Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disabling managing firewall - cloudstack-setup-management #4239

Merged
merged 3 commits into from
Sep 22, 2020
Merged

Disabling managing firewall - cloudstack-setup-management #4239

merged 3 commits into from
Sep 22, 2020

Conversation

davidjumani
Copy link
Contributor

@davidjumani davidjumani commented Aug 3, 2020
edited
Loading

Description

Disabling managing iptables on the management server since the host might be using unsupported firewall management tools

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)

@andrijapanicsb
Copy link
Contributor

@davidjumani - thx for the PR. I see only comment added, but not really removing the actual code which injects raw iptable rules (iptables -A ....) and which runs the "iptables-save > /etc/sysconfig/iptables" command, and restarts iptables service...

I believe we want ZERO management of the iptables, as the rules from the /etc/sysconfig/iptables are overridden by the rules managed by firewalld (which is installed by default on CentOS 7/8)

/cc @PaulAngus @rhtyd @GabrielBrascher @wido @weizhouapache

@andrijapanicsb andrijapanicsb changed the title Adding message to ensure ports are open Adding message to ensure ports are open - cloudstack-setup-management Aug 3, 2020
@wido
Copy link
Contributor

wido commented Aug 4, 2020

We do not want to manage iptables indeed. We (CloudStack) should never touch firewalls. That's up to the admin.

@davidjumani
Copy link
Contributor Author

Thanks @andrijapanicsb @wido Made the changes!

@davidjumani
Copy link
Contributor Author

@blueorangutan package

@davidjumani davidjumani changed the title Adding message to ensure ports are open - cloudstack-setup-management Disabling managing firewall - cloudstack-setup-management Aug 4, 2020
@blueorangutan
Copy link

@davidjumani a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result: ✔centos7 ✔debian. JID-1640

@rohityadavcloud rohityadavcloud added this to the 4.15.0.0 milestone Aug 5, 2020
@rohityadavcloud
Copy link
Member

LGTM
@blueorangutan package

@blueorangutan
Copy link

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@rohityadavcloud
Copy link
Member

this needs a test run as changes are in cloudstack-setup-management cc @davidjumani pl kick test when lab is online

@DaanHoogland
Copy link
Contributor

@blueorangutan package

@blueorangutan
Copy link

@DaanHoogland a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result: ✔centos7 ✔debian. JID-1707

@davidjumani
Copy link
Contributor Author

@blueorangutan test

@blueorangutan
Copy link

@davidjumani a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

@rohityadavcloud
Copy link
Member

@davidjumani env fails to deploy

rohityadavcloud
rohityadavcloud reviewed Aug 11, 2020
View reviewed changes
python/lib/cloudutils/syscfg.py
class sysConfigServerRedhat(sysConfigServer):
def __init__(self, glbEnv):
super(sysConfigServerRedhat, self).__init__(glbEnv)
self.svo = serviceOpsRedhat()
self.services = [firewallConfigServer(self)]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@davidjumani I think we should revert the previous behaviour and simply print the statement. Otherwise, env will not deploy. Previously the cloudstack-setup-management would open firewall, now that you've changed it - either (a) document this and fix trillian to open the ports both CentOS/Ubuntu envs, or (b) just print the line for information sake.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rhtyd I was able to deploy a kvm env for basic testing, and everything seems to work. Will look into why it failed this time

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay @davidjumani when you confirm we'll be able to merge this

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's good to go. Env came up and smoke tests ran successfully!

@davidjumani
Copy link
Contributor Author

@blueorangutan test

@blueorangutan
Copy link

@davidjumani a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

@blueorangutan
Copy link

Trillian test result (tid-2370)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 39612 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr4239-t2370-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_kubernetes_supported_versions.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_vpn.py
Smoke tests completed. 82 look OK, 1 have error(s)
Only failed tests results shown below:

Test Result Time (s) Test File
test_01_add_delete_kubernetes_supported_version Error 1810.31 test_kubernetes_supported_versions.py

@davidjumani davidjumani marked this pull request as ready for review August 12, 2020 04:43
@davidjumani
Copy link
Contributor Author

@blueorangutan package

@blueorangutan
Copy link

@davidjumani a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result: ✔centos7 ✔debian. JID-1772

@rohityadavcloud
Copy link
Member

Just a reminder - pl kick test on centos8 and Ubuntu for this @davidjumani (use Jenkins if BO is limiting, thnx)

@davidjumani
Copy link
Contributor Author

@rhtyd Jenkins was failing. Kicking them off now!

