Chandan Purushothama created CLOUDSTACK-7124:
------------------------------------------------
Summary: Failed to apply site-to-site VPN using
Site2SiteVpnCfgCommand
Key: CLOUDSTACK-7124
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7124
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server, Test
Affects Versions: 4.5.0
Reporter: Chandan Purushothama
Priority: Critical
Fix For: 4.5.0
====================
Management Server Log:
====================
2014-07-17 14:20:29,540 WARN [o.a.c.f.j.AsyncJobExecutionContext]
(StatsCollector-3:ctx-d1bbb5cd) Job is executed without a context, setup psudo
job for the executing thread
2014-07-17 14:20:29,594 DEBUG [c.c.a.t.Request] (StatsCollector-3:ctx-d1bbb5cd)
Seq 4-2465720795985346640: Received: { Ans: , MgmtId: 200888983222606, via: 4,
Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
2014-07-17 14:20:29,597 DEBUG [c.c.a.m.DirectAgentAttache]
(DirectAgent-157:ctx-a2223711) Seq 1-6784391363656943196: Executing request
2014-07-17 14:20:30,095 DEBUG [c.c.a.m.DirectAgentAttache]
(DirectAgent-157:ctx-a2223711) Seq 1-6784391363656943196: Response Received:
2014-07-17 14:20:30,096 DEBUG [c.c.a.t.Request] (StatsCollector-3:ctx-d1bbb5cd)
Seq 1-6784391363656943196: Received: { Ans: , MgmtId: 200888983222606, via: 1,
Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
2014-07-17 14:20:31,380 ERROR [c.c.u.s.SshHelper]
(DirectAgent-156:ctx-8941a517) SSH execution of command
/opt/cloud/bin/router_proxy.sh ipsectunnel.sh 169.254.0.19 -A -l 10.220.166.68
-n 10.2.1.0/24 -g 10.220.160.1 -r 10.220.166.67 -N 10.1.1.0/24 -e
"3des-md5;modp1536" -i "3des-md5;modp1536" -t 86400 -T 3600 -s "ipsecpsk" -d 0
-p has an error status code in return. result output: inet
10.220.166.68/20 brd 10.220.175.255 scope global eth1
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
021 no connection named "vpn-10.220.166.67"
000 terminating all conns with alias='vpn-10.220.166.67'
021 no connection named "vpn-10.220.166.67"
021 no connection named "vpn-10.220.166.67"
003 no secrets filename matched "/etc/ipsec.d/ipsec.*.secrets"
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
/opt/cloud/bin/ipsectunnel.sh: line 165: [: -ne: unary operator expected
can not load config '/etc/ipsec.conf':
/etc/ipsec.d/ipsec.vpn-10.220.166.67.conf:12: bad duration value salifetime=s
[s]
000 initiating all conns with alias='vpn-10.220.166.67'
021 no connection named "vpn-10.220.166.67"
ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have
not connected
ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have
not connected
ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have
not connected
ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have
not connected
ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have
not connected
021 no connection named "vpn-10.220.166.67"
000 terminating all conns with alias='vpn-10.220.166.67'
021 no connection named "vpn-10.220.166.67"
021 no connection named "vpn-10.220.166.67"
003 no secrets filename matched "/etc/ipsec.d/ipsec.*.secrets"
bash: modp1536: command not found
bash: modp1536: command not found
2014-07-17 14:20:31,381 DEBUG [c.c.a.m.DirectAgentAttache]
(DirectAgent-156:ctx-8941a517) Seq 1-6784391363656943194: Response Received:
2014-07-17 14:20:31,381 DEBUG [c.c.a.t.Request] (DirectAgent-156:ctx-8941a517)
Seq 1-6784391363656943194: Processing: { Ans: , MgmtId: 200888983222606, via:
1, Ver: v1, Flags: 100,
[{"com.cloud.agent.api.Answer":{"result":false,"details":" inet
10.220.166.68/20 brd 10.220.175.255 scope global eth1\niptables: No
chain/target/match by that name.\niptables: No chain/target/match by that
name.\niptables: No chain/target/match by that name.\niptables: No
