Project

General

Profile

Bug #7892

rudder server debug fails on SLES 11

Added by Nicolas CHARLES over 4 years ago. Updated about 3 years ago.

Status:
Released
Priority:
N/A
Category:
System integration
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Priority:
45

Description

On a SLES11, running rudder server debug fails with following error message (as dictated over the phone)

iptables 1.4.6 cant initialize table, table NAT does not exist

#1

Updated by Janos Mattyasovszky over 4 years ago

Well, I have seen that you get an error when stopping the debugging by Ctrl+C:

# bash -x /opt/rudder/share/commands/server-debug 127.0.0.123
+ DEBUG_PORT=5310
+ set -e
+ trap anomaly_handler ERR INT TERM
+ STEP=INIT
+ NODE=127.0.0.123
+ '[' -z 127.0.0.123 ']'
+ STEP='Creating redirect iptables rule'
+ iptables -t nat -I PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310
+ STEP='Running debug server'
+ /var/rudder/cfengine-community/bin/cf-serverd -v --no-fork -D debug_port

[...]
2016-02-09T10:51:57+0100  verbose: Listening for connections ...
2016-02-09T10:51:57+0100   notice: Server is starting...
^C 2016-02-09T10:51:58+0100   notice: Cleaning up and exiting...
2016-02-09T10:51:58+0100  verbose: Closing listening socket
2016-02-09T10:51:58+0100  verbose: All threads are done, cleaning up allocations
++ anomaly_handler
++ iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310
++ echo ''

++ echo 'Debug has been stopped on step: Running debug server'
Debug has been stopped on step: Running debug server
+ STEP='Removing iptables rule'
+ iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310
iptables: No chain/target/match by that name.
++ anomaly_handler
++ iptables -t nat -D PREROUTING -p tcp -s 127.0.0.123 --dport 5309 -j DNAT --to-destination :5310
iptables: No chain/target/match by that name.

Seen on:

# rpm -qf /opt/rudder/share/commands/server-debug
rudder-agent-3.0.13.release-1.SLES.11

This problem arises from the issue, that you also remove the same iptables rule on exit which was already removed by the anomaly_handler routine, so this at-the-end removal triggers an error, which also calls the anomaly_handler, which also tries to remove the iptables rule, causing a second error message on failure of removal.

My suggestion is to put the iptables-deletion into a function, that keeps track if it was already removed, or put an exit 1 into the anomaly_handler, so further code is not executed after a ctrl+C is handled (basically skipping "Removing iptables rule" on error).

#2

Updated by Jonathan CLARKE over 4 years ago

  • Target version changed from 3.1.6 to 3.1.7
#3

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 3.1.7 to 3.1.8
#4

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 3.1.8 to 3.1.9
#5

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 3.1.9 to 3.1.10
#6

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 3.1.10 to 3.1.11
#7

Updated by Vincent MEMBRÉ almost 4 years ago

  • Target version changed from 3.1.11 to 3.1.12
#8

Updated by Vincent MEMBRÉ almost 4 years ago

  • Target version changed from 3.1.12 to 3.1.13
#9

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 3.1.13 to 3.1.14
#10

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 3.1.14 to 3.1.15
#11

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 3.1.15 to 3.1.16
#12

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 3.1.16 to 3.1.17
#13

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 3.1.17 to 3.1.18
#14

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 3.1.18 to 3.1.19
#15

Updated by Jonathan CLARKE about 3 years ago

  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Getting started - demo | first install | level 1 Techniques
#16

Updated by Benoît PECCATTE about 3 years ago

  • Priority set to 45
#17

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 3.1.19 to 3.1.20
#18

Updated by Jonathan CLARKE about 3 years ago

  • Assignee deleted (Benoît PECCATTE)
#19

Updated by Benoît PECCATTE about 3 years ago

  • Status changed from New to In progress
  • Assignee set to Benoît PECCATTE
#20

Updated by Benoît PECCATTE about 3 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Benoît PECCATTE to Alexis MOUSSET
  • Pull Request set to https://github.com/Normation/rudder-agent/pull/114
#21

Updated by Benoît PECCATTE about 3 years ago

  • Status changed from Pending technical review to Pending release
#22

Updated by Vincent MEMBRÉ about 3 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.20, 4.0.5 and 4.1.2 which were released today.

Also available in: Atom PDF