Re: vcld.log

Josh Thompson Wed, 27 May 2015 08:04:11 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lewis,


Under Manage Images, you can delete images (including all of their revisions) 
as well as deleting specific revisions (after clicking Edit next for that 
image).  However, doing this only flags them as deleted in the database.  As a 
measure to prevent images from accidentally being permanently deleted, they 
are not automatically deleted.  The following command should give you a list 
of base names for images that can then be manually deleted:

mysql vcl -e "SELECT imagename FROM imagerevision WHERE deleted = 1"

Also, in 2.4.2, you can delete VMware based images by using "vcl --setup".

Josh

On Wednesday, May 27, 2015 9:47:38 AM Elwin Litchfield wrote:
> Thanks, is there a way to remove deleted images?
> 
> On Wed, May 27, 2015 at 9:08 AM, Josh Thompson <[email protected]>
> 
> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Lewis,
> > 
> > That is correct.  However, if you can successfully make an imaging
> > reservation
> > and connect to it, you can use that as your starting point for updating
> > your
> > firewall configuration.  Then, just save it off as a new revision of the
> > image
> > or as a new image.
> > 
> > Josh
> > 
> > On Tuesday, May 26, 2015 7:52:23 PM Litchfield, Elwin L. wrote:
> > > I assume this configuration must be  done before the image is created.
> > > 
> > > 
> > > Lewis Litchfield
> > > Technology Services – Viking Center Lab
> > > University of South Florida Sarasota-Manatee
> > > 941-359-4231
> > > 
> > > ________________________________________
> > > From: Josh Thompson <[email protected]>
> > > Sent: Tuesday, May 26, 2015 3:40 PM
> > > To: [email protected]
> > > Subject: Re: vcld.log
> > > 
> > > Elwin,
> > > 
> > > I can't find any docs on how you are supposed to configure the firewall
> > 
> > for
> > 
> > > a base linux image under 2.3.2, and I don't remember the details of it.
> > 
> > I
> > 
> > > think something like the following should get your working.
> > > 
> > > First, stop iptables to clear all of the tables:
> > > 
> > > service iptables stop
> > > 
> > > Create a custom table - you can name it anything, we'll go with "VCL".
> > > 
> > > iptables -N VCL
> > > 
> > > Create a rule in INPUT that jumps to the VCL table for everything:
> > > 
> > > iptables -A INPUT -j VCL
> > > 
> > > Add a few important rules to the VCL table:
> > > 
> > > iptables -A VCL -i lo -j ACCEPT
> > > iptables -A VCL -m state --state RELATED,ESTABLISHED -j ACCEPT
> > > iptables -A VCL -p icmp -m icmp --icmp-type any -j ACCEPT
> > > 
> > > Add a rule to the VCL table to accept traffic from your management node:
> > > 
> > > iptables -A VCL -s <management node IP> -m state --state NEW -m tcp -p
> > 
> > tcp
> > 
> > > -- dport 22 -j ACCEPT
> > > 
> > > Add a rule to the VCL table to reject other traffic:
> > > 
> > > iptables -A VCL -j REJECT --reject-with icmp-host-prohibited
> > > 
> > > Save the new configuration:
> > > 
> > > service iptables save
> > > 
> > > If I remember correctly, VCL should then manage required additions and
> > > removals on the INPUT table, and leave the VCL table alone, and since
> > > the
> > > VCL table has a rule allowing traffic from your management node, it
> > 
> > should
> > 
> > > stop shutting itself out.
> > > 
> > > Let me know if this works for you.
> > > 
> > > Josh
> > > 
> > > On Tuesday, May 26, 2015 1:13:37 PM Elwin Litchfield wrote:
> > > > Everything seemed to work till the reservation was over.  Port 22 is
> > > > blocked, but ping is OK & port 3389 is still available & connection
> > 
> > with
> > 
> > > > admin ID & password presented at the beginning of the reservation.  I
> > 
> > have
> > 
> > > > bee reading the vcld.log & am unable to make any sense of it.  Can you
> > > > help
> > > > me understand what is hapening?
> > > > 
> > > > 
> > > > Thanks  2015-05-26
> > > > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > > 
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key  -o
> > > > 
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > '/sbin/chkconfig --list iptables' 2>&1
> > > > 2015-05-26
> > > > 12:26:32|9344|46:46|timeout|Linux.pm:service_exists(3186)|'iptables'
> > > > service exists
> > > > 2015-05-26
> > > > 12:26:32|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > > 
