timeout| : "number" => 8,
> > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "target" => "ACCEPT"
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : },
> > |9344|46:46|timeout| : "9" => {
> > |9344|46:46|timeout| : "all" => {
> > |9344|46:46|timeout| : "any" => {
> > |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "name" => "any",
> > |9344|46:46|timeout| : "number" => 9,
> > |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> > |9344|46:46|timeout| : "target" => "REJECT"
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> > |9344|46:46|timeout| : }
> >
> > 2015-05-26
> > 12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attemptin
> > g
> > to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > 2015-05-26
> > 12:26:38|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> >
> > SSH command on VM7Cent6VCL1:
> > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> >
> > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > 'iptables -D INPUT 1' 2>&1
> > 2015-05-26
> > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5020)|run_ssh_command
> > output:
> > 2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5034)|SSH
> > command executed on VM7Cent6VCL1, returning (0, "")
> > 2015-05-26
> > 12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|executed
> > command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > 2015-05-26
> > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> >
> > SSH command on VM7Cent6VCL1:
> > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> >
> > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > '/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
> >
> > |9344|46:46|timeout| ---- WARNING ----
> > |9344|46:46|timeout| 2015-05-26
> >
> > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5006)|attempt
> > 1/3: failed to execute SSH command on VM7Cent6VCL1: '/sbin/iptables-save >
> >
> > /etc/sysconfig/iptables', exit status: 255, output:
> > |9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to host
> >
> > VM7Cent6VCL1 port 22: No route to host
> >
> > |9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
> > |9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
> > |9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line: 3794)
> > |9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line: 2576)
> > |9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
> > |9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line: 271)
> >
> > 2015-05-26
> > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4894)|sleeping for 2
> > seconds before making next SSH attempt
> > 201
> >
> > Thanks
> >
> > Lewis
>
> --
> -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlVlweoACgkQV/LQcNdtPQMQMwCeKII154mTy404UH9lVj7Jay/C
BFkAn1bCP/vRTeQIFeOsz73Rx/dDUL13
=1olU
-----END PGP SIGNATURE-----
Re: vcld.log
Posted by "Litchfield, Elwin L." <Le...@sar.usf.edu>.
I assume this configuration must be done before the image is created.
Lewis Litchfield
Technology Services – Viking Center Lab
University of South Florida Sarasota-Manatee
941-359-4231
________________________________________
From: Josh Thompson <jo...@ncsu.edu>
Sent: Tuesday, May 26, 2015 3:40 PM
To: user@vcl.apache.org
Subject: Re: vcld.log
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Elwin,
I can't find any docs on how you are supposed to configure the firewall for a
base linux image under 2.3.2, and I don't remember the details of it. I think
something like the following should get your working.
First, stop iptables to clear all of the tables:
service iptables stop
Create a custom table - you can name it anything, we'll go with "VCL".
iptables -N VCL
Create a rule in INPUT that jumps to the VCL table for everything:
iptables -A INPUT -j VCL
Add a few important rules to the VCL table:
iptables -A VCL -i lo -j ACCEPT
iptables -A VCL -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A VCL -p icmp -m icmp --icmp-type any -j ACCEPT
Add a rule to the VCL table to accept traffic from your management node:
iptables -A VCL -s <management node IP> -m state --state NEW -m tcp -p tcp --
dport 22 -j ACCEPT
Add a rule to the VCL table to reject other traffic:
iptables -A VCL -j REJECT --reject-with icmp-host-prohibited
Save the new configuration:
service iptables save
If I remember correctly, VCL should then manage required additions and
removals on the INPUT table, and leave the VCL table alone, and since the VCL
table has a rule allowing traffic from your management node, it should stop
shutting itself out.
Let me know if this works for you.
Josh
On Tuesday, May 26, 2015 1:13:37 PM Elwin Litchfield wrote:
> Everything seemed to work till the reservation was over. Port 22 is
> blocked, but ping is OK & port 3389 is still available & connection with
> admin ID & password presented at the beginning of the reservation. I have
> bee reading the vcld.log & am unable to make any sense of it. Can you help
> me understand what is hapening?
