Uploaded image for project: 'CloudStack'
  1. CloudStack
  2. CLOUDSTACK-10177

NPE when programming Security Groups with KVM

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 4.10.0.0
    • 4.11.0.0
    • KVM
    • Security Level: Public (Anyone can view this level - this is the default.)
    • Ubuntu 16.04 - KVM

    Description

      On a Hypervisor we saw the programming of Security Groups fail and I am not sure yet why:

      2017-12-06 14:10:31,095 DEBUG [cloud.agent.Agent] (agentRequest-Handler-15:null) (logid:e68a57b9) Request:Seq 1-3318027025465216281: { Cmd , MgmtId: 90520741056852, via: 1, Ver: v1, Flags: 100111, [{"com.cloud.agent.api.SecurityGroupRulesCmd":{"guestIp":"62.221.192.7","vmName":"i-
      4-6-VM","guestMac":"1e:00:4f:00:00:f9","signature":"4134ed9a39aa2aa85620780ce4b7bc27","seqNum":14,"vmId":6,"msId":90520741056852,"ingressRuleSet":[

      Unknown macro: {"proto"}

      ],"egressRuleSet":[],"wait":0}}] }
      2017-12-06 14:10:31,095 DEBUG [cloud.agent.Agent] (agentRequest-Handler-15:null) (logid:e68a57b9) Processing command: com.cloud.agent.api.SecurityGroupRulesCmd
      2017-12-06 14:10:31,095 DEBUG [kvm.resource.LibvirtConnection] (agentRequest-Handler-15:null) (logid:e68a57b9) Looking for libvirtd connection at: qemu:///system
      2017-12-06 14:10:31,098 DEBUG [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-15:null) (logid:e68a57b9) Executing: /usr/share/cloudstack-common/scripts/vm/network/security_group.py add_network_rules --vmname i-4-6-VM --vmid 6 --vmip 62.221.192.7 --vmip6 null --sig 413
      4ed9a39aa2aa85620780ce4b7bc27 --seq 14 --vmmac 1e:00:4f:00:00:f9 --vif vnet6 --brname cloudbr0 --nicsecips 0: --rules I:tcp:22:22:0.0.0.0/0,NEXT;
      2017-12-06 14:10:31,098 WARN [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-15:null) (logid:e68a57b9) Exception: /usr/share/cloudstack-common/scripts/vm/network/security_group.py add_network_rules --vmname i-4-6-VM --vmid 6 --vmip 62.221.192.7 --vmip6 null --sig 4134ed9a39aa2aa85620780ce4b7bc27 --seq 14 --vmmac 1e:00:4f:00:00:f9 --vif vnet6 --brname cloudbr0 --nicsecips 0: --rules I:tcp:22:22:0.0.0.0/0,NEXT;
      java.lang.NullPointerException
      at java.lang.ProcessBuilder.start(ProcessBuilder.java:1012)
      at com.cloud.utils.script.Script.execute(Script.java:214)
      at com.cloud.utils.script.Script.execute(Script.java:182)
      at com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.addNetworkRules(LibvirtComputingResource.java:3429)
      at com.cloud.hypervisor.kvm.resource.wrapper.LibvirtSecurityGroupRulesCommandWrapper.execute(LibvirtSecurityGroupRulesCommandWrapper.java:57)
      at com.cloud.hypervisor.kvm.resource.wrapper.LibvirtSecurityGroupRulesCommandWrapper.execute(LibvirtSecurityGroupRulesCommandWrapper.java:36)
      at com.cloud.hypervisor.kvm.resource.wrapper.LibvirtRequestWrapper.execute(LibvirtRequestWrapper.java:75)
      at com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1369)
      at com.cloud.agent.Agent.processRequest(Agent.java:525)
      at com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:833)
      at com.cloud.utils.nio.Task.call(Task.java:83)
      at com.cloud.utils.nio.Task.call(Task.java:29)
      at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at java.lang.Thread.run(Thread.java:748)
      2017-12-06 14:10:31,098 WARN [resource.wrapper.LibvirtSecurityGroupRulesCommandWrapper] (agentRequest-Handler-15:null) (logid:e68a57b9) Failed to program network rules for vm i-4-6-VM
      2017-12-06 14:10:31,098 DEBUG [cloud.agent.Agent] (agentRequest-Handler-15:null) (logid:e68a57b9) Seq 1-3318027025465216281: { Ans: , MgmtId: 90520741056852, via: 1, Ver: v1, Flags: 110, [{"com.cloud.agent.api.SecurityGroupRuleAnswer":{"logSequenceNumber":14,"vmId":6,"reason":"PROGRAMMING_FAILED","result":false,"details":"programming network rules failed","wait":0}}] }

      I see the vmip6 being null and after setting a IPv6 address for the Instance it suddenly worked.

      However, I was not yet able in the code to figure out why this is a NPE in com.cloud.utils.Script

      It has a issue with getting back output from ProcessBuilder.

      Creating this ticket to make sure it's tracked, but I don't know what is happening yet.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              widodh Wido den Hollander
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: