Bug #7892
closedrudder server debug fails on SLES 11
Description
On a SLES11, running rudder server debug fails with following error message (as dictated over the phone)
iptables 1.4.6 cant initialize table, table NAT does not exist
Updated by Janos Mattyasovszky over 8 years ago
Well, I have seen that you get an error when stopping the debugging by Ctrl+C:
# bash -x /opt/rudder/share/commands/server-debug 127.0.0.123 + DEBUG_PORT=5310 + set -e + trap anomaly_handler ERR INT TERM + STEP=INIT + NODE=127.0.0.123 + '[' -z 127.0.0.123 ']' + STEP='Creating redirect iptables rule' + iptables -t nat -I PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310 + STEP='Running debug server' + /var/rudder/cfengine-community/bin/cf-serverd -v --no-fork -D debug_port [...] 2016-02-09T10:51:57+0100 verbose: Listening for connections ... 2016-02-09T10:51:57+0100 notice: Server is starting... ^C 2016-02-09T10:51:58+0100 notice: Cleaning up and exiting... 2016-02-09T10:51:58+0100 verbose: Closing listening socket 2016-02-09T10:51:58+0100 verbose: All threads are done, cleaning up allocations ++ anomaly_handler ++ iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310 ++ echo '' ++ echo 'Debug has been stopped on step: Running debug server' Debug has been stopped on step: Running debug server + STEP='Removing iptables rule' + iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310 iptables: No chain/target/match by that name. ++ anomaly_handler ++ iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310 iptables: No chain/target/match by that name.
Seen on:
# rpm -qf /opt/rudder/share/commands/server-debug rudder-agent-3.0.13.release-1.SLES.11
This problem arises from the issue, that you also remove the same iptables rule on exit which was already removed by the anomaly_handler routine, so this at-the-end removal triggers an error, which also calls the anomaly_handler, which also tries to remove the iptables rule, causing a second error message on failure of removal.
My suggestion is to put the iptables-deletion into a function, that keeps track if it was already removed, or put an exit 1 into the anomaly_handler, so further code is not executed after a ctrl+C is handled (basically skipping "Removing iptables rule" on error).
Updated by Jonathan CLARKE over 8 years ago
- Target version changed from 3.1.6 to 3.1.7
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 3.1.7 to 3.1.8
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 3.1.8 to 3.1.9
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 3.1.9 to 3.1.10
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 3.1.10 to 3.1.11
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 3.1.11 to 3.1.12
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.12 to 3.1.13
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.13 to 3.1.14
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.14 to 3.1.15
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.15 to 3.1.16
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.16 to 3.1.17
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 3.1.17 to 3.1.18
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.18 to 3.1.19
Updated by Jonathan CLARKE over 7 years ago
- Severity set to Major - prevents use of part of Rudder | no simple workaround
- User visibility set to Getting started - demo | first install | level 1 Techniques
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.19 to 3.1.20
Updated by Benoît PECCATTE over 7 years ago
- Status changed from New to In progress
- Assignee set to Benoît PECCATTE
Updated by Benoît PECCATTE over 7 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-agent/pull/114
Updated by Benoît PECCATTE over 7 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-agent|8548005ec8fbd5bbba7970b2f13949b88432199b.
Updated by Vincent MEMBRÉ over 7 years ago
- Status changed from Pending release to Released