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key  -o
> > > > 
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > 'iptables -L --line-number -n' 2>&1
> > > > 2015-05-26
> > 
> > > > 12:26:33|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5020)|run_ssh_command
> > 
> > > > output:
> > > > |9344|46:46|timeout| Chain INPUT (policy ACCEPT)
> > > > |9344|46:46|timeout| num target prot opt source destination
> > > > |9344|46:46|timeout| 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
> > > > 
> > > > NEW,RELATED,ESTABLISHED tcp dpt:22
> > > > 
> > > > |9344|46:46|timeout| 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> > > > 
> > > > RELATED,ESTABLISHED
> > > > 
> > > > |9344|46:46|timeout| 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> > > > |9344|46:46|timeout| 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> > > > |9344|46:46|timeout| 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > > > 
> > > > dpt:443
> > > > 
> > > > |9344|46:46|timeout| 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > > > 
> > > > dpt:80
> > > > 
> > > > |9344|46:46|timeout| 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> > > > 
> > > > dpt:3389
> > > > 
> > > > |9344|46:46|timeout| 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
> > > > 
> > > > dpt:3389
> > > > 
> > > > |9344|46:46|timeout| 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> > > > 
> > > > icmp-host-prohibited
> > > > 
> > > > |9344|46:46|timeout| Chain FORWARD (policy ACCEPT)
> > > > |9344|46:46|timeout| num target prot opt source destination
> > > > |9344|46:46|timeout| 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> > > > 
> > > > icmp-host-prohibited
> > > > 
> > > > |9344|46:46|timeout| Chain OUTPUT (policy ACCEPT)
> > > > |9344|46:46|timeout| num target prot opt source destination
> > > > 
> > > > 2015-05-26 12:26:33|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5034)|SSH
> > 
> > > > command executed on VM7Cent6VCL1, returning (0, "Chain INPUT (policy
> > > > ACCEPT) nu...")
> > > > 2015-05-26
> > 
> > 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> > 
> > > > ut Chain = INPUT
> > > > 2015-05-26
> > 
> > 12:26:33|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > 
> > > > ut rule: 1, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 22
> > > > 2015-05-26
> > 
> > 12:26:35|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > 
> > > > ut rule: 5, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 443
> > > > 2015-05-26
> > 
> > 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > 
> > > > ut rule: 6, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 80
> > > > 2015-05-26
> > 
> > 12:26:36|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > 
> > > > ut rule: 7, ACCEPT, tcp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > > 2015-05-26 12:26:36|26123|vcld:main(167)|lastcheckin time updated for
> > > > management node 1: 2015-05-26 12:26:36
> > > > 2015-05-26
> > 
> > 12:26:37|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4007)|outp
> > 
> > > > ut rule: 8, ACCEPT, udp, 0.0.0.0/0, 0.0.0.0/0, 3389
> > > > 2015-05-26
> > 
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> > 
> > > > ut Chain = FORWARD
> > > > 2015-05-26
> > 
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(3991)|outp
> > 
> > > > ut Chain = OUTPUT
> > > > 2015-05-26
> > 
> > 12:26:38|9344|46:46|timeout|Linux.pm:get_firewall_configuration(4050)|retr
> > 
> > > > ie ved
> > > > 
> > > > firewall configuration from VM7Cent6VCL1:
> > > > |9344|46:46|timeout| : {
> > > > |9344|46:46|timeout| :   "FORWARD" => {
> > > > |9344|46:46|timeout| :     "1" => {
> > > > |9344|46:46|timeout| :       "all" => {
> > > > |9344|46:46|timeout| :         "any" => {
> > > > |9344|46:46|timeout| :           "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "name" => "any",
> > > > |9344|46:46|timeout| :           "number" => 1,
> > > > |9344|46:46|timeout| :           "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "target" => "REJECT"
> > > > |9344|46:46|timeout| :         }
> > > > |9344|46:46|timeout| :       }
> > > > |9344|46:46|timeout| :     }
> > > > |9344|46:46|timeout| :   },
> > > > |9344|46:46|timeout| :   "INPUT" => {
> > > > |9344|46:46|timeout| :     "1" => {
> > > > |9344|46:46|timeout| :       "tcp" => {
