GabrielBrascher commented on issue #2732: security_group: Use execute() function instead of non-existing bash() URL: https://github.com/apache/cloudstack/pull/2732#issuecomment-406037059 On 4.11.1: ``` 2018-07-10 21:27:00,514 - Executing command: network_rules_vmSecondaryIp 2018-07-10 21:27:00,514 - vmName = i-2-3-VM 2018-07-10 21:27:00,514 - action = -A 2018-07-10 21:27:00,516 - vm ip 192.168.100.77 2018-07-10 21:27:00,516 - ipset -A i-2-3-VM 192.168.100.77 2018-07-10 21:27:00,520 - ip = 192.168.100.77 2018-07-10 21:27:00,520 - ebtables -t nat -I i-2-3-VM-in-ips -p ARP --arp-ip-src 192.168.100.77 -j RETURN 2018-07-10 21:27:00,524 - ebtables -t nat -I i-2-3-VM-out-ips -p ARP --arp-ip-dst 192.168.100.77 -j RETURN 2018-07-10 21:27:40,175 - Executing command: get_rule_logs_for_vms 2018-07-10 21:27:47,250 - Executing command: destroy_network_rules_for_vm 2018-07-10 21:27:47,250 - iptables-save | awk '/BF(.*)physdev-is-bridged(.*)i-2-3-def/ { sub(/-A/, "-D", $1) ; print }' 2018-07-10 21:27:47,257 - iptables -D BF-cloudbr1-IN -m physdev --physdev-in vnet8 --physdev-is-bridged -j i-2-3-def 2018-07-10 21:27:47,261 - iptables -D BF-cloudbr1-OUT -m physdev --physdev-out vnet8 --physdev-is-bridged -j i-2-3-def 2018-07-10 21:27:47,264 - ip6tables-save | awk '/BF(.*)physdev-is-bridged(.*)i-2-3-def/ { sub(/-A/, "-D", $1) ; print }' 2018-07-10 21:27:47,269 - ip6tables -D BF-cloudbr1-IN -m physdev --physdev-in vnet8 --physdev-is-bridged -j i-2-3-def 2018-07-10 21:27:47,274 - ip6tables -D BF-cloudbr1-OUT -m physdev --physdev-out vnet8 --physdev-is-bridged -j i-2-3-def 2018-07-10 21:27:47,277 - ebtables -t nat -L PREROUTING | grep i-2-3-VM 2018-07-10 21:27:47,283 - ebtables -t nat -L POSTROUTING | grep i-2-3-VM 2018-07-10 21:27:47,288 - ebtables -t nat -D PREROUTING -i vnet8 -j i-2-3-VM-in 2018-07-10 21:27:47,293 - ebtables -t nat -D POSTROUTING -o vnet8 -j i-2-3-VM-out 2018-07-10 21:27:47,298 - ebtables -t nat -F i-2-3-VM-in 2018-07-10 21:27:47,304 - ebtables -t nat -X i-2-3-VM-in 2018-07-10 21:27:47,309 - ebtables -t nat -F i-2-3-VM-out 2018-07-10 21:27:47,315 - ebtables -t nat -X i-2-3-VM-out 2018-07-10 21:27:47,320 - ebtables -t nat -F i-2-3-VM-in-ips 2018-07-10 21:27:47,326 - ebtables -t nat -X i-2-3-VM-in-ips 2018-07-10 21:27:47,331 - ebtables -t nat -F i-2-3-VM-out-ips 2018-07-10 21:27:47,337 - ebtables -t nat -X i-2-3-VM-out-ips ``` After updating to 4.12: Note that there are lines returning non-zero exit status 1 and other lines returning exit status 255, which does not necessary means an error. ``` 2018-07-10 22:08:04,889 - Failed to execute: ebtables -t nat -L PREROUTING | grep s-5-VM Traceback (most recent call last): File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 62, in execute return check_output(cmd, shell=True) File "/usr/lib/python2.7/subprocess.py", line 574, in check_output raise CalledProcessError(retcode, cmd, output=output) CalledProcessError: Command 'ebtables -t nat -L PREROUTING | grep s-5-VM' returned non-zero exit status 1 2018-07-10 22:08:04,891 - ebtables -t nat -L POSTROUTING | grep s-5-VM 2018-07-10 22:08:04,895 - Failed to execute: ebtables -t nat -L POSTROUTING | grep s-5-VM Traceback (most recent call last): File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 62, in execute return check_output(cmd, shell=True) File "/usr/lib/python2.7/subprocess.py", line 574, in check_output raise CalledProcessError(retcode, cmd, output=output) CalledProcessError: Command 'ebtables -t nat -L POSTROUTING | grep s-5-VM' returned non-zero exit status 1 2018-07-10 22:08:04,895 - ebtables -t nat -F s-5-VM-in 2018-07-10 22:08:04,898 - Failed to execute: ebtables -t nat -F s-5-VM-in Traceback (most recent call last): File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 62, in execute return