@blueorangutan
Copy link

Trillian test result (tid-2583)
Environment: kvm-ubuntu18 (x2), Advanced Networking with Mgmt server u18
Total time taken: 52615 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr4239-t2583-kvm-ubuntu18.zip
Intermittent failure detected: /marvin/tests/smoke/test_kubernetes_clusters.py
Intermittent failure detected: /marvin/tests/smoke/test_vm_life_cycle.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Intermittent failure detected: /marvin/tests/smoke/test_host_maintenance.py
Intermittent failure detected: /marvin/tests/smoke/test_hostha_kvm.py
Smoke tests completed. 81 look OK, 4 have error(s)
Only failed tests results shown below:

Test Result Time (s) Test File
test_01_deploy_kubernetes_cluster Error 0.10 test_kubernetes_clusters.py
test_02_deploy_kubernetes_ha_cluster Error 0.05 test_kubernetes_clusters.py
test_04_deploy_and_upgrade_kubernetes_cluster Error 0.05 test_kubernetes_clusters.py
test_05_deploy_and_upgrade_kubernetes_ha_cluster Error 0.05 test_kubernetes_clusters.py
test_06_deploy_and_invalid_upgrade_kubernetes_cluster Error 0.04 test_kubernetes_clusters.py
test_07_deploy_and_scale_kubernetes_cluster Error 0.04 test_kubernetes_clusters.py
test_11_migrate_vm Error 48.10 test_vm_life_cycle.py
test_14_secure_to_secure_vm_migration Error 97.56 test_vm_life_cycle.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL Failure 433.68 test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics Error 3891.22 test_vpc_redundant.py
test_hostha_kvm_host_fencing Error 178.89 test_hostha_kvm.py

@davidjumani
Copy link
Contributor Author

@blueorangutan test

@blueorangutan
Copy link

@davidjumani a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

@blueorangutan
Copy link

Trillian test result (tid-2584)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 56315 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr4239-t2584-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_kubernetes_clusters.py
Intermittent failure detected: /marvin/tests/smoke/test_outofbandmanagement.py
Intermittent failure detected: /marvin/tests/smoke/test_privategw_acl.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Intermittent failure detected: /marvin/tests/smoke/test_hostha_kvm.py
Smoke tests completed. 81 look OK, 4 have error(s)
Only failed tests results shown below:

Test Result Time (s) Test File
test_01_deploy_kubernetes_cluster Error 0.10 test_kubernetes_clusters.py
test_02_deploy_kubernetes_ha_cluster Error 0.07 test_kubernetes_clusters.py
test_04_deploy_and_upgrade_kubernetes_cluster Error 0.08 test_kubernetes_clusters.py
test_05_deploy_and_upgrade_kubernetes_ha_cluster Error 0.09 test_kubernetes_clusters.py
test_06_deploy_and_invalid_upgrade_kubernetes_cluster Error 0.07 test_kubernetes_clusters.py
test_07_deploy_and_scale_kubernetes_cluster Error 0.05 test_kubernetes_clusters.py
test_oobm_issue_power_cycle Error 17.36 test_outofbandmanagement.py
test_oobm_issue_power_on Error 18.22 test_outofbandmanagement.py
test_oobm_issue_power_reset Error 20.10 test_outofbandmanagement.py
test_oobm_issue_power_soft Error 19.77 test_outofbandmanagement.py
test_oobm_issue_power_status Error 21.67 test_outofbandmanagement.py
test_oobm_zchange_password Error 8.93 test_outofbandmanagement.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL Failure 458.72 test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers Error 347.90 test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics Error 3971.48 test_vpc_redundant.py
test_hostha_kvm_host_fencing Error 174.70 test_hostha_kvm.py

@blueorangutan
Copy link

Trillian test result (tid-2591)
Environment: kvm-ubuntu18 (x2), Advanced Networking with Mgmt server u18
Total time taken: 49331 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr4239-t2591-kvm-ubuntu18.zip
Intermittent failure detected: /marvin/tests/smoke/test_vm_life_cycle.py
Intermittent failure detected: /marvin/tests/smoke/test_host_maintenance.py
Intermittent failure detected: /marvin/tests/smoke/test_hostha_kvm.py
Smoke tests completed. 83 look OK, 2 have error(s)
Only failed tests results shown below:

Test Result Time (s) Test File
test_11_migrate_vm Error 49.00 test_vm_life_cycle.py
test_14_secure_to_secure_vm_migration Error 101.44 test_vm_life_cycle.py
test_hostha_kvm_host_fencing Error 103.36 test_hostha_kvm.py

@rohityadavcloud
Copy link
Member

@davidjumani can you check the centos7 failures, are those caused by regression or env related?

@blueorangutan
Copy link

Trillian test result (tid-2637)
Environment: kvm-ubuntu18 (x2), Advanced Networking with Mgmt server u18
Total time taken: 67832 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr4239-t2637-kvm-ubuntu18.zip
Intermittent failure detected: /marvin/tests/smoke/test_internal_lb.py
Intermittent failure detected: /marvin/tests/smoke/test_iso.py
Intermittent failure detected: /marvin/tests/smoke/test_kubernetes_supported_versions.py
Intermittent failure detected: /marvin/tests/smoke/test_password_server.py
Intermittent failure detected: /marvin/tests/smoke/test_routers_network_ops.py
Intermittent failure detected: /marvin/tests/smoke/test_vm_life_cycle.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Intermittent failure detected: /marvin/tests/smoke/test_host_maintenance.py
Intermittent failure detected: /marvin/tests/smoke/test_hostha_kvm.py
Smoke tests completed. 79 look OK, 6 have error(s)
Only failed tests results shown below:

Test Result Time (s) Test File
test_04_extract_Iso Failure 1082.38 test_iso.py
test_01_add_delete_kubernetes_supported_version Error 1803.13 test_kubernetes_supported_versions.py
test_isolate_network_password_server Failure 17.53 test_password_server.py
test_11_migrate_vm Error 52.61 test_vm_life_cycle.py
test_14_secure_to_secure_vm_migration Error 116.38 test_vm_life_cycle.py
test_02_redundant_VPC_default_routes Failure 443.33 test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers Error 385.90 test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics Error 3893.27 test_vpc_redundant.py
test_hostha_kvm_host_fencing Error 224.88 test_hostha_kvm.py

@davidjumani
Copy link
Contributor Author

@rhtyd Looking at the logs, the failures are env related issues

@DaanHoogland
Copy link
Contributor

@blueorangutan package

@blueorangutan
Copy link

@DaanHoogland a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result: ✔centos7 ✔centos8 ✔debian. JID-2042

@DaanHoogland
Copy link
Contributor

@blueorangutan test

@blueorangutan
Copy link

@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

DaanHoogland
DaanHoogland approved these changes Sep 21, 2020
View reviewed changes
Copy link
Contributor

@DaanHoogland DaanHoogland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changes look good, I would like to see another smoke test result set

@DaanHoogland
Copy link
Contributor

@blueorangutan test

@blueorangutan
Copy link

@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

@blueorangutan
Copy link

Trillian test result (tid-2826)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 65712 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr4239-t2826-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_kubernetes_clusters.py
Intermittent failure detected: /marvin/tests/smoke/test_kubernetes_supported_versions.py
Intermittent failure detected: /marvin/tests/smoke/test_privategw_acl.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Intermittent failure detected: /marvin/tests/smoke/test_hostha_kvm.py
Smoke tests completed. 81 look OK, 4 have error(s)
Only failed tests results shown below:

Test Result Time (s) Test File
test_01_add_delete_kubernetes_supported_version Error 909.24 test_kubernetes_supported_versions.py
test_02_vpc_privategw_static_routes Failure 238.99 test_privategw_acl.py
test_03_vpc_privategw_restart_vpc_cleanup Failure 257.43 test_privategw_acl.py
test_04_rvpc_privategw_static_routes Failure 403.79 test_privategw_acl.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers Failure 422.75 test_vpc_redundant.py
test_hostha_kvm_host_fencing Error 172.66 test_hostha_kvm.py

@rohityadavcloud rohityadavcloud merged commit ead9a34 into apache:master Sep 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rohityadavcloud rohityadavcloud rohityadavcloud approved these changes

@wido wido wido approved these changes

@DaanHoogland DaanHoogland DaanHoogland approved these changes

@andrijapanicsb andrijapanicsb Awaiting requested review from andrijapanicsb

@borisstoyanov borisstoyanov Awaiting requested review from borisstoyanov

@PaulAngus PaulAngus Awaiting requested review from PaulAngus

Assignees
No one assigned
Labels
component:management-server type:enhancement
Projects
None yet
Milestone
4.15.0.0
Development

Successfully merging this pull request may close these issues.
7 participants
@davidjumani @andrijapanicsb @wido @blueorangutan @rohityadavcloud @DaanHoogland @svenvogel