> > > > |9344|46:46|timeout| :         "22" => {
> > > > |9344|46:46|timeout| :           "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "name" => "ssh",
> > > > |9344|46:46|timeout| :           "number" => 1,
> > > > |9344|46:46|timeout| :           "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "target" => "ACCEPT"
> > > > |9344|46:46|timeout| :         }
> > > > |9344|46:46|timeout| :       }
> > > > |9344|46:46|timeout| :     },
> > > > |9344|46:46|timeout| :     "2" => {
> > > > |9344|46:46|timeout| :       "all" => {
> > > > |9344|46:46|timeout| :         "any" => {
> > > > |9344|46:46|timeout| :           "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "name" => "any",
> > > > |9344|46:46|timeout| :           "number" => 2,
> > > > |9344|46:46|timeout| :           "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "target" => "ACCEPT"
> > > > |9344|46:46|timeout| :         }
> > > > |9344|46:46|timeout| :       }
> > > > |9344|46:46|timeout| :     },
> > > > |9344|46:46|timeout| :     "3" => {
> > > > |9344|46:46|timeout| :       "icmp" => {
> > > > |9344|46:46|timeout| :         "any" => {
> > > > |9344|46:46|timeout| :           "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "name" => "any",
> > > > |9344|46:46|timeout| :           "number" => 3,
> > > > |9344|46:46|timeout| :           "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "target" => "ACCEPT"
> > > > |9344|46:46|timeout| :         }
> > > > |9344|46:46|timeout| :       }
> > > > |9344|46:46|timeout| :     },
> > > > |9344|46:46|timeout| :     "4" => {
> > > > |9344|46:46|timeout| :       "all" => {
> > > > |9344|46:46|timeout| :         "any" => {
> > > > |9344|46:46|timeout| :           "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "name" => "any",
> > > > |9344|46:46|timeout| :           "number" => 4,
> > > > |9344|46:46|timeout| :           "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "target" => "ACCEPT"
> > > > |9344|46:46|timeout| :         }
> > > > |9344|46:46|timeout| :       }
> > > > |9344|46:46|timeout| :     },
> > > > |9344|46:46|timeout| :     "5" => {
> > > > |9344|46:46|timeout| :       "tcp" => {
> > > > |9344|46:46|timeout| :         "443" => {
> > > > |9344|46:46|timeout| :           "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "name" => "https",
> > > > |9344|46:46|timeout| :           "number" => 5,
> > > > |9344|46:46|timeout| :           "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "target" => "ACCEPT"
> > > > |9344|46:46|timeout| :         }
> > > > |9344|46:46|timeout| :       }
> > > > |9344|46:46|timeout| :     },
> > > > |9344|46:46|timeout| :     "6" => {
> > > > |9344|46:46|timeout| :       "tcp" => {
> > > > |9344|46:46|timeout| :         "80" => {
> > > > |9344|46:46|timeout| :           "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "name" => "http",
> > > > |9344|46:46|timeout| :           "number" => 6,
> > > > |9344|46:46|timeout| :           "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "target" => "ACCEPT"
> > > > |9344|46:46|timeout| :         }
> > > > |9344|46:46|timeout| :       }
> > > > |9344|46:46|timeout| :     },
> > > > |9344|46:46|timeout| :     "7" => {
> > > > |9344|46:46|timeout| :       "tcp" => {
> > > > |9344|46:46|timeout| :         "3389" => {
> > > > |9344|46:46|timeout| :           "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "name" => "ms-wbt-server",
> > > > |9344|46:46|timeout| :           "number" => 7,
> > > > |9344|46:46|timeout| :           "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "target" => "ACCEPT"
> > > > |9344|46:46|timeout| :         }
> > > > |9344|46:46|timeout| :       }
> > > > |9344|46:46|timeout| :     },
> > > > |9344|46:46|timeout| :     "8" => {
> > > > |9344|46:46|timeout| :       "udp" => {
> > > > |9344|46:46|timeout| :         "3389" => {
> > > > |9344|46:46|timeout| :           "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "name" => "ms-wbt-server",
> > > > |9344|46:46|timeout| :           "number" => 8,
> > > > |9344|46:46|timeout| :           "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "target" => "ACCEPT"
> > > > |9344|46:46|timeout| :         }
> > > > |9344|46:46|timeout| :       }
> > > > |9344|46:46|timeout| :     },
> > > > |9344|46:46|timeout| :     "9" => {
