-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix hostname params and add full-disable params #227
Conversation
[REVIEW NOTIFICATION] This pull request has not been approved. To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
Welcome @nikitasavchenko555! |
/cc @Andrewmatilde @Colstuwjx @FingerLeader @Gallardot @Hexilee @QueenyJin Hi! |
@nikitasavchenko555: GitHub didn't allow me to request PR reviews from the following users: reviewer. Note that only chaos-mesh members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
773e322
to
d723a5f
Compare
d723a5f
to
914fe3c
Compare
@nikitasavchenko555 Thanks for your contribution! |
914fe3c
to
e7f2fcc
Compare
cmd/attack/network.go
Outdated
@@ -114,6 +114,7 @@ func NewNetworkLossCommand(dep fx.Option, options *core.NetworkCommand) *cobra.C | |||
cmd.Flags().StringVarP(&options.Hostname, "hostname", "H", "", "only impact traffic to these hostnames") | |||
cmd.Flags().StringVarP(&options.IPProtocol, "protocol", "p", "", | |||
"only impact traffic using this IP protocol, supported: tcp, udp, icmp, all") | |||
cmd.Flags().BoolVar(&options.FullDisable, "full-disable", false, "full net on device disable flag") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This flag is also useful for other network attacks. Can you help to add this flag for other network attacks?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, of course, I will supplement my commit with this in the near future
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cwen0 , I have added this flag for attacks that can implement it. Review, please.
e7f2fcc
to
4c34ac5
Compare
b6603eb
to
0a692c7
Compare
@@ -172,7 +174,7 @@ func NetworkDuplicateCommand(dep fx.Option, options *core.NetworkCommand) *cobra | |||
cmd.Flags().StringVarP(&options.Hostname, "hostname", "H", "", "only impact traffic to these hostnames") | |||
cmd.Flags().StringVarP(&options.IPProtocol, "protocol", "p", "", | |||
"only impact traffic using this IP protocol, supported: tcp, udp, icmp, all") | |||
|
|||
cmd.Flags().BoolVar(&options.FullDisable, "full-disable", false, "network on device full disable flag") | |||
return cmd | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Network Partition attack also needs full-disable
flag.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cwen0 , I tried to add it, but I got next stack trace, so I didn't add this flag in partition attack. But I will try find a reason and fix it.
I pointed out different directions, but it did not affect the result.
2023-02-01T11:35:17.044+0400 INFO chaosd/network.go:77 Set iptables chains {"request": "chains:{name:\"OUTPUT/443bf_021f4aaf66bac_\" direction:OUTPUT ipsets:\"\" target:\"DROP\"} chains:{name:\"INPUT/443bf_021f4aaf66bac_\" ipsets:\"\" target:\"DROP\"}"}
2023-02-01T11:35:17.059+0400 ERROR chaosd/network.go:77 error while setting iptables chains {"error": "error code: exit status 2, msg: iptables v1.8.7 (nf_tables): Set doesn't exist.\n\nTry `iptables -h' or 'iptables --help' for more information.\n", "errorVerbose": "error code: exit status 2, msg: iptables v1.8.7 (nf_tables): Set doesn't exist.\n\nTry `iptables -h' or 'iptables --help' for more information.\n\ngithub.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/util.EncodeOutputToError\n\t/home/nikita/go/pkg/mod/github.com/chaos-mesh/chaos-mesh@v0.9.1-0.20220812140450-4bc7ef589c13/pkg/chaosdaemon/util/util.go:118\ngithub.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon.(*iptablesClient).ensureRule\n\t/home/nikita/go/pkg/mod/github.com/chaos-mesh/chaos-mesh@v0.9.1-0.20220812140450-4bc7ef589c13/pkg/chaosdaemon/iptables_server.go:256\ngithub.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon.(*iptablesClient).deleteAndWriteRules\n\t/home/nikita/go/pkg/mod/github.com/chaos-mesh/chaos-mesh@v0.9.1-0.20220812140450-4bc7ef589c13/pkg/chaosdaemon/iptables_server.go:223\ngithub.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon.(*iptablesClient).createNewChain\n\t/home/nikita/go/pkg/mod/github.com/chaos-mesh/chaos-mesh@v0.9.1-0.20220812140450-4bc7ef589c13/pkg/chaosdaemon/iptables_server.go:206\ngithub.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon.(*iptablesClient).setIptablesChain\n\t/home/nikita/go/pkg/mod/github.com/chaos-mesh/chaos-mesh@v0.9.1-0.20220812140450-4bc7ef589c13/pkg/chaosdaemon/iptables_server.go:145\ngithub.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon.(*iptablesClient).setIptablesChains\n\t/home/nikita/go/pkg/mod/github.com/chaos-mesh/chaos-mesh@v0.9.1-0.20220812140450-4bc7ef589c13/pkg/chaosdaemon/iptables_server.go:84\ngithub.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon.(*DaemonServer).SetIptablesChains\n\t/home/nikita/go/pkg/mod/github.com/chaos-mesh/chaos-mesh@v0.9.1-0.20220812140450-4bc7ef589c13/pkg/chaosdaemon/iptables_server.go:54\ngithub.com/chaos-mesh/chaosd/pkg/server/chaosd.(*Server).applyIptables\n\t/home/nikita/work/chaosd_fork/pkg/server/chaosd/network.go:151\ngithub.com/chaos-mesh/chaosd/pkg/server/chaosd.networkAttack.Attack\n\t/home/nikita/work/chaosd_fork/pkg/server/chaosd/network.go:77\ngithub.com/chaos-mesh/chaosd/pkg/server/chaosd.(*Server).ExecuteAttack\n\t/home/nikita/work/chaosd_fork/pkg/server/chaosd/attack.go:105\ngithub.com/chaos-mesh/chaosd/cmd/attack.commonNetworkAttackFunc\n\t/home/nikita/work/chaosd_fork/cmd/attack/network.go:254\nreflect.Value.call\n\t/usr/local/go/src/reflect/value.go:584\nreflect.Value.Call\n\t/usr/local/go/src/reflect/value.go:368\ngo.uber.org/dig.defaultInvoker\n\t/home/nikita/go/pkg/mod/go.uber.org/dig@v1.14.1/container.go:220\ngo.uber.org/dig.(*Scope).Invoke\n\t/home/nikita/go/pkg/mod/go.uber.org/dig@v1.14.1/invoke.go:92\ngo.uber.org/fx.runInvoke\n\t/home/nikita/go/pkg/mod/go.uber.org/fx@v1.17.1/invoke.go:93\ngo.uber.org/fx.(*module).executeInvoke\n\t/home/nikita/go/pkg/mod/go.uber.org/fx@v1.17.1/module.go:174\ngo.uber.org/fx.(*module).executeInvokes\n\t/home/nikita/go/pkg/mod/go.uber.org/fx@v1.17.1/module.go:155\ngo.uber.org/fx.New\n\t/home/nikita/go/pkg/mod/go.uber.org/fx@v1.17.1/app.go:534\ngithub.com/chaos-mesh/chaosd/pkg/utils.FxNewAppWithoutLog\n\t/home/nikita/work/chaosd_fork/pkg/utils/utils.go:27\ngithub.com/chaos-mesh/chaosd/cmd/attack.NetworkPartitionCommand.func1\n\t/home/nikita/work/chaosd_fork/cmd/attack/network.go:189\ngithub.com/spf13/cobra.(*Command).execute\n\t/home/nikita/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:860\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/home/nikita/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:974\ngithub.com/spf13/cobra.(*Command).Execute\n\t/home/nikita/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:902\nmain.main\n\t/home/nikita/work/chaosd_fork/cmd/main.go:79\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:250\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1594"}
github.com/chaos-mesh/chaosd/pkg/server/chaosd.networkAttack.Attack
/home/nikita/work/chaosd_fork/pkg/server/chaosd/network.go:77
github.com/chaos-mesh/chaosd/pkg/server/chaosd.(*Server).ExecuteAttack
/home/nikita/work/chaosd_fork/pkg/server/chaosd/attack.go:105
github.com/chaos-mesh/chaosd/cmd/attack.commonNetworkAttackFunc
/home/nikita/work/chaosd_fork/cmd/attack/network.go:254
reflect.Value.call
/usr/local/go/src/reflect/value.go:584
reflect.Value.Call
/usr/local/go/src/reflect/value.go:368
go.uber.org/dig.defaultInvoker
/home/nikita/go/pkg/mod/go.uber.org/dig@v1.14.1/container.go:220
go.uber.org/dig.(*Scope).Invoke
/home/nikita/go/pkg/mod/go.uber.org/dig@v1.14.1/invoke.go:92
go.uber.org/fx.runInvoke
/home/nikita/go/pkg/mod/go.uber.org/fx@v1.17.1/invoke.go:93
go.uber.org/fx.(*module).executeInvoke
/home/nikita/go/pkg/mod/go.uber.org/fx@v1.17.1/module.go:174
go.uber.org/fx.(*module).executeInvokes
/home/nikita/go/pkg/mod/go.uber.org/fx@v1.17.1/module.go:155
go.uber.org/fx.New
/home/nikita/go/pkg/mod/go.uber.org/fx@v1.17.1/app.go:534
github.com/chaos-mesh/chaosd/pkg/utils.FxNewAppWithoutLog
/home/nikita/work/chaosd_fork/pkg/utils/utils.go:27
github.com/chaos-mesh/chaosd/cmd/attack.NetworkPartitionCommand.func1
/home/nikita/work/chaosd_fork/cmd/attack/network.go:189
github.com/spf13/cobra.(*Command).execute
/home/nikita/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:860
github.com/spf13/cobra.(*Command).ExecuteC
/home/nikita/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:974
github.com/spf13/cobra.(*Command).Execute
/home/nikita/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:902
main.main
/home/nikita/work/chaosd_fork/cmd/main.go:79
runtime.main
/usr/local/go/src/runtime/proc.go:250
Error: error code: exit status 2, msg: iptables v1.8.7 (nf_tables): Set doesn't exist.
Try `iptables -h' or 'iptables --help' for more information.```
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cwen0 , probably, reason of stack trace in this conditions:
Another network attack, that do not use this condition, don't create chains:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The chain is invalid. Network partition requires ip
or hostname
cannot both be empty at present.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You also can add a function to check it, like checkNetworkLimitParams
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cwen0 , I added it
4d0f573
to
eee357a
Compare
Signed-off-by: Nikita Savchenko <nikisavchenko@ozon.ru>
eee357a
to
b56dba1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/assing @cwen0 |
#226