[jira] [Resolved] (CLOUDSTACK-1685) If iptables VM chain is missing, security_group.py crashes

Thu, 14 Mar 2013 12:14:13 -0700 

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-1685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

John Kinsella resolved CLOUDSTACK-1685.
---------------------------------------

    Resolution: Fixed
    
> If iptables VM chain is missing, security_group.py crashes
> ----------------------------------------------------------
>
>                 Key: CLOUDSTACK-1685
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1685
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>    Affects Versions: 4.0.0
>            Reporter: John Kinsella
>            Assignee: John Kinsella
>
> If, for some reason, the iptables rules for a specific VM are removed (given 
> using ACS in a network that supports ipchains), security_group.py will not be 
> able to update the ruleset:
> 2013-03-14 13:30:31,039 -     programming network rules for  IP: 50.23.83.141 
> vmname=i-2-1722-VM
> 2013-03-14 13:30:31,039 - iptables -F i-2-1722-VM
> 2013-03-14 13:30:31,046 - Failed to network rule !: Traceback (most recent 
> call last):
>   File "/usr/lib64/cloud/common/scripts/vm/network/security_group.py", line 
> 626, in add_network_rules
>     execute("iptables -F " + vmchain)
>   File "/usr/lib64/cloud/common/scripts/vm/network/security_group.py", line 
> 35, in execute
>     return bash("-c", cmd).stdout
>   File "/usr/lib/python2.6/site-packages/cloud_utils.py", line 165, in 
> __call__
>     raise e
> CalledProcessError: Command '['/bin/bash', '-c', 'iptables -F i-2-1722-VM']' 
> returned non-zero exit status 1
> Running the iptables command by hand gives you:
> # iptables -F i-2-1722-VM
> iptables: No chain/target/match by that name.
> Several things could happen here - I'm going to suggest that if the script 
> finds the chain missing, that it re-initializes it for that VM, and then 
> continues applying the ruleset (a complete ruleset is passed each time, not 
> just the adds/removes)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to