> > > > |9344|46:46|timeout| :       "all" => {
> > > > |9344|46:46|timeout| :         "any" => {
> > > > |9344|46:46|timeout| :           "destination" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "name" => "any",
> > > > |9344|46:46|timeout| :           "number" => 9,
> > > > |9344|46:46|timeout| :           "scope" => "0.0.0.0/0",
> > > > |9344|46:46|timeout| :           "target" => "REJECT"
> > > > |9344|46:46|timeout| :         }
> > > > |9344|46:46|timeout| :       }
> > > > |9344|46:46|timeout| :     }
> > > > |9344|46:46|timeout| :   }
> > > > |9344|46:46|timeout| : }
> > > > 
> > > > 2015-05-26
> > 
> > 12:26:38|9344|46:46|timeout|Linux.pm:disable_firewall_port(3783)|attemptin
> > 
> > > > g
> > > > to execute command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > > 2015-05-26
> > > > 12:26:38|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > > 
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key  -o
> > > > 
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > 'iptables -D INPUT 1' 2>&1
> > > > 2015-05-26
> > 
> > > > 12:26:39|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5020)|run_ssh_command
> > 
> > > > output:
> > 
> > > > 2015-05-26 12:26:39|9344|46:46|timeout|utils.pm:
> > run_ssh_command(5034)|SSH
> > 
> > > > command executed on VM7Cent6VCL1, returning (0, "")
> > > > 2015-05-26
> > 
> > 12:26:39|9344|46:46|timeout|Linux.pm:disable_firewall_port(3785)|executed
> > 
> > > > command on VM7Cent6VCL1: 'iptables -D INPUT 1'
> > > > 2015-05-26
> > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4902)|executing
> > > > 
> > > > SSH command on VM7Cent6VCL1:
> > > > |9344|46:46|timeout| /usr/bin/ssh -i /etc/vcl/vcl.key  -o
> > > > 
> > > > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> > > > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x VM7Cent6VCL1
> > > > '/sbin/iptables-save > /etc/sysconfig/iptables' 2>&1
> > > > 
> > > > |9344|46:46|timeout| ---- WARNING ----
> > > > |9344|46:46|timeout| 2015-05-26
> > > > 
> > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(5006)|attempt
> > 
> > > > 1/3: failed to execute SSH command on VM7Cent6VCL1:
> > '/sbin/iptables-save >
> > 
> > > > /etc/sysconfig/iptables', exit status: 255, output:
> > > > |9344|46:46|timeout| ssh output (/sbin/ipta...): ssh: connect to host
> > > > 
> > > > VM7Cent6VCL1 port 22: No route to host
> > > > 
> > > > |9344|46:46|timeout| ( 0) utils.pm, run_ssh_command (line: 5006)
> > > > |9344|46:46|timeout| (-1) OS.pm, execute (line: 1992)
> > > > |9344|46:46|timeout| (-2) Linux.pm, disable_firewall_port (line: 3794)
> > > > |9344|46:46|timeout| (-3) OS.pm, process_connect_methods (line: 2576)
> > > > |9344|46:46|timeout| (-4) Linux.pm, sanitize (line: 1172)
> > > > |9344|46:46|timeout| (-5) reclaim.pm, call_os_sanitize (line: 271)
> > > > 
> > > > 2015-05-26
> > > > 12:26:39|9344|46:46|timeout|utils.pm:run_ssh_command(4894)|sleeping
> > 
> > for 2
> > 
> > > > seconds before making next SSH attempt
> > > > 201
> > > > 
> > > > Thanks
> > > > 
> > > > Lewis
> > > 
> > > --
> > > -------------------------------
> > > Josh Thompson
> > > VCL Developer
> > > North Carolina State University
> > > 
> > > my GPG/PGP key can be found at pgp.mit.edu
> > > 
> > > All electronic mail messages in connection with State business which
> > > are sent to or received by this account are subject to the NC Public
> > > Records Law and may be disclosed to third parties.
> > 
> > - --
> > - -------------------------------
> > Josh Thompson
> > VCL Developer
> > North Carolina State University
> > 
> > my GPG/PGP key can be found at pgp.mit.edu
> > 
> > All electronic mail messages in connection with State business which
> > are sent to or received by this account are subject to the NC Public
> > Records Law and may be disclosed to third parties.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2
> > 
> > iEYEARECAAYFAlVlweoACgkQV/LQcNdtPQMQMwCeKII154mTy404UH9lVj7Jay/C
> > BFkAn1bCP/vRTeQIFeOsz73Rx/dDUL13
> > =1olU
> > -----END PGP SIGNATURE-----
- -- 
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University

my GPG/PGP key can be found at pgp.mit.edu

All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlVl3J0ACgkQV/LQcNdtPQM1fgCfZ0B7WIekOFRYpwOP+ZltWcxG
iQMAn2TN7rxlrP1KcKhmupfGNxtDNJbj
=W6pN
-----END PGP SIGNATURE-----

Re: vcld.log

Reply via email to