[jira] [Commented] (CLOUDSTACK-10235) Removing Port Forwarding rule deletes public interface on VR (redundant VPC only)

Alexander Conn (JIRA) Wed, 17 Jan 2018 21:52:02 -0800

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10235?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16330069#comment-16330069
 ]


Alexander Conn commented on CLOUDSTACK-10235:
---------------------------------------------

Have confirmed /opt/cloud/bin/cloud-nic.sh is definitely being called to 
add/remove the eth1 (public) nic. Does anyone know where exactly this shell 
script gets called? Going through the code for 4.9.3 on GitHub and I'm having a 
hard time trying to find at what point this gets called.

I modified cloud-nic.sh to add some extra logging, as per below log snippets 
the extra output is in bold. It looks like cloud-nic.sh gets called at the end 
of removing the PF rule and at the beginning of adding the PF rule

+/var/log/cloud.log when PF rule is removed:+

.....

2018-01-18 05:11:39,908 CsRedundant.py _redundant_on:103 Wait for devices to be 
configured so we can start keepalived
2018-01-18 05:11:39,908 CsHelper.py execute:184 Executing: ip link show eth3 | 
grep 'state UP'
2018-01-18 05:11:39,922 CsRedundant.py _redundant_on:109 Device eth3 is 
present, let's start keepalive now.
2018-01-18 05:11:39,923 CsHelper.py execute:184 Executing: mount
2018-01-18 05:11:39,936 CsHelper.py execute:184 Executing: sed -i "s/--exec\ 
\$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived
2018-01-18 05:11:39,948 CsFile.py load:39 Reading file 
/opt/cloud/bin/checkrouter.sh
2018-01-18 05:11:39,949 CsFile.py greplace:116 Searching for [RROUTER_LOG] and 
replacing with /var/log/cloud.log
2018-01-18 05:11:39,949 CsFile.py commit:60 Nothing to commit. The 
/opt/cloud/bin/checkrouter.sh file did not change
2018-01-18 05:11:39,949 CsFile.py load:39 Reading file 
/etc/keepalived/keepalived.conf
2018-01-18 05:11:39,950 CsFile.py search:124 Searching for router_id and 
replacing with router_id r-3882-VM
2018-01-18 05:11:39,950 CsFile.py search:124 Searching for interface and 
replacing with interface eth3
2018-01-18 05:11:39,951 CsFile.py search:124 Searching for advert_int and 
replacing with advert_int 1
2018-01-18 05:11:39,951 CsFile.py greplace:116 Searching for [RROUTER_BIN_PATH] 
and replacing with /ramdisk/rrouter
2018-01-18 05:11:39,952 CsHelper.py copy:251 Copied 
/opt/cloud/templates/conntrackd.conf.templ to 
/opt/cloud/templates/conntrackd.conf.templ.bkp
2018-01-18 05:11:39,953 CsFile.py load:39 Reading file 
/opt/cloud/templates/conntrackd.conf.templ
2018-01-18 05:11:39,954 CsFile.py commit:66 Wrote edited file 
/opt/cloud/templates/conntrackd.conf.templ
2018-01-18 05:11:39,954 CsFile.py commit:68 Updated file in-cache configuration
2018-01-18 05:11:39,954 CsFile.py load:39 Reading file 
/etc/conntrackd/conntrackd.conf
2018-01-18 05:11:39,954 CsFile.py compare:168 Comparison of CsFiles content is 
==> True
2018-01-18 05:11:39,954 CsHelper.py execute:184 Executing: ps aux
2018-01-18 05:11:39,983 CsProcess.py find_pid:50 CsProcess:: Searching for 
process ==> ['/etc/conntrackd/conntrackd.conf'] and found PIDs ==> ['4473']
2018-01-18 05:11:39,984 CsHelper.py copy:251 Copied 
/opt/cloud/templates/conntrackd.conf.templ.bkp to 
/opt/cloud/templates/conntrackd.conf.templ
2018-01-18 05:11:39,984 CsHelper.py execute:184 Executing: rm -rf 
/opt/cloud/templates/conntrackd.conf.templ.bkp
2018-01-18 05:11:39,996 CsFile.py load:39 Reading file /etc/cron.d/heartbeat
2018-01-18 05:11:39,997 CsFile.py commit:60 Nothing to commit. The 
/etc/cron.d/heartbeat file did not change
2018-01-18 05:11:39,997 CsHelper.py execute:184 Executing: ps aux
2018-01-18 05:11:40,021 CsProcess.py find_pid:50 CsProcess:: Searching for 
process ==> ['/usr/sbin/keepalived'] and found PIDs ==> ['4487', '4488', '4489']
*parent command udevd*
*removing 1 Table_eth1 for eth1*
*removed 1 Table_eth1 for eth1*

