You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by to...@inf.mit.bme.hu on 2014/11/06 16:23:46 UTC

Firewall not open issue in trunk code

Dear all,

A found an issue in trunk code. When the resevation is ready and connect button is clicked, then in linux image the firewall does not open to allow the connection.

I debug it:

OS.pm, sub process_connect_methods

#Open the firewall ports
notify($ERRORS{'DEBUG'}, 0, "attempt to open firewall port on $computer_node_name, $name connect method");
if ($self->can('enable_firewall_port')) {
        notify($ERRORS{'DEBUG'}, 0, "if (self - can)");
        notify($ERRORS{'DEBUG'}, 0, "processing connect method:\n" . format_data($connect_method));
        for my $protocol (keys %{$connect_method->{connectmethodport}}) {
                 for my $port (keys %{$connect_method->{connectmethodport}{$protocol}}) {
                        if (!$self->enable_firewall_port($protocol, $port, $remote_ip, 1)) {
                             notify($ERRORS{'WARNING'}, 0, "failed to open firewall port $port on $computer
                        }
                 }
        }
}

Relevant log part:

2014-11-06 15:46:19|38658|21|21|reserved|OS.pm:process_connect_methods|2755|attempt to open firewall port on vcl24-vm-1, ssh connect method
2014-11-06 15:46:19|38658|21|21|reserved|OS.pm:process_connect_methods|2757|if (self - can)
2014-11-06 15:46:19|38658|21|21|reserved|OS.pm:process_connect_methods|2758|processing connect method:
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| : {
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "RETRIEVAL_TIME" => 1415285134,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "connectmethodmap" => {
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "OSid" => undef,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "OStypeid" => 2,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "autoprovisioned" => undef,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "connectmethodid" => 1,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "disabled" => 0,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "imagerevisionid" => undef
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   },
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "description" => "ssh on port 22",
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "id" => 1,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "name" => "ssh",
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "servicename" => "ext_sshd",
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "startupscript" => "/etc/init.d/ext_sshd"
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| : }
2014-11-06 15:46:19|38658|21|21|reserved|Linux.pm:grant_access|1132|processed connection methods on vcl24-vm-1 setting 0.0.0.0 for all allowed ports

There is no connectmethodport in the connect_method hash, so that caused the problem.
I do not know why connectmethodport is not available in the hash.

I would like to request your assitance.

Best regards,

Aaron Toth
VCL System Administrator

Fault Tolerant Systems Research Group
Department of Measurement and Information Systems
Budapest University of Technology and Economics

Re: Firewall not open issue in trunk code

Posted by to...@inf.mit.bme.hu.
Dear all,
 
After I insert the necessary rows to connectmethodport table, then vcld restart solve this issue.
 
Br,
Aaron Toth

-----toth.aron@inf.mit.bme.hu ezt írta: ----- 
Címzett: dev@vcl.apache.org
Feladó: toth.aron@inf.mit.bme.hu
Dátum: 2014/11/06 04:24du.
Tárgy: Firewall not open issue in trunk code

Dear all,

A found an issue in trunk code. When the resevation is ready and connect button is clicked, then in linux image the firewall does not open to allow the connection.

I debug it:

OS.pm, sub process_connect_methods

#Open the firewall ports
notify($ERRORS{'DEBUG'}, 0, "attempt to open firewall port on $computer_node_name, $name connect method");
if ($self->can('enable_firewall_port')) {
        notify($ERRORS{'DEBUG'}, 0, "if (self - can)");
        notify($ERRORS{'DEBUG'}, 0, "processing connect method:\n" . format_data($connect_method));
        for my $protocol (keys %{$connect_method->{connectmethodport}}) {
                 for my $port (keys %{$connect_method->{connectmethodport}{$protocol}}) {
                        if (!$self->enable_firewall_port($protocol, $port, $remote_ip, 1)) {
                             notify($ERRORS{'WARNING'}, 0, "failed to open firewall port $port on $computer
                        }
                 }
        }
}

Relevant log part:

2014-11-06 15:46:19|38658|21|21|reserved|OS.pm:process_connect_methods|2755|attempt to open firewall port on vcl24-vm-1, ssh connect method
2014-11-06 15:46:19|38658|21|21|reserved|OS.pm:process_connect_methods|2757|if (self - can)
2014-11-06 15:46:19|38658|21|21|reserved|OS.pm:process_connect_methods|2758|processing connect method:
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| : {
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "RETRIEVAL_TIME" => 1415285134,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "connectmethodmap" => {
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "OSid" => undef,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "OStypeid" => 2,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "autoprovisioned" => undef,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "connectmethodid" => 1,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "disabled" => 0,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :     "imagerevisionid" => undef
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   },
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "description" => "ssh on port 22",
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "id" => 1,
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "name" => "ssh",
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "servicename" => "ext_sshd",
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| :   "startupscript" => "/etc/init.d/ext_sshd"
|38658|21|21|reserved|OS.pm:process_connect_methods|2758| : }
2014-11-06 15:46:19|38658|21|21|reserved|Linux.pm:grant_access|1132|processed connection methods on vcl24-vm-1 setting 0.0.0.0 for all allowed ports

There is no connectmethodport in the connect_method hash, so that caused the problem.
I do not know why connectmethodport is not available in the hash.

I would like to request your assitance.

Best regards,

Aaron Toth
VCL System Administrator

Fault Tolerant Systems Research Group
Department of Measurement and Information Systems
Budapest University of Technology and Economics