search

TritonDataCenter / sdc-docker

Docker Engine for Triton
Mozilla Public License 2.0
182 stars 49 forks source link

bug: docker-compose dies on firewall check error. #135

Closed Adel-Magebinary closed 5 years ago

Adel-Magebinary commented 6 years ago

When an ICMP firewall rule is added in a docker container and docker-compose up again, docker throws an error.

ERROR: for tdocker_application_1  Cannot create container for service application: problem listing firewall rules (2a1b5a49-457d-4129-85bb-0c7129fd6776)

ERROR: for application  Cannot create container for service application: problem listing firewall rules (2a1b5a49-457d-4129-85bb-0c7129fd6776)
ERROR: Encountered errors while bringing up the project.

When I did a quick log digging, all requests from dockerapi to fwapi are correct but firewall api throws below error

Uncaught TypeError: Cannot call method 'map' of undefined

FROM
/opt/smartdc/fwapi/lib/rule.js:630:47
Rule._ruleSerialize [as serialize] (/opt/smartdc/fwapi/lib/rule.js:621:17)
/opt/smartdc/fwapi/lib/endpoints/rules/index.js:164:29
/opt/smartdc/fwapi/lib/endpoints/rules/index.js:163:33
EventEmitter._endList (/opt/smartdc/fwapi/lib/moray.js:536:9)
EventEmitter.emit (events.js:92:17)
FastClientRequest.<anonymous> (/opt/smartdc/fwapi/node_modules/moray/lib/objects.js:142:17)
FastClientRequest.g (events.js:180:16)
FastClientRequest.emit (events.js:117:20)
_stream_readable.js:944:16
process._tickDomainCallback (node.js:502:13)

looks like map function is binded to port only on line 630.
            case 'parsed.ports':
                addParsed();
                ser.parsed.ports = self.ports.map(function (p) {
                    if (p !== 'all') {
                        return Number(p);
                    }

                    return p;
                });
                break;

[{
    "enabled": true,
    "owner_uuid": "930896af-bf8c-48d4-885c-6573a94b1853",
    "rule": "FROM any TO vm 12642529-a63a-c329-eb2e-922fac26dc52 ALLOW tcp PORT 5432",
    "uuid": "87738abb-5607-6388-8efc-99a3e73afbde",
    "version": "1538024342877.019592"
}, {
    "enabled": true,
    "owner_uuid": "930896af-bf8c-48d4-885c-6573a94b1853",
    "rule": "FROM tag \"sdc_docker\" TO tag \"sdc_docker\" ALLOW icmp TYPE 8 CODE 0",
    "uuid": "5dbbe40f-ed4a-45d8-89d0-856cf5c7cee1",
    "version": "1538095354413.019592"
}, {
    "enabled": true,
    "owner_uuid": "930896af-bf8c-48d4-885c-6573a94b1853",
    "rule": "FROM tag \"sdc_docker\" TO tag \"sdc_docker\" ALLOW tcp PORT all",
    "uuid": "3512f2ae-5426-45ed-882f-f46b01442af5",
    "version": "1468745374714.018403"
}, {
    "enabled": true,
    "owner_uuid": "930896af-bf8c-48d4-885c-6573a94b1853",
    "rule": "FROM tag \"sdc_docker\" TO tag \"sdc_docker\" ALLOW udp PORT all",
    "uuid": "259755c5-a4d8-47f4-92e8-cb52bcffd3eb",
    "version": "1468745374719.018403"
}]
melloc commented 5 years ago

@Adel-Magebinary I've filed TRITON-1190 for this issue.

Adel-Magebinary commented 5 years ago

awesome thanks mate :) I believe this will be in the next release.

melloc commented 5 years ago

Yep, it will be in the next release. If you want to deploy a FWAPI with the fix before then, 13f62530-2b12-11e9-9ab0-6f815f446cdb in the dev channel should have the fix, too.