Everything seemed to work till the reservation was over. Port 22 is
blocked, but ping is OK & port 3389 is still available & connection with
admin ID & password presented at the beginning of the reservation. I have
bee reading the vcld.log & am unable to make any sense of it. Can you help
me understand what is hapening?
Thanks 2015-05-26
12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
SSH command on VM7Cent6VCL1:
|9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
'/sbin/chkconfig --list iptables' 2>&1
2015-05-26
12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
service exists
2015-05-26 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
SSH command on VM7Cent6VCL1:
|9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
'iptables -L --line-number -n' 2>&1
2015-05-26
12:26:33|9344|46:46|timeout|utils.pm:run_ssh_command(5020)|run_ssh_command
output:
|9344|46:46|timeout| Chain INPUT (policy ACCEPT)
|9344|46:46|timeout| num target prot opt source destination
|9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,RELATED,ESTABLISHED tcp dpt:22
|9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
|9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
|9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
|9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:443
|9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:80
|9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:3389
|9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
dpt:3389
|9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
|9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
|9344|46:46|timeout| num target prot opt source destination
|9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
|9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
|9344|46:46|timeout| num target prot opt source destination
2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:run_ssh_command(5034)|SSH
command executed on VM7Cent6VCL1, returning (0, "Chain INPUT (policy
ACCEPT) nu...")
2015-05-26
12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
Chain = INPUT
2015-05-26
12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
2015-05-26
12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
2015-05-26
12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
2015-05-26
12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated for
management node 1: 2015-05-26 12:26:36
2015-05-26
12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|output
rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
2015-05-26
12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
Chain = FORWARD
2015-05-26
12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|output
Chain = OUTPUT
2015-05-26
12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|retrieved
firewall configuration from VM7Cent6VCL1:
|9344|46:46|timeout| : {
|9344|46:46|timeout| : "FORWARD" => {
|9344|46:46|timeout| : "1" => {
|9344|46:46|timeout| : "all" => {
|9344|46:46|timeout| : "any" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "any",
|9344|46:46|timeout| : "number" => 1,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "REJECT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "INPUT" => {
|9344|46:46|timeout| : "1" => {
|9344|46:46|timeout| : "tcp" => {
|9344|46:46|timeout| : "22" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "ssh",
|9344|46:46|timeout| : "number" => 1,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "2" => {
|9344|46:46|timeout| : "all" => {
|9344|46:46|timeout| : "any" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "any",
|9344|46:46|timeout| : "number" => 2,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "3" => {
|9344|46:46|timeout| : "icmp" => {
|9344|46:46|timeout| : "any" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "any",
|9344|46:46|timeout| : "number" => 3,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "4" => {
|9344|46:46|timeout| : "all" => {
|9344|46:46|timeout| : "any" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "any",
|9344|46:46|timeout| : "number" => 4,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "5" => {
|9344|46:46|timeout| : "tcp" => {
|9344|46:46|timeout| : "443" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "https",
|9344|46:46|timeout| : "number" => 5,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "6" => {
|9344|46:46|timeout| : "tcp" => {
|9344|46:46|timeout| : "80" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "http",
|9344|46:46|timeout| : "number" => 6,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "7" => {
|9344|46:46|timeout| : "tcp" => {
|9344|46:46|timeout| : "3389" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "ms-wbt-server",
|9344|46:46|timeout| : "number" => 7,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "8" => {
|9344|46:46|timeout| : "udp" => {
|9344|46:46|timeout| : "3389" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "ms-wbt-server",
|9344|46:46|timeout| : "number" => 8,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "ACCEPT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : },
|9344|46:46|timeout| : "9" => {
|9344|46:46|timeout| : "all" => {
|9344|46:46|timeout| : "any" => {
|9344|46:46|timeout| : "destination" => "0.0.0.0/0",
|9344|46:46|timeout| : "name" => "any",
|9344|46:46|timeout| : "number" => 9,
|9344|46:46|timeout| : "scope" => "0.0.0.0/0",
|9344|46:46|timeout| : "target" => "REJECT"
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
|9344|46:46|timeout| : }
2015-05-26
12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attempting
to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
2015-05-26 12:26:38|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
SSH command on VM7Cent6VCL1:
|9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
'iptables -D INPUT 1' 2>&1
2015-05-26
12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5020)|run_ssh_command
output:
2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5034)|SSH
command executed on VM7Cent6VCL1, returning (0, "")
2015-05-26
12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|executed
command on VM7Cent6VCL1: 'iptables -D INPUT 1'
2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
SSH command on VM7Cent6VCL1:
|9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
'/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
|9344|46:46|timeout| ---- WARNING ----
|9344|46:46|timeout| 2015-05-26
12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5006)|attempt
1/3: failed to execute SSH command on VM7Cent6VCL1: '/sbin/iptables-save >
/etc/sysconfig/iptables', exit status: 255, output:
|9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to host
VM7Cent6VCL1 port 22: No route to host
|9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
|9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
|9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line: 3794)
|9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line: 2576)
|9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
|9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line: 271)
2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4894)|sleeping
for 2 seconds before making next SSH attempt
201
Thanks
Lewis
