[jira] [Commented] (CLOUDSTACK-9872) Batch S2S VPN script doesn't return all responses

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15966014#comment-15966014
 ] 

ASF GitHub Bot commented on CLOUDSTACK-9872:
--------------------------------------------

GitHub user Slair1 opened a pull request:

    https://github.com/apache/cloudstack/pull/2040

    CLOUDSTACK-9872: Gather all S2S vpn statuses before outputting

    The checkbatchs2svpn.sh VR script returns ("via echo") that status of each 
requested S2S VPN check one-at-a-time.  If there is even a slight delay between 
VPN checks, the sshExecutor stops monitoring stdout and assumes it has all of 
the output.
    
    When checking the management server logs, we see a request to check _X_ 
number of VPNs, but the response is occasionally less than _X_ number... The 
rest of the Cloudstack code assumes "isConnected" as false if the VPN is not 
included in the response.
    
    We've noticed that if an account had more than 3 site-to-site VPNs, that 
there are many errors per day stating that a S2S VPN is down.
    
    This is exacerbated by Issue CLOUDSTACK-9873, because that issues causes 
the S2S VPN check (and many others) to run twice as often as intended.
    
    Example where a request was to check 4x S2S VPN connections, but only 3x 
responses were returned.
    ```
    2017-04-11 17:05:40,444 DEBUG [c.c.h.x.r.CitrixResourceBase] 
(DirectAgent-190:ctx-e894af45) (logid:cbbccfaa) Executing command in VR: 
/opt/cloud/bin/router_proxy.sh checkbatchs2svpn.sh 169.254.2.130 67.41.109.167 
65.100.18.183 67.41.109.165 67.41.109.166
    
    2017-04-11 17:05:41,836 DEBUG [c.c.a.t.Request] 
(DirectAgent-190:ctx-e894af45) (logid:cbbccfaa) Seq 51-772085861117329631: 
Processing:  { Ans: , MgmtId: 345050927939, via: 
51(cloudxen01.dsm1.ippathways.net), Ver: v1, Flags: 110, 
[{"com.cloud.agent.api.CheckS2SVpnConnectionsAnswer":{"ipToConnected":{"65.100.18.183":true,"67.41.109.167":true,"67.41.109.165":true},"ipToDetail":{"65.100.18.183":"ISAKMP
 SA found;IPsec SA found;Site-to-site VPN have 
connected","67.41.109.167":"ISAKMP SA found;IPsec SA found;Site-to-site VPN 
have connected","67.41.109.165":"ISAKMP SA found;IPsec SA found;Site-to-site 
VPN have connected"},"details":"67.41.109.167:0:ISAKMP SA found;IPsec SA 
found;Site-to-site VPN have connected&65.100.18.183:0:ISAKMP SA found;IPsec SA 
found;Site-to-site VPN have connected&67.41.109.165:0:ISAKMP SA found;IPsec SA 
found;Site-to-site VPN have connected&","result":true,"wait":0}}] }
    ```
    


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/Slair1/cloudstack 
CLOUDSTACK-9872-Check-Batch-S2S-VPN

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/2040.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2040
    
----
commit 9814be159d87073535716542a4430380e4202576
Author: Slair1 <sl...@ippathways.com>
Date:   2017-04-12T14:58:56Z

    Gather all S2S vpn statuses before outputting

----


> Batch S2S VPN script doesn't return all responses
> -------------------------------------------------
>
>                 Key: CLOUDSTACK-9872
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9872
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Virtual Router
>    Affects Versions: 4.8.0, 4.9.0, 4.10.0.0, 4.8.1.1, 4.9.0.1
>         Environment: Any using Site-to-Site VPNs.  Seems to be all versions 
> of Cloudstack
>            Reporter: Sean Lair
>            Priority: Minor
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> The checkbatchs2svpn.sh VR script returns ("via echo") that status of each 
> requested S2S VPN check one-at-a-time.  If there is even a slight delay 
> between VPN checks, the sshExecutor stops monitoring stdout and assumes it 
> has all of the output.  
> When checking the management server logs, we see a request to check X number 
> of VPNs, but the response is occasionally less than X number...  The rest of 
> the Cloudstack code assumes "isConnected" as false if the VPN is not included 
> in the response.
> We've noticed that if an account had more than 3 site-to-site VPNs, that 
> there are many errors per day stating that a S2S VPN is down.
> This is exacerbated by Issue CLOUDSTACK-9873, because that issues causes the 
> S2S VPN check (and many others) to run twice as often as intended.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)