Project

General

Profile

Bug #7892

rudder server debug fails on SLES 11

Added by Nicolas CHARLES almost 2 years ago. Updated 6 months ago.

Status:
Released
Priority:
N/A
Category:
System integration
Target version:
Target version (plugin):
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Priority:
45

Description

On a SLES11, running rudder server debug fails with following error message (as dictated over the phone)

iptables 1.4.6 cant initialize table, table NAT does not exist

Associated revisions

Revision 8548005e
Added by Benoît PECCATTE 7 months ago

Fixes #7892: rudder server debug fails on SLES 11

History

#1 Updated by Janos Mattyasovszky almost 2 years ago

Well, I have seen that you get an error when stopping the debugging by Ctrl+C:

# bash -x /opt/rudder/share/commands/server-debug 127.0.0.123
+ DEBUG_PORT=5310
+ set -e
+ trap anomaly_handler ERR INT TERM
+ STEP=INIT
+ NODE=127.0.0.123
+ '[' -z 127.0.0.123 ']'
+ STEP='Creating redirect iptables rule'
+ iptables -t nat -I PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310
+ STEP='Running debug server'
+ /var/rudder/cfengine-community/bin/cf-serverd -v --no-fork -D debug_port

[...]
2016-02-09T10:51:57+0100  verbose: Listening for connections ...
2016-02-09T10:51:57+0100   notice: Server is starting...
^C 2016-02-09T10:51:58+0100   notice: Cleaning up and exiting...
2016-02-09T10:51:58+0100  verbose: Closing listening socket
2016-02-09T10:51:58+0100  verbose: All threads are done, cleaning up allocations
++ anomaly_handler
++ iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310
++ echo ''

++ echo 'Debug has been stopped on step: Running debug server'
Debug has been stopped on step: Running debug server
+ STEP='Removing iptables rule'
+ iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310
iptables: No chain/target/match by that name.
++ anomaly_handler
++ iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310
iptables: No chain/target/match by that name.

Seen on:

# rpm -qf /opt/rudder/share/commands/server-debug
rudder-agent-3.0.13.release-1.SLES.11

This problem arises from the issue, that you also remove the same iptables rule on exit which was already removed by the anomaly_handler routine, so this at-the-end removal triggers an error, which also calls the anomaly_handler, which also tries to remove the iptables rule, causing a second error message on failure of removal.

My suggestion is to put the iptables-deletion into a function, that keeps track if it was already removed, or put an exit 1 into the anomaly_handler, so further code is not executed after a ctrl+C is handled (basically skipping "Removing iptables rule" on error).

#2 Updated by Jonathan CLARKE almost 2 years ago

  • Target version changed from 3.1.6 to 3.1.7

#3 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.7 to 3.1.8

#4 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.8 to 3.1.9

#5 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.9 to 3.1.10

#6 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.10 to 3.1.11

#7 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.11 to 3.1.12

#8 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.12 to 3.1.13

#9 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.13 to 3.1.14

#10 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.14 to 3.1.15

#11 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.15 to 3.1.16

#12 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.16 to 3.1.17

#13 Updated by Vincent MEMBRÉ 12 months ago

  • Target version changed from 3.1.17 to 3.1.18

#14 Updated by Vincent MEMBRÉ 9 months ago

  • Target version changed from 3.1.18 to 3.1.19

#15 Updated by Jonathan CLARKE 8 months ago

  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Getting started - demo | first install | level 1 Techniques

#16 Updated by Benoît PECCATTE 8 months ago

  • Priority set to 45

#17 Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 3.1.19 to 3.1.20

#18 Updated by Jonathan CLARKE 7 months ago

  • Assignee deleted (Benoît PECCATTE)

#19 Updated by Benoît PECCATTE 7 months ago

  • Status changed from New to In progress
  • Assignee set to Benoît PECCATTE

#20 Updated by Benoît PECCATTE 7 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Benoît PECCATTE to Alexis MOUSSET
  • Pull Request set to https://github.com/Normation/rudder-agent/pull/114

#21 Updated by Benoît PECCATTE 7 months ago

  • Status changed from Pending technical review to Pending release

#22 Updated by Vincent MEMBRÉ 6 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.20, 4.0.5 and 4.1.2 which were released today.

Also available in: Atom PDF