>
>
> Thanks 2015-05-26
> 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
>
> SSH command on VM7Cent6VCL1:
> |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
>
> StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> '/sbin/chkconfig --list iptables' 2>&1
> 2015-05-26
> 12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
> service exists
> 2015-05-26
> 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> SSH command on VM7Cent6VCL1:
> |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
>
> StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> 'iptables -L --line-number -n' 2>&1
> 2015-05-26
> 12:26:33|9344|46:46|timeout|utils.pm:run_ssh_command(5020)|run_ssh_command
> output:
> |9344|46:46|timeout| Chain INPUT (policy ACCEPT)
> |9344|46:46|timeout| num target prot opt source destination
> |9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
>
> NEW,RELATED,ESTABLISHED tcp dpt:22
>
> |9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>
> RELATED,ESTABLISHED
>
> |9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> |9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> |9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
>
> dpt:443
>
> |9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
>
> dpt:80
>
> |9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
>
> dpt:3389
>
> |9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
>
> dpt:3389
>
> |9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
>
> icmp-host-prohibited
>
> |9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
> |9344|46:46|timeout| num target prot opt source destination
> |9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
>
> icmp-host-prohibited
>
> |9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
> |9344|46:46|timeout| num target prot opt source destination
>
> 2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:run_ssh_command(5034)|SSH
> command executed on VM7Cent6VCL1, returning (0, "Chain INPUT (policy
> ACCEPT) nu...")
> 2015-05-26
> 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
> Chain = INPUT
> 2015-05-26
> 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
> rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
> 2015-05-26
> 12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
> rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
> 2015-05-26
> 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
> rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
> 2015-05-26
> 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
> rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
> 2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated for
> management node 1: 2015-05-26 12:26:36
> 2015-05-26
> 12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
> rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
> 2015-05-26
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
> Chain = FORWARD
> 2015-05-26
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
> Chain = OUTPUT
> 2015-05-26
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|retrie
> ved
> firewall configuration from VM7Cent6VCL1:
> |9344|46:46|timeout| : {
> |9344|46:46|timeout| : "FORWARD" => {
> |9344|46:46|timeout| : "1" => {
> |9344|46:46|timeout| : "all" => {
> |9344|46:46|timeout| : "any" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "any",
> |9344|46:46|timeout| : "number" => 1,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "REJECT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "INPUT" => {
> |9344|46:46|timeout| : "1" => {
> |9344|46:46|timeout| : "tcp" => {
> |9344|46:46|timeout| : "22" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "ssh",
> |9344|46:46|timeout| : "number" => 1,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "2" => {
> |9344|46:46|timeout| : "all" => {
> |9344|46:46|timeout| : "any" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "any",
> |9344|46:46|timeout| : "number" => 2,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "3" => {
> |9344|46:46|timeout| : "icmp" => {
> |9344|46:46|timeout| : "any" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "any",
> |9344|46:46|timeout| : "number" => 3,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "4" => {
> |9344|46:46|timeout| : "all" => {
> |9344|46:46|timeout| : "any" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "any",
> |9344|46:46|timeout| : "number" => 4,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "5" => {
> |9344|46:46|timeout| : "tcp" => {
> |9344|46:46|timeout| : "443" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "https",
> |9344|46:46|timeout| : "number" => 5,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "6" => {
> |9344|46:46|timeout| : "tcp" => {
> |9344|46:46|timeout| : "80" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "http",
> |9344|46:46|timeout| : "number" => 6,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "7" => {
> |9344|46:46|timeout| : "tcp" => {
> |9344|46:46|timeout| : "3389" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "ms-wbt-server",
> |9344|46:46|timeout| : "number" => 7,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "8" => {
> |9344|46:46|timeout| : "udp" => {
> |9344|46:46|timeout| : "3389" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "ms-wbt-server",
> |9344|46:46|timeout| : "number" => 8,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "9" => {
> |9344|46:46|timeout| : "all" => {
> |9344|46:46|timeout| : "any" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "any",
> |9344|46:46|timeout| : "number" => 9,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "REJECT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
>
> 2015-05-26
> 12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attempting
> to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> 2015-05-26
> 12:26:38|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> SSH command on VM7Cent6VCL1:
> |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
>
> StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> 'iptables -D INPUT 1' 2>&1
> 2015-05-26
> 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5020)|run_ssh_command
> output:
> 2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5034)|SSH
> command executed on VM7Cent6VCL1, returning (0, "")
> 2015-05-26
> 12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|executed
> command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> 2015-05-26
> 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> SSH command on VM7Cent6VCL1:
> |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
>
> StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> '/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
>
> |9344|46:46|timeout| ---- WARNING ----
> |9344|46:46|timeout| 2015-05-26
>
> 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5006)|attempt
> 1/3: failed to execute SSH command on VM7Cent6VCL1: '/sbin/iptables-save >
>
> /etc/sysconfig/iptables', exit status: 255, output:
> |9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to host
>
> VM7Cent6VCL1 port 22: No route to host
>
> |9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
> |9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
> |9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line: 3794)
> |9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line: 2576)
> |9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
> |9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line: 271)
>
> 2015-05-26
> 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4894)|sleeping for 2
> seconds before making next SSH attempt
> 201
>
> Thanks
>
> Lewis
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlVkzBkACgkQV/LQcNdtPQNcVQCfSv3pX3IgV+zf0UvZ3mGaKgQ/
ZiQAn2Jvh47BpB8NYk8Q5aS8ElFCrJFc
=ezUt
-----END PGP SIGNATURE-----
Re: vcld.log
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Elwin,
I can't find any docs on how you are supposed to configure the firewall for a
base linux image under 2.3.2, and I don't remember the details of it. I think
something like the following should get your working.
