[Chilli] Coova-Chilli Multi Tenanency Mode
Robert White
rwhite at globalgossip.net
Thu Feb 7 02:40:21 UTC 2013
I've also experienced the same problem.
All rules from up.sh except the following seem to get created:
ipt_in -p tcp -m tcp --dport $UAMPORT --dst $ADDR -j ACCEPT
It seems to only ever happen in multi-instance environments so maybe it is
something to do with iptables locking and not allowing the insertion of the
rule while another instance is trying to do the same? I'm not sure.
Do all chilli instances start concurrently or in order?
On 7 February 2013 10:45, Luis Ferreira <lferreira at cabocom.cv> wrote:
> Hello everyone. This is my first message to the great Coova community, so
> I’ll start by give a little help, but describing the same problem in more
> detail, my actual fix and a request for a fix/workaround****
>
> ** **
>
> The problem that you are describing is because at start up time*, it did
> not managed to create all the required iptables rules*. For each VLAN, it
> should create:****
>
> ** **
>
> -A FORWARD -o vlan10 -j DROP****
>
> -A FORWARD -i vlan10 -j DROP ****
>
> ** **
>
> And also****
>
> ** **
>
> -A FORWARD -i tun0 ! -o eth1 -j DROP****
>
> -A FORWARD -o tun0 -j ACCEPT****
>
> -A FORWARD -i tun0 -j ACCEPT****
>
> ** **
>
> In my implementation, it normally *fail to create all the iptables rules
> uppon startup*. For that reason, I have to apply the following very dirty
> solution.****
>
> That problem normally appears only at boot time. What I do is****
>
> *killall –v chilli*****
>
> and****
>
> */etc/init.d/chilli start*****
>
> to start all of them the proper way.****
>
> After that, I’ve check with iptables if for each vlan, it created 2 rules
> regarding vlanXXX and 3 rules regarding tunXXX****
>
> ** **
>
> I would apreciate if someone has a fix/workaround for that, like a
> different startup script that would check if all the instances started
> correctly.****
>
> ** **
>
> ** **
>
> Best regards,****
>
> Luis Ferreira****
>
> ** **
>
> *De:* chilli-bounces at coova.org [mailto:chilli-bounces at coova.org] *Em nome
> de *Russell Mike
> *Enviada:* quarta-feira, 6 de Fevereiro de 2013 10:58
> *Para:* chilli list; David Bird
> *Assunto:* [Chilli] Coova-Chilli Multi Tenanency Mode****
>
> ** **
>
> Dear David & Community Members Greetings,****
>
> This discussion is with respect to that, how to make sure all instances
> are up for "CoovaChilli" in multi tenant environment after hardware server
> reboots. ****
>
> *1.)* This is ISP environment. We have 10 Coovachill instances running
> (Multi Tenanency) using (VLANs 10,20,30,40,50,60,70,80,90,100). When system
> reboot, all daemons comes up just fine and start serving users by
> presenting login page. We are very very happy from Coova-Chilli
> implementation. ****
>
> *2.)* BUT SOMETIMES when system reboot and after it has comes up. For
> example VLAN30 would not present login page, other NINE(9) instances would
> be just fine, working as expected. Then i restart Chilli daemon as
> solution. Now, all 10 daemons would come up and start serving just fine
> again. ****
>
> *2a)* BUT SOMETIME, when i apply the solution (restart Chill daemon) one
> of them would not present login page again (it is random VLAN (Sometime
> 30/80/20 etc..)). ****
>
> For example: i restarted the service earlier because VLAN 90 was not
> presenting login page, after restart VLAN60 daemon is not presenting login
> page. Problem is recoverable, by restarting service more than once.****
>
> *2b.)* When a instance would not present login page. Same time i see
> that, it is mounted & listening on the port ("netstat") stuff looks obvious
> from that point of view. Tunnel would be created as well, all stuff belongs
> to that VLAN (that is not serving web page) exists under "/var/run'chilli*
> (pid, ipc, socket, bash script). ****
>
> *HOW I AM DOING IT: *****
>
> Now whenever the Chilli Server is restarted, i manually browse & check if
> all daemons are presenting login pages. But eventually, we going to run
> minimum 120 daemons. it would not possible to browse 120 pages after every
> reboot. Is there better way to handle it? or what could be the auto fix? i
> was thinking something like a script that can check the functionality, if
> everything did not up restart the daemon again. i understand that we do not
> restart data center servers everyday but it happens sometimes due to the
> power outage or UPS failed or generator did not come up on time etc.****
>
> Thanks / Regards ****
>
> RM --- ****
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
--
-------------------------------------------------
IMPORTANT NOTICE: The information in this email is confidential and may
also be privileged.
If you are not the intended recipient, any use or dissemination of the
information and any disclosure or copying of this email is unauthorised and
strictly prohibited. If you have received this email in error, please
promptly inform us by reply email or telephone. You should also
delete this email and destroy any hard copies produced.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130207/2f86246b/attachment-0001.html>
More information about the Chilli
mailing list