echoidcf opened a new issue #4449:
URL: https://github.com/apache/cloudstack/issues/4449
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and master branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete
the comments.
-->
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Bug Report
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
VR
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on master
branch.
-->
~~~
All version after 4.7 affected
~~~
##### CONFIGURATION
<!--
Information about the configuration if relevant, e.g. basic network,
advanced networking, etc. N/A otherwise
-->
Vmware
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
##### SUMMARY
<!-- Explain the problem/feature briefly -->
Script writing style in /opt/cloud/bin/vr_cfg.sh in VR will consume HUGE
memory if there are more than 1,000 firewall rules.
When VR is restarted, cloudstack will pass a aggregation of JSON files to VR
and use vr_cfg.sh to unpack it and run python script to load them. The problem
is cloudstack will generate each JSON file to one-line-file, which is ok. But
vr_cfg.sh is written in following style:
~~~
while read line; do
...
done < $cfg
~~~
If JSON file is big, hundreds of kilo-byte for example, there will be a very
LOOOOOOOOONG line for the script to read. This will use a lot of memory and
result in memory exhausted and will fail the async job of start VR.
And of course , VR will not come up after that.
As a result of my test, 2k firewall rules will cause this problem on a VR
with 1GB memory. 6K firewall rules will kill a VR with 8GB memory, and 10k
firewall rules will kill the VR even with 16GB memory.
The fix is simple, just change it to
~~~
cat $cfg | while read line; do
...
done
~~~
will fix this problem.
##### STEPS TO REPRODUCE
<!--
For bugs, show exactly how to reproduce the problem, using a minimal
test-case. Use Screenshots if accurate.
For new features, show how the feature would be used.
-->
<!-- Paste example playbooks or commands between quotes below -->
1. add 2000 firewall rules to a VR with 1GB memory
2. stop and start it
it will fail to start.
<!-- You can also paste gist.github.com links for larger files -->
##### EXPECTED RESULTS
<!-- What did you expect to happen when running the steps above? -->
~~~
VR failed to start
~~~
##### ACTUAL RESULTS
<!-- What actually happened? -->
<!-- Paste verbatim command output between quotes below -->
~~~
Job will failed and a memory out log in the management server log.
~~~
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