First, stop iptables to clear all of the tables:
service iptables stop
Create a custom table - you can name it anything, we'll go with "VCL".
iptables -N VCL
Create a rule in INPUT that jumps to the VCL table for everything:
iptables -A INPUT -j VCL
Add a few important rules to the VCL table:
iptables -A VCL -i lo -j ACCEPT
iptables -A VCL -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A VCL -p icmp -m icmp --icmp-type any -j ACCEPT
Add a rule to the VCL table to accept traffic from your management node:
iptables -A VCL -s <management node IP> -m state --state NEW -m tcp -p tcp --
dport 22 -j ACCEPT
Add a rule to the VCL table to reject other traffic:
iptables -A VCL -j REJECT --reject-with icmp-host-prohibited
Save the new configuration:
service iptables save
If I remember correctly, VCL should then manage required additions and
removals on the INPUT table, and leave the VCL table alone, and since the VCL
table has a rule allowing traffic from your management node, it should stop
shutting itself out.
Let me know if this works for you.
Josh
On Tuesday, May 26, 2015 1:13:37 PM Elwin Litchfield wrote:
> Everything seemed to work till the reservation was over. Port 22 is
> blocked, but ping is OK & port 3389 is still available & connection with
> admin ID & password presented at the beginning of the reservation. I have
> bee reading the vcld.log & am unable to make any sense of it. Can you help
> me understand what is hapening?
>
>
> Thanks 2015-05-26
> 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
>
> SSH command on VM7Cent6VCL1:
> |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
>
> StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> '/sbin/chkconfig --list iptables' 2>&1
> 2015-05-26
> 12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
> service exists
> 2015-05-26
> 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> SSH command on VM7Cent6VCL1:
> |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
>
> StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> 'iptables -L --line-number -n' 2>&1
> 2015-05-26
> 12:26:33|9344|46:46|timeout|utils.pm:run_ssh_command(5020)|run_ssh_command
> output:
> |9344|46:46|timeout| Chain INPUT (policy ACCEPT)
> |9344|46:46|timeout| num target prot opt source destination
> |9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
>
> NEW,RELATED,ESTABLISHED tcp dpt:22
>
> |9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>
> RELATED,ESTABLISHED
>
> |9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> |9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> |9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
>
> dpt:443
>
> |9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
>
> dpt:80
>
> |9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
>
> dpt:3389
>
> |9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
>
> dpt:3389
>
> |9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
>
> icmp-host-prohibited
>
> |9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
> |9344|46:46|timeout| num target prot opt source destination
> |9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
>
> icmp-host-prohibited
>
> |9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
> |9344|46:46|timeout| num target prot opt source destination
>
> 2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:run_ssh_command(5034)|SSH
> command executed on VM7Cent6VCL1, returning (0, "Chain INPUT (policy
> ACCEPT) nu...")