 

+/var/log/cloud.log when PF rule is added:+

*parent command udevd*
*adding 1 Table_eth1*
*added 1 Table_eth1*
2018-01-18 05:20:52,017 merge.py load:57 Loading data bag type ips
2018-01-18 05:20:52,018 merge.py process:101 Command of type ips received
2018-01-18 05:20:52,018 merge.py save:68 Writing data bag type ips
2018-01-18 05:20:52,020 merge.py load:57 Loading data bag type ips
2018-01-18 05:20:52,020 merge.py load:57 Loading data bag type cmdline
2018-01-18 05:20:52,020 configure.py main:935 Configuring ip addresses
2018-01-18 05:20:52,021 CsHelper.py execute:184 Executing: ip addr show dev eth3
2018-01-18 05:20:52,033 CsAddress.py is_guest_gateway:680 Checking if cidr is a 
gateway for rVPC. IP ==> 10.100.104.254/24 / device ==> eth3
2018-01-18 05:20:52,034 CsAddress.py is_guest_gateway:683 Interface has the 
following gateway ==> 10.100.104.254
2018-01-18 05:20:52,034 CsAddress.py compare:668 The IP address in 
'\{u'public_ip': u'10.100.104.251', u'one_to_one_nat': False, u'nic_dev_id': 
u'3', u'network': u'10.100.104.0/24', u'netmask': u'255.255.255.0', 
u'source_nat': False, u'broadcast': u'10.100.104.255', u'add': True, 
u'nw_type': u'guest', u'device': u'eth3', u'cidr': u'10.100.104.251/24', 
u'gateway': u'10.100.104.254', u'size': u'24'}' will be configured
2018-01-18 05:20:52,034 CsAddress.py compare:668 The IP address in 
'\{u'public_ip': u'10.100.104.251', u'one_to_one_nat': False, u'nic_dev_id': 
u'3', u'network': u'10.100.104.0/24', u'netmask': u'255.255.255.0', 
u'source_nat': False, u'broadcast': u'10.100.104.255', u'add': True, 
u'nw_type': u'guest', u'device': u'eth3', u'cidr': u'10.100.104.251/24', 
u'gateway': u'10.100.104.254', u'size': u'24'}' will be configured
2018-01-18 05:20:52,034 CsHelper.py execute:184 Executing: ip addr show dev eth2
2018-01-18 05:20:52,047 CsAddress.py compare:668 The IP address in 
'\{u'public_ip': u'10.200.200.104', u'one_to_one_nat': False, u'nic_dev_id': 2, 
u'network': u'10.200.200.0/24', u'first_i_p': False, u'netmask': 
u'255.255.255.0', u'source_nat': False, u'broadcast': u'10.200.200.255', 
u'add': True, u'nw_type': u'guest', u'device': u'eth2', u'vif_mac_address': 
u'06:fd:6a:00:02:b2', u'cidr': u'10.200.200.104/24', u'gateway': 
u'10.200.200.254', u'new_nic': False, u'size': u'24'}' will be configured

........

 

 

> Removing Port Forwarding rule deletes public interface on VR (redundant VPC 
> only)
> ---------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-10235
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10235
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: VPC
>    Affects Versions: 4.9.3.0
>         Environment: XenServer 6.2
>            Reporter: Alexander Conn
>            Priority: Critical
>
> Steps I've taken to reproduce in my environment on a redundant VPC (no issue 
> on normal VPC):
>  # Acquire public IP and create a port forwarding rule on it
>  # Remove that port forwarding rule
>  # You'll see on the MASTER VR, the public interface (eth1) gets removed 
> incorrectly. Causing all sorts of issues, including issues with VRRP.
>  # Add a port forwarding rule back, and eth1 gets recreated. But now your 
> stuck with needing at least 1 PF rule to be there in order to keep eth1 
> connected.
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CLOUDSTACK-10235) Removing Port Forwarding rule deletes public interface on VR (redundant VPC only)

Reply via email to