[jira] [Commented] (CLOUDSTACK-7493) [Automation] Egress Firewall Rule fails to create on the Virtual Router in Hyper-V Setup - Reports Success instead of failure report

Rajesh Battala (JIRA) Fri, 05 Sep 2014 21:26:29 -0700

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-7493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14124303#comment-14124303
 ]


Rajesh Battala commented on CLOUDSTACK-7493:
--------------------------------------------

Its specific to iptables and firewall rules configuration. 
[~jayapal] can you please look at the above iptables log and share your input.

Thanks
Rajesh Battala

> [Automation] Egress Firewall Rule fails to create on the Virtual Router in 
> Hyper-V Setup - Reports Success instead of failure report
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-7493
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7493
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Automation, Test
>    Affects Versions: 4.5.0
>            Reporter: Chandan Purushothama
>            Assignee: Rajesh Battala
>            Priority: Blocker
>             Fix For: 4.5.0
>
>
> ==========================
> Error in management Server log:
> ==========================
> {code}
> 2014-09-03 18:04:36,689 DEBUG [c.c.a.ApiServlet] 
> (catalina-exec-22:ctx-a84568da ctx-c6c0fc58 ctx-985e7722) ===END===  
> 10.220.135.217 -- GET  
> jobid=561bbb6c-7931-493d-a778-525086befb96&apiKey=hCPmYiAF1lm_sBLrhXIEWXCJt0vYbxzkeFfv7E1ZhyPPL_TF6BvI8cVOm2AqLlzWwa2w9dO0eFQu6SafM_st3g&command=queryAsyncJobResult&response=json&signature=fWkgkcIGrOu7YQc%2Fw5GD%2B3HHGkM%3D
> 2014-09-03 18:04:36,701 DEBUG [c.c.a.t.Request] 
> (API-Job-Executor-33:ctx-4c5fd3c9 job-316 ctx-8bc88918) Seq 
> 1-4477422454536405316: Sending  { Cmd , MgmtId: 174253150778429, via: 
> 1(10.220.163.36), Ver: v1, Flags: 100001, 
> [{"com.cloud.agent.api.routing.SetFirewallRulesCommand":{"rules":[{"id":36,"srcIp":"","protocol":"all","revoked":false,"alreadyAdded":false,"sourceCidrList":["0.0.0.0/0"],"purpose":"Firewall","trafficType":"Egress","defaultEgressPolicy":false}],"accessDetails":{"router.guest.ip":"192.168.200.1","firewall.egress.default":"false","zone.network.type":"Advanced","router.ip":"10.220.165.184","router.name":"r-45-VM"},"wait":0}}]
>  }
> 2014-09-03 18:04:36,701 DEBUG [c.c.a.t.Request] 
> (API-Job-Executor-33:ctx-4c5fd3c9 job-316 ctx-8bc88918) Seq 
> 1-4477422454536405316: Executing:  { Cmd , MgmtId: 174253150778429, via: 
> 1(10.220.163.36), Ver: v1, Flags: 100001, 
> [{"com.cloud.agent.api.routing.SetFirewallRulesCommand":{"rules":[{"id":36,"srcIp":"","protocol":"all","revoked":false,"alreadyAdded":false,"sourceCidrList":["0.0.0.0/0"],"purpose":"Firewall","trafficType":"Egress","defaultEgressPolicy":false}],"accessDetails":{"router.guest.ip":"192.168.200.1","firewall.egress.default":"false","zone.network.type":"Advanced","router.ip":"10.220.165.184","router.name":"r-45-VM"},"wait":0}}]
>  }
> 2014-09-03 18:04:36,702 DEBUG [c.c.a.m.DirectAgentAttache] 
> (DirectAgent-316:ctx-c363d57a) Seq 1-4477422454536405316: Executing request
> 2014-09-03 18:04:36,702 DEBUG [c.c.h.h.r.HypervDirectConnectResource] 
> (DirectAgent-316:ctx-c363d57a) Use router's private IP for SSH control. IP : 
> 10.220.165.184
> 2014-09-03 18:04:36,702 DEBUG [c.c.h.h.r.HypervDirectConnectResource] 
> (DirectAgent-316:ctx-c363d57a) Run command on VR: 10.220.165.184, script: 
> firewall_egress.sh with args:  -F -E -P 0 -a :all:0:0:0.0.0.0/0:,
> 2014-09-03 18:04:37,394 DEBUG [c.c.a.m.AgentManagerImpl] 
> (AgentManager-Handler-14:null) SeqA 3-604: Processing Seq 3-604:  { Cmd , 
> MgmtId: -1, via: 3, Ver: v1, Flags: 11, 
> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":2,"_loadInfo":"{\n
>   \"connections\": []\n}","wait":0}}] }
> 2014-09-03 18:04:37,397 DEBUG [c.c.a.m.AgentManagerImpl] 
> (AgentManager-Handler-14:null) SeqA 3-604: Sending Seq 3-604:  { Ans: , 
> MgmtId: 174253150778429, via: 3, Ver: v1, Flags: 100010, 
> [{"com.cloud.agent.api.AgentControlAnswer":{"result":true,"wait":0}}] }
> 2014-09-03 18:04:37,826 DEBUG [c.c.s.StorageManagerImpl] 
> (StorageManager-Scavenger-3:ctx-e8a5b20a) Storage pool garbage collector 
> found 0 templates to clean up in storage pool: 
> XenRT-Zone-0-Pod-0-Cluster-0-Primary-Store-0
> 2014-09-03 18:04:37,829 DEBUG [c.c.s.StorageManagerImpl] 
> (StorageManager-Scavenger-3:ctx-e8a5b20a) Secondary storage garbage collector 
> found 0 templates to cleanup on template_store_ref for store: 
> cifs://10.220.163.36/storage/secondary
> 2014-09-03 18:04:37,831 DEBUG [c.c.s.StorageManagerImpl] 
> (StorageManager-Scavenger-3:ctx-e8a5b20a) Secondary storage garbage collector 
> found 0 snapshots to cleanup on snapshot_store_ref for store: 
> cifs://10.220.163.36/storage/secondary
> 2014-09-03 18:04:37,832 DEBUG [c.c.s.StorageManagerImpl] 
> (StorageManager-Scavenger-3:ctx-e8a5b20a) Secondary storage garbage collector 
> found 0 volumes to cleanup on volume_store_ref for store: 
> cifs://10.220.163.36/storage/secondary
> 2014-09-03 18:04:37,940 DEBUG [c.c.h.h.r.HypervDirectConnectResource] 
> (DirectAgent-316:ctx-c363d57a) firewall_egress.sh execution result: true
> 2014-09-03 18:04:37,940 DEBUG [c.c.a.m.DirectAgentAttache] 
> (DirectAgent-316:ctx-c363d57a) Seq 1-4477422454536405316: Response Received: 
> 2014-09-03 18:04:37,940 DEBUG [c.c.a.t.Request] 
> (DirectAgent-316:ctx-c363d57a) Seq 1-4477422454536405316: Processing:  { Ans: 
> , MgmtId: 174253150778429, via: 1, Ver: v1, Flags: 0, 
> [{"com.cloud.agent.api.Answer":{"result":true,"details":"iptables v1.4.14: 
> Couldn't load target `_FW_EGRESS_RULES':No such file or directory\n\nTry 
> `iptables -h' or 'iptables --help' for more information.\niptables: No 
> chain/target/match by that name.\niptables: No chain/target/match by that 
> name.\niptables: No chain/target/match by that name.\niptables v1.4.14: 
> Couldn't load target `_FW_EGRESS_RULES':No such file or directory\n\nTry 
> `iptables -h' or 'iptables --help' for more information.\niptables: No 
> chain/target/match by that name.\niptables: No chain/target/match by that 
> name.\n","wait":0}}] }
> 2014-09-03 18:04:37,941 DEBUG [c.c.a.t.Request] 
> (API-Job-Executor-33:ctx-4c5fd3c9 job-316 ctx-8bc88918) Seq 
> 1-4477422454536405316: Received:  { Ans: , MgmtId: 174253150778429, via: 1, 
> Ver: v1, Flags: 0, { Answer } }
> 2014-09-03 18:04:37,964 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
> (API-Job-Executor-33:ctx-4c5fd3c9 job-316 ctx-8bc88918) Complete async 
> job-316, jobStatus: SUCCEEDED, resultCode: 0, result: 
> org.apache.cloudstack.api.response.FirewallResponse/firewallrule/{"id":"ec795578-c833-4be6-a0d7-e33235d87920","protocol":"all","networkid":"49c9ee87-5ad0-4c4b-9111-621963f2e69e","state":"Active","cidrlist":"0.0.0.0/0","tags":[],"fordisplay":true}
> 2014-09-03 18:04:37,969 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
> (API-Job-Executor-33:ctx-4c5fd3c9 job-316) Done executing 
> org.apache.cloudstack.api.command.user.firewall.CreateEgressFirewallRuleCmd 
> for job-316
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CLOUDSTACK-7493) [Automation] Egress Firewall Rule fails to create on the Virtual Router in Hyper-V Setup - Reports Success instead of failure report

Reply via email to