chain/target/match by that name.\n021 no connection named
\"vpn-10.220.166.67\"\n000 terminating all conns with alias='vpn-10.220.166.67'
\n021 no connection named \"vpn-10.220.166.67\"\n021 no connection named
\"vpn-10.220.166.67\"\n003 no secrets filename matched
\"/etc/ipsec.d/ipsec.*.secrets\"\niptables: Bad rule (does a matching rule
exist in that chain?).\niptables: Bad rule (does a matching rule exist in that
chain?).\niptables: Bad rule (does a matching rule exist in that
chain?).\niptables: Bad rule (does a matching rule exist in that
chain?).\n/opt/cloud/bin/ipsectunnel.sh: line 165: [: -ne: unary operator
expected\ncan not load config '/etc/ipsec.conf':
/etc/ipsec.d/ipsec.vpn-10.220.166.67.conf:12: bad duration value salifetime=s
[s]\n000 initiating all conns with alias='vpn-10.220.166.67' \n021 no
connection named \"vpn-10.220.166.67\"\nISAKMP SA NOT found but checking
IPsec;IPsec SA not found;Site-to-site VPN have not connected\nISAKMP SA NOT
found but checking IPsec;IPsec SA not found;Site-to-site VPN have not
connected\nISAKMP SA NOT found but checking IPsec;IPsec SA not
found;Site-to-site VPN have not connected\nISAKMP SA NOT found but checking
IPsec;IPsec SA not found;Site-to-site VPN have not connected\nISAKMP SA NOT
found but checking IPsec;IPsec SA not found;Site-to-site VPN have not
connected\n021 no connection named \"vpn-10.220.166.67\"\n000 terminating all
conns with alias='vpn-10.220.166.67' \n021 no connection named
\"vpn-10.220.166.67\"\n021 no connection named \"vpn-10.220.166.67\"\n003 no
secrets filename matched \"/etc/ipsec.d/ipsec.*.secrets\"\nbash: modp1536:
command not found\nbash: modp1536: command not found\n","wait":0}}] }
2014-07-17 14:20:31,382 DEBUG [c.c.a.m.AgentAttache]
(DirectAgent-156:ctx-8941a517) Seq 1-6784391363656943194: No more commands found
2014-07-17 14:20:31,382 DEBUG [c.c.a.t.Request]
(API-Job-Executor-62:ctx-d5acf6d1 job-612 ctx-d1963fd8) Seq
1-6784391363656943194: Received: { Ans: , MgmtId: 200888983222606, via: 1,
Ver: v1, Flags: 100, { Answer } }
2014-07-17 14:20:31,401 WARN [o.a.c.a.c.u.v.CreateVpnConnectionCmd]
(API-Job-Executor-62:ctx-d5acf6d1 job-612 ctx-d1963fd8) Exception:
com.cloud.exception.ResourceUnavailableException: Resource
[Site2SiteVpnConnection:1] is unreachable: Failed to apply site-to-site VPN
at
com.cloud.network.vpn.Site2SiteVpnManagerImpl.startVpnConnection(Site2SiteVpnManagerImpl.java:345)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at
org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:106)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
at
com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy159.startVpnConnection(Unknown Source)
at
org.apache.cloudstack.api.command.user.vpn.CreateVpnConnectionCmd.execute(CreateVpnConnectionCmd.java:149)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:141)
at
com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:108)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:507)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:464)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
2014-07-17 14:20:31,403 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-62:ctx-d5acf6d1 job-612) Complete async job-612, jobStatus:
FAILED, resultCode: 530, result:
org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":534,"errortext":"Resource
[Site2SiteVpnConnection:1] is unreachable: Failed to apply site-to-site VPN"}
2014-07-17 14:20:31,408 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-62:ctx-d5acf6d1 job-612) Done executing
org.apache.cloudstack.api.command.user.vpn.CreateVpnConnectionCmd for job-612
--
This message was sent by Atlassian JIRA
(v6.2#6252)
