[GitHub] [cloudstack] weizhouapache commented on pull request #5328: Fix iptable rules when chain reference count is 0

Wed, 18 Aug 2021 07:39:57 -0700 


weizhouapache commented on pull request #5328:
URL: https://github.com/apache/cloudstack/pull/5328#issuecomment-901169317


   > @weizhouapache
   > 
   > ```
   > 2021-07-02 08:45:01,700 - iptables-save |grep -w BF-brbond0-94 |grep -w 
vnet60 |grep -w i-11-2468-def
   > 2021-07-02 08:45:01,736 - Command exited non-zero: iptables-save |grep -w 
BF-brbond0-94 |grep -w vnet60 |grep -w i-11-2468-def
   > Traceback (most recent call last):
   >   File 
"/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 53, 
in execute
   >     return check_output(cmd, shell=True).decode()
   >   File "/usr/lib/python3.5/subprocess.py", line 626, in check_output
   >     **kwargs).stdout
   >   File "/usr/lib/python3.5/subprocess.py", line 708, in run
   >     output=stdout, stderr=stderr)
   > subprocess.CalledProcessError: Command 'iptables-save |grep -w 
BF-brbond0-94 |grep -w vnet60 |grep -w i-11-24-def' returned non-zero exit 
status 1
   > 2021-07-02 08:45:01,738 - iptables rules do not exist, programming default 
rules for i-11-2468-VM vnet60
   > 2021-07-02 08:45:01,738 - modprobe br_netfilter
   > 2021-07-02 08:45:01,742 - sysctl -w net.bridge.bridge-nf-call-arptables=1
   > 2021-07-02 08:45:01,747 - sysctl -w net.bridge.bridge-nf-call-iptables=1
   > 2021-07-02 08:45:01,751 - sysctl -w net.bridge.bridge-nf-call-ip6tables=1
   > 2021-07-02 08:45:01,756 - iptables-save |grep physdev-is-bridged |grep 
FORWARD |grep BF |grep '\-o' | grep -w brbond0-94|awk '{print $9}' | head -1
   > 2021-07-02 08:45:01,794 - iptables -L BF-brbond0-94
   > 2021-07-02 08:45:01,807 - iptables -L BF-brbond0-94-OUT
   > 2021-07-02 08:45:01,818 - iptables -L BF-brbond0-94-IN
   > 
   > 
   > 2021-07-02 08:45:02,040 - iptables -F BF-brbond0-94
   > 
   > 
   > 2021-07-02 08:45:02,066 - ip6tables -F BF-brbond0-94
   > 2021-07-02 08:45:02,077 - Command exited non-zero: ip6tables -F 
BF-brbond0-94
   > Traceback (most recent call last):
   >   File 
"/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 1345, 
in add_fw_framework
   >     execute('ip6tables -I FORWARD -i ' + brname + ' -m physdev 
--physdev-is-bridged -j ' + brfw)
   >   File 
"/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 53, 
in execute
   >     return check_output(cmd, shell=True).decode()
   >   File "/usr/lib/python3.5/subprocess.py", line 626, in check_output
   >     **kwargs).stdout
   >   File "/usr/lib/python3.5/subprocess.py", line 708, in run
   >     output=stdout, stderr=stderr)
   > subprocess.CalledProcessError: Command 'ip6tables -I FORWARD -i brbond0-94 
-m physdev --physdev-is-bridged -j BF-brbond0-94' returned non-zero exit status 
2
   > 
   > During handling of the above exception, another exception occurred:
   > 
   > Traceback (most recent call last):
   >   File 
"/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 53, 
in execute
   >     return check_output(cmd, shell=True).decode()
   >   File "/usr/lib/python3.5/subprocess.py", line 626, in check_output
   >     **kwargs).stdout
   >   File "/usr/lib/python3.5/subprocess.py", line 708, in run
   >     output=stdout, stderr=stderr)
   > subprocess.CalledProcessError: Command 'ip6tables -F BF-brbond0-94' 
returned non-zero exit status 1
   > 
   > 
   > 2021-07-02 08:45:02,272 - iptables -F i-11-2468-VM
   > 2021-07-02 08:45:02,281 - Command exited non-zero: iptables -F i-11-2468-VM
   > Traceback (most recent call last):
   >   File 
"/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 53, 
in execute
   >     return check_output(cmd, shell=True).decode()
   >   File "/usr/lib/python3.5/subprocess.py", line 626, in check_output
   >     **kwargs).stdout
   >   File "/usr/lib/python3.5/subprocess.py", line 708, in run
   >     output=stdout, stderr=stderr)
   > subprocess.CalledProcessError: Command 'iptables -F i-11-2468-VM' returned 
non-zero exit status 1
   > 2021-07-02 08:45:02,285 - Error flushing iptables rules for i-11-2468-VM. 
Presuming firewall rules deleted, re-initializing.
   > 2021-07-02 08:45:02,285 - modprobe br_netfilter
   > 2021-07-02 08:45:02,293 - sysctl -w net.bridge.bridge-nf-call-arptables=1
   > 2021-07-02 08:45:02,297 - sysctl -w net.bridge.bridge-nf-call-iptables=1
   > 2021-07-02 08:45:02,300 - sysctl -w net.bridge.bridge-nf-call-ip6tables=1
   > 2021-07-02 08:45:02,306 - iptables-save |grep physdev-is-bridged |grep 
FORWARD |grep BF |grep '\-o' | grep -w brbond0-94|awk '{print $9}' | head -1
   > 2021-07-02 08:45:02,345 - iptables -L BF-brbond0-94
   > 2021-07-02 08:45:02,358 - iptables -L BF-brbond0-94-OUT
   > 2021-07-02 08:45:02,372 - iptables -L BF-brbond0-94-IN
   > 2021-07-02 08:45:02,385 - ip6tables -L BF-brbond0-94
   > ```
   
   @ravening is there any log between
   ```
   2021-07-02 08:45:01,794 - iptables -L BF-brbond0-94
   2021-07-02 08:45:01,807 - iptables -L BF-brbond0-94-OUT
   2021-07-02 08:45:01,818 - iptables -L BF-brbond0-94-IN
   ```
   and
   ```
   2021-07-02 08:45:02,040 - iptables -F BF-brbond0-94
   ```
   
   ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to