rudder server debug fails on SLES 11
On a SLES11, running rudder server debug fails with following error message (as dictated over the phone)
iptables 1.4.6 cant initialize table, table NAT does not exist
#1 Updated by Janos Mattyasovszky over 2 years ago
Well, I have seen that you get an error when stopping the debugging by Ctrl+C:
# bash -x /opt/rudder/share/commands/server-debug 127.0.0.123 + DEBUG_PORT=5310 + set -e + trap anomaly_handler ERR INT TERM + STEP=INIT + NODE=127.0.0.123 + '[' -z 127.0.0.123 ']' + STEP='Creating redirect iptables rule' + iptables -t nat -I PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310 + STEP='Running debug server' + /var/rudder/cfengine-community/bin/cf-serverd -v --no-fork -D debug_port [...] 2016-02-09T10:51:57+0100 verbose: Listening for connections ... 2016-02-09T10:51:57+0100 notice: Server is starting... ^C 2016-02-09T10:51:58+0100 notice: Cleaning up and exiting... 2016-02-09T10:51:58+0100 verbose: Closing listening socket 2016-02-09T10:51:58+0100 verbose: All threads are done, cleaning up allocations ++ anomaly_handler ++ iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310 ++ echo '' ++ echo 'Debug has been stopped on step: Running debug server' Debug has been stopped on step: Running debug server + STEP='Removing iptables rule' + iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310 iptables: No chain/target/match by that name. ++ anomaly_handler ++ iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310 iptables: No chain/target/match by that name.
# rpm -qf /opt/rudder/share/commands/server-debug rudder-agent-3.0.13.release-1.SLES.11
This problem arises from the issue, that you also remove the same iptables rule on exit which was already removed by the anomaly_handler routine, so this at-the-end removal triggers an error, which also calls the anomaly_handler, which also tries to remove the iptables rule, causing a second error message on failure of removal.
My suggestion is to put the iptables-deletion into a function, that keeps track if it was already removed, or put an exit 1 into the anomaly_handler, so further code is not executed after a ctrl+C is handled (basically skipping "Removing iptables rule" on error).
#20 Updated by Benoît PECCATTE about 1 year ago
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis MOUSSET
- Pull Request set to https://github.com/Normation/rudder-agent/pull/114
#21 Updated by Benoît PECCATTE about 1 year ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-agent|8548005ec8fbd5bbba7970b2f13949b88432199b.
#22 Updated by Vincent MEMBRÉ about 1 year ago
- Status changed from Pending release to Released