check_output(cmd, shell=True) File "/usr/lib/python2.7/subprocess.py", line 574, in check_output raise CalledProcessError(retcode, cmd, output=output) CalledProcessError: Command 'ebtables -t nat -F s-5-VM-in' returned non-zero exit status 255 2018-07-10 22:08:04,898 - ebtables -t nat -X s-5-VM-in 2018-07-10 22:08:04,902 - Failed to execute: ebtables -t nat -X s-5-VM-in Traceback (most recent call last): File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py", line 62, in execute return check_output(cmd, shell=True) File "/usr/lib/python2.7/subprocess.py", line 574, in check_output raise CalledProcessError(retcode, cmd, output=output) CalledProcessError: Command 'ebtables -t nat -X s-5-VM-in' returned non-zero exit status 255 ``` After adding changes from this PR: ``` 2018-07-18 19:46:43,797 - vmName = i-2-38-VM 2018-07-18 19:46:43,797 - action = -D 2018-07-18 19:46:43,798 - vm ip 2001:db8::2 2018-07-18 19:46:43,798 - ipset -D i-2-38-VM 2001:db8::2 2018-07-18 19:46:43,804 - ip = 2001:db8::2 2018-07-18 19:46:43,804 - ebtables -t nat -D i-2-38-VM-in-ips -p ARP --arp-ip-src 2001:db8::2 -j RETURN 2018-07-18 19:46:43,809 - ebtables -t nat -D i-2-38-VM-out-ips -p ARP --arp-ip-dst 2001:db8::2 -j RETURN 2018-07-18 19:53:08,700 - Executing command: cleanup_rules 2018-07-18 19:53:08,703 - Vms on the host : ['s-34-VM', 'v-35-VM', 'r-37-VM', 'i-2-38-VM'] 2018-07-18 19:53:08,703 - iptables-save | grep -P '^:(?!.*-(def|eg))' | awk '{sub(/^:/, "", $1) ; print $1}' | sort | uniq 2018-07-18 19:53:08,710 - iptables chains in the host :['BF-cloudbr0', 'BF-cloudbr0-IN', 'BF-cloudbr0-OUT', 'BF-cloudbr1', 'BF-cloudbr1-IN', 'BF-cloudbr1-OUT', 'FORWARD', 'i-2-38-VM', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING', 'r-37-VM', 's-34-VM', 'v-35-VM', ''] 2018-07-18 19:53:08,711 - grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_// 2018-07-18 19:53:08,716 - ebtables -t nat -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq 2018-07-18 19:53:08,724 - ebtables -t filter -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq 2018-07-18 19:53:08,732 - ebtables chains in the host: ['FORWARD,', 'INPUT,', 'OUTPUT,', ''] 2018-07-18 19:53:08,732 - Cleaned up rules for 0 chains 2018-07-18 20:37:18,701 - Executing command: cleanup_rules 2018-07-18 20:37:18,704 - Vms on the host : ['s-34-VM', 'v-35-VM', 'r-37-VM', 'i-2-38-VM'] 2018-07-18 20:37:18,704 - iptables-save | grep -P '^:(?!.*-(def|eg))' | awk '{sub(/^:/, "", $1) ; print $1}' | sort | uniq 2018-07-18 20:37:18,710 - iptables chains in the host :['BF-cloudbr0', 'BF-cloudbr0-IN', 'BF-cloudbr0-OUT', 'BF-cloudbr1', 'BF-cloudbr1-IN', 'BF-cloudbr1-OUT', 'FORWARD', 'i-2-38-VM', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING', 'r-37-VM', 's-34-VM', 'v-35-VM', ''] 2018-07-18 20:37:18,710 - grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_// 2018-07-18 20:37:18,714 - ebtables -t nat -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq 2018-07-18 20:37:18,722 - ebtables -t filter -L | awk '/chain:/ { gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq 2018-07-18 20:37:18,727 - ebtables chains in the host: ['FORWARD,', 'INPUT,', 'OUTPUT,', ''] 2018-07-18 20:37:18,727 - Cleaned up rules for 0 chains 2018-07-18 20:43:01,624 - Executing command: network_rules_vmSecondaryIp 2018-07-18 20:43:01,624 - vmName = i-2-38-VM 2018-07-18 20:43:01,624 - action = -A 2018-07-18 20:43:01,626 - vm ip 192.168.100.71 2018-07-18 20:43:01,626 - ipset -A i-2-38-VM 192.168.100.71 2018-07-18 20:43:01,629 - ip = 192.168.100.71 2018-07-18 20:43:01,629 - ebtables -t nat -I i-2-38-VM-in-ips -p ARP --arp-ip-src 192.168.100.71 -j RETURN 2018-07-18 20:43:01,632 - ebtables -t nat -I i-2-38-VM-out-ips -p ARP --arp-ip-dst 192.168.100.71 -j RETURN ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services