> 2015-05-26
> 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
> Chain = INPUT
> 2015-05-26
> 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
> rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
> 2015-05-26
> 12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
> rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
> 2015-05-26
> 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
> rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
> 2015-05-26
> 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
> rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
> 2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated for
> management node 1: 2015-05-26 12:26:36
> 2015-05-26
> 12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
> rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
> 2015-05-26
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
> Chain = FORWARD
> 2015-05-26
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
> Chain = OUTPUT
> 2015-05-26
> 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|retrie
> ved
> firewall configuration from VM7Cent6VCL1:
> |9344|46:46|timeout| : {
> |9344|46:46|timeout| : "FORWARD" => {
> |9344|46:46|timeout| : "1" => {
> |9344|46:46|timeout| : "all" => {
> |9344|46:46|timeout| : "any" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "any",
> |9344|46:46|timeout| : "number" => 1,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "REJECT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "INPUT" => {
> |9344|46:46|timeout| : "1" => {
> |9344|46:46|timeout| : "tcp" => {
> |9344|46:46|timeout| : "22" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "ssh",
> |9344|46:46|timeout| : "number" => 1,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "2" => {
> |9344|46:46|timeout| : "all" => {
> |9344|46:46|timeout| : "any" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "any",
> |9344|46:46|timeout| : "number" => 2,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "3" => {
> |9344|46:46|timeout| : "icmp" => {
> |9344|46:46|timeout| : "any" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "any",
> |9344|46:46|timeout| : "number" => 3,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "4" => {
> |9344|46:46|timeout| : "all" => {
> |9344|46:46|timeout| : "any" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "any",
> |9344|46:46|timeout| : "number" => 4,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "5" => {
> |9344|46:46|timeout| : "tcp" => {
> |9344|46:46|timeout| : "443" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "https",
> |9344|46:46|timeout| : "number" => 5,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "6" => {
> |9344|46:46|timeout| : "tcp" => {
> |9344|46:46|timeout| : "80" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "http",
> |9344|46:46|timeout| : "number" => 6,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "7" => {
> |9344|46:46|timeout| : "tcp" => {
> |9344|46:46|timeout| : "3389" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "ms-wbt-server",
> |9344|46:46|timeout| : "number" => 7,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "8" => {
> |9344|46:46|timeout| : "udp" => {
> |9344|46:46|timeout| : "3389" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "ms-wbt-server",
> |9344|46:46|timeout| : "number" => 8,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "ACCEPT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : },
> |9344|46:46|timeout| : "9" => {
> |9344|46:46|timeout| : "all" => {
> |9344|46:46|timeout| : "any" => {
> |9344|46:46|timeout| : "destination" => "0.0.0.0/0",
> |9344|46:46|timeout| : "name" => "any",
> |9344|46:46|timeout| : "number" => 9,
> |9344|46:46|timeout| : "scope" => "0.0.0.0/0",
> |9344|46:46|timeout| : "target" => "REJECT"
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
> |9344|46:46|timeout| : }
>
> 2015-05-26
> 12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attempting
> to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> 2015-05-26
> 12:26:38|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> SSH command on VM7Cent6VCL1:
> |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
>
> StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> 'iptables -D INPUT 1' 2>&1
> 2015-05-26
> 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5020)|run_ssh_command
> output:
> 2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5034)|SSH
> command executed on VM7Cent6VCL1, returning (0, "")
> 2015-05-26
> 12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|executed
> command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> 2015-05-26
> 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> SSH command on VM7Cent6VCL1:
> |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
>
> StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> '/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
>
> |9344|46:46|timeout| ---- WARNING ----
> |9344|46:46|timeout| 2015-05-26
>
> 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5006)|attempt
> 1/3: failed to execute SSH command on VM7Cent6VCL1: '/sbin/iptables-save >
>
> /etc/sysconfig/iptables', exit status: 255, output:
> |9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to host
>
> VM7Cent6VCL1 port 22: No route to host
>
> |9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
> |9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
> |9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line: 3794)
> |9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line: 2576)
> |9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
> |9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line: 271)
>
> 2015-05-26
> 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4894)|sleeping for 2
> seconds before making next SSH attempt
> 201
>
> Thanks
>
> Lewis
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlVkzBkACgkQV/LQcNdtPQNcVQCfSv3pX3IgV+zf0UvZ3mGaKgQ/
ZiQAn2Jvh47BpB8NYk8Q5aS8ElFCrJFc
=ezUt
-----END PGP SIGNATURE-----