[GitHub] cloudstack issue #1663: [LTS/blocker] CLOUDSTACK-6432: Prevent DNS reflectio...

[rhtyd]

Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1663
  
@s-seitz the fix should work for newly deployed VRs, for existing VR there 
may be existing rules or chains blocking the intended fix. Are you getting 
issues or seeing the same behaviour with new VRs? If yes, can you send a fix. 
Thanks.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1663: [LTS/blocker] CLOUDSTACK-6432: Prevent DNS reflectio...

[rhtyd]

Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1663
  
Thanks all, based on the test results and reviews from this PR with the 
marvin test and the original PR #1653 from where the main changes were taken, 
I'll go ahead and merge this now.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1663: [LTS/blocker] CLOUDSTACK-6432: Prevent DNS reflectio...

[rhtyd]

Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1663
  
Thanks @borisstoyanov 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1663: [LTS/blocker] CLOUDSTACK-6432: Prevent DNS reflectio...

[borisstoyanov]

Github user borisstoyanov commented on the issue:

https://github.com/apache/cloudstack/pull/1663
  
LGTM, I was able to build and test the PR. Found a little issue with the 
tests and fixed it. 
Here are the tests results: 


```
$ nosetests --with-xunit --xunit-file=integration-test-results.xml 
--with-marvin --marvin-config=advanced_ccs.cfg -s -a 
tags=advanced,required_hardware=true --zone=zone1 --hypervisor=kvm 
cloudstack/test/integration/smoke/test_router_dns.py -vv
nose.config: INFO: Ignoring files matching ['^\\.', '^_', '^setup\\.py$']

 Marvin Init Started 

=== Marvin Parse Config Successful ===

=== Marvin Setting TestData Successful===

 Log Folder Path: /tmp//MarvinLogs//Aug_30_2016_15_44_51_LNKTQ1. All 
logs will be available here 

=== Marvin Init Logging Successful===

 Marvin Init Successful 
Creating Admin Account for domain b1376fae-6e2a-11e6-bca7-000c290e77f6 on 
zone 7060c2b9-7ea2-475f-9b74-56ce80444feb
Creating Service Offering on zone 7060c2b9-7ea2-475f-9b74-56ce80444feb
Creating Network Offering on zone 7060c2b9-7ea2-475f-9b74-56ce80444feb
Creating Network for Account test-a-TestRouterDns-CF5DZ4 using offering 
8c206825-65e7-4aaa-9850-b8e804f523ef
Creating guest VM for Account test-a-TestRouterDns-CF5DZ4 using offering 
6fd51c75-fe0f-4673-8b1a-a312fe5605c4
Starting test_router_dns_externalips...
Querying VR DNS IP: 192.168.1.103
VR DNS query failed from non-guest network IP as expected
=== TestName: test_router_dns_externalipquery | Status : SUCCESS ===

Starting test_router_dns_guestipquery...
Creating Firewall rule for VM ID: cf929b5d-4ce1-4c86-b389-5baba0a5d8e7
Creating NAT rule for VM ID: cf929b5d-4ce1-4c86-b389-5baba0a5d8e7
SSH into guest VM with IP: 192.168.1.103
Trying SSH Connection: Host:192.168.1.103 User:root 
  Port:22 RetryCnt:8===
SshClient: Exception under createConnection: ['Traceback (most recent call 
last):\n', '  File 
"/usr/local/lib/python2.7/site-packages/marvin/sshClient.py", line 122, in 
createConnection\nallow_agent=False)\n', '  File 
"/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 305, in 
connect\nretry_on_signal(lambda: sock.connect(addr))\n', '  File 
"/usr/local/lib/python2.7/site-packages/paramiko/util.py", line 269, in 
retry_on_signal\nreturn function()\n', '  File 
"/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 305, in 
\nretry_on_signal(lambda: sock.connect(addr))\n', '  File 
"/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py",
 line 228, in meth\nreturn getattr(self._sock,name)(*args)\n', 'error: 
[Errno 51] Network is unreachable\n']
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/marvin/sshClient.py", line 
122, in createConnection
allow_agent=False)
  File "/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 
305, in connect
retry_on_signal(lambda: sock.connect(addr))
  File "/usr/local/lib/python2.7/site-packages/paramiko/util.py", line 269, 
in retry_on_signal
return function()
  File "/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 
305, in 
retry_on_signal(lambda: sock.connect(addr))
  File 
"/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py",
 line 228, in meth
return getattr(self._sock,name)(*args)
error: [Errno 51] Network is unreachable
Trying SSH Connection: Host:192.168.1.103 User:root 
  Port:22 RetryCnt:7===
SshClient: Exception under createConnection: ['Traceback (most recent call 
last):\n', '  File 
"/usr/local/lib/python2.7/site-packages/marvin/sshClient.py", line 122, in 
createConnection\nallow_agent=False)\n', '  File 
"/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 305, in 
connect\nretry_on_signal(lambda: sock.connect(addr))\n', '  File 
"/usr/local/lib/python2.7/site-packages/paramiko/util.py", line 269, in 
retry_on_signal\nreturn function()\n', '  File 
"/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 305, in 
\nretry_on_signal(lambda: sock.connect(addr))\n', '  File 
"/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py",
 line 228, in meth\nreturn getattr(self._sock,name)(*args)\n', 'error: 
[Errno 51] Network is unreachable\n']
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/marvin/sshClient.py", line 
122, in createConnection
allow_agent=False)
  File "/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 
305, in connect
retry_on_signal(lambda: sock.connect(addr))
  File 

[GitHub] cloudstack issue #1663: [LTS/blocker] CLOUDSTACK-6432: Prevent DNS reflectio...

[NuxRo]

Github user NuxRo commented on the issue:

https://github.com/apache/cloudstack/pull/1663
  
Thanks a lot for implementing this properly :)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1663: [LTS/blocker] CLOUDSTACK-6432: Prevent DNS reflectio...

[rhtyd]

Github user rhtyd commented on the issue:

https://github.com/apache/cloudstack/pull/1663
  
@jburwell @NuxRo  thanks for the reviews, I've fixed the outstanding 
issues. Please re-review.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1663: [LTS/blocker] CLOUDSTACK-6432: Prevent DNS reflectio...

[jburwell]

Github user jburwell commented on the issue:

https://github.com/apache/cloudstack/pull/1663
  
@NuxRo Any thoughts to add?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---