[ https://issues.apache.org/jira/browse/CLOUDSTACK-9872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15966014#comment-15966014 ]
ASF GitHub Bot commented on CLOUDSTACK-9872: -------------------------------------------- GitHub user Slair1 opened a pull request: https://github.com/apache/cloudstack/pull/2040 CLOUDSTACK-9872: Gather all S2S vpn statuses before outputting The checkbatchs2svpn.sh VR script returns ("via echo") that status of each requested S2S VPN check one-at-a-time. If there is even a slight delay between VPN checks, the sshExecutor stops monitoring stdout and assumes it has all of the output. When checking the management server logs, we see a request to check _X_ number of VPNs, but the response is occasionally less than _X_ number... The rest of the Cloudstack code assumes "isConnected" as false if the VPN is not included in the response. We've noticed that if an account had more than 3 site-to-site VPNs, that there are many errors per day stating that a S2S VPN is down. This is exacerbated by Issue CLOUDSTACK-9873, because that issues causes the S2S VPN check (and many others) to run twice as often as intended. Example where a request was to check 4x S2S VPN connections, but only 3x responses were returned. ``` 2017-04-11 17:05:40,444 DEBUG [c.c.h.x.r.CitrixResourceBase] (DirectAgent-190:ctx-e894af45) (logid:cbbccfaa) Executing command in VR: /opt/cloud/bin/router_proxy.sh checkbatchs2svpn.sh 169.254.2.130 67.41.109.167 65.100.18.183 67.41.109.165 67.41.109.166 2017-04-11 17:05:41,836 DEBUG [c.c.a.t.Request] (DirectAgent-190:ctx-e894af45) (logid:cbbccfaa) Seq 51-772085861117329631: Processing: { Ans: , MgmtId: 345050927939, via: 51(cloudxen01.dsm1.ippathways.net), Ver: v1, Flags: 110, [{"com.cloud.agent.api.CheckS2SVpnConnectionsAnswer":{"ipToConnected":{"65.100.18.183":true,"67.41.109.167":true,"67.41.109.165":true},"ipToDetail":{"65.100.18.183":"ISAKMP SA found;IPsec SA found;Site-to-site VPN have connected","67.41.109.167":"ISAKMP SA found;IPsec SA found;Site-to-site VPN have connected","67.41.109.165":"ISAKMP SA found;IPsec SA found;Site-to-site VPN have connected"},"details":"67.41.109.167:0:ISAKMP SA found;IPsec SA found;Site-to-site VPN have connected&65.100.18.183:0:ISAKMP SA found;IPsec SA found;Site-to-site VPN have connected&67.41.109.165:0:ISAKMP SA found;IPsec SA found;Site-to-site VPN have connected&","result":true,"wait":0}}] } ``` You can merge this pull request into a Git repository by running: $ git pull https://github.com/Slair1/cloudstack CLOUDSTACK-9872-Check-Batch-S2S-VPN Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cloudstack/pull/2040.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2040 ---- commit 9814be159d87073535716542a4430380e4202576 Author: Slair1 <sl...@ippathways.com> Date: 2017-04-12T14:58:56Z Gather all S2S vpn statuses before outputting ---- > Batch S2S VPN script doesn't return all responses > ------------------------------------------------- > > Key: CLOUDSTACK-9872 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9872 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Virtual Router > Affects Versions: 4.8.0, 4.9.0, 4.10.0.0, 4.8.1.1, 4.9.0.1 > Environment: Any using Site-to-Site VPNs. Seems to be all versions > of Cloudstack > Reporter: Sean Lair > Priority: Minor > Original Estimate: 1h > Remaining Estimate: 1h > > The checkbatchs2svpn.sh VR script returns ("via echo") that status of each > requested S2S VPN check one-at-a-time. If there is even a slight delay > between VPN checks, the sshExecutor stops monitoring stdout and assumes it > has all of the output. > When checking the management server logs, we see a request to check X number > of VPNs, but the response is occasionally less than X number... The rest of > the Cloudstack code assumes "isConnected" as false if the VPN is not included > in the response. > We've noticed that if an account had more than 3 site-to-site VPNs, that > there are many errors per day stating that a S2S VPN is down. > This is exacerbated by Issue CLOUDSTACK-9873, because that issues causes the > S2S VPN check (and many others) to run twice as often as intended. -- This message was sent by Atlassian JIRA (v6